Dear Elastic community,
I am encountering an error in the Threat Intel module of Elastic where I am receiving the following message: "missing field [otx.id] when calculating fingerprint." After researching the error, I believe that this is occurring because the "otx.id" field is not present in the threat events, which is required to calculate the fingerprint.
I have tried to modify the Threat Intel module's configuration by adding the "otx.id" field to the fingerprint fields in the module's configuration file. However, the error persists and I am unable to generate the fingerprints for the threat events.
I am hoping that someone in the Elastic community can provide guidance on how to fix this issue. Are there any additional steps that I need to take in order to include the "otx.id" field in the threat events? Is there a different approach that I should be taking to generate the fingerprints?
Attached Image:
Thank you in advance for your help and guidance.