ECS network.direction and threat.indicator.type fields have a prescribed set of allowed values and this data stream is not following those rules.
aws/securityhub_findings test-securityhub-findings.log:
[0] parsing field value failed: field "network.direction"'s value "IN" is not one of the expected values (ingress, egress, inbound, outbound, internal, external, unknown)
[1] parsing field value failed: field "threat.indicator.type"'s value "IPV4_ADDRESS" is not one of the expected values (autonomous-system, artifact, directory, domain-name, email-addr, file, ipv4-addr, ipv6-addr, mac-addr, mutex, port, process, software, url, user-account, windows-registry-key, x509-certificate)
ECS network.direction and threat.indicator.type fields have a prescribed set of allowed values and this data stream is not following those rules.
Relates: elastic/elastic-package#1439