Hi Chris.
It looks like you need to approve loading Elastic Endpoint's kernel extension. To do this go into Preferences -> Security and Privacy. You should see an option to allow loading kernel extensions from "Endgame, Inc". Click allow, then do something to cause the Elastic Endpoint to reapply its policy (the easiest way to do this is to reboot the host or to make a change to the policy in Kibana).
If you don't see an option to allow loading kernel extensions signed by "Endgame, Inc" run the command "sudo kextload /Library/Extensions/kendpoint.kext" then reopen the Preferences window.
After you approve loading the kernel extension, you'll also want to approve granting Elastic Endpoint Full Disk Access. Instructions on how to do that are available here (https://www.elastic.co/guide/en/endpoint/master/sensor-full-disk-access.html).
Details on approving kernel extensions are also available from Apple (https://developer.apple.com/library/archive/technotes/tn2459/_index.html). They also link to instructions describing how to approve loading a kernel extension via Team ID. Mobile Device Management tools like JAMF are able to preapprove loading the kernel extension using this method, if that would be useful in your environment.