Closed AndersonQ closed 6 months ago
I suspect part of the problem with this is that the agent doesn't have the privileges needed to monitor the endpoint process, which rather than being a child process of the agent is installed as a separate service. It is run as a protected service on Windows for example.
We should consider this limitation when designing a better metrics system. IMO sub-processes should push metrics over the gRPC protocol to avoid additional connection paths / points of failure.
Endpoint/Defend does report detailed metrics about itself to Elasticsearch separate from agent: https://docs.elastic.co/en/integrations/endpoint#metrics
They just aren't available in the Fleet UI.
I suspect part of the problem with this is that the agent doesn't have the privileges needed to monitor the endpoint process
Task Manager and Process Explorer are able to monitor Endpoint's CPU and memory usage. Perhaps it's an issue of requested access rights? The solution might be to request PROCESS_QUERY_LIMITED_INFORMATION
instead of PROCESS_QUERY_INFORMATION
, for example.
After chatting with @pierrehilbert closing this in favour of Agent should collect and report CPU and memory usage of service runtime components #4083
Endpoint security metrics aren't available on the "[Elastic Agent] Agent metrics" dashboard.
For confirmed bugs, please report:
elastic_agent.process: endpoint_security
The following ES query should return results: