Skip to content

[ti_anomali] Field data type conflicts between data streams #13585

New issue
New issue
Closed
#13909
Closed
[ti_anomali] Field data type conflicts between data streams#13585
#13909
Assignees
brijesh-elastic
Labels
Integration:ti_anomaliAnomaliTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issues
@andrewkroh

Description

@andrewkroh
andrewkroh
opened on Apr 17, 2025

There are a few fields declared with varying data types across the ti_anomali package. These can cause Kibana data view conflicts.

  • anomali.threatstream.confidence has multiple data types (long, short)
  • anomali.threatstream.import_session_id has multiple data types (keyword, long)
  • anomali.threatstream.trusted_circle_ids has multiple data types (keyword, long)
  • anomali.threatstream.update_id has multiple data types (keyword, long)
$ go run github.com/andrewkroh/fydler@v0.0.0-20250415153911-026c7419e440 -a conflict -conflict.ignore-text-family -conflict.ignore-keyword-family -i  packages/ti_anomali packages/**/fields/*.yml
packages/ti_anomali/data_stream/intelligence/fields/fields.yml:10:7 anomali.threatstream.confidence has multiple data types (long, short) (conflict)
  packages/ti_anomali/data_stream/intelligence/fields/fields.yml:10:7 long (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_intelligence/fields/fields.yml:10:7 long (conflict)
  packages/ti_anomali/data_stream/threatstream/fields/fields.yml:13:7 short (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_ioc/fields/fields.yml:14:7 short (conflict)
packages/ti_anomali/data_stream/threatstream/fields/fields.yml:29:7 anomali.threatstream.import_session_id has multiple data types (keyword, long) (conflict)
  packages/ti_anomali/data_stream/threatstream/fields/fields.yml:29:7 keyword (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_ioc/fields/fields.yml:30:7 keyword (conflict)
  packages/ti_anomali/data_stream/intelligence/fields/fields.yml:30:7 long (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_intelligence/fields/fields.yml:30:7 long (conflict)
packages/ti_anomali/data_stream/threatstream/fields/fields.yml:76:7 anomali.threatstream.trusted_circle_ids has multiple data types (keyword, long) (conflict)
  packages/ti_anomali/data_stream/threatstream/fields/fields.yml:76:7 keyword (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_ioc/fields/fields.yml:77:7 keyword (conflict)
  packages/ti_anomali/data_stream/intelligence/fields/fields.yml:120:7 long (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_intelligence/fields/fields.yml:120:7 long (conflict)
packages/ti_anomali/data_stream/threatstream/fields/fields.yml:81:7 anomali.threatstream.update_id has multiple data types (keyword, long) (conflict)
  packages/ti_anomali/data_stream/threatstream/fields/fields.yml:81:7 keyword (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_ioc/fields/fields.yml:82:7 keyword (conflict)
  packages/ti_anomali/data_stream/intelligence/fields/fields.yml:128:7 long (conflict)
  packages/ti_anomali/elasticsearch/transform/latest_intelligence/fields/fields.yml:128:7 long (conflict)

Metadata

Metadata

Assignees

Labels

Integration:ti_anomaliAnomaliTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions