You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CrowdStrike Filebeat (version 7.8) module appears to have two issues.
Null / non-existent values in event.UserIP field causing parse errors during ingest.
Parsing of UTCTimestamp to crowdstrike.event.UTCTimestamp (ECS Format) appears to be incorrect for eventType=="UserActivityAuditEvent", timestamp is in UNIX format not UNIX_MS.
The CrowdStrike Filebeat (version 7.8) module appears to have two issues.
For confirmed bugs, please report:
Empty Source IP field
At line 22 in
/usr/share/filebeat/module/crowdstrike/falcon/config/pipeline.js
addUTCTimestamp Conversion
at line 51 in in
/usr/share/filebeat/module/crowdstrike/falcon/config/pipeline.js
add the following functionAdd the following to the pipeline processor chain
The text was updated successfully, but these errors were encountered: