Hi Reda. Sorry to hear about this issue.
Can you please tell us how do you enrol agent on your host? Is it done through Fleet Integration as it advised in official documentation?
According to docs:
To configure the Elastic Agent, Endpoint Security requires enrollment through Fleet to enable the integration.
Endpoint Security cannot be integrated with an Elastic Agent in standalone mode.
Also, rule execution will fail before the first alert get generated by this rule according to the warning you see
This warning will continue to appear until a matching index is created or this rule is de-activated. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent.
Here is also more details into that Endpoint Security Rules are Failing on On-Prem usage (seen on 7.11.0 BC6 and 8.0/master) · Issue #90401 · elastic/kibana · GitHub
Can you please confirm whether any alert was generated by this rule? If not, this warning should disappear after the first one.
And here is extensive list of test actions how to verify if agent is installed correctly and works as expected ElasticSIEM unable to find [logs-endpoint.alerts - #9 by Kevin_Logan.
Particularly, step with generating a new alert should fix issue you have if agent configured correctly.
Let me know if this helps. Thanks, Vitalii