Regarding new video "Collecting Endpoint Logs with Elastic Agent", when we edit the "endpoints initial" agent policy, is agent installer in Security onion "Downloads" section updated?

[marinzelenika]

Version

2.4.100

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

12

RAM

32

Storage for /

400 GB

Storage for /nsm

400 GB

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

I want to update initial installer in Downloads section of Security onion to ignore some less important event IDs for Windows machines. I know how to do that, but when I save that changes to "endpoints-initial" agent policy, will the changes reflect in the installer available in the Security Onion Downloads section?

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[reyesj2]

The elastic agent will pull updates from the fleet server. So there is no need to update the elastic agent installer. When you deploy your elastic agents and then update the policy for those agents you will see their status change to 'updating' eventually returning back to 'healthy' once the policy has been updated.