Elastic Fleet

This page contains every device that has an Elastic Agent on it. By default, the security onion has an agent, as well as the docker image that runs the fleet.

If the elastic agent is installed on an endpoint, they will also show up here. By default, the are assigned the endpoints-initial policy, which can later be changed. Policies can be added and edited in the Agent Policies tab. The default policy is sufficient for getting appropriate logs to the ELK stack.