Table of Contents |
---|
minLevel | 2 |
---|
maxLevel | 2 |
---|
type | flat |
---|
|
...
Introduction
The tags beginning begin with vuln.rapid7
identity identifies events generated by Rapid7.
...
Valid tags and data tables
The full tag may have up to 4 levelsmust have four levels. The first two are fixed asvuln.rapid7
. The The third level identifies the type of events sent, and the . The fourth level indicates identifies the event subtype
...
Technology
...
Brand
...
Type
...
Subtype
...
vuln
...
rapid7
...
insightvm
...
audit
...
access
...
.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag tabletables |
---|
Rapid7 InsightVM | vuln.rapid7.insightvm.assets
vuln.rapid7.insightvm.audit
vuln.rapid7.insightvm.auth
vuln.rapid7.insightvm.scans
vuln.rapid7.insightvm.sites
vuln.rapid7.insightvm.vulnerabilities
| |
accessauth
vuln.rapid7.insightvm.
|
accessscans
vuln.rapid7.insightvm.
|
authsites
vuln.rapid7.insightvm
|
.auth ...
Table structure
These are the fields displayed by these tables:
...
assets | | vuln.rapid7.insightvm. |
---|
|
|
...
...
assetsField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | int8
| | assetHostName | str
| | ip | ip4
| | mac | str
| | links | str
| | assessedForPolicies | bool
| | assessedForVulnerabilities | bool
| | type | str
| | os | str
| | osArchitecture | str
| | osConfigurations | str
| | osCpeEdition | str
| | osCpeLanguage | str
| | osCpeOtherInformation | str
| | osCpePart | str
| | osCpeProduct | str
| | osCpeSwEdition | str
| | osCpeTargetHW | str
| | osCpeTargetSW | str
| | osCpeUpdate | str
| | osCpeV2_2 | str
| | osCpeV2_3 | str
| | osCpeVendor | str
| | osCpeVersion | str
| | osDescription | str
| | osFamily | str
| | osId | int8
| | osProduct | str
| | osSystemName | str
| | osType | str
| | osVendor | str
| | osVersion | str
| | rawRiskScore | float8
| | riskScore | float8
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesExploits | int8
| | vulnerabilitiesMalwareKits | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | history | str
| | configurations | str
| | databases | str
| | files | str
| | services | str
| | software | str
| | userGroups | str
| | users | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.audit |
---|
| vuln.rapid7.insightvm.audit |
---|
| vuln.rapid7.insightvm.audit |
...
...
...
...
...
...
...
-
...
...
...
...
...
...
...
...
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
...
auth | | vuln.rapid7.insightvm. |
---|
|
|
...
...
...
...
...
...
...
-
...
thread
...
str
...
-
...
| | thread | str
| | principal | str
| | session_id | str
| | user_id | str
| | message | str
| | hostchain | str
|
|
...
...
...
...
...
-
...
Anchor |
---|
| vuln.rapid7.insightvm.scans |
---|
| vuln.rapid7.insightvm.scans |
---|
| vuln.rapid7.insightvm.scansField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
|
|
...
...
...
...
...
...
...
...
...
...
-
...
| | endTime | timestamp
| | engineId | int8
| | engineName | str
| | siteId |
|
...
...
...
...
...
-
...
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | hostchain | str
|
|
...
...
...
...
...
start
...
timestamp
...
-
...
duration
...
str
...
-
...
message
...
str
...
-
...
unknown
...
str
...
Anchor |
---|
| vuln.rapid7.insightvm.sites |
---|
| vuln.rapid7.insightvm.sites |
---|
| vuln.rapid7.insightvm.sitesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | int8
| | name | str
| | description | str
| | importance | str
| | type | str
| | assets | int8
| | connectionType | str
| | lastScanTime | timestamp
| | scanEngine | int8
| | scanTemplate | str
| | riskScore | float8
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.vulnerabilities |
---|
| vuln.rapid7.insightvm. |
---|
|
|
...
vuln.rapid7.insightvm.vulnerabilitiesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | scanId | int8
| | scanEndTime | timestamp
| | affectedAssetHostname | str
| | affectedAssetId | int8
| | affectedAssetIp | ip4
| | affectedAssetOs | str
| | vulnerabilityId | str
| | vulnerabilityTitle | str
| | vulnerabilityInstances | int8
| | vulnerabilityResults | str
| | vulnerabilitySince | timestamp
| | vulnerabilityStatus | str
| | vulnerabilityRiskScore | float8
| | vulnerabilitySeverity | str
| | vulnerabilitySeverityScore | int8
| | vulnerabilityInformationLastModified | timestamp
| | vulnerabilityDenialOfService | bool
| | vulnerabilityDescriptionHtml | str
| | vulnerabilityDescriptionText | str
| | vulnerabilityInformationAdded | timestamp
| | vulnerabilityCategories | str
| | vulnerabilityCves | str
| | vulnerabilityCvssLinks | str
| | vulnerabilityCvssV2AccessComplexity | str
| | vulnerabilityCvssV2AccessVector | str
| | vulnerabilityCvssV2Authentication | str
| | vulnerabilityCvssV2AvailabilityImpact | str
| | vulnerabilityCvssV2ConfidentialityImpact | str
| | vulnerabilityCvssV2ExploitScore | float8
| | vulnerabilityCvssV2ImpactScore | float8
| | vulnerabilityCvssV2IntegrityImpact | str
| | vulnerabilityCvssV2Score | float8
| | vulnerabilityCvssV2Vector | str
| | vulnerabilityCvssV3AttackComplexity | str
| | vulnerabilityCvssV3AttackVector | str
| | vulnerabilityCvssV3AvailabilityImpact | str
| | vulnerabilityCvssV3ConfidentialityImpact | str
| | vulnerabilityCvssV3ExploitScore | float8
| | vulnerabilityCvssV3ImpactScore | float8
| | vulnerabilityCvssV3IntegrityImpact | str
| | vulnerabilityCvssV3PrivilegeRequired | str
| | vulnerabilityCvssV3Scope | str
| | vulnerabilityCvssV3Score | float8
| | vulnerabilityCvssV3UserInteraction | str
| | vulnerabilityCvssV3Vector | str
| | vulnerabilityExploits | int8
| | vulnerabilityMalwareKits | int8
| | vulnerabilityPciAdjustedCVSSScore | int8
| | vulnerabilityPciAdjustedSeverityScore | int8
| | vulnerabilityPciFail | bool
| | vulnerabilityPciSpecialNotes | str
| | vulnerabilityPciStatus | str
| | vulnerabilityPublished | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
...
.nexpose.asset | | vuln.rapid7.nexpose.asset |
---|
| vuln.rapid7. |
...
...
...
fields | Field transformation | Source field name |
---|
eventdate | timestamp
|
|
...
-
...
hostname
...
str
...
-
...
server_time
...
timestamp
...
-
...
log_level
...
str
...
-
...
thread
...
str
...
-
...
principal
...
str
...
-
...
session_id
...
str
...
-
...
user_id
...
str
...
-
...
message
...
str
...
host | str
| | Code Block |
---|
split(hostchain, "=", 0) |
| hostchain | site_name | str
| | | | family | str
| | | | pci_status | str
| | | | ip | ip4
| | | | site_id | int4
| | | | exploits | int4
| | | | riskscore | float8
| | | | severe_vulnerabilities | int4
| | | | asset_id | int4
| | | | vendor_product | str
| | | | vulnerabilities | int4
| | | | hostname | str
| | | | version | str
| | | | moderate_vulnerabilities | int4
| | | | critical_vulnerabilities | int4
| | | | installed_software | str
| | | | description | str
| | | | dest | ip4
| | | | timestamp | timestamp
| | | | malware_kits | int4
| | | | nexpose_tags | str
| | | | mac | str
| | | | asset_group_accounts | str
| | | | services | str
| | | | last_scan_finished | timestamp
| | | | protocols | str
| | | | vulnerability_instances | int4
| | | | last_discovered | timestamp
| | | | tag_associations | str
| | | | enabled | str
| | | | os | str
| | | | message | str
| | | rawMessage | hostchain | str
| ✓ | | | tag | str
| ✓ | | | rawMessage | str
| ✓ | | |
Anchor |
---|
| vuln.rapid7.nexpose.vuln |
---|
| vuln.rapid7.nexpose.vuln |
---|
| vuln.rapid7.nexpose.vulnField | Type | Extra fields | Field transormation | Source field name |
---|
eventdate | timestamp
| | | | host | str
| | Code Block |
---|
split(hostchain, "=", 0) |
| hostchain | mskb | str
| | | | most_recently_discovered | timestamp
| | | | ip | ip4
| | | | site_id | int4
| | | | asset_id | int4
| | | | signature_id | int4
| | | | cvss | float8
| | | | severity | str
| | | | category | str
| | | | product | str
| | | | vendor | str
| | | | other_references | str
| | | | dest | ip4
| | | | timestamp | timestamp
| | | | nexpose_severity | str
| | | | mac | str
| | | | skill_level | str
| | | | date_added | str
| | | | msft | str
| | | | vulnerability_instances | int4
| | | | cve | str
| | | | dvc | str
| | | | cert | str
| | | | signature | str
| | | | first_discovered | timestamp
| | | | message | str
| | | rawMessage | hostchain | str
| ✓ | | | tag | str
| ✓ | | | rawMessage | str
| ✓ | | |
|