search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
194 stars 418 forks source link

[ti_crowdstrike.intel]: pipeline error: '134.35.8.0/21' is not an IP string literal #10576

Open buzzdeee opened 1 month ago

buzzdeee commented 1 month ago

Integration Name

CrowdStrike Falcon Intelligence [ti_crowdstrike]

Integration Version

1.1.2

Agent Version

8.14.2

Agent Output Type

elasticsearch

Elasticsearch Version

8.14.2

OS Version and Architecture

Ubuntu 22.04.4 LTS

Software/API Version

No response

Error Message

Processor convert with tag convert_intel_value_to_ip_and_set_threat_indicator_ip in pipeline logs-ti_crowdstrike.intel-1.1.1 failed with message: '134.35.8.0/21' is not an IP string literal.

Event Original

No response

Anything else?

No response

elasticmachine commented 1 month ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6 commented 1 month ago

@buzzdeee I think this is working as intended. The processor is attempting to interpret an IP address range, 134.35.8.0/21, as an IP address because the data source has claimed that it is an IP address. It sees that it cannot and so is informing you that it can't. Can you provide more information?

buzzdeee commented 1 month ago

I did enable capturing event.original yesterday. I'll keep monitoring when I see it again.