I have installed Elastic 7.14 and testing Endoint Security over fleet with Linux Machines (Debian 10).
All seems that is working but after few minutes appear the message : State changed to DEGRADED with all of them.
After check it, the is issue is related with Download User Artifacts.
Download User Artifacts Failed : Artifact endpoint-trustlist-linux-v1 is unavailable
Is it normal? Any solutions?
Thanks.
I'm having the exact same issue with CentOS and Rocky 8. It looks like the agents are unable to download the trusted application and exception lists from the fleet server. As I understand it, these lists were previously served by Kibana and the functionality moved to be being served by the fleet server. It looks like the fleet server is downloading these lists successfully from Kibana but it is not making it to the agents.
@pedimave , @linuxace sorry for the trouble you are having. Could you let me know the following:
.fleet-artifacts index in the system? and does it have entries in it?Artifact SO migration failed?I also had the same problem, what I did was delete the index which has the malware artifacts and re added the integration to the policy.
You can try the below command to delete the artifacts
DELETE .kibana/_doc/endpoint:user-artifact-manifest:endpoint-manifest-v1
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.