-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Creates agentless troubleshooting page (#6184)
* create agentless troubleshooting steps * incorporates Omolola's comment * incorporates Nastasha's review and adds serverless version * fixes typo * fix fleet refs * minor edit * incorporates Janeen's review and updates fleet refs in ESS version (cherry picked from commit db188fa) # Conflicts: # docs/serverless/index.asciidoc
- Loading branch information
1 parent
2d12664
commit 12f16c3
Showing
4 changed files
with
298 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| [[agentless-integration-troubleshooting]] | ||
| = Agentless integrations FAQ | ||
|
|
||
| Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. | ||
|
|
||
| [discrete] | ||
| == When I make a new integration, when will I see the agent appear on the Integration Policies page? | ||
|
|
||
| After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. | ||
|
|
||
| [discrete] | ||
| == How do I troubleshoot an `Offline` agent? | ||
|
|
||
| For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. | ||
|
|
||
| To troubleshoot this issue: | ||
|
|
||
| . Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. | ||
| . Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. | ||
|
|
||
| NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. | ||
|
|
||
| [discrete] | ||
| == How do I troubleshoot an `Unhealthy` agent? | ||
|
|
||
| On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: | ||
|
|
||
| * Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: | ||
| + | ||
| ``` | ||
| [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX | ||
| ``` | ||
|
|
||
| For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. | ||
|
|
||
| [discrete] | ||
| == How do I delete an agentless integration? | ||
|
|
||
| NOTE: Deleting your integration will remove all associated resources and stop data ingestion. | ||
|
|
||
| When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. | ||
|
|
||
| . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. | ||
| . Go to the CSPM Integration's **Integration policies** tab. | ||
| . Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. | ||
| . Confirm by clicking **Delete integration** again. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,203 @@ | ||
| :doctype: book | ||
|
|
||
| include::{asciidoc-dir}/../../shared/versions/stack/master.asciidoc[] | ||
| include::{asciidoc-dir}/../../shared/attributes.asciidoc[] | ||
|
|
||
| [[what-is-security-serverless]] | ||
| == Elastic Security serverless | ||
|
|
||
| ++++ | ||
| <titleabbrev>Elastic Security</titleabbrev> | ||
| ++++ | ||
|
|
||
| include::./what-is-security-serverless.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./security-overview.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./billing.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./projects-create/create-project.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./sec-requirements.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./security-ui.asciidoc[leveloffset=+2] | ||
| include::./security-spaces.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./AI-for-security/ai-for-security-landing-pg.asciidoc[leveloffset=+2] | ||
| include::./AI-for-security/ai-assistant.asciidoc[leveloffset=+3] | ||
| include::./AI-for-security/knowledge-base.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/attack-discovery.asciidoc[leveloffset=+3] | ||
| include::./AI-for-security/llm-connector-guides.asciidoc[leveloffset=+3] | ||
| include::./AI-for-security/llm-performance-matrix.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/connect-to-azure-openai.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/connect-to-bedrock.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/connect-to-openai.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/connect-to-vertex.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/connect-to-byo-llm.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/ai-use-cases.asciidoc[leveloffset=+3] | ||
| include::./AI-for-security/usecase-attack-disc-ai-assistant-incident-reporting.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/ai-assistant-alert-triage.asciidoc[leveloffset=+4] | ||
| include::./AI-for-security/ai-assistant-esql-queries.asciidoc[leveloffset=+4] | ||
|
|
||
| include::./ingest/ingest-data.asciidoc[leveloffset=+2] | ||
| include::./ingest/threat-intelligence.asciidoc[leveloffset=+3] | ||
| include::./ingest/auto-import.asciidoc[leveloffset=+3] | ||
| include::./ingest/agentless-integrations.asciidoc[leveloffset=+3] | ||
| include::./ingest/agentless-troubleshooting.asciidoc[leveloffset=+4] | ||
|
|
||
