Comments (4)
-
Elastic Endpoint: Endpoint resides on the host (see below) and provides capabilities such as collecting events, detecting and preventing malicious activity, whitelisting, artifact delivery, etc. (Previously referred to at Endgame as the Sensor.)
-
Host: Any system or host that is connected to a network and functions as a client or server in any capacity. Desktop computers, laptops, and servers are all examples of hosts. (Previously referred to at Endgame as the Endpoint.)
-
Agent: A single, unified agent that makes installation and management easier. Contains the Beats and Endpoint. This is sent to host machines (laptops, desktops) and the Endpoint binary is stood up and run.
-
Analyze Event: An interactive event map that allows users to inspect and down a process tree. Users can zoom down to individual event level to see every file or process ran on an event, and zoom up to see parent and child processes to the event.
-
Exception: Exception to the rule can be created by users to define field values and list of values that the user wants the rule engine to ignore when the rule runs.
-
Rule: Rules are queries users can create that generates detection alerts in the SIEM when the query conditions are met.
-
SIEM: A use case supported by the Elastic Security app. Lets security practitioners investigate and triage common host and network security workflows in a more streamlined way.
-
Policy: Allows users to configure protections and event data collection through the UI, and apply that configuration to one or more hosts.
-
Detection Alert: An alert generated by a rule inside the SIEM.
-
Timeline: An interactive workspace for threat hunting and alert investigations. User can drag objects of interest into the Timeline Event Viewer to create exactly the query filter they need. User can drag items from table widgets within Hosts and Network pages, or even from within Timeline itself. A timeline is responsive and persists as you move through the SIEM app collecting data. User can add any Timeline to an existing or new Case.
-
Case: Cases are used to open and track security issues directly in SIEM. Cases list the original reporter and all users who contribute to a case (participants). Case comments support Markdown syntax, and allow linking to saved Timelines. Additionally, you can send cases to external systems from within SIEM (currently ServiceNow and Jira).
-
Ingest Manager: A new Kibana app that lets you quickly add integrations for popular services and platforms in a few clicks. Helps users centrally manage an entire fleet of Elastic Agents. (Currently in an alpha/"Experimental" phase). For more information see: Ingest Docs
from security-docs.
Took a stab at endpoint management related concepts, @jmikell821 let me know if any additional clarification will help!
@dontcallmesherryli could you help fill in some of the definitions above to help give some context for the docs team?
cc: @kevinlog
from security-docs.
Yep, on my to-do list, thanks @caitlinbetz
from security-docs.
@jmikell821 I updated the terms on your comment: #42 (comment)
FYI, a lot of the terms are pre-defined already here: https://www.elastic.co/guide/en/kibana/current/siem-ui.html
I copy/pasted the wording for Cases and Timeline.
from security-docs.
Related Issues (20)
- [enhancement] CSPM onboarding "Organization
- [Request] Update SentinelOne bi-directional response actions instructions with new requirements for setting up the SIEM rule
- [Request] Document the availability of `processes` response actions for SentinelOne hosts
- [Request] AI Performance Matrix Changes for 8.15 HOT 3
- [Docs IA][ESS] Rework the Elastic Endpoint section
- [Enhancement]: Add AI Assistant basic custom knowledge feature to 8.15 release notes HOT 1
- Elastic Defend not supported as DaemonSet deployment in Kubernetes envs
- [Security Solution] Missing Attack Discovery under Navigation Menu Doc HOT 2
- [Security Solution] Old Timeline Component instead of Discovery in Timeline Doc HOT 6
- [Bug] No mention of AVC banner under Defend integration HOT 2
- [BUG]Update Screenshot in Response Console Help Section to Include 'Scan Response' Option HOT 5
- [UI copy]: Data Quality Dashboard tooltip texts review HOT 5
- [Request] DataQuality Dashboard New ListView and Flyout UI HOT 1
- [Docs IA] LLM performance matrix IA update
- [Docs IA] Create Investigation Tools section
- [DOCS IA] Remove technical preview section HOT 3
- [Known Issue] In bulk action menu we show manual rule run, but it's not available
- Serverless changes to rework main overview landing page
- [Request]
- [Request] Added IS operator under Windows Signature in Blocklist view
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-docs.