Skip to content

Commit

Permalink
Update "Endpoint Security" integration references to "Endpoint and Cl…
Browse files Browse the repository at this point in the history
…oud Security" (elastic#1966)

Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
  • Loading branch information
3 people authored Jul 8, 2022
1 parent 4fc931b commit 7512c6a
Show file tree
Hide file tree
Showing 8 changed files with 27 additions and 25 deletions.
4 changes: 2 additions & 2 deletions beats-agent-comparison.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ To find out if an integration is GA, see the
The following table shows the outputs supported by the {agent} in {version}:


NOTE: {endpoint-sec} has a different output matrix.
NOTE: {endpoint-cloud-sec} has a different output matrix.

[options,header]
|===
Expand Down Expand Up @@ -269,7 +269,7 @@ The following table shows a comparison of capabilities supported by {beats} and
|{y}
|{n}
|{y}
|{fleet}-managed {agent}s require root permission, in particular for {endpoint-sec}. Standalone {agent}s and {beats} do not.
|{fleet}-managed {agent}s require root permission, in particular for {endpoint-cloud-sec}. Standalone {agent}s and {beats} do not.

|Multiple outputs
|{y}
Expand Down
3 changes: 1 addition & 2 deletions elastic-agent/debug-standalone-elastic-agent.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,7 @@ of the running {agent}.

The log location varies by platform. {agent} logs are in the folders described
in <<installation-layout>>. {beats} and {fleet-server} logs are in folders named
for the output (for example, `default`). {elastic-endpoint} logs are in the
installation directory.
for the output (for example, `default`).

Start by investigating any errors you see in the {agent} and related logs. Also
look for repeated lines that might indicate problems like connection issues. If
Expand Down
4 changes: 2 additions & 2 deletions elastic-agent/uninstall-elastic-agent.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,11 @@ TIP: Search for these processes and stop them if they're still running:
running {agent} on macOS, delete `/Library/Elastic/Agent/*`. Not sure where the
files are installed? Refer to <<installation-layout>>.

. If you've configured the {elastic-endpoint} integration, also remove the files
. If you've configured the {endpoint-cloud-sec} integration, also remove the files
installed for endpoint protection. The directory structure is similar to {agent},
for example, `/Library/Elastic/Endpoint/*`.
+
NOTE: When you remove the {elastic-endpoint} integration from a macOS host
NOTE: When you remove the {endpoint-cloud-sec} integration from a macOS host
(10.13, 10.14, or 10.15), the Endpoint System Extension is left on disk
intentionally. If you want to remove the extension, refer to the documentation
for your operating system.
1 change: 0 additions & 1 deletion index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ include::{docs-root}/shared/attributes.asciidoc[]
:code-path: {tab-widgets}/code

:fleet-server-issue: https://github.com/elastic/fleet-server/issues/
:elastic-endpoint-integration: Endpoint Security
:policy: policy

:y: image:images/green-check.svg[yes]
Expand Down
6 changes: 3 additions & 3 deletions overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -145,9 +145,9 @@ ships them to the {agent}s. To communicate to {fleet} about the status of the
[[agent-self-protection]]
== {agent} self-protection

On macOS and Windows, {agent} can self-protect against malicious users and
attackers when the {endpoint-sec} integration is added to the agent policy. For
more information, refer to
On macOS and Windows, when the {endpoint-cloud-sec} integration is added to the
agent policy, {elastic-enpdoint} can prevent malware from executing on
the host. For more information, refer to
{security-guide}/es-overview.html#self-protection[{elastic-endpoint} self-protection].

[discrete]
Expand Down
1 change: 1 addition & 0 deletions tab-widgets/remove-endpoint-files/content.asciidoc
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
// tag::mac[]

[source,shell]
----------------------------------
cd /tmp
Expand Down
25 changes: 14 additions & 11 deletions troubleshooting/faq.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -165,13 +165,16 @@ server or host your own {package-registry}. To learn more, refer to
[[does-agent-download-anything-from-internet]]
== Does {agent} download anything from the Internet?

* In version 7.10 and later, the endpoint security capabilities are bundled with {agent},
so a fully capable artifact can be installed with no connection to the Elastic
download site. However, if it is in use, the {elastic-endpoint-integration} process
is instructed to attempt to download newer released versions of the integration specific
artifacts it uses. Some of those are, for example, the malware model, trusted apps artifact,
exceptions list artifact, and others. For more information, see the
{security-guide}/index.html[{elastic-sec} solution documentation].
* In version 7.10 and later, a fully capable artifact can be installed with no
connection to the Elastic download site. However, if it is in use, the
{endpoint-cloud-sec} process is instructed to attempt to download
newer released versions of the integration-specific artifacts it uses. Some of
those are, for example, the malware model, trusted applications artifact,
exceptions list artifact, and others. {elastic-endpoint} will continue to
protect the host even if it's unable to download updates. However, it won't
receive updates to protections until {agent} is upgraded to a new version.
For more information, refer to the
{security-guide}/index.html[{elastic-sec} documentation].

* {agent} requires internet access to download artifacts for binary upgrades.

Expand All @@ -192,13 +195,13 @@ downloads from the {package-registry} at `epr.elastic.co`. This means that

[discrete]
[[what-is-the-endpoint-package]]
== What is the {elastic-endpoint-integration} integration in {fleet}?
== What is the {endpoint-cloud-sec} integration in {fleet}?

The {elastic-endpoint-integration} integration provides protection on your {agent}
The {endpoint-cloud-sec} integration provides protection on your {agent}
controlled host. The integration monitors your host for security-related events,
allowing for investigation of security data through the {security-app} in {kib}.
The {elastic-endpoint-integration} integration is managed by {agent} in the
same way as other integrations. Try it out! For more information, see the
The {endpoint-cloud-sec} integration is managed by {agent} in the
same way as other integrations. Try it out! For more information, refer to the
{security-guide}/index.html[{elastic-sec} documentation].

[discrete]
Expand Down
8 changes: 4 additions & 4 deletions troubleshooting/troubleshooting.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ require root privileges to collect sensitive data.
If you're running {agent} in the foreground (and not as a service) on Linux or macOS, run the
agent under the root user: `sudo` or `su`.

If you're using the {elastic-endpoint-integration} integration, make sure you're
If you're using the {endpoint-cloud-sec} integration, make sure you're
running {agent} under the SYSTEM account.

TIP: If you install {agent} as a service as described in
Expand Down Expand Up @@ -539,7 +539,7 @@ features that our users are most interested in. This helps us to focus our effor
making features even better.

If you've recently upgraded from version `7.10` to `7.11`, you might see the
following message when you view {endpoint-sec} logs:
following message when you view {endpoint-cloud-sec} logs:

[source,sh]
----
Expand All @@ -551,12 +551,12 @@ The above message indicates that {elastic-endpoint} does not have the correct
permissions to send telemetry. This is a known problem in 7.11 that will be
fixed in an upcoming patch release.

To remove this message from your logs, you can turn off telemetry for the {endpoint-sec} integration
To remove this message from your logs, you can turn off telemetry for the {endpoint-cloud-sec} integration
until the next patch release is available.

. In {kib}, click **Integrations**, and then select the **Manage** tab.

. Click **{endpoint-sec}**, and then select the **Policies** tab to view all the
. Click **{endpoint-cloud-sec}**, and then select the **Policies** tab to view all the
installed integrations.

. Click the integration to edit it.
Expand Down

0 comments on commit 7512c6a

Please sign in to comment.