Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Overview
The tags beginning with vuln.rapid7 identity events generated by Rapid7.
Tag structure
The full tag may have up to 4 levels. The first two are fixed as vuln.rapid7. The third level identifies the type of events sent, and the fourth level indicates the event subtype
Technology | Brand | Type | Subtype |
---|---|---|---|
vuln | rapid7 | insightvm |
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
---|---|
vuln.rapid7.insightvm.audit | vuln.rapid7.insightvm.audit |
Field transformation
Field | Type | Extra Label |
---|---|---|
eventdate |
| - |
hostname |
| - |
server_time |
| - |
log_level |
| - |
thread |
| - |
silo_id |
| - |
user |
| - |
user_id |
| - |
performed_by |
| - |
action |
| - |
silo |
| - |
role |
| - |
change |
| - |
unknown |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |