vuln.risksense
Introduction
The tags beginning with vuln.risksense
identify events generated by RiskSense as part of Ivanti.
Valid tags and data tablesÂ
The full tag must have two levels. The first two are fixed as vuln.risksense
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Risk Sense |
|
|
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
vuln.risksense.host
Field name | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
id |
| Â |
clientId |
| Â |
groupIds |
| Â |
rs3 |
| Â |
xRS3 |
| Â |
criticality |
| Â |
tagIds |
| Â |
networkId |
| Â |
findingsDistribution__total__value |
| Â |
findingsDistribution__total__subject |
| Â |
findingsDistribution__total__filter |
| Â |
findingsDistribution__critical__value |
| Â |
findingsDistribution__critical__subject |
| Â |
findingsDistribution__critical__filter |
| Â |
findingsDistribution__high__value |
| Â |
findingsDistribution__high__subject |
| Â |
findingsDistribution__high__filter |
| Â |
findingsDistribution__medium__value |
| Â |
findingsDistribution__medium__subject |
| Â |
findingsDistribution__medium__filter |
| Â |
findingsDistribution__low__value |
| Â |
findingsDistribution__low__subject |
| Â |
findingsDistribution__low__filter |
| Â |
findingsDistribution__info__value |
| Â |
findingsDistribution__info__subject |
| Â |
findingsDistribution__info__filter |
| Â |
findingsByVrrDistribution__total__value |
| Â |
findingsByVrrDistribution__total__subject |
| Â |
findingsByVrrDistribution__total__filter |
| Â |
findingsByVrrDistribution__critical__value |
| Â |
findingsByVrrDistribution__critical__subject |
| Â |
findingsByVrrDistribution__critical__filter |
| Â |
findingsByVrrDistribution__high__value |
| Â |
findingsByVrrDistribution__high__subject |
| Â |
findingsByVrrDistribution__high__filter |
| Â |
findingsByVrrDistribution__medium__value |
| Â |
findingsByVrrDistribution__medium__subject |
| Â |
findingsByVrrDistribution__medium__filter |
| Â |
findingsByVrrDistribution__low__value |
| Â |
findingsByVrrDistribution__low__subject |
| Â |
findingsByVrrDistribution__low__filter |
| Â |
findingsByVrrDistribution__info__value |
| Â |
findingsByVrrDistribution__info__subject |
| Â |
findingsByVrrDistribution__info__filter |
| Â |
discoveredOn |
| Â |
lastFoundOn |
| Â |
scannerFirstDiscoveredOn |
| Â |
scannerLastDiscoveredOn |
| Â |
platformFirstIngestedOn |
| Â |
platformLastIngestedOn |
| Â |
lastScanTime |
| Â |
hostName |
| Â |
ipAddress |
| Â |
portIds |
| Â |
operatingSystemScanner__name |
| Â |
operatingSystemScanner__family |
| Â |
operatingSystemScanner__class |
| Â |
operatingSystemScanner__vendor |
| Â |
operatingSystemScanner__version |
| Â |
external |
| Â |
configurationManagementDB |
| Â |
netbios |
| Â |
fqdn |
| Â |
rdns |
| Â |
macAddress |
| Â |
virtualMacAddress |
| Â |
authenticatedScan |
| Â |
policyUsed |
| Â |
scannerUniqueId |
| Â |
group__id |
| Â |
group__name |
| Â |
group__hasGroupPermission |
| Â |
groups |
| Â |
tags |
| Â |
network__id |
| Â |
network__name |
| Â |
network__type |
| Â |
scannerLastDiscoveredOnOrigin |
| Â |
lastCredentialedScanDate |
| Â |
ports |
| Â |
services |
| Â |
notes |
| Â |
sources |
| Â |
tickets |
| Â |
lastVulnTrendingOn |
| Â |
lastThreatTrendingOn |
| Â |
trending |
| Â |
oldestOpenFindingWithThreatDiscoveredOn |
| Â |
xRS3date |
| Â |
discoveredByRS |
| Â |
openCveCount |
| Â |
openThreatCount |
| Â |
openRansomwareCount |
| Â |
openRceAndPeCount |
| Â |
manualExploitCount |
| Â |
isp |
| Â |
srsLastScanTime |
| Â |
dns |
| Â |
ec2Identifier |
| Â |
vrrCriticalMax |
| Â |
vrrHighMax |
| Â |
vrrMediumMax |
| Â |
vrrLowMax |
| Â |
totalFindingCountOnAsset |
| Â |
metricExcludeOverrideDetail |
