Document toolboxDocument toolbox

vuln.onapsis

Owned by Sarah Bigault (Deactivated), created
Aug 23, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning withvuln.onapsis identify events generated by Onapsis vulnerability solutions.

Valid tags and data tables 

The full tag must have two levels. The first two are fixed as vuln.onapsis. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Onapsis

vuln.onapsis.osp.assessment

vuln.onapsis.osp.assessment

vuln.onapsis.osp.event

vuln.onapsis.osp.event

vuln.onapsis.osp.heartbeat

vuln.onapsis.osp.heartbeat

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

vuln.onapsis.osp.assessment

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

job_type

str

 

asset_name

str

 

fqdn

str

 

job_id

int4

 

job_name

str

 

modules

json

 

osp_link

str

 

sid

str

 

task_id

int4

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

vuln.onapsis.osp.event

Field name

Type

Extra fields

Field transformation

Source field name

Field name

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

hostname

str

 

 

 

incident_type

str

 

 

 

alarm_profile_matches__alarm_name_str

str

 

join(alarm_profile_matches__alarm_name, ',')

alarm_profile_matches__alarm_name

alarm_profile_matches__profile_id_str

str

 

replace(replace(stringify(json(alarm_profile_matches__profile_id)), '[', ''), ']', '')

alarm_profile_matches__profile_id

asset_name

str

 

 

 

client2

str

 

 

 

confidence

str

 

 

 

created_at

timestamp

 

 

 

destination_port

str

 

 

 

dst

str

 

 

 

detected_compliance

str

 

 

 

erp_event_source

str

 

 

 

erp_host

str

 

 

 

erp_time

str

 

 

 

event_id

str

 

 

 

event_type

str

 

 

 

events

str

 

 

 

incident_detail

str

 

 

 

incident_name

str

 

 

 

job_name

str

 

 

 

logline

str

 

 

 

matching_rule

str

 

 

 

modified

str

 

 

 

module_category

str

 

 

 

module_description

str

 

 

 

module_name

str

 

 

 

patch_applied

str

 

 

 

policy

str

 

 

 

protocol

str

 

 

 

reason

str

 

 

 

result

str

 

 

 

sap_sec_notes

str

 

 

 

severity

str

 

 

 

sid

str

 

 

 

source_port

str

 

 

 

src

str

 

 

 

success

str

 

 

 

system_type

str

 

 

 

terminal_source

str

 

 

 

username

str

 

 

 

user_type

str

 

 

 

vulnerability_cvss

str

 

 

 

hostchain

str

✓

 

 

tag

str

✓

 

 

rawMessage

str

✓

 

 

vuln.onapsis.osp.heartbeat

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

job_type

str

 

logline

str

 

event_id

str

 

appliances_states

str

 

dev_time

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