Integration Name

Osquery Manager [osquery_manager]

Dataset Name

result, action_response

Integration Version

1.18.0

Agent Version

8.19.7

Agent Output Type

elasticsearch

Elasticsearch Version

8.19.7

OS Version and Architecture

Linux

Software/API Version

No response

Error Message

[1]
A number of ECS fields are not defined within the integration field mapping, which is causing them to map as object instead of the expected nested type. These fields are:

• dll.pe.sections
• file.macho.sections
• file.pe.sections
• process.parent.macho.sections
• process.parent.pe.sections
• threat.enrichments.indicator.file.pe.sections
• threat.indicator.file.pe.sections

[2]
The integration defines an error field as text, however this conflicts with the ECS error field that is expected to be an object.

Event Original

n/a

What did you do?

Out of the box configuration with no adjustments

What did you see?

1. Kibana warnings on field type mismatch when looking at multiple indices with the same field names.
2. Ingest pipeline processing messages on error field type mismatch

What did you expect to see?

No errors

Anything else?

No response