...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|
Rapid7 InsightVM | vuln.rapid7.insightvm.access
| vuln.rapid7.insightvm.access
|
vuln.rapid7.insightvm.assets
| vuln.rapid7.insightvm.assets
|
vuln.rapid7.insightvm.audit
| vuln.rapid7.insightvm.audit
|
vuln.rapid7.insightvm.auth
| vuln.rapid7.insightvm.auth
|
vuln.rapid7.insightvm.scans
| vuln.rapid7.insightvm.scans
|
vuln.rapid7.insightvm.sites
| vuln.rapid7.insightvm.sites
|
vuln.rapid7.insightvm.vulnerabilities
| vuln.rapid7.insightvm.
|
assetsvulnerabilities
|
vuln.rapid7.insightvm_cloud.asset
| vuln.rapid7.insightvm_cloud.asset
|
vuln.rapid7.insightvm_cloud.scan
| vuln.rapid7.insightvm_cloud.
|
auditscan
|
vuln.rapid7.insightvm_cloud.
|
authsite
| vuln.rapid7.insightvm_cloud.
|
scanssite
|
vuln.rapid7.insightvm_cloud.
|
sitesvulnerability
| vuln.rapid7.insightvm_cloud.
|
vulnerabilitiesvulnerability
|
Rapid7 Nexpose | vuln.rapid7.nexpose.asset
| vuln.rapid7.nexpose.
|
vulnasset
|
vuln.rapid7.nexpose.
|
assetvuln
| vuln.rapid7.nexpose.vuln
|
Table structure
These are the fields displayed by these tables:
Rw ui tabs macro |
---|
Anchor |
---|
| vuln.rapid7.insightvm.access |
---|
| vuln.rapid7.insightvm.access |
---|
| vuln.rapid7.insightvm.access Anchor |
---|
| vuln.rapid7.insightvm.assets |
---|
| vuln.rapid7.insightvm.assets |
---|
| vuln.rapid7.insightvm.assetsField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | int8
| | assetHostName | str
| | ip | ip4
| | mac | str
| | links | str
| | assessedForPolicies | bool
| | assessedForVulnerabilities | bool
| | type | str
| | os | str
| | osArchitecture | str
| | osConfigurations | str
| | osCpeEdition | str
| | osCpeLanguage | str
| | osCpeOtherInformation | str
| | osCpePart | str
| | osCpeProduct | str
| | osCpeSwEdition | str
| | osCpeTargetHW | str
| | osCpeTargetSW | str
| | osCpeUpdate | str
| | osCpeV2_2 | str
| | osCpeV2_3 | str
| | osCpeVendor | str
| | osCpeVersion | str
| | osDescription | str
| | osFamily | str
| | osId | int8
| | osProduct | str
| | osSystemName | str
| | osType | str
| | osVendor | str
| | osVersion | str
| | rawRiskScore | float8
| | riskScore | float8
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesExploits | int8
| | vulnerabilitiesMalwareKits | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | history | str
| | configurations | str
| | databases | str
| | files | str
| | services | str
| | software | str
| | userGroups | str
| | users | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.audit |
---|
| vuln.rapid7.insightvm.audit |
---|
| vuln.rapid7.insightvm.auditField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server_time | timestamp
| | log_level | str
| | thread | str
| | silo_id | str
| | user | str
| | user_id | str
| | performed_by | str
| | action | str
| | silo | str
| | role | str
| | change | str
| | unknown | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.auth |
---|
| vuln.rapid7.insightvm.auth |
---|
| vuln.rapid7.insightvm.authField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server_time | timestamp
| | log_level | str
| | thread | str
| | principal | str
| | session_id | str
| | user_id | str
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.scans |
---|
| vuln.rapid7.insightvm.scans |
---|
| vuln.rapid7.insightvm.scansField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | int8
| | scanName | str
| | scanType | str
| | message | str
| | status | str
| | assets | int8
| | duration | str
| | endTime | timestamp
| | engineId | int8
| | engineName | str
| | siteId | int8
| | siteName | str
| | startTime | timestamp
| | startedBy | str
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.sites |
---|
| vuln.rapid7.insightvm.sites |
---|
| vuln.rapid7.insightvm.sitesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | int8
| | name | str
| | description | str
| | importance | str
| | type | str
| | assets | int8
| | connectionType | str