| include::./edr-install-config/endpoint-protection-intro.asciidoc[leveloffset=+2] | ||
| include::./edr-install-config/deploy-endpoint-reqs.asciidoc[leveloffset=+3] | ||
| include::./edr-install-config/install-elastic-defend.asciidoc[leveloffset=+3] | ||
| include::./edr-install-config/deploy-endpoint-macos-cat-mont.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/deploy-endpoint-macos-ven.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/deploy-with-mdm.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/agent-tamper-protection.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/defend-feature-privs.asciidoc[leveloffset=+3] | ||
| include::./edr-install-config/configure-endpoint-integration-policy.asciidoc[leveloffset=+3] | ||
| include::./edr-install-config/artifact-control.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/endpoint-diagnostic-data.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/self-healing-rollback.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/linux-file-monitoring.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/endpoint-data-volume.asciidoc[leveloffset=+4] | ||
| include::./edr-install-config/uninstall-agent.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./edr-manage/manage-endpoint-protection.asciidoc[leveloffset=+2] | ||
| include::./edr-manage/endpoints-page.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/policies-page-ov.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/trusted-apps-ov.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/event-filters.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/host-isolation-exceptions.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/blocklist.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/optimize-edr.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/endpoint-event-capture.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/allowlist-endpoint-3rd-party-av.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/endpoint-self-protection.asciidoc[leveloffset=+3] | ||
| include::./edr-manage/endpoint-command-ref.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./endpoint-response-actions/response-actions.asciidoc[leveloffset=+2] | ||
| include::./endpoint-response-actions/automated-response-actions.asciidoc[leveloffset=+3] | ||
| include::./endpoint-response-actions/host-isolation-ov.asciidoc[leveloffset=+3] | ||
| include::./endpoint-response-actions/response-actions-history.asciidoc[leveloffset=+3] | ||
| include::./endpoint-response-actions/third-party-actions.asciidoc[leveloffset=+3] | ||
| include::./endpoint-response-actions/response-actions-config.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./cloud-native-security/cloud-native-security-overview.asciidoc[leveloffset=+2] | ||
| include::./cloud-native-security/security-posture-management.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/enable-cloudsec.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/cspm.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/cspm-get-started.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cspm-get-started-gcp.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cspm-get-started-azure.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cspm-findings-page.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/benchmark-rules.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cspm-cloud-posture-dashboard-dash.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cspm-security-posture-faq.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/kspm.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/get-started-with-kspm.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/kspm-cspm-findings-page.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/kspm-benchmark-rules.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/kspm-cloud-posture-dashboard-dash.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/security-posture-faq.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/vuln-management-overview.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/vuln-management-get-started.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/vuln-management-findings.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/vuln-management-dashboard-dash.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/vuln-management-faq.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/d4c-overview.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/d4c-get-started.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/d4c-policy-guide.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/d4c-kubernetes-dashboard-dash.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/cloud-workload-protection.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/environment-variable-capture.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/ingest-cncf-data.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/falco-setup.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/aws-securityhub.asciidoc[leveloffset=+4] | ||
