Convert to Kibana detections issues

[andrewwarz]

I'm just a little confused.

I have tried every backend possible to convert sigma rules to elastic formats and multiple --format settings.

I always get something like:

Cannot use 'in' operator to search for 'investigation_fields' in ...

description: Required, risk_score: Required, severity: Required, type: Invalid discriminator value

When uploading converted rule to kibana detection rules.

I basically ended up making a script that removed fields that dont work.

Am i just doing something wrong or is this an actual current bug?