| | lastScanTime | timestamp
| | scanEngine | int8
| | scanTemplate | str
| | riskScore | float8
| | vulnerabilitiesCritical | int8
| | vulnerabilitiesModerate | int8
| | vulnerabilitiesSevere | int8
| | vulnerabilitiesTotal | int8
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm.vulnerabilities |
---|
| vuln.rapid7.insightvm.vulnerabilities |
---|
| vuln.rapid7.insightvm.vulnerabilitiesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | scanId | int8
| | scanEndTime | timestamp
| | affectedAssetHostname | str
| | affectedAssetId | int8
| | affectedAssetIp | ip4
| | affectedAssetOs | str
| | vulnerabilityId | str
| | vulnerabilityTitle | str
| | vulnerabilityInstances | int8
| | vulnerabilityResults | str
| | vulnerabilitySince | timestamp
| | vulnerabilityStatus | str
| | vulnerabilityRiskScore | float8
| | vulnerabilitySeverity | str
| | vulnerabilitySeverityScore | int8
| | vulnerabilityInformationLastModified | timestamp
| | vulnerabilityDenialOfService | bool
| | vulnerabilityDescriptionHtml | str
| | vulnerabilityDescriptionText | str
| | vulnerabilityInformationAdded | timestamp
| | vulnerabilityCategories | str
| | vulnerabilityCves | str
| | vulnerabilityCvssLinks | str
| | vulnerabilityCvssV2AccessComplexity | str
| | vulnerabilityCvssV2AccessVector | str
| | vulnerabilityCvssV2Authentication | str
| | vulnerabilityCvssV2AvailabilityImpact | str
| | vulnerabilityCvssV2ConfidentialityImpact | str
| | vulnerabilityCvssV2ExploitScore | float8
| | vulnerabilityCvssV2ImpactScore | float8
| | vulnerabilityCvssV2IntegrityImpact | str
| | vulnerabilityCvssV2Score | float8
| | vulnerabilityCvssV2Vector | str
| | vulnerabilityCvssV3AttackComplexity | str
| | vulnerabilityCvssV3AttackVector | str
| | vulnerabilityCvssV3AvailabilityImpact | str
| | vulnerabilityCvssV3ConfidentialityImpact | str
| | vulnerabilityCvssV3ExploitScore | float8
| | vulnerabilityCvssV3ImpactScore | float8
| | vulnerabilityCvssV3IntegrityImpact | str
| | vulnerabilityCvssV3PrivilegeRequired | str
| | vulnerabilityCvssV3Scope | str
| | vulnerabilityCvssV3Score | float8
| | vulnerabilityCvssV3UserInteraction | str
| | vulnerabilityCvssV3Vector | str
| | vulnerabilityExploits | int8
| | vulnerabilityMalwareKits | int8
| | vulnerabilityPciAdjustedCVSSScore | int8
| | vulnerabilityPciAdjustedSeverityScore | int8
| | vulnerabilityPciFail | bool
| | vulnerabilityPciSpecialNotes | str
| | vulnerabilityPciStatus | str
| | vulnerabilityPublished | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
.nexpose.assetvuln.rapid7..insightvm_cloud.asset | | vuln.rapid7.insightvm_cloud.asset |
---|
| vuln.rapid7.insightvm_cloud.assetField | Type | Extra fields |
---|
Eeventdate | timestamp
| | hostname | str
| | assessed_for_policies | bool
| | assessed_for_vulnerabilities | bool
| | credential_assessments | str
| | critical_vulnerabilities | int4
| | exploits | int4
| | host_name | str
| | id | str
| | ip | str
| | ipv4 | ip4
| | ipv6 | ip6
| | last_assessed_for_vulnerabilities | timestamp
| | last_scan_end | timestamp
| | last_scan_start | timestamp
| | mac | str
| | malware_kits | int4
| | moderate_vulnerabilities | int4
| | os_architecture | str
| | os_description | str
| | os_family | str
| | os_name | str
| | os_system_name | str
| | os_type | str
| | os_vendor | str
| | os_version | str
| | risk_score | float8
| | severe_vulnerabilities | int4
| | tags | str
| | total_vulnerabilities | int4
| | type | str
| | unique_identifiers | str
| | new | str
| | remediated | str
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm_cloud.scan |
---|
| vuln.rapid7.insightvm_cloud.scan |
---|
| vuln.rapid7.insightvm_cloud.scanField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | id | str
| | status | str
| | started | timestamp
| | finished | timestamp
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
Anchor |
---|
| vuln.rapid7.insightvm_cloud.site |
---|
