diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml
index 7d6baafc095..bc497f93b04 100644
--- a/packages/ti_recordedfuture/changelog.yml
+++ b/packages/ti_recordedfuture/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.12.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6636
 - version: "1.11.0"
   changes:
     - description: Update package to ECS 8.8.0.
diff --git a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/decode_csv.yml b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/decode_csv.yml
index 86c06b7a1df..ced97863c6b 100644
--- a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/decode_csv.yml
+++ b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/decode_csv.yml
@@ -41,3 +41,10 @@ processors:
         ctx['json'] = dst;
   - remove:
       field: _tmp_
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml
index 24a77c4f5f2..1d477017728 100644
--- a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml
@@ -240,6 +240,9 @@ processors:
         - _temp_
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
-      value: "{{{ _ingest.on_failure_message }}}"
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml
index b3d1f6b4e9a..177e5b010b7 100644
--- a/packages/ti_recordedfuture/manifest.yml
+++ b/packages/ti_recordedfuture/manifest.yml
@@ -1,6 +1,6 @@
 name: ti_recordedfuture
 title: Recorded Future
-version: "1.11.0"
+version: "1.12.0"
 release: ga
 description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
 type: integration