I am on Elasticsearch Free Enterprise Trial version 8.12.2
Version
I have enabled the Elastic Defend integration on the integration policy of the agent.
I can see the agent is enabled.
However when I try to issue a command via the Kibana list the processes on that agent I get this error:
["The host does not have Elastic Defend integration installed"],
Can you confirm that this Policy has Defend included and is applied to the endpoint you were expecting to test? The Integration view doesn't say that.
I suggest opening Fleet view.
Then click on the host of interest and confirm that Defend is indeed added to the policy and is healthy
I can see you've also got Osquery, so I just wonder which component was used to list the processes.
Did you run the command processes from response console as described here Endpoint response actions | Elastic Security Solution [8.15] | Elastic
This feature requires relevant license and privileges. Maybe the error is misleading.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
