Skip to content

[Agentless Integrations] Agentless integrations 'organization' field pipeline failure #14142

Closed
#14172
Closed
[Agentless Integrations] Agentless integrations 'organization' field pipeline failure#14142
#14172
Assignees
chemamartinez
Labels
Integration:armisArmisIntegration:awsAWSIntegration:beyondtrust_praBeyondTrust PRAIntegration:claroty_xdomeClaroty xDomeIntegration:cloud_security_postureSecurity Posture ManagementIntegration:crowdstrikeCrowdStrikeIntegration:ess_billingElasticsearch Service BillingIntegration:google_sccGoogle Security Command CenterIntegration:google_secopsGoogle SecOpsIntegration:google_workspaceGoogle WorkspaceIntegration:m365_defenderMicrosoft Defender XDRIntegration:microsoft_defender_endpointMicrosoft Defender for EndpointIntegration:microsoft_sentinelMicrosoft SentinelIntegration:o365Microsoft Office 365Integration:oktaOktaIntegration:panw_cortex_xdrPalo Alto Cortex XDRIntegration:prisma_cloudPalo Alto Prisma CloudIntegration:proofpoint_itmProofpoint ITMIntegration:qualys_vmdrQualys VMDRIntegration:sentinel_oneSentinelOneIntegration:splunkSplunkIntegration:sublime_securitySublime SecurityIntegration:tenable_ioTenable Vulnerability ManagementIntegration:ti_abusechabuse.chIntegration:ti_recordedfutureRecorded FutureIntegration:ti_threatqThreatQuotient (Partner supported)Integration:vectra_ruxVectra RUXIntegration:wizWizIntegration:zscaler_ziaZscaler Internet AccessTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]agentlessAgentless related issues
@narph

Description

@narph
narph
opened on Jun 4, 2025

Pipeline failure is:

Processor 'rename' with tag '' failed with message 'cannot set [id] with parent object of type [java.lang.String] as part of path [organization.id]'

Where the field causing the failure is organization below:

"division": "engineering",
"organization": "security",
"team": "security-service-integrations",

Agentless policies add the division, organization, and team as global data tags:

https://github.com/elastic/kibana/blob/12b7429afe0fb470fa6c85168c9040a5957bbe8b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts#L195-L196

Global data tags get injected via add_fields processors when the policy is created:

https://github.com/elastic/kibana/blob/12b7429afe0fb470fa6c85168c9040a5957bbe8b/x-pack/platform/plugins/shared/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts#L181-L191

Until this will be fixed in elastic/kibana#221312, a workaround should be applied in the current agentless integrations simialr to #14056

Metadata

Metadata

Assignees

Labels

Integration:armisArmisIntegration:awsAWSIntegration:beyondtrust_praBeyondTrust PRAIntegration:claroty_xdomeClaroty xDomeIntegration:cloud_security_postureSecurity Posture ManagementIntegration:crowdstrikeCrowdStrikeIntegration:ess_billingElasticsearch Service BillingIntegration:google_sccGoogle Security Command CenterIntegration:google_secopsGoogle SecOpsIntegration:google_workspaceGoogle WorkspaceIntegration:m365_defenderMicrosoft Defender XDRIntegration:microsoft_defender_endpointMicrosoft Defender for EndpointIntegration:microsoft_sentinelMicrosoft SentinelIntegration:o365Microsoft Office 365Integration:oktaOktaIntegration:panw_cortex_xdrPalo Alto Cortex XDRIntegration:prisma_cloudPalo Alto Prisma CloudIntegration:proofpoint_itmProofpoint ITMIntegration:qualys_vmdrQualys VMDRIntegration:sentinel_oneSentinelOneIntegration:splunkSplunkIntegration:sublime_securitySublime SecurityIntegration:tenable_ioTenable Vulnerability ManagementIntegration:ti_abusechabuse.chIntegration:ti_recordedfutureRecorded FutureIntegration:ti_threatqThreatQuotient (Partner supported)Integration:vectra_ruxVectra RUXIntegration:wizWizIntegration:zscaler_ziaZscaler Internet AccessTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]agentlessAgentless related issues

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions