Filebeat 7.17, error "cannot access method/field [size] from a null def reference" while trying to download IOCs from MISP

davekiny · May 10, 2024, 3:52pm

Hello Everyone,
I'm trying to enable MISP integration, using the threatintel module.
Seems that the agent s not able to download the IOCs and I can see only one document in Elastic, with this error message:

cannot access method/field [size] from a null def reference

I cannot see any error message (related to MISP or Threatintel module) in the log files.

This is my config:

misp:
    enabled: true
    var.input: httpjson
    var.url: https://MY_MISP_INSTANCE/events/restSearch
    var.api_token: MY_TOKEN
    var.ssl.verification_mode: none
    var.first_interval: 100h
    var.interval: 5m

Thanks for your support.

Topic		Replies	Views
Filebeat Threat Intel Module Errors Beats painless , beats-module , filebeat , ingest-pipeline	3	772	December 17, 2022
Defender_atp module error message Beats filebeat	2	214	July 6, 2023
Bug: No Misp event data send to Kibana when Threat intel module used Beats beats-module , filebeat	6	967	April 19, 2023
Defender_atp module error message Beats filebeat	1	287	December 28, 2022
[threatintel Filebeat module] MISP configuration errors with filebeat threatintel module Beats beats-module , filebeat	4	997	July 28, 2021

Filebeat 7.17, error "cannot access method/field [size] from a null def reference" while trying to download IOCs from MISP

Related topics