Fleet/Agent Details Integration Status[Request]

caitlinbetz commented 2 years ago

Description

Background - Goal: make it more clear and intuitive when an integration is the cause of an "unhealthy" agent status, and provide next steps for resolving problems.

We've encountered many SDH issues where users see that an Agent is unhealthy and then have to go through several iterations with Support and Dev before discovering that the problem is Endpoint. By providing more insight into "unhealthy" Agents - with integration statuses - we hope to make this discovery faster for the user.

general workflow example (for Endpoint Security):

User adds the Endpoint & Cloud Security integration to their Agent policy and deploys an Agent
The Agent comes online in Fleet, but has an Unhealthy state
User clicks the agent details and is given status information for the Endpoint Security integration - "Needs attention"
The user is presented with top-level errors that direct them to the associated docs page for resolution

Note: In 8.4, the integration status details will be limited to the endpoint/cloud security integration, and limited to a handful of specific top-level errors (see https://github.com/elastic/security-docs/issues/2250 for more information). In 8.5, additional top-level errors will be added, as well as expanding the framework to provide integration status details within the Agent details API (for use by other integrations). See https://github.com/elastic/security-team/issues/4231 for tracking 8.5 work.

Collaboration

(Choose the expected collaboration model and delete the others.)

The docs team will lead producing the content

(Assign a contact person for this issue. We need to have a contact person in the product/development team to provide information about how the item to be documented works. This can be omitted when the product/development team is providing the initial content, as the contact person will be the one making the initial contribution.) @caitlinbetz

Suggested Target Release

8.4 release docs

Stakeholders

@caitlinbetz and @kevinlog from the endpoint UI eng team @joepeeples and @jmikell821 from security docs team, for awareness

caitlinbetz commented 2 years ago

FYI - @dedemorton

dedemorton commented 2 years ago

@caitlinbetz Sorry, I added my comment to the wrong issue (too many tabs open). I'll repeat it here....

It looks like there are still some pending tasks in https://github.com/elastic/security-team/issues/4231. I'm going to remove the 8.5 label on this doc issue for now because it sounds like this feature is not complete and has already been documented in the security docs (where it's the most relevant). Let me know if you disagree. I can tackle it next week, if necessary.

elastic / ingest-docs