Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Introduction

The tags begin with vuln.kenna identifies events generated by Kenna.

Tag structure

The full tag must have four levels. The first two are fixed as vuln.kenna. The third level identifies the type of events sent. The fourth level identifies the event subtype.

Table structure

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

id

int4

created_at

timestamp

priority

int4

operating_system

str

notes

str

last_booted_at

str

primary_locator

str

locator

str

vulnerabilities_count

int4

status

str

last_seen_time

timestamp

tags_str

str

join(tags, ',')

tags

owner

str

inactive_at

timestamp

status_set_manually

bool

urls__vulnerabilities

str

ip_address

ip4

database

str

hostname2

str

fqdn

str

netbios

str

application

str

file

str

mac_address

str

ec2

str

url

str

external_id

str

image

str

container

str

ipv6

str

risk_meter_score

int4

asset_groups__id_str

str

replace(replace(stringify(json(asset_groups__id)), '[', ''), ']', '')

asset_groups__id

asset_groups__name_str

str

join(asset_groups__name, ',')

asset_groups__name

vulnerability__connectors__name_str

str

join(vulnerability__connectors__name, ',')

vulnerability__connectors__name

vulnerability__connectors__id_str

str

replace(replace(stringify(json(vulnerability__connectors__id)), '[', ''), ']', '')

vulnerability__connectors__id

vulnerability__connectors__connector_definition_name_str

str

join(vulnerability__connectors__connector_definition_name, ',')

vulnerability__connectors__connector_definition_name

vulnerability__connectors__vendor_str

str

join(vulnerability__connectors__vendor, ',')

vulnerability__connectors__vendor

vulnerability__notes

str

vulnerability__fix_id

int4

vulnerability__service_ticket

str

vulnerability__created_at

timestamp

vulnerability__asset_id

int4

vulnerability__id

int8

vulnerability__last_seen_time

timestamp

vulnerability__closed_at

str

vulnerability__identifiers_str

str

join(vulnerability__identifiers, ',')

vulnerability__identifiers

vulnerability__due_date

str

vulnerability__priority

int4

vulnerability__port_str

str

replace(replace(stringify(json(vulnerability__port)), '[', ''), ']', '')

vulnerability__port

vulnerability__scanner_vulnerabilities__port_str

str

replace(replace(stringify(json(vulnerability__scanner_vulnerabilities__port)), '[', ''), ']', '')

vulnerability__scanner_vulnerabilities__port

vulnerability__scanner_vulnerabilities__external_unique_id_str

str

join(vulnerability__scanner_vulnerabilities__external_unique_id, ',')

vulnerability__scanner_vulnerabilities__external_unique_id

vulnerability__scanner_vulnerabilities__open_str

str

replace(replace(stringify(json(vulnerability__scanner_vulnerabilities__open)), '[', ''), ']', '')

vulnerability__scanner_vulnerabilities__open

vulnerability__scanner_score

str

vulnerability__status

str

vulnerability__urls__asset

str

vulnerability__solution

str

vulnerability__patch

bool

vulnerability__patch_published_at

str

vulnerability__cve_id

str

vulnerability__cve_description

str

vulnerability__cve_published_at

timestamp

vulnerability__description

str

vulnerability__wasc_id

str

vulnerability__severity

int4

vulnerability__threat

int4

vulnerability__popular_target

bool

vulnerability__active_internet_breach

bool

vulnerability__easily_exploitable

bool

vulnerability__malware_exploitable

bool

vulnerability__remote_code_execution

bool

vulnerability__predicted_exploitable

bool

vulnerability__custom_fields__name_str

str

join(vulnerability__custom_fields__name, ',')

vulnerability__custom_fields__name

vulnerability__custom_fields__custom_field_definition_id_str

str

replace(replace(stringify(json(vulnerability__custom_fields__custom_field_definition_id)), '[', ''), ']', '')

vulnerability__custom_fields__custom_field_definition_id

vulnerability__custom_fields__value_str

str

join(vulnerability__custom_fields__value, ',')

vulnerability__custom_fields__value

vulnerability__first_found_on

timestamp

vulnerability__risk_meter_score

int4

vulnerability__top_priority

bool

vulnerability__closed

bool

hostchain

str

 

tag

str

 

rawMessage

str

  • No labels