vuln.kenna

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags begin with vuln.kenna identifies events generated by Kenna.

Valid tags and data tables

The full tag must have four levels. The first two are fixed as vuln.kenna. The third level identifies the type of events sent. The fourth level identifies the event subtype.

Table structure

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Field transformation	Source field name	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`int4`
created_at	`timestamp`
priority	`int4`
operating_system	`str`
notes	`str`
last_booted_at	`str`
primary_locator	`str`
locator	`str`
vulnerabilities_count	`int4`
status	`str`
last_seen_time	`timestamp`
tags_str	`str`	`join(tags, ',')`	tags
owner	`str`
inactive_at	`timestamp`
status_set_manually	`bool`
urls__vulnerabilities	`str`
ip_address	`ip4`
database	`str`
hostname2	`str`
fqdn	`str`
netbios	`str`
application	`str`
file	`str`
mac_address	`str`
ec2	`str`
url	`str`
external_id	`str`
image	`str`
container	`str`
ipv6	`str`
risk_meter_score	`int4`
asset_groups__id_str	`str`	`replace(replace(stringify(json(asset_groups__id)), '[', ''), ']', '')`	asset_groups__id
asset_groups__name_str	`str`	`join(asset_groups__name, ',')`	asset_groups__name
vulnerability__connectors__name_str	`str`		vulnerability__connectors__name
vulnerability__connectors__id_str	`str`		vulnerability__connectors__id
vulnerability__connectors__connector_definition_name_str	`str`		vulnerability__connectors__connector_definition_name
vulnerability__connectors__vendor_str	`str`		vulnerability__connectors__vendor
vulnerability__notes	`str`
vulnerability__fix_id	`int4`
vulnerability__service_ticket	`str`
vulnerability__created_at	`timestamp`
vulnerability__asset_id	`int4`
vulnerability__id	`int8`
vulnerability__last_seen_time	`timestamp`
vulnerability__closed_at	`str`
vulnerability__identifiers_str	`str`		vulnerability__identifiers
vulnerability__due_date	`str`
vulnerability__priority	`int4`
vulnerability__port_str	`str`		vulnerability__port
vulnerability__scanner_vulnerabilities__port_str	`str`		vulnerability__scanner_vulnerabilities__port
vulnerability__scanner_vulnerabilities__external_unique_id_str	`str`		vulnerability__scanner_vulnerabilities__external_unique_id
vulnerability__scanner_vulnerabilities__open_str	`str`		vulnerability__scanner_vulnerabilities__open
vulnerability__scanner_score	`str`
vulnerability__status	`str`
vulnerability__urls__asset	`str`
vulnerability__solution	`str`
vulnerability__patch	`bool`
vulnerability__patch_published_at	`str`
vulnerability__cve_id	`str`
vulnerability__cve_description	`str`
vulnerability__cve_published_at	`timestamp`
vulnerability__description	`str`
vulnerability__wasc_id	`str`
vulnerability__severity	`int4`
vulnerability__threat	`int4`
vulnerability__popular_target	`bool`
vulnerability__active_internet_breach	`bool`
vulnerability__easily_exploitable	`bool`
vulnerability__malware_exploitable	`bool`
vulnerability__remote_code_execution	`bool`
vulnerability__predicted_exploitable	`bool`
vulnerability__custom_fields__name_str	`str`		vulnerability__custom_fields__name
vulnerability__custom_fields__custom_field_definition_id_str	`str`		vulnerability__custom_fields__custom_field_definition_id
vulnerability__custom_fields__value_str	`str`		vulnerability__custom_fields__value
vulnerability__first_found_on	`timestamp`
vulnerability__risk_meter_score	`int4`
vulnerability__top_priority	`bool`
vulnerability__closed	`bool`
hostchain	`str`			✓
tag	`str`			✓
rawMessage	`str`