Defender_atp module error message

I have Filebeat configured with defender atp module and am seeing very few valid records coming into Elasticsearch. Most records contain the following

cannot access method/field [length] from a null def reference

Can anyone provide insight as to why I am seeing this?

Filebeat 7.17.0
Elasticsearch 8.8.0

Could this possibly due to strict json parsing being set to true by default?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.