Integration

I would like to clarify, what is the difference between "EndPoint Security" and "Elastic Defend" integrations?
But there is only "Elastic Defend" in "integration" tab. But in "rules", it is asked to add "Endpoint security"

1 Like

Hey @bex ,

its the same it was renamed in:
8.5 | Elastic Security Solution [8.6] | Elastic

  • Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration (#139517).

Regards

Sebastian

1 Like

Hello Sebastian. Thanks for reply.
Do you know why it shows that integration is not installed, although I have installed Elastic Defend. And when I want to add "Endpoint Security" integration to the policy, it does not allow me to install it, since there is already "Elastic Defend"


Hello @bex ,

I would check the following things:

  1. Was the integration also rolled out via an Elastic Agent Policy. If not then role this out.
  2. If this integration was rolled out then I would check if the agent can communicate with the elasticsearch.

As you can see in your error message from image 1, this role would currently run into the void because there is currently no data from Elastic defend in elasticsearch.

Regards,

Sebastian

Hello @Sebastian_Huettersen
Thanks for reply.

  1. Yes, the integration was rolled out via an Elastic Agent policy.
  2. Yes, agent can communicate with the elasticsearch. Elasticsearch receives logs from elastic agents and I can see them. In the "fleet" section, everything is fine with the status of agents.

The only thing that I have disabled, the "collect agent metrics"

Hello @bex

I have looked at your screenshots again. There I noticed that one of the rule has worked.
Currently, there is a display bug for endpoint:

I guess that the one rule does not work because there have been no alerts from the Elastic defend so far.

as I understand, what shows as "not installed" is a bug, right? But from [Security Solution]Endpoint security rule has wrong Related integrations information. · Issue #151103 · elastic/kibana · GitHub, we see that the bug was fixed for version 8.7.
If I'm not mistaken, version 8.7 has not been released for production yet?

Latest production version is Elasticsearch version 8.6.2 | Elasticsearch Guide [8.6] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.