vuln.rapid7

[ 1 Overview ] [ 2 Tag structure ] [ 3 Field transformation ]

Overview

The tags beginning with vuln.rapid7 identity events generated by Rapid7.

Tag structure

The full tag may have up to 4 levels. The first two are fixed as vuln.rapid7. The third level identifies the type of events sent, and the fourth level indicates the event subtype

Technology	Brand	Type	Subtype

Technology	Brand	Type	Subtype
vuln	rapid7	insightvm	audit access auth

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag	Data table

Tag	Data table
vuln.rapid7.insightvm.audit	vuln.rapid7.insightvm.audit
vuln.rapid7.insightvm.access	vuln.rapid7.insightvm.access
vuln.rapid7.insightvm.auth	vuln.rapid7.insightvm.auth

vuln.rapid7.insightvm.audit

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
server_time	`timestamp`	-
log_level	`str`	-
thread	`str`	-
silo_id	`str`	-
user	`str`	-
user_id	`str`	-
performed_by	`str`	-
action	`str`	-
silo	`str`	-
role	`str`	-
change	`str`	-
unknown	`str`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

vuln.rapid7.insightvm.access

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
server_time	`timestamp`	-
log_level	`str`	-
thread	`str`	-
method	`str`	-
uri	`str`	-
handler	`str`	-
protocol	`str`	-
ip	`ip4`	-
port	`str`	-
referer	`str`	-
user_agent	`str`	-
authentication	`str`	-
principal	`str`	-
session	`str`	-
silo_id	`str`	-
user_id	`str`	-
status	`str`	-
start	`timestamp`	-
duration	`str`	-
message	`str`	-
unknown	`str`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

vuln.rapid7.insightvm.auth

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
server_time	`timestamp`	-
log_level	`str`	-
thread	`str`	-
principal	`str`	-
session_id	`str`	-
user_id	`str`	-
message	`str`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