-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filters in MISP filebeat module are not working #27970
Comments
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Any updates on this? |
cc @P1llus |
@jamiehynds I believe this is a separate issue. |
This is indeed a separate issue. We need to rewrite that part of the configuration, I have written a new way on how to deal with the filtering in the MISP package: https:/elastic/integrations/pull/1946/files#diff-d233009dee8a83779c004b766b5ec7ce2dba476a0a6c92c582353796f12ae353R17 I am however a bit concerned how the config change might affect existing installations. Do you know @marc-gr ? |
If existing installations are using the filters option, is more likely that is not working as expected anyway if I understand the issue correctly? I think even if in theory this is a breaking change, would be beneficial to release it as a bugfix anyway to make the feature usable. @jamiehynds do you think this would be acceptable in this scenario? |
Agree @marc-gr - if filtering isn't working correctly today I'd classify this as a bug fix more so than a breaking change and happy to proceed with implementation. |
Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.
For security vulnerabilities please only send reports to [email protected].
See https://www.elastic.co/community/security for more information.
Please include configurations and logs if available.
For confirmed bugs, please report:
The default config as described for filtering in the threat intel module is not working for MISP. Enabling the below results in an error message.
Could you update the syntax that is required for the filters to work?
The text was updated successfully, but these errors were encountered: