Hello there,
Can you check the followings:
1. Is Elastic Defend package installed on the Host?
Are the related folders & files created with proper Fleet/ES or Logstash parameters?
On Windows:
On Linux:
ls -l /opt/Elastic/Endpoint/
sudo cat /opt/Elastic/Endpoint/elastic-endpoint.yaml
2. Data Ingestion
Are you receiving any events from the Elastic Defend package?
Check for the following data stream, do you have any of the following DataStreams created? (Assuming you enabled log collection within the Elastic-Defend configuration)
3. Transform Status
If Elastic Defend package is installed, DataStreams are created (+ validated receiving logs from this specific endpoint in of the above endpoint related DataStreams (Filtering on the host.name in discover), double check if the Transform jobs used to visualise endpoint status are running & healthy:
Regards