Elastic Agents becoming unhealthy due to Elastic Defend Integration

Happy New Years!

We have encountered an issue with our Elastic Agents becoming unhealthy due to the Elastic Defend integration being Degraded. We have ~110 Elastic Agents that are contained within multiple agent policies. They are also experiencing similar issues. I will note that their status changes every so often. For example, this morning there were over 90 agents that were unhealthy. We are currently hovering around 40 that appear to be having issues.

Information regarding our deployment:
We are leveraging the Elastic Cloud. We have two cluster, one where data is stored and the other is used for searching (dashboard/alerts) and fleet. We currently have two sites where Elastic agents are deployed. I have provided an image below.

We have also reviewed Elastic defend is not working. This appears to be for troubleshooting a similar issue but for a self hosted deployment instead of an Elastic Cloud environment.



I recommend running the command c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe test output which will test the connection that is failing and output some diagnostic information that will hopefully indicate what the problem is.

Since you are only running the Defend integration my guess is there is something with the default output configuration that would affect all integrations if you had more added.