From 40e05d0e804a6a6ec9703c75f294af89dbf41b6d Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 17 Dec 2025 13:55:26 -0800 Subject: [PATCH 1/2] Adds trusted descendants option for Trusted Applications --- .../manage-elastic-defend/trusted-applications.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/solutions/security/manage-elastic-defend/trusted-applications.md b/solutions/security/manage-elastic-defend/trusted-applications.md index 4d9a39043f..576bbb019d 100644 --- a/solutions/security/manage-elastic-defend/trusted-applications.md +++ b/solutions/security/manage-elastic-defend/trusted-applications.md @@ -84,8 +84,9 @@ To add a trusted application: Define more complex conditions, such as trusting specific file paths or remote IP addresses. 1. `Select operating system`: Select the appropriate operating system from the drop-down. - 2. `Field`: Select a field to identify the trusted application. - 3. `Operator`: Select an operator to define the condition: + 2. (Optional) Turn on the `Process Descendants` toggle to make your exception apply to processes that are descendants of your new trusted application. + 3. `Field`: Select a field to identify the trusted application. + 4. `Operator`: Select an operator to define the condition: * `is` * `is not` * `is one of` @@ -100,8 +101,8 @@ To add a trusted application: Using wildcards can impact performance. To create a more efficient trusted application using wildcards, use multiple conditions and make them as specific as possible. For example, adding conditions using `process.name` or `file.name` can help limit the scope of wildcard matching. :::: - 4. `Value`: Enter the value associated with the `Field`. To enter multiple values (when using `is one of` or `is not one of`), enter each value, then press **Return**. - 5. To define multiple conditions, click `AND` and configure a new condition. You can also add nested conditions by selecting `Add nested condition`. + 5. `Value`: Enter the value associated with the `Field`. To enter multiple values (when using `is one of` or `is not one of`), enter each value, then press **Return**. + 6. To define multiple conditions, click `AND` and configure a new condition. You can also add nested conditions by selecting `Add nested condition`. ::::: From e2ca6ff83eb2538f0df30ea62d10dfb59e5af9e4 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 17 Dec 2025 14:00:39 -0800 Subject: [PATCH 2/2] Update trusted-applications.md --- .../security/manage-elastic-defend/trusted-applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/manage-elastic-defend/trusted-applications.md b/solutions/security/manage-elastic-defend/trusted-applications.md index 576bbb019d..0b8e44645e 100644 --- a/solutions/security/manage-elastic-defend/trusted-applications.md +++ b/solutions/security/manage-elastic-defend/trusted-applications.md @@ -84,7 +84,7 @@ To add a trusted application: Define more complex conditions, such as trusting specific file paths or remote IP addresses. 1. `Select operating system`: Select the appropriate operating system from the drop-down. - 2. (Optional) Turn on the `Process Descendants` toggle to make your exception apply to processes that are descendants of your new trusted application. + 2. {applies_to}`stack: ga 9.3`{applies_to}`serverless: ga`(Optional) Turn on the `Process Descendants` toggle to make your exception apply to processes that are descendants of your new trusted application. 3. `Field`: Select a field to identify the trusted application. 4. `Operator`: Select an operator to define the condition: * `is`