[Security Solution] Endpoint status is shown as 'Error' under the Endpoint list & as 'Offline' in the policy.

[muskangulati-qasource]

Describe the bug
Endpoint status is shown as 'Error' under the Endpoint list & as 'Offline' in the policy.

Build Details:

Version: 7.12.0 BC3
Commit: 08417cbd6c15e4c866651a7dcdfeded58845206d
Build number: 39134
Artifact:  https://staging.elastic.co/7.12.0-96914cb5/summary-7.12.0.html

Browser Details
All

Preconditions

1. Elastic Cloud 7.12.0 environment should be deployed
2. Deploy an endpoint with Security Integration

Steps to Reproduce

1. The agent should be offline in the fleet tab
2. Navigate to the Administration tab.
3. Observe that for Offline endpoint, it shows the status as 'Error' under the endpoints list tab & shows the status as 'Offline' in the policy.

Test data
N/A

Impacted Test case(s)
N/A

Actual Result
Endpoint status is shown as 'Error' under the Endpoint list & as 'Offline' in the policy.

Expected Result
Endpoint status should be consistent.

What's Working
N/A

What's not Working
N/A

Screenshot
The Endpoints list Tab:

The Policy details tab:

Logs
N/A

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[muskangulati-qasource]

@manishgupta-qasource please review!

[manishgupta-qasource]

Reviewed & assigned to @kevinlog

[kevinlog]

@muskangulati-qasource @manishgupta-qasource

Right now both of those statuses are based on the Agent status and it's possible that it changes as the user navigates from page to page. Was there a consistent disparity between the statuses on each page?

In addition, we'll be improving statuses with this ticket as mentioned before: https://github.com/elastic/security-team/issues/788

fyi @paul-tavares @parkiino

[muskangulati-qasource]

Hi @kevinlog,

Was there a consistent disparity between the statuses on each page

Yes. We are still seeing the same issue. Both the pages showing different statuses.

I addition, we'll be improving statuses with this ticket as mentioned before: elastic/security-team#788

Thank you for the update. For now if it is expected, we can close this ticket and can wait for new changes to merge with the ticket: https://github.com/elastic/security-team/issues/788

Please provide your feedback.

Thanks!

[kevinlog]

@muskangulati-qasource we should leave this open for more investigation. I took a look at the server you provided.

Here's what I'm seeing:

Agent on the Fleet side shows as "Offline"

The reason why we're showing "Error" on our side is that the Agent ID we have doesn't exist. You can follow it like this.

Click Agent Details:

See there's no ID existing:

@muskangulati-qasource did you re-install the Agent on this host at any point? I'm trying to figure out how we're looking at a bad Agent ID.

It seems like we've got an old Agent ID in the Endpoint document. Any sequence of steps that you took with that particular Agent will help us debug.

cc\ @paul-tavares @parkiino @pzl

[kevinlog]

After another chat with @muskangulati-qasource - this may be related to this bug: #93756

[manishgupta-qasource]

Hi @kevinlog,

We validated this issue on the latest 7.12.0 BC4 build and found that issue is now fixed.

Build Details:

Version: 7.12.0 BC4
Commit: 99ac38d70e426f589bb61a034c96e602d759cfab
Build number: 39242
Artifact: https://staging.elastic.co/7.12.0-336ff10d/summary-7.12.0.html

Observations:

Platform/OS	Status
Windows 10 (64 Bit)	🟢 Pass
Windows 7 (64 Bit)	🟢 Pass
MacOS (Bigsur)	🟢 Pass
MacOS (Catalina)	🟢 Pass
Linux (Debian)	🟢 Pass

Hence, closing this issue and marking it as 'Validated'.

Thanks!