Security -> Administration Page not getting past Enrollment

Elastic Security
1

Hello,

We have been testing the new Elastic Agent and Endpoint security functionality introduced in 7.9.0.

We have an agent already enrolled by the Administration page keeps prompting use to enroll the agent. We can validate that the agent is working and sending filebeat and metricbeat data and we can validate that the elastic-endpoint.exe is running.

Here is a screenshot of what we can't get past.

image
image1915×883 51.2 KB

Here are the latest details from the agent that we would expect to be working:

image
image1090×600 91.6 KB

image

And here are the datasets:

image
image1111×809 77.7 KB

Are there any other configuration changes that need to be made to get past the "Enrollment Tutorial Page" in Administration?

Note that when we click on "here" for advanced settings:

image
image1139×554 31.2 KB

We do get to the Administration page:

image
image1903×917 58.7 KB

And once we save integrations then it just takes us back to the Configurations page letting us know the changes were saved successfully.

So we are just looking for some directions on what might be missing so we can take advantage of the Administration page.

Thanks!

2

Hi Nic,

Thanks for trying out Elastic Endpoint Security.

I saw you commented in this issue - Elastic Agent not sending Data - and that you are using a self-signed cert. This is likely the root cause of the issue detailed here. We'll continue to track this on that other thread. Thank you for supplying so much detail.

  • Kevin
2 Likes
3

I'm displaying the same screen, though I'm using a CA signed certificate.

Agents are definitely sending messages to kibana, however I don't have any information in the datasets page.

Is there anything I should check to verify i'm receiving the messages properly?

4

I think you need a dataset for endpoint security to get past the enroll agent prompt. I dont see one in your screenshot. Can you check the agent logs for errors? I think they are in your installation directory under data. I believe we don't support custom certificates in 7.9 for the elasticsearch output.