From 349f55cdc90ace65947967e7ef1c3b4b036f1480 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 19 Nov 2024 09:03:38 -0800 Subject: [PATCH 1/7] create agentless troubleshooting steps --- .../agentless-troubleshooting.asciidoc | 42 +++++++++++++++++++ docs/getting-started/index.asciidoc | 1 + 2 files changed, 43 insertions(+) create mode 100644 docs/getting-started/agentless-troubleshooting.asciidoc diff --git a/docs/getting-started/agentless-troubleshooting.asciidoc b/docs/getting-started/agentless-troubleshooting.asciidoc new file mode 100644 index 0000000000..7517dce874 --- /dev/null +++ b/docs/getting-started/agentless-troubleshooting.asciidoc @@ -0,0 +1,42 @@ +[[agentless-integration-troubleshooting]] += Agentless integrations FAQ + +Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. + +*When I make a new integration, how long until the agent appears on the agent policies page?* + +After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. + +*How do I troubleshoot an "Offline" agent?* + +For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the following error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. + +To troubleshoot this issue: + +. Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. +. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the **Edit Fleet Server** flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. +. If the **Make this Fleet server the default one** setting was already enabled, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. + +*How do I troubleshoot an "Unhealthy" agent?* + +On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an unhealthy agent: + +. Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: ++ +``` +[elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX +``` ++ +. For information about collecting logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. + +*How do I delete an agentless integration?* + +NOTE: Deleting your integration will remove all associated resources and stop data ingestion. + +When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, delete the integration from the CSPM Integration policies page. + +. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. +. On the CSPM integration page, go to the **Integration policies** tab. +. Find the integration policy for the integration you want to delete. Click **Actions** then **Delete integration**. +. Confirm by clicking **Delete integration** again. + diff --git a/docs/getting-started/index.asciidoc b/docs/getting-started/index.asciidoc index 1ef9d2bcda..dfd51a88b7 100644 --- a/docs/getting-started/index.asciidoc +++ b/docs/getting-started/index.asciidoc @@ -18,6 +18,7 @@ include::ingest-data.asciidoc[leveloffset=+1] include::threat-intel-integrations.asciidoc[leveloffset=+2] include::automatic-import.asciidoc[leveloffset=+2] include::agentless-integrations.asciidoc[leveloffset=+2] +include::agentless-troubleshooting.asciidoc[leveloffset=+3] include::security-spaces.asciidoc[leveloffset=+1] From 7189d82db9ee8dc7e40e4d35c74ebb8968ee3c27 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 19 Nov 2024 10:05:54 -0800 Subject: [PATCH 2/7] incorporates Omolola's comment --- docs/getting-started/agentless-troubleshooting.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/agentless-troubleshooting.asciidoc b/docs/getting-started/agentless-troubleshooting.asciidoc index 7517dce874..77a2bdf472 100644 --- a/docs/getting-started/agentless-troubleshooting.asciidoc +++ b/docs/getting-started/agentless-troubleshooting.asciidoc @@ -3,7 +3,7 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. -*When I make a new integration, how long until the agent appears on the agent policies page?* +*When I make a new integration, how long until the agent appears on the Integration Policies page?* After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. From fe3b6dfadb998e9399db3744bfd343a76decc95c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 21 Nov 2024 11:59:38 -0800 Subject: [PATCH 3/7] incorporates Nastasha's review and adds serverless version --- .../agentless-troubleshooting.asciidoc | 31 +++++++----- docs/serverless/index.asciidoc | 1 + .../ingest/agentless-troubleshooting.asciidoc | 47 +++++++++++++++++++ 3 files changed, 66 insertions(+), 13 deletions(-) create mode 100644 docs/serverless/ingest/agentless-troubleshooting.asciidoc diff --git a/docs/getting-started/agentless-troubleshooting.asciidoc b/docs/getting-started/agentless-troubleshooting.asciidoc index 77a2bdf472..2308bd9aff 100644 --- a/docs/getting-started/agentless-troubleshooting.asciidoc +++ b/docs/getting-started/agentless-troubleshooting.asciidoc @@ -3,40 +3,45 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. -*When I make a new integration, how long until the agent appears on the Integration Policies page?* +[discrete] +== When I make a new integration, how long until the agent appears on the Integration Policies page? After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. -*How do I troubleshoot an "Offline" agent?* +[discrete] +== How do I troubleshoot an `Offline` agent?* -For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the following error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. +For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. To troubleshoot this issue: . Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. -. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the **Edit Fleet Server** flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. -. If the **Make this Fleet server the default one** setting was already enabled, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. +. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit Fleet Server flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. -*How do I troubleshoot an "Unhealthy" agent?* +NOTE: If the **Make this Fleet server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. -On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an unhealthy agent: +[discrete] +== How do I troubleshoot an `Unhealthy` agent? + +On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: . Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: + ``` [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX ``` -+ -. For information about collecting logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. -*How do I delete an agentless integration?