I have over 200 agents installed on mostly Linux hosts and some windows which work as intended. However, all my macos workstations have a problem with the Elastic Defend integration. After running the command sudo /Library/Elastic/Endpoint/elastic-endpoint status
I get the following:
- elastic-agent
- status: (HEALTHY) Connected
- elastic-endpoint
- status: (DEGRADED) Running
- policy
- actions:
- configure_file_events: warning
- No action taken
- configure_network_events: warning
- No action taken
- configure_process_events: warning
- No action taken
- configure_response_actions: warning
- No action taken
- configure_yara_rule_loading: warning
- No action taken
- connect_kernel: warning
- No action taken
- detect_file_write_events: warning
- No action taken
- detect_network_events: warning
- No action taken
- detect_process_events: warning
- No action taken
- download_user_artifacts: failure
- Failed to download user artifacts from fleet server [network error occurred], make sure the server URL is correct and that hosts can connect to it. Artifact endpoint-exceptionlist-macos-v1 is unavailable. Artifact endpoint-eventfilterlist-macos-v1 is unavailable. Artifact endpoint-trustlist-macos-v1 is unavailable
- full_disk_access: warning
- No action taken
- workflow: failure
- User artifacts failed to download, they are required to apply policy. Failed to execute all workflows: Invalid or unpermitted state encountered
How can I make the artifact endpoint-exceptionlist-macos-v1
available?
I also have Linux workstations on the same network which work as intended so it's not a network issue.
Thanks in advance!