From baa3659f20363f8a58fb7588ef2e48a79c6d2b62 Mon Sep 17 00:00:00 2001
From: kmathisbf <82833266+kmathisbf@users.noreply.github.com>
Date: Tue, 6 Feb 2024 15:36:59 -0500
Subject: [PATCH] Add elastic binaries to knownSecurityTools

---
 client/command/processes/ps.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/client/command/processes/ps.go b/client/command/processes/ps.go
index 6a01d9d601..8bfbcffc50 100644
--- a/client/command/processes/ps.go
+++ b/client/command/processes/ps.go
@@ -46,6 +46,10 @@ var knownSecurityTools = map[string][]string{
 	"RepUx.exe":                       {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"RepWSC.exe":                      {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"scanhost.exe":                    {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
+	"elastic-agent.exe":               {console.Red, "Elastic Agent"},                // Elastic Agent
+	"elastic-endpoint.exe":            {console.Red, "Elastic Agent"},                // Elastic Agent
+	"filebeat.exe":                    {console.Red, "Elastic Agent"},                // Elastic Agent - log shipper
+	"metricbeat.exe":                  {console.Red, "Elastic Agent"},                // Elastic Agent - metric shipper
 	"smartscreen.exe":                 {console.Red, "Windows Smart Screen"},         // Windows Defender Smart Screen
 	"MpCmdRun.exe":                    {console.Red, "Windows Defender"},             // Windows Defender Command-line
 	"MonitoringHost.exe":              {console.Red, "Windows Defender"},             // Microsoft Monitoring Agent