[8.17] Creates agentless troubleshooting page (backport #6184) (#6249)

* Creates agentless troubleshooting page (#6184)

* create agentless troubleshooting steps

* incorporates Omolola's comment

* incorporates Nastasha's review and adds serverless version

* fixes typo

* fix fleet refs

* minor edit

* incorporates Janeen's review and updates fleet refs in ESS version

(cherry picked from commit db188fa)

# Conflicts:
#	docs/serverless/index.asciidoc

* Delete docs/serverless directory and its contents

---------

Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: 3 people

docs/getting-started/agentless-troubleshooting.asciidoc

@@ -0,0 +1,47 @@
+[[agentless-integration-troubleshooting]]
+= Agentless integrations FAQ
+
+Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration.
+
+[discrete]
+== When I make a new integration, when will I see the agent appear on the Integration Policies page?
+
+After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete.
+
+[discrete]
+== How do I troubleshoot an `Offline` agent?
+
+For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. 
+
+To troubleshoot this issue:
+
+. Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab.
+. Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again.
+
+NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again.
+
+[discrete]
+== How do I troubleshoot an `Unhealthy` agent?
+
+On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent:
+
+* Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials:
++ 
+```
+[elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX
+```
+
+For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. 
+
+[discrete]
+== How do I delete an agentless integration?
+
+NOTE: Deleting your integration will remove all associated resources and stop data ingestion.
+
+When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. 
+
+. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`.
+. Go to the CSPM Integration's **Integration policies** tab.
+. Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**.
+. Confirm by clicking **Delete integration** again.
+

docs/getting-started/index.asciidoc

@@ -14,6 +14,7 @@ include::ingest-data.asciidoc[leveloffset=+1]
 include::threat-intel-integrations.asciidoc[leveloffset=+2]
 include::automatic-import.asciidoc[leveloffset=+2]
 include::agentless-integrations.asciidoc[leveloffset=+2]
+include::agentless-troubleshooting.asciidoc[leveloffset=+3]
 
 include::security-spaces.asciidoc[leveloffset=+1]