Merge pull request #1579 from BishopFox/ps_elastic

Add elastic binaries to knownSecurityTools
BishopFox · Feb 6, 2024 · 4bfca79 · 4bfca79
2 parents d0dc42e + baa3659
commit 4bfca79
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/client/command/processes/ps.go b/client/command/processes/ps.go
@@ -46,6 +46,10 @@ var knownSecurityTools = map[string][]string{
 	"RepUx.exe":                       {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"RepWSC.exe":                      {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"scanhost.exe":                    {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
+	"elastic-agent.exe":               {console.Red, "Elastic Agent"},                // Elastic Agent
+	"elastic-endpoint.exe":            {console.Red, "Elastic Agent"},                // Elastic Agent
+	"filebeat.exe":                    {console.Red, "Elastic Agent"},                // Elastic Agent - log shipper
+	"metricbeat.exe":                  {console.Red, "Elastic Agent"},                // Elastic Agent - metric shipper
 	"smartscreen.exe":                 {console.Red, "Windows Smart Screen"},         // Windows Defender Smart Screen
 	"MpCmdRun.exe":                    {console.Red, "Windows Defender"},             // Windows Defender Command-line
 	"MonitoringHost.exe":              {console.Red, "Windows Defender"},             // Microsoft Monitoring Agent