As reported by @mattmac1 - our Meraki integration is incorrectly mapping data to event.category:threat and type:indicator which are typically reserved for indicators of compromise from Threat Intel feeds. As a result, data from Meraki is incorrectly appearing in the intelligence tab and dashboards within Elastic Security.
Can we remove these mappings, to ensure Meraki data isn't treated an an indicator of compromise.
As reported by @mattmac1 - our Meraki integration is incorrectly mapping data to
event.category:threat
andtype:indicator
which are typically reserved for indicators of compromise from Threat Intel feeds. As a result, data from Meraki is incorrectly appearing in the intelligence tab and dashboards within Elastic Security.Can we remove these mappings, to ensure Meraki data isn't treated an an indicator of compromise.