Linux-Endpoint-security State changed to DEGRADED-Artifact endpoint-trustlist-linux-v1 is unavailablee

I have installed Elastic 7.14 and testing Endoint Security over fleet with Linux Machines (Debian 10).

All seems that is working but after few minutes appear the message : State changed to DEGRADED with all of them.

After check it, the is issue is related with Download User Artifacts.

Download User Artifacts Failed : Artifact endpoint-trustlist-linux-v1 is unavailable

Is it normal? Any solutions?


I'm having the exact same issue with CentOS and Rocky 8. It looks like the agents are unable to download the trusted application and exception lists from the fleet server. As I understand it, these lists were previously served by Kibana and the functionality moved to be being served by the fleet server. It looks like the fleet server is downloading these lists successfully from Kibana but it is not making it to the agents.

@pedimave , @linuxace sorry for the trouble you are having. Could you let me know the following:

  1. is there a .fleet-artifacts index in the system? and does it have entries in it?
  2. do your kibana logs have any errors associated with migration of artifacts like Artifact SO migration failed?
  3. can you provide some information on the upgrade path that was used for your respective environments?

I also had the same problem, what I did was delete the index which has the malware artifacts and re added the integration to the policy.
You can try the below command to delete the artifacts
DELETE .kibana/_doc/endpoint:user-artifact-manifest:endpoint-manifest-v1

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.