Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues with feed source total indicator number mismatch and timestamp issue #9902

Open
Gladsy7 opened this issue May 16, 2024 · 2 comments
Open

Issues with feed source total indicator number mismatch and timestamp issue #9902

Gladsy7 opened this issue May 16, 2024 · 2 comments
Labels
release-pending

Comments

@Gladsy7
Copy link

Gladsy7 commented May 16, 2024

  1. Seeing Issues with the total indicator number mismatch after the integration with elastic, compared to the actual number listed in TC. There was a total of 10 indicators missing from the actual number shown in TC.

  2. Timestamp Issues are seen after integration, seeing errors on Unable to display indicator information
    image
    with Elastic
@jvalente-salemstate
Copy link

Is TC ThreatConnect? Or is this from a different integration?

The tables and JSON tables should still show your original document. I am seeing this from the M365 Defender integration (event data stream, for AlertInfo) and that is happening when the event.type is indicator without any indicator details.

@Gladsy7
Copy link
Author

Gladsy7 commented May 23, 2024

@jvalente-salemstate Yes TC is Threat Connect. Yea, no all the indicators.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release-pending
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gladsy7 @jvalente-salemstate