Cannot setup threat intelligence detector

tsikerdekis · September 11, 2024, 6:38pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.16

Describe the issue:
I’m trying to setup a reputation detector under the “Threat Intelligence” menu. I click on configure scan, setup an alias (tried also an index), setup src and dest ip fields to correspond to what alienvault threat intel wants. The click next and try to create the detector but get this error

Failed to setup threat intel scan:

[class_cast_exception] class org.opensearch.commons.alerting.model.DocLevelMonitorInput cannot be cast to class org.opensearch.commons.alerting.model.remote.monitors.RemoteDocLevelMonitorInput (org.opensearch.commons.alerting.model.DocLevelMonitorInput and org.opensearch.commons.alerting.model.remote.monitors.RemoteDocLevelMonitorInput are in unnamed module of loader java.net.FactoryURLClassLoader @64bba0eb)

Configuration:
Suricata pushing through fluent-bit data using the logstash format

Relevant Logs or Screenshots:

Topic		Replies	Views
[security_analytics_exception] class java.lang.String cannot be cast to class java.util.Map (java.lang.String and java.util.Map are in module java.base of loader 'bootstrap') Security Analytics	1	187	June 15, 2024
Initial Setup Security Plugin Error OpenSearch Dashboards troubleshoot	14	3914	March 21, 2024
Failed Create Anomaly Detector (Detectors) in OpenSearch Dashboards OpenSearch Dashboards	5	256	July 7, 2023
Cross Cluster Anomaly Detection Machine Learning	2	250	August 11, 2023
Exception creating detector Security Analytics	6	590	May 26, 2023

Cannot setup threat intelligence detector

Related topics