I'm trying to upload a simple list of malicious filenames into ES Threat Intel.
I have a csv file which I formatted with the header file_name and some examples:
I get the message: File uploaded successfully but I never see the threat artifacts appear.
When checking the index=_internal sourcetype="threatintel*" I see some errors:
ERROR pid=294087 tid=MainThread file=threat_intelligence_manager.py:process_files:558 | status="Exception when processing file." filename=filenames.csv" message="Parser does not extract a field that can be mapped to a threat intelligence collection."
I have tried many different options, files, etc...but cannot get this to work. I looked at the ES Threat Intel documentation and that gets me stuck in a loop.
What do I need to do exactly to get this to work properly with file_intel?