Just curious if I need to delete the integration and re-add it on policies after updating an integration. Found this: Best workflow to update integrations - Elastic Stack / Kibana - Discuss the Elastic Stack
But no answer. I'm running into the same thing.
Hey Josh, i created that original post. I'm not aware of any better way yet.
What's even worse is that some integrations (especially the endpoint security integration) can't be configured until it is active in the policy. I don't understand why - The UI even taunts you with
We'll save your integration with our recommended defaults. You can change this later by editing the Endpoint Security integration within your agent policy.
This is bad when I want to have a detect-only policy. I have no way to configure this until the policy was rolled out to agents using the defaults, which are set to prevent.
I guess things like this is why Fleet is not in GA yet.
If I read the docs right, you're supposed to create a new policy with all the updated integrations, then roll over all agents to this new policy.
Though this approach is not much better with the current UI - you still have to re-configure the integrations from scratch, and there is no way to bulk-assign agents to the new policy.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.