Eperimenting o365beat, issue with the processors

Hi, we are testing o365beat and we are experiencing some issues.

The first of this issues is about the processors not working in o365beat .

The configuration is fairly default: we are sending the events directly to elasticsearch.
We have implemented the geoip pipeline to add some localization data, but this issue is there also without the geoip pipeline.

So we don't have any ECS mapping.

Thank you

Hi @brogio,

I'm afraid o365beat is not maintained by us. Perhaps you can open an issue in their repo?

In any case, what kind of transformations are you willing to do? I wonder if you can do them in an ingest processor.

Best regards

I am sorry, do you know where is their repo ?

I am trying to do the default transformation of o365beat.

Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.