* +For instructions on checking {fleet} logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. + +[discrete] +== How do I delete an agentless integration? NOTE: Deleting your integration will remove all associated resources and stop data ingestion. -When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, delete the integration from the CSPM Integration policies page. +When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. -. On the CSPM integration page, go to the **Integration policies** tab. -. Find the integration policy for the integration you want to delete. Click **Actions** then **Delete integration**. +. Open the CSPM Integration's **Integration policies** tab. +. Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. . Confirm by clicking **Delete integration** again. diff --git a/docs/serverless/index.asciidoc b/docs/serverless/index.asciidoc index 26b43198ab..894458f3c4 100644 --- a/docs/serverless/index.asciidoc +++ b/docs/serverless/index.asciidoc @@ -43,6 +43,7 @@ include::./ingest/ingest-data.asciidoc[leveloffset=+2] include::./ingest/threat-intelligence.asciidoc[leveloffset=+3] include::./ingest/auto-import.asciidoc[leveloffset=+3] include::./ingest/agentless-integrations.asciidoc[leveloffset=+3] +include::./ingest/agentless-troubleshooting.asciidoc[leveloffset=+4] include::./edr-install-config/endpoint-protection-intro.asciidoc[leveloffset=+2] include::./edr-install-config/deploy-endpoint-reqs.asciidoc[leveloffset=+3] diff --git a/docs/serverless/ingest/agentless-troubleshooting.asciidoc b/docs/serverless/ingest/agentless-troubleshooting.asciidoc new file mode 100644 index 0000000000..2308bd9aff --- /dev/null +++ b/docs/serverless/ingest/agentless-troubleshooting.asciidoc @@ -0,0 +1,47 @@ +[[agentless-integration-troubleshooting]] += Agentless integrations FAQ + +Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. + +[discrete] +== When I make a new integration, how long until the agent appears on the Integration Policies page? + +After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. + +[discrete] +== How do I troubleshoot an `Offline` agent?* + +For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. + +To troubleshoot this issue: + +. Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. +. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit Fleet Server flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. + +NOTE: If the **Make this Fleet server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. + +[discrete] +== How do I troubleshoot an `Unhealthy` agent? + +On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: + +. Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: ++ +``` +[elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX +``` + +For instructions on checking {fleet} logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. + +[discrete] +== How do I delete an agentless integration? + +NOTE: Deleting your integration will remove all associated resources and stop data ingestion. + +When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. + +. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. +. Open the CSPM Integration's **Integration policies** tab. +. Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. +. Confirm by clicking **Delete integration** again. + From b1deec616fdf1c566eecbfced0c6d824ade8ee72 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 22 Nov 2024 11:25:22 -0800 Subject: [PATCH 4/7] fixes typo --- docs/getting-started/agentless-troubleshooting.asciidoc | 2 +- docs/serverless/ingest/agentless-troubleshooting.asciidoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/getting-started/agentless-troubleshooting.asciidoc b/docs/getting-started/agentless-troubleshooting.asciidoc index 2308bd9aff..9caa8587ec 100644 --- a/docs/getting-started/agentless-troubleshooting.asciidoc +++ b/docs/getting-started/agentless-troubleshooting.asciidoc @@ -9,7 +9,7 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentle After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. [discrete] -== How do I troubleshoot an `Offline` agent?* +== How do I troubleshoot an `Offline` agent? For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. diff --git a/docs/serverless/ingest/agentless-troubleshooting.asciidoc b/docs/serverless/ingest/agentless-troubleshooting.asciidoc index 2308bd9aff..9caa8587ec 100644 --- a/docs/serverless/ingest/agentless-troubleshooting.asciidoc +++ b/docs/serverless/ingest/agentless-troubleshooting.asciidoc @@ -9,7 +9,7 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentle After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. [discrete] -== How do I troubleshoot an `Offline` agent?* +== How do I troubleshoot an `Offline` agent? For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. From 4921bf506c88e284c91a6b15e6609a35cf315725 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 22 Nov 2024 14:18:06 -0800 Subject: [PATCH 5/7] fix fleet refs --- .../ingest/agentless-troubleshooting.asciidoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/serverless/ingest/agentless-troubleshooting.asciidoc b/docs/serverless/ingest/agentless-troubleshooting.asciidoc index 9caa8587ec..c3b45711c4 100644 --- a/docs/serverless/ingest/agentless-troubleshooting.asciidoc +++ b/docs/serverless/ingest/agentless-troubleshooting.asciidoc @@ -11,19 +11,19 @@ After you create a new agentless integration, the new integration policy may sho [discrete] == How do I troubleshoot an `Offline` agent? -For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. +For agentless integrations to successfully connect to {elastic-sec}, your {fleet} server host value must be the default. Otherwise, the agent status that appears on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. To troubleshoot this issue: -. Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. -. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit Fleet Server flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. +. Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. +. Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. -NOTE: If the **Make this Fleet server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. +NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default {fleet} server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. [discrete] == How do I troubleshoot an `Unhealthy` agent? -On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: +On the **{fleet}** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: . Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: + @@ -31,14 +31,14 @@ On the **Fleet** page, the agent associated with an agentless integration will h [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX ``` -For instructions on checking {fleet} logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. +For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. [discrete] == How do I delete an agentless integration? NOTE: Deleting your integration will remove all associated resources and stop data ingestion. -When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. +When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. . Open the CSPM Integration's **Integration policies** tab. From 00c52d89847c5649566f77047cd8eb715afe24b2 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 22 Nov 2024 14:18:26 -0800 Subject: [PATCH 6/7] minor edit --- docs/serverless/ingest/agentless-troubleshooting.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/serverless/ingest/agentless-troubleshooting.asciidoc b/docs/serverless/ingest/agentless-troubleshooting.asciidoc index c3b45711c4..d12f42cb8a 100644 --- a/docs/serverless/ingest/agentless-troubleshooting.asciidoc +++ b/docs/serverless/ingest/agentless-troubleshooting.asciidoc @@ -25,7 +25,7 @@ NOTE: If the **Make this {fleet} server the default one** setting was already en On the **{fleet}** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: -. Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: +* Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: + ``` [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX From 747cdf7c3e5d4f15cc6e8d83bd0718bd9c02f3a9 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 26 Nov 2024 10:40:53 -0800 Subject: [PATCH 7/7] incorporates Janeen's review and updates fleet refs in ESS version --- .../agentless-troubleshooting.asciidoc | 20 +++++++++---------- .../ingest/agentless-troubleshooting.asciidoc | 12 +++++------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/getting-started/agentless-troubleshooting.asciidoc b/docs/getting-started/agentless-troubleshooting.asciidoc index 9caa8587ec..6629458449 100644 --- a/docs/getting-started/agentless-troubleshooting.asciidoc +++ b/docs/getting-started/agentless-troubleshooting.asciidoc @@ -4,44 +4,44 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. [discrete] -== When I make a new integration, how long until the agent appears on the Integration Policies page? +== When I make a new integration, when will I see the agent appear on the Integration Policies page? After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. [discrete] == How do I troubleshoot an `Offline` agent? -For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. +For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. To troubleshoot this issue: -. Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. -. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit Fleet Server flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. +. Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. +. Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. -NOTE: If the **Make this Fleet server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. +NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. [discrete] == How do I troubleshoot an `Unhealthy` agent? -On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: +On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: -. Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: +* Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: + ``` [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX ``` -For instructions on checking {fleet} logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. +For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. [discrete] == How do I delete an agentless integration? NOTE: Deleting your integration will remove all associated resources and stop data ingestion. -When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. +When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. -. Open the CSPM Integration's **Integration policies** tab. +. Go to the CSPM Integration's **Integration policies** tab. . Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. . Confirm by clicking **Delete integration** again. diff --git a/docs/serverless/ingest/agentless-troubleshooting.asciidoc b/docs/serverless/ingest/agentless-troubleshooting.asciidoc index d12f42cb8a..6629458449 100644 --- a/docs/serverless/ingest/agentless-troubleshooting.asciidoc +++ b/docs/serverless/ingest/agentless-troubleshooting.asciidoc @@ -4,26 +4,26 @@ Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. [discrete] -== When I make a new integration, how long until the agent appears on the Integration Policies page? +== When I make a new integration, when will I see the agent appear on the Integration Policies page? After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. [discrete] == How do I troubleshoot an `Offline` agent? -For agentless integrations to successfully connect to {elastic-sec}, your {fleet} server host value must be the default. Otherwise, the agent status that appears on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. +For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. To troubleshoot this issue: . Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. . Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. -NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the **URL** value for your default {fleet} server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. +NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. [discrete] == How do I troubleshoot an `Unhealthy` agent? -On the **{fleet}** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: +On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: * Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: + @@ -38,10 +38,10 @@ For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubl NOTE: Deleting your integration will remove all associated resources and stop data ingestion. -When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. +When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. -. Open the CSPM Integration's **Integration policies** tab. +. Go to the CSPM Integration's **Integration policies** tab. . Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. . Confirm by clicking **Delete integration** again.