End Point 7.9.2 no datasets or data

frankfoti · October 21, 2020, 6:53pm

I followed configuring ingest manager with fleet mode https://www.elastic.co/guide/en/ingest-management/7.9/ingest-management-getting-started.html.

Added End Point Security, Systems and Windows to the default configuration and have one windows agent enrolled and shows online in the Fleel tab. I see no datasets, no end point indicies nor data in the SIEM moduel for that host.

What am I missing?

Thanks

frankfoti · October 29, 2020, 4:43pm

Added ca.crt to [Certificates - Local Computer Trusted Root Certification Authorities\Certiificates] and seeing data sets in the Integration Module and the machine listed in Security Administration. Still not seeing events for the host in Security.

frankfoti · November 2, 2020, 8:03pm

Needed thie added to advanced setting Security logs-* metrics-*

Frank_Hassanabad · November 3, 2020, 11:51pm

Thanks for marking this as the solution and updating the thread @frankfoti, not many people do that and just want to point out the awesomeness of it for anyone else encountering this.

system · December 1, 2020, 11:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Do i need to install other "beats" with the elastic and endpoint agents or is something else wrong? Elastic Security	33	1710	October 8, 2021
No agents under endpoint or host section in security Endpoint Security fleet	2	607	March 17, 2022
Security overview doesn't show any data Elastic Security	6	617	November 4, 2022
No Host events Endpoint Security Endpoint Security	2	459	November 7, 2022
Missing Elastic Security and endpoint integration data Elastic Security elastic-agent	16	1948	November 4, 2022

End Point 7.9.2 no datasets or data

Related topics