Unable to send scan files to elasticsearch

[antton]

Description

Unable to send BBOT scan files to Elasticsearch despite following the official BBOT integration guide. The scan files are being extracted in SIEM-friendly JSON format but are not being successfully ingested into Elasticsearch.

Environment Setup

• BBOT installed and configured
• Elasticsearch + Kibana running
• Fleet Server configured
• Elastic Agent installed on the same machine as BBOT

Steps Taken

1. Configured BBOT integration as per the official guide
2. Extracting scans in SIEM-friendly JSON format
3. Added --insecure flags and tried various SSL configurations
4. All components (Elastic Agent + BBOT) are on the same machine

Current Behavior

Scan files are not being sent/ingested into Elasticsearch

Expected Behavior

BBOT scan results should be successfully ingested into Elasticsearch and viewable in Kibana

Questions

• Is there a way to verify if BBOT is attempting to send the files? elastic-agent logs doesn't show any information except system metrics.
• Are there specific permissions or configurations needed beyond the basic setup? I'm keeping the logs inside /root/.bbot/scans but elastic-agent is running as root as well so it does looks like permission problem.

Additional Context

SSL verification has been disabled for testing purposes but the issue persists. Looking for guidance on troubleshooting steps or additional configuration requirements.

BBOT Command
Example: bbot -t evilcorp.com -p subdomain-enum -rf passive -c modules.json.siem_friendly=true -om json --name bbot

OS, BBOT Installation Method + Version
Example: OS: Ubuntu Linux 22.04, Installation method: pipx, BBOT version: 2.3.2