Open buzzdeee opened 1 month ago
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@buzzdeee I think this is working as intended. The processor is attempting to interpret an IP address range, 134.35.8.0/21, as an IP address because the data source has claimed that it is an IP address. It sees that it cannot and so is informing you that it can't. Can you provide more information?
I did enable capturing event.original yesterday. I'll keep monitoring when I see it again.
Integration Name
CrowdStrike Falcon Intelligence [ti_crowdstrike]
Integration Version
1.1.2
Agent Version
8.14.2
Agent Output Type
elasticsearch
Elasticsearch Version
8.14.2
OS Version and Architecture
Ubuntu 22.04.4 LTS
Software/API Version
No response
Error Message
Processor convert with tag convert_intel_value_to_ip_and_set_threat_indicator_ip in pipeline logs-ti_crowdstrike.intel-1.1.1 failed with message: '134.35.8.0/21' is not an IP string literal.
Event Original
No response
Anything else?
No response