|
| 1 | +[[agentless-integration-troubleshooting]] |
| 2 | += Agentless integrations FAQ |
| 3 | + |
| 4 | +Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. |
| 5 | + |
| 6 | +[discrete] |
| 7 | +== When I make a new integration, when will I see the agent appear on the Integration Policies page? |
| 8 | + |
| 9 | +After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. |
| 10 | + |
| 11 | +[discrete] |
| 12 | +== How do I troubleshoot an `Offline` agent? |
| 13 | + |
| 14 | +For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. |
| 15 | + |
| 16 | +To troubleshoot this issue: |
| 17 | + |
| 18 | +. Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. |
| 19 | +. Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. |
| 20 | + |
| 21 | +NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. |
| 22 | + |
| 23 | +[discrete] |
| 24 | +== How do I troubleshoot an `Unhealthy` agent? |
| 25 | + |
| 26 | +On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: |
| 27 | + |
| 28 | +* Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: |
| 29 | ++ |
| 30 | +``` |
| 31 | +[elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX |
| 32 | +``` |
| 33 | + |
| 34 | +For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. |
| 35 | + |
| 36 | +[discrete] |
| 37 | +== How do I delete an agentless integration? |
| 38 | + |
| 39 | +NOTE: Deleting your integration will remove all associated resources and stop data ingestion. |
| 40 | + |
| 41 | +When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. |
| 42 | + |
| 43 | +. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. |
| 44 | +. Go to the CSPM Integration's **Integration policies** tab. |
| 45 | +. Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. |
| 46 | +. Confirm by clicking **Delete integration** again. |
| 47 | + |
0 commit comments