Alert when agent is deleted
#14955
Replies: 1 comment
-
|
We have an issue open for this feature request #14898 It looks like the elastic agent built in 'tamper protection' requires an Elastic license to use https://www.elastic.co/guide/en/security/8.18/agent-tamper-protection.html Is the agent installed as root/admin on the endpoint? If that is the case a regular user account shouldn't be able to disable/remove the agent. You can see if an elastic agent was installed with root/admin in fleet. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Some users have deleted or removed the agent from the endpoint. Is it possible to set a critical alert for when this happens or set the agent from being deleted?
Beta Was this translation helpful? Give feedback.
All reactions