ThreatIntel Module - missing field [] when calculating fingerprint

Dear Elastic community,

I am encountering an error in the Threat Intel module of Elastic where I am receiving the following message: "missing field [] when calculating fingerprint." After researching the error, I believe that this is occurring because the "" field is not present in the threat events, which is required to calculate the fingerprint.

I have tried to modify the Threat Intel module's configuration by adding the "" field to the fingerprint fields in the module's configuration file. However, the error persists and I am unable to generate the fingerprints for the threat events.

I am hoping that someone in the Elastic community can provide guidance on how to fix this issue. Are there any additional steps that I need to take in order to include the "" field in the threat events? Is there a different approach that I should be taking to generate the fingerprints?

Attached Image:

Thank you in advance for your help and guidance.

1 Like

Are you using the filebeat threat intel module or Elastic Agent integration? Which version of Stack and beat/agent are you using?

8.5.3 both.

Did you try to do an update on agent/beat?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.