Defender_atp module error message

I have Filebeat configured with defender atp module and am seeing very few valid records coming into Elasticsearch. Most records contain the following

cannot access method/field [length] from a null def reference

Can anyone provide insight as to why I am seeing this?

Filebeat 7.17.0
Elasticsearch 8.8.0

Could this possibly due to strict json parsing being set to true by default?

strict_json_parsing

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.