Hello Everyone,
I'm trying to enable MISP integration, using the threatintel module.
Seems that the agent s not able to download the IOCs and I can see only one document in Elastic, with this error message:
cannot access method/field [size] from a null def reference
I cannot see any error message (related to MISP or Threatintel module) in the log files.
This is my config:
misp:
enabled: true
var.input: httpjson
var.url: https://MY_MISP_INSTANCE/events/restSearch
var.api_token: MY_TOKEN
var.ssl.verification_mode: none
var.first_interval: 100h
var.interval: 5m
Thanks for your support.