From 19ced4376781550006fc8bc8cb1200500eab7dd3 Mon Sep 17 00:00:00 2001
From: David Kilfoyle <david.kilfoyle@elastic.co>
Date: Tue, 21 Jan 2025 10:56:58 -0500
Subject: [PATCH] Add warning about Elastic Defend with remote ES output

---
 .../fleet/fleet-settings-remote-elasticsearch.asciidoc          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/en/ingest-management/fleet/fleet-settings-remote-elasticsearch.asciidoc b/docs/en/ingest-management/fleet/fleet-settings-remote-elasticsearch.asciidoc
index f548032f7..38ba8795d 100644
--- a/docs/en/ingest-management/fleet/fleet-settings-remote-elasticsearch.asciidoc
+++ b/docs/en/ingest-management/fleet/fleet-settings-remote-elasticsearch.asciidoc
@@ -7,6 +7,8 @@ Beginning in version 8.12.0, you can send {agent} data to a remote {es} cluster.
 
 A remote {es} cluster supports the same <<es-output-settings,output settings>> as your main {es} cluster.
 
+WARNING: A bug has been found that causes {elastic-defend} response actions to stop working when a remote {es} output is configured for an agent. This bug is currently being investigated and is expected to be resolved in an upcoming release.
+
 NOTE: Using a remote {es} output with a target cluster that has {cloud}/ec-traffic-filtering-deployment-configuration.html[traffic filters] enabled is not currently supported.
 
 To configure a remote {es} cluster for your {agent} data: