Skip to content
/ elastic-agent-android Public

🚀 Enterprise-grade Android Monitoring with Elastic: Streamline Fleet Management and Security Insights. 📊

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

swiftbird07/elastic-agent-android

BranchesTags

Repository files navigation

Elastic Agent Android (Unofficial)

Android CI Elastic Agent Android Logo

Elastic Agent Android is an unofficial implementation of the Elastic Agent for Android devices, bringing the powerful observability and management features of the Elastic Stack to the Android ecosystem. With Elastic Agent Android, you can enroll your Android devices into a Fleet server and start collecting a wide range of data directly into Elasticsearch, allowing for real-time monitoring, alerting, and analysis.

Use Cases

Elastic Agent Android aims to extend the powerful features of Elastic Observability and Security to mobile devices, providing detailed insights and security monitoring for Android devices. Whether you're managing a fleet of corporate devices or looking for a way to integrate mobile device data into your Elastic Stack, Elastic Agent Android offers a versatile and powerful solution.

Features

Elastic Agent Android supports a variety of components that collect different types of data from the Android device, including:

  • Location: Sends periodic location updates to Elasticsearch, with configurable intervals.

  • Network Logs: Collects network logs (DNS, TCP connections) provided by the Android OS.

  • Security Logs: Gathers security-related logs, like app (un-) installation, failed PIN attempts etc.

    Note: Currently not working on any tested devices. See Issue #01.

  • Self Log: Logs the agent's own operational logs for diagnostics and monitoring.

Note: The Network Logs and Security Logs components require the device to be configured as a device owner. Instructions on how to do that can be found here.

Compatibility

Elastic Agent Android is designed to work with Android devices running Android 7.0 (Nougat) and above. The app is built using the latest Android SDK and follows best practices for compatibility and performance.

To enroll the agent, you will need a Fleet server running Elastic / Fleet 8.10.2 or later (possibly earlier versions, but not tested).

Quick Start

To get started with Elastic Agent Android, follow these steps:

1. Download the APK

Download the latest APK from the Artifacts section of the GitHub Actions page. Choose the latest successful build and download the APK by scrolling down and clicking on the elastic-agent-android.apk.

2. Create a New Policy in Fleet

In your Fleet server, create a new policy using the "Custom Logs" integration (a "real" Android integration will be available in the future) This policy will define which components of the Elastic Agent Android will be activated.

3. Configure the Policy

  • Under "Paths", specify one path for each component you wish to activate. Examples include:
    • android://self-log.warn for warning level self logs.
    • android://location.fine?minTimeMs=300000&minDistanceMeters=50 for fine location updates every 5 minutes or 50 meters.
    • android://security-logs.all for all security logs (device owner required).
    • android://network-logs.all for all network logs (device owner required).
  • In "Advanced options" -> "Custom Configurations", add:
  max_documents_per_request: 200
  put_interval: 1m
  checkin_interval: 1m
  use_backoff: true
  max_backoff_interval: 5m
  backoff_on_empty_buffer: false
  disable_on_low_battery: false