Hey Josh, i created that original post. I'm not aware of any better way yet.
What's even worse is that some integrations (especially the endpoint security integration) can't be configured until it is active in the policy. I don't understand why - The UI even taunts you with
We'll save your integration with our recommended defaults. You can change this later by editing the Endpoint Security integration within your agent policy.
This is bad when I want to have a detect-only policy. I have no way to configure this until the policy was rolled out to agents using the defaults, which are set to prevent.
I guess things like this is why Fleet is not in GA yet.
If I read the docs right, you're supposed to create a new policy with all the updated integrations, then roll over all agents to this new policy.
Though this approach is not much better with the current UI - you still have to re-configure the integrations from scratch, and there is no way to bulk-assign agents to the new policy.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.