[Suggestion] Document that Elastic Defend response actions don't work if an alternate cluster is being used for output #6012
Assignees
Labels
Feature: Response actions
also includes response console
suggestion
Suggestions to improve documentation
Team: EDR Workflows
Formerly Defend Workflows, Onboarding and Lifecycle Management
v8.17.0
v8.18.0
v9.0.0
Comments
jmikell821
added
Team: EDR Workflows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What can we change to make the docs better?
Endpoint response actions don't work when a second/alternate cluster is used as the output target in Fleet. The issue is that response action state management information is in the primary cluster (the one with Fleet) but Endpoint writes actual result data to the alternate cluster. Until this is fixed, we should document it as a limitation.
cc @raqueltabuyo @caitlinbetz @dasansol92
Doc URL
Please include the doc URL and any other related information where applicable:
Doc URL:
Github issue link(s)/Other resources:
Which documentation set needs improvement?
ESS and serverless
Software version
This has been the case since cross cluster support has existed in Fleet and Response Actions have existed for Defend.
The text was updated successfully, but these errors were encountered: