Is Sysmon rolled into cutom Elastic Agent? #11974
-
Version2.4.30 Installation MethodNetwork installation on Debian Descriptionother (please provide detail below) Installation TypeDistributed Locationother (please provide detail below) Hardware SpecsExceeds minimum requirements CPU6 RAM16 Storage for /265 Storage for /nsm265 Network Traffic Collectionspan port Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailI've migrated my Endpoints from 2.3 Wazuh to 2.4 Elastic Agent and now am adding a few new Endpoints to the Fleet. The 2.3 Wazuh method required that I install Sysmon seperately and edit the Wazuh config to gather those alerts, but I've read a few places that Elastic Agent may actually have Sysmon included. Does the custom SO Elastic Agent have Sysmon rolled into it, or do I need to install Sysmon seperately? Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The Elastic Agent does not include sysmon but it does provide much of the same coverage as sysmon. You might want to try Elastic Agent by itself and see if it provides the coverage that you need. If you need additional coverage, then you can install sysmon separately. |
Beta Was this translation helpful? Give feedback.
The Elastic Agent does not include sysmon but it does provide much of the same coverage as sysmon. You might want to try Elastic Agent by itself and see if it provides the coverage that you need. If you need additional coverage, then you can install sysmon separately.