From 8eb977ba060ac9c3101fb20635876eb800656128 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Thu, 14 Nov 2024 20:09:15 +0100
Subject: [PATCH 1/3] Set proper value for constant keyword in transform

---
 .../ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml | 6 ++++++
 .../elasticsearch/transform/latest_ioc/transform.yml        | 1 +
 2 files changed, 7 insertions(+)
 create mode 100644 packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml

diff --git a/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml b/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml
new file mode 100644
index 00000000000..77b3610416a
--- /dev/null
+++ b/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml
@@ -0,0 +1,6 @@
+---
+description: Prepare documents before ingestion for latest IoC.
+processors:
+  - set:
+      field: "labels.is_ioc_transform_source"
+      value: false
diff --git a/packages/ti_anomali/elasticsearch/transform/latest_ioc/transform.yml b/packages/ti_anomali/elasticsearch/transform/latest_ioc/transform.yml
index eee5a3acaf3..943640e8bdd 100644
--- a/packages/ti_anomali/elasticsearch/transform/latest_ioc/transform.yml
+++ b/packages/ti_anomali/elasticsearch/transform/latest_ioc/transform.yml
@@ -13,6 +13,7 @@ dest:
   aliases:
     - alias: "logs-ti_anomali_latest.threatstream"
       move_on_creation: true
+  pipeline: "1.23.0-latest_ioc" # Should be something like '{{ IngestPipeline "latest_ioc" }}'
 latest:
   unique_key:
     - event.dataset

From 11cdafaccc98f9c98432cfd462849578dfe02a9b Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Thu, 14 Nov 2024 20:45:21 +0100
Subject: [PATCH 2/3] Fix value type

---
 .../ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml b/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml
index 77b3610416a..159db8ddb9e 100644
--- a/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml
+++ b/packages/ti_anomali/elasticsearch/ingest_pipeline/latest_ioc.yml
@@ -3,4 +3,4 @@ description: Prepare documents before ingestion for latest IoC.
 processors:
   - set:
       field: "labels.is_ioc_transform_source"
-      value: false
+      value: "false"

From bf592dd95a106c6ce714c5cd21be9bceed7d6892 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Thu, 14 Nov 2024 21:20:50 +0100
Subject: [PATCH 3/3] Add pipeline to the latest intelligence pipeline too

---
 .../elasticsearch/transform/latest_intelligence/transform.yml    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/ti_anomali/elasticsearch/transform/latest_intelligence/transform.yml b/packages/ti_anomali/elasticsearch/transform/latest_intelligence/transform.yml
index 9be15628f20..e50c67d7f1d 100644
--- a/packages/ti_anomali/elasticsearch/transform/latest_intelligence/transform.yml
+++ b/packages/ti_anomali/elasticsearch/transform/latest_intelligence/transform.yml
@@ -13,6 +13,7 @@ dest:
   aliases:
     - alias: "logs-ti_anomali_latest.intelligence"
       move_on_creation: true
+  pipeline: "1.23.0-latest_ioc" # Should be something like '{{ IngestPipeline "latest_ioc" }}'
 latest:
   unique_key:
     - event.dataset