| vuln.rapid7.insightvm_cloud.site |
---|
| vuln.rapid7.insightvm_cloud.siteField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | name | str
| | type | str
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
.asset Anchor |
---|
| vuln.rapid7.insightvm_cloud.vulnerability |
---|
| vuln.rapid7.insightvm_cloud.vulnerability |
---|
| vuln.rapid7.insightvm_cloud.vulnerabilityField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | added | timestamp
| | categories | str
| | cves | str
| | cvss_v2_access_complexity | str
| | cvss_v2_access_vector | str
| | cvss_v2_authentication | str
| | cvss_v2_availability_impact | str
| | cvss_v2_confidentiality_impact | str
| | cvss_v2_exploit_score | float8
| | cvss_v2_impact_score | float8
| | cvss_v2_integrity_impact | str
| | cvss_v2_score | float8
| | cvss_v2_vector | str
| | cvss_v3_attack_complexity | str
| | cvss_v3_attack_vector | str
| | cvss_v3_availability_impact | str
| | cvss_v3_confidentiality_impact | str
| | cvss_v3_exploit_score | float8
| | cvss_v3_impact_score | str
| | cvss_v3_integrity_impact | str
| | cvss_v3_privileges_required | str
| | cvss_v3_scope | str
| | cvss_v3_score | float8
| | cvss_v3_user_interaction | str
| | cvss_v3_vector | str
| | denial_of_service | bool
| | description | str
| | exploits | str
| | id | str
| | links | str
| | malware_kits | str
| | modified | timestamp
| | pci_cvss_score | float8
| | pci_fail | bool
| | pci_severity_score | int4
| | pci_special_notes | str
| | pci_status | str
| | published | timestamp
| | references | str
| | risk_score | float8
| | severity | str
| | severity_score | int4
| | title | str
| | at_devo_pulling_id | str
| | hostchain | str
| | tag | str
| | rawMessage | str
| |
Anchor |
---|
| vuln.rapid7.nexpose.asset |
---|
| vuln.rapid7.nexpose.asset |
---|
| vuln.rapid7.nexpose.assetField | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | | host | str
| Code Block |
---|
split(hostchain, "=", 0) |
| hostchain | | site_name | str
| | | | family | str
| | | | pci_status | str
| | | | ip | ip4
| | | | site_id | int4
| | | | exploits | int4
| | | | riskscore | float8
| | | | severe_vulnerabilities | int4
| | | | asset_id | int4
| | | | vendor_product | str
| | | | vulnerabilities | int4
| | | | hostname | str
| | | | version | str
| | | | moderate_vulnerabilities | int4
| | | | critical_vulnerabilities | int4
| | | | installed_software | str
| | | | description | str
| | | | dest | ip4
| | | | timestamp | timestamp
| | | | malware_kits | int4
| | | | nexpose_tags | str
| | | | mac | str
| | | | asset_group_accounts | str
| | | | services | str
| | | | last_scan_finished | timestamp
| | | | protocols | str
| | | | vulnerability_instances | int4
| | | | last_discovered | timestamp
| | | | tag_associations | str
| | | | enabled | str
| | | | os | str
| | | | message | str
| | rawMessage | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
Anchor |
---|
| vuln.rapid7.nexpose.vuln |
---|
| vuln.rapid7.nexpose.vuln |
---|
| vuln.rapid7.nexpose.vulnField | Type | Extra fields | Field transormation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | | host | str
| Code Block |
---|
split(hostchain, "=", 0) |
| hostchain | | mskb | str
| | | | most_recently_discovered | timestamp
| | | | ip | ip4
| | | | site_id | int4
| | | | asset_id | int4
| | | | signature_id | int4
| | | | cvss | float8
| | | | severity | str
| | | | category | str
| | | | product | str
| | | | vendor | str
| | | | other_references | str
| | | | dest | ip4
| | | | timestamp | timestamp
| | | | nexpose_severity | str
| | | | mac | str
| | | | skill_level | str
| | | | date_added | str
| | | | msft | str
| | | | vulnerability_instances | int4
| | | | cve | str
| | | | dvc | str
| | | | cert | str
| | | | signature | str
| | | | first_discovered | timestamp
| | | | message | str
| | rawMessage | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
|
...