Introduction
The tags begin with vuln.kenna
identifies events generated by Kenna.
Tag structure
The full tag must have four levels. The first two are fixed as vuln.kenna
. The third level identifies the type of events sent. The fourth level identifies the event subtype.
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| |||
hostname |
| |||
id |
| |||
created_at |
| |||
priority |
| |||
operating_system |
| |||
notes |
| |||
last_booted_at |
| |||
primary_locator |
| |||
locator |
| |||
vulnerabilities_count |
| |||
status |
| |||
last_seen_time |
| |||
tags_str |
| join(tags, ',') | tags | |
owner |
| |||
inactive_at |
| |||
status_set_manually |
| |||
urls__vulnerabilities |
| |||
ip_address |
| |||
database |
| |||
hostname2 |
| |||
fqdn |
| |||
netbios |
| |||
application |
| |||
file |
| |||
mac_address |
| |||
ec2 |
| |||
url |
| |||
external_id |
| |||
image |
| |||
container |
| |||
ipv6 |
| |||
risk_meter_score |
| |||
asset_groups__id_str |
| replace(replace(stringify(json(asset_groups__id)), '[', ''), ']', '') | asset_groups__id | |
asset_groups__name_str |
| join(asset_groups__name, ',') | asset_groups__name | |
vulnerability__connectors__name_str |
| join(vulnerability__connectors__name, ',') | vulnerability__connectors__name | |
vulnerability__connectors__id_str |
| replace(replace(stringify(json(vulnerability__connectors__id)), '[', ''), ']', '') | vulnerability__connectors__id | |
vulnerability__connectors__connector_definition_name_str |
| join(vulnerability__connectors__connector_definition_name, ',') | vulnerability__connectors__connector_definition_name | |
vulnerability__connectors__vendor_str |
| join(vulnerability__connectors__vendor, ',') | vulnerability__connectors__vendor | |
vulnerability__notes |
| |||
vulnerability__fix_id |
| |||
vulnerability__service_ticket |
| |||
vulnerability__created_at |
| |||
vulnerability__asset_id |
| |||
vulnerability__id |
| |||
vulnerability__last_seen_time |
| |||
vulnerability__closed_at |
| |||
vulnerability__identifiers_str |
| join(vulnerability__identifiers, ',') | vulnerability__identifiers | |
vulnerability__due_date |
| |||
vulnerability__priority |
| |||
vulnerability__port_str |
| replace(replace(stringify(json(vulnerability__port)), '[', ''), ']', '') | vulnerability__port | |
vulnerability__scanner_vulnerabilities__port_str |
| replace(replace(stringify(json(vulnerability__scanner_vulnerabilities__port)), '[', ''), ']', '') | vulnerability__scanner_vulnerabilities__port | |
vulnerability__scanner_vulnerabilities__external_unique_id_str |
| join(vulnerability__scanner_vulnerabilities__external_unique_id, ',') | vulnerability__scanner_vulnerabilities__external_unique_id | |
vulnerability__scanner_vulnerabilities__open_str |
| replace(replace(stringify(json(vulnerability__scanner_vulnerabilities__open)), '[', ''), ']', '') | vulnerability__scanner_vulnerabilities__open | |
vulnerability__scanner_score |
| |||
vulnerability__status |
| |||
vulnerability__urls__asset |
| |||
vulnerability__solution |
| |||
vulnerability__patch |
| |||
vulnerability__patch_published_at |
| |||
vulnerability__cve_id |
| |||
vulnerability__cve_description |
| |||
vulnerability__cve_published_at |
| |||
vulnerability__description |
| |||
vulnerability__wasc_id |
| |||
vulnerability__severity |
| |||
vulnerability__threat |
| |||
vulnerability__popular_target |
| |||
vulnerability__active_internet_breach |
| |||
vulnerability__easily_exploitable |
| |||
vulnerability__malware_exploitable |
| |||
vulnerability__remote_code_execution |
| |||
vulnerability__predicted_exploitable |
| |||
vulnerability__custom_fields__name_str |
| join(vulnerability__custom_fields__name, ',') | vulnerability__custom_fields__name | |
vulnerability__custom_fields__custom_field_definition_id_str |
| replace(replace(stringify(json(vulnerability__custom_fields__custom_field_definition_id)), '[', ''), ']', '') | vulnerability__custom_fields__custom_field_definition_id | |
vulnerability__custom_fields__value_str |
| join(vulnerability__custom_fields__value, ',') | vulnerability__custom_fields__value | |
vulnerability__first_found_on |
| |||
vulnerability__risk_meter_score |
| |||
vulnerability__top_priority |
| |||
vulnerability__closed |
| |||
hostchain |
| ✓ | ||
tag |
| ✓ | ||
rawMessage |
|