|
| 1 | +[[agentless-integration-troubleshooting]] |
| 2 | += Agentless integrations FAQ |
| 3 | + |
| 4 | +Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. |
| 5 | + |
| 6 | +*When I make a new integration, how long until the agent appears on the agent policies page?* |
| 7 | + |
| 8 | +After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrolment. No action is needed other than refreshing the page once enrolment is complete. |
| 9 | + |
| 10 | +*How do I troubleshoot an "Offline" agent?* |
| 11 | + |
| 12 | +For agentless integrations to successfully connect to {elastic-sec}, your Fleet server host value must be the default. Otherwise, the agent status that appears on the Fleet page will be `Offline`, and logs will include the following error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. |
| 13 | + |
| 14 | +To troubleshoot this issue: |
| 15 | + |
| 16 | +. Find **Fleet** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. |
| 17 | +. Under **Fleet server hosts**, click the **Actions** button for the policy named `Default`. This opens the **Edit Fleet Server** flyout. The policy named `Default` should have the **Make this Fleet server the default one** setting enabled. If not, enable it, then delete your integration and create it again. |
| 18 | +. If the **Make this Fleet server the default one** setting was already enabled, it's possible someone changed the **URL** value for your default fleet server. In this case, contact Elastic support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. |
| 19 | + |
| 20 | +*How do I troubleshoot an "Unhealthy" agent?* |
| 21 | + |
| 22 | +On the **Fleet** page, the agent associated with an agentless integration will have a name that begins with `agentless`. To troubleshoot an unhealthy agent: |
| 23 | + |
| 24 | +. Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: |
| 25 | ++ |
| 26 | +``` |
| 27 | +[elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: cb01df90-1e78-4ae0-bdad-7e71b1d68f86, api error AccessDenied: User: arn:aws:iam::704479110758:user/lola is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::704479110758:role/cloudbeat-root |
| 28 | +``` |
| 29 | ++ |
| 30 | +. For information about collecting logs, refer to {fleet-guide}/fleet-troubleshooting.html[Fleet troubleshooting]. |
| 31 | + |
| 32 | +*How do I delete an agentless integration?* |
| 33 | + |
| 34 | +NOTE: Deleting your integration will remove all associated resources and stop data ingestion. |
| 35 | + |
| 36 | +When you create a new agentless CSPM integration, a new agent policy appears on the **Agent policies** tab of the **Fleet** page, but you can't use the **Delete integration** button on this page. Instead, delete delete the integration from the CSPM Integration policies page. |
| 37 | + |
| 38 | +. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. |
| 39 | +. On the CSPM integration page, go to the **Integation policies** tab. |
| 40 | +. Find the integration policy for the integration you want to delete. Click **Actions** then **Delete integration**. |
| 41 | +. Confirm by clicking **Delete integration** again. |
| 42 | + |
0 commit comments