Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
Introduction
The tags beginning begin with vuln.kenna
identify log identifies events generated by by Kenna Security.
Tag structure
...
Valid tags and data tables
The full tag must have four levels. The first two are fixed as asvuln.kenna
. The third level identifies the group, the fourth level identifies the type of events sent, and the . The fourth level indicates identifies the event subtype
...
Technology
...
Brand
...
Group
...
Type
...
Subtype
...
vuln
...
kenna
...
vm
...
assests
...
vulnerabilities
These are the valid tags and corresponding data tables that will receive the parsers' data:
...
Tag
...
Data table
...
vuln.kenna.vm.assets_vulnerabilities
...
.
Table structure
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
hostname |
| |||||
id |
| |||||
created_at |
| |||||
priority |
| |||||
operating_system |
| |||||
notes |
| |||||
last_booted_at |
| |||||
primary_locator |
| |||||
locator |
| |||||
vulnerabilities_count |
| |||||
status |
| |||||
last_seen_time |
| |||||
tags_str |
|
| tags | |||
owner |
| |||||
inactive_at |
| |||||
status_set_manually |
| |||||
urls__vulnerabilities |
| |||||
ip_address |
| |||||
database |
| |||||
hostname2 |
| |||||
fqdn |
| |||||
netbios |
| |||||
application |
| |||||
file |
| |||||
mac_address |
| |||||
ec2 |
| |||||
url |
| |||||
external_id |
| |||||
image |
| |||||
container |
| |||||
ipv6 |
| |||||
risk_meter_score |
| |||||
asset_groups__id_str |
|
| asset_groups__id | |||
asset_groups__name_str |
|
| asset_groups__name | |||
vulnerability__connectors__name_str |
|
| vulnerability__connectors__name | |||
vulnerability__connectors__id_str |
|
| vulnerability__connectors__id | |||
vulnerability__connectors__connector_definition_name_str |
|
| vulnerability__connectors__connector_definition_name | |||
vulnerability__connectors__vendor_str |
|
| vulnerability__connectors__vendor | |||
vulnerability__notes |
| |||||
vulnerability__fix_id |
| |||||
vulnerability__service_ticket |
| |||||
vulnerability__created_at |
| |||||
vulnerability__asset_id |
| |||||
vulnerability__id |
| |||||
vulnerability__last_seen_time |
| |||||
vulnerability__closed_at |
| |||||
vulnerability__identifiers_str |
|
| vulnerability__identifiers | |||
vulnerability__due_date |
| |||||
vulnerability__priority |
| |||||
vulnerability__port_str |
|
| vulnerability__port | |||
vulnerability__scanner_vulnerabilities__port_str |
|
| vulnerability__scanner_vulnerabilities__port | |||
vulnerability__scanner_vulnerabilities__external_unique_id_str |
|
| vulnerability__scanner_vulnerabilities__external_unique_id | |||
vulnerability__scanner_vulnerabilities__open_str |
|
| vulnerability__scanner_vulnerabilities__open | |||
vulnerability__scanner_score |
| |||||
vulnerability__status |
| |||||
vulnerability__urls__asset |
| |||||
vulnerability__solution |
| |||||
vulnerability__patch |
| |||||
vulnerability__patch_published_at |
| |||||
vulnerability__cve_id |
| |||||
vulnerability__cve_description |
| |||||
vulnerability__cve_published_at |
| |||||
vulnerability__description |
| |||||
vulnerability__wasc_id |
| |||||
vulnerability__severity |
| |||||
vulnerability__threat |
| |||||
vulnerability__popular_target |
| |||||
vulnerability__active_internet_breach |
| |||||
vulnerability__easily_exploitable |
| |||||
vulnerability__malware_exploitable |
| |||||
vulnerability__remote_code_execution |
| |||||
vulnerability__predicted_exploitable |
| |||||
vulnerability__custom_fields__name_str |
|
| vulnerability__custom_fields__name | |||
vulnerability__custom_fields__custom_field_definition_id_str |
|
| vulnerability__custom_fields__custom_field_definition_id | |||
vulnerability__custom_fields__value_str |
|
| vulnerability__custom_fields__value | |||
vulnerability__first_found_on |
| |||||
vulnerability__risk_meter_score |
| |||||
vulnerability__top_priority |
| |||||
vulnerability__closed |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
|