| include::./cloud-native-security/wiz.asciidoc[leveloffset=+4] | ||
|
|
||
| include::./explore/explore-your-data.asciidoc[leveloffset=+2] | ||
| include::./explore/hosts-overview.asciidoc[leveloffset=+3] | ||
| include::./explore/network-page-overview.asciidoc[leveloffset=+3] | ||
| include::./explore/conf-map-ui.asciidoc[leveloffset=+4] | ||
| include::./explore/users-page.asciidoc[leveloffset=+3] | ||
| include::./explore/data-views-in-sec.asciidoc[leveloffset=+3] | ||
| include::./explore/runtime-fields.asciidoc[leveloffset=+3] | ||
| include::./explore/siem-field-reference.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./dashboards/dashboards-overview.asciidoc[leveloffset=+2] | ||
| include::./dashboards/overview-dashboard.asciidoc[leveloffset=+3] | ||
| include::./dashboards/detection-response-dashboard.asciidoc[leveloffset=+3] | ||
| include::./dashboards/kubernetes-dashboard-dash.asciidoc[leveloffset=+3] | ||
| include::./dashboards/cloud-posture-dashboard-dash.asciidoc[leveloffset=+3] | ||
| include::./dashboards/detection-entity-dashboard.asciidoc[leveloffset=+3] | ||
| include::./dashboards/data-quality-dash.asciidoc[leveloffset=+3] | ||
| include::./dashboards/vuln-management-dashboard-dash.asciidoc[leveloffset=+3] | ||
| include::./dashboards/rule-monitoring-dashboard.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./rules/detection-engine-overview.asciidoc[leveloffset=+2] | ||
| include::./rules/detections-permissions-section.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./rules/about-rules.asciidoc[leveloffset=+2] | ||
| include::./rules/rules-ui-create.asciidoc[leveloffset=+3] | ||
| include::./rules/interactive-investigation-guides.asciidoc[leveloffset=+4] | ||
| include::./rules/building-block-rule.asciidoc[leveloffset=+4] | ||
| include::./rules/prebuilt-rules/prebuilt-rules-management.asciidoc[leveloffset=+3] | ||
| include::./rules/rules-ui-management.asciidoc[leveloffset=+3] | ||
| include::./rules/alerts-ui-monitor.asciidoc[leveloffset=+3] | ||
| include::./rules/detections-ui-exceptions.asciidoc[leveloffset=+3] | ||
| include::./rules/value-lists-exceptions.asciidoc[leveloffset=+4] | ||
| include::./rules/add-exceptions.asciidoc[leveloffset=+4] | ||
| include::./rules/shared-exception-lists.asciidoc[leveloffset=+4] | ||
| include::./rules/rules-coverage.asciidoc[leveloffset=+3] | ||
| include::./rules/tuning-detection-signals.asciidoc[leveloffset=+3] | ||
| include::./rules/prebuilt-rules/prebuilt-rules.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./alerts/alerts-ui-manage.asciidoc[leveloffset=+2] | ||
| include::./alerts/visualize-alerts.asciidoc[leveloffset=+3] | ||
| include::./alerts/view-alert-details.asciidoc[leveloffset=+3] | ||
| include::./alerts/signals-to-cases.asciidoc[leveloffset=+3] | ||
| include::./alerts/alert-suppression.asciidoc[leveloffset=+3] | ||
| include::./alerts/reduce-notifications-alerts.asciidoc[leveloffset=+3] | ||
| include::./alerts/query-alert-indices.asciidoc[leveloffset=+3] | ||
| include::./alerts/alert-schema.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./advanced-entity-analytics/advanced-entity-analytics-overview.asciidoc[leveloffset=+2] | ||
| include::./advanced-entity-analytics/entity-risk-scoring.asciidoc[leveloffset=+3] | ||
| include::./advanced-entity-analytics/ers-req.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/asset-criticality.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/turn-on-risk-engine.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/analyze-risk-score-data.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/advanced-behavioral-detections.asciidoc[leveloffset=+3] | ||
| include::./advanced-entity-analytics/ml-requirements.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/machine-learning.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/tuning-anomaly-results.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/behavioral-detection-use-cases.asciidoc[leveloffset=+4] | ||
| include::./advanced-entity-analytics/prebuilt-ml-jobs.asciidoc[leveloffset=+4] | ||
|
|
||
| include::./investigate/investigate-events.asciidoc[leveloffset=+2] | ||
| include::./investigate/timelines-ui.asciidoc[leveloffset=+3] | ||
| include::./investigate/timeline-templates-ui.asciidoc[leveloffset=+4] | ||
| include::./investigate/timeline-object-schema.asciidoc[leveloffset=+4] | ||
| include::./alerts/visual-event-analyzer.asciidoc[leveloffset=+3] | ||
| include::./cloud-native-security/session-view.asciidoc[leveloffset=+3] | ||
| include::./osquery/use-osquery.asciidoc[leveloffset=+3] | ||
| include::./osquery/osquery-response-action.asciidoc[leveloffset=+4] | ||
| include::./osquery/invest-guide-run-osquery.asciidoc[leveloffset=+4] | ||
| include::./osquery/alerts-run-osquery.asciidoc[leveloffset=+4] | ||
| include::./osquery/view-osquery-results.asciidoc[leveloffset=+4] | ||
| include::./osquery/osquery-placeholder-fields.asciidoc[leveloffset=+4] | ||
| include::./investigate/add-manage-notes.asciidoc[leveloffset=+3] | ||
| include::./investigate/indicators-of-compromise.asciidoc[leveloffset=+3] | ||
| include::./investigate/cases-overview.asciidoc[leveloffset=+3] | ||
| include::./investigate/case-permissions.asciidoc[leveloffset=+4] | ||
| include::./investigate/cases-open-manage.asciidoc[leveloffset=+4] | ||
| include::./investigate/cases-settings.asciidoc[leveloffset=+4] | ||
|
|
||
| include::./assets/asset-management.asciidoc[leveloffset=+2] | ||
|
|
||
| include::./settings/manage-settings.asciidoc[leveloffset=+2] | ||
| include::./settings/project-settings.asciidoc[leveloffset=+3] | ||
| include::./settings/advanced-settings.asciidoc[leveloffset=+3] | ||
|
|
||
| include::./troubleshooting/troubleshooting-intro.asciidoc[leveloffset=+2] | ||
| include::./troubleshooting/ts-detection-rules.asciidoc[leveloffset=+3] | ||
| include::./troubleshooting/troubleshoot-endpoints.asciidoc[leveloffset=+3] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| [[agentless-integration-troubleshooting]] | ||
| = Agentless integrations FAQ | ||
|
|
||
| Frequently asked questions and troubleshooting steps for {elastic-sec}'s agentless CSPM integration. | ||
|
|
||
| [discrete] | ||
| == When I make a new integration, when will I see the agent appear on the Integration Policies page? | ||
|
|
||
| After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. | ||
|
|
||
| [discrete] | ||
| == How do I troubleshoot an `Offline` agent? | ||
|
|
||
| For agentless integrations to successfully connect to {elastic-sec}, the {fleet} server host value must be the default. Otherwise, the agent status on the {fleet} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. | ||
|
|
||
| To troubleshoot this issue: | ||
|
|
||
| . Find **{fleet}** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Go to the **Settings** tab. | ||
| . Under **{fleet} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {fleet} Server flyout. The policy named `Default` should have the **Make this {fleet} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. | ||
|
|
||
| NOTE: If the **Make this {fleet} server the default one** setting was already enabled but problems persist, it's possible someone changed the default {fleet} server's **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. | ||
|
|
||
| [discrete] | ||
| == How do I troubleshoot an `Unhealthy` agent? | ||
|
|
||
| On the **{fleet}** page, the agent associated with an agentless integration has a name that begins with `agentless`. To troubleshoot an `Unhealthy` agent: | ||
|
|
||
| * Confirm that you entered the correct credentials for the cloud provider you're monitoring. The following is an example of an error log resulting from using incorrect AWS credentials: | ||
| + | ||
| ``` | ||
| [elastic_agent.cloudbeat][error] Failed to update registry: failed to get AWS accounts: operation error Organizations: ListAccounts, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: XXX, api error AccessDenied: User: XXX is not authorized to perform: sts:AssumeRole on resource:XXX | ||
| ``` | ||
|
|
||
| For instructions on checking {{fleet}} logs, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting]. | ||
|
|
||
| [discrete] | ||
| == How do I delete an agentless integration? | ||
|
|
||
| NOTE: Deleting your integration will remove all associated resources and stop data ingestion. | ||
|
|
||
| When you create a new agentless CSPM integration, a new agent policy appears within the **Agent policies** tab on the **{fleet}** page, but you can't use the **Delete integration** button on this page. Instead, you must delete the integration from the CSPM Integration's **Integration policies** tab. | ||
|
|
||
| . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then search for and select `CSPM`. | ||
| . Go to the CSPM Integration's **Integration policies** tab. | ||
| . Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. | ||
| . Confirm by clicking **Delete integration** again. | ||
|
|