| Â |
allIpAddresses |
| Â |
openAndClosedFindingCount |
| Â |
additionalDetails |
| Â |
slaDetails |
| Â |
assetIdentifier |
| Â |
assetIdentifiedBy |
| Â |
lastAssetIdentifier |
| Â |
lastAssetIdentifiedBy |
| Â |
assetIdentifiedScannerUuid |
| Â |
lastAssetIdentifiedScannerUuid |
| Â |
assetIdentificationDetails |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
vuln.risksense.hostfindings
Field name | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
id |
| Â |
source |
| Â |
sourceId |
| Â |
title |
| Â |
port |
| Â |
protocol |
| Â |
description |
| Â |
services |
| Â |
group__id |
| Â |
group__name |
| Â |
group__hasGroupPermission |
| Â |
groups |
| Â |
host__hostId |
| Â |
host__hostName |
| Â |
host__ipAddress |
| Â |
host__criticality |
| Â |
host__external |
| Â |
host__ports |
| Â |
host__rs3 |
| Â |
host__lastScannedTime |
| Â |
host__fqdn |
| Â |
host__rdns |
| Â |
host__macAddress |
| Â |
host__virtualMacAddress |
| Â |
host__dns |
| Â |
host__netbios |
| Â |
host__ec2Identifier |
| Â |
host__assetIdentifier |
| Â |
host__assetIdentifiedBy |
| Â |
host__lastAssetIdentifier |
| Â |
host__lastAssetIdentifiedBy |
| Â |
host__assetIdentifiedScannerUuid |
| Â |
host__lastAssetIdentifiedScannerUuid |
| Â |
operatingSystemScanner__name |
| Â |
operatingSystemScanner__family |
| Â |
operatingSystemScanner__class |
| Â |
operatingSystemScanner__vendor |
| Â |
operatingSystemScanner__version |
| Â |
network__id |
| Â |
network__name |
| Â |
network__type |
| Â |
statusEmbedded__state |
| Â |
statusEmbedded__stateName |
| Â |
statusEmbedded__stateDescription |
| Â |
statusEmbedded__status |
| Â |
statusEmbedded__userIds |
| Â |
statusEmbedded__durationInDays |
| Â |
statusEmbedded__dueDate |
| Â |
statusEmbedded__expirationDate |
| Â |
assessments |
| Â |
assignments |
| Â |
vulnerabilities__vulnInfoList |
| Â |
vulnerabilities__vulnLastTrendingOn |
| Â |
vulnerabilities__trending |
| Â |
vulnerabilitiesWithV3 |
| Â |
threats__manualExploits |
| Â |
threats__threats |
| Â |
threats__threatLastTrendingOn |
| Â |
threats__trending |
| Â |
manualFindingReports |
| Â |
solution |
| Â |
patches |
| Â |
manualExploitCount |
| Â |
tags |
| Â |
tagsAsset |
| Â |
tickets |
| Â |
notes |
| Â |
authScanDetail |
| Â |
authScanHistory |
| Â |
output |
| Â |
severity |
| Â |
severityEmbedded__combined |
| Â |
severityEmbedded__overridden |
| Â |
severityEmbedded__scanner |
| Â |
severityEmbedded__cvssV2 |
| Â |
severityEmbedded__cvssV3 |
| Â |
severityEmbedded__aggregated |
| Â |
severityEmbedded__state |
| Â |
severityEmbedded__stateName |
| Â |
severityEmbedded__expirationDate |
| Â |
riskRating |
| Â |
xrs3Impact |
| Â |
xrs3ImpactOnCategory |
| Â |
lastFoundOn |
| Â |
discoveredOn |
| Â |
scannerFirstDiscoveredOn |
| Â |
scannerLastDiscoveredOn |
| Â |
platformFirstIngestedOn |
| Â |
platformLastIngestedOn |
| Â |
slaDiscoveredOnDerived |
| Â |
slaDiscoveredOnDerivedOrigin |
| Â |
resolvedOn |
| Â |
scannerName |
| Â |
scannerPrettyName |
| Â |
findingType |
| Â |
machineId |
| Â |
detailedDescription |
| Â |
detailedSolution |
| Â |
cloudSecurityGroups |
| Â |
cloudScalingGroups |
| Â |
scannerPluginStatus |
| Â |
additionalInfo |
| Â |
netbios |
| Â |
dns |
| Â |
scannerReferences |
| Â |
workflowGeneratedNames |
| Â |
workflowDistribution__actionableWorkflows |
| Â |
workflowDistribution__latestSystemWorkflows |
| Â |
workflowDistribution__approvedWorkflows |
| Â |
workflowDistribution__expiredWorkflows |
| Â |
workflowDistribution__rejectedWorkflows |
| Â |
workflowDistribution__requestedWorkflows |
| Â |
workflowDistribution__reworkedWorkflows |
| Â |
pluginCpes |
| Â |
scannerPluginDetails |
| Â |
cloudInformation |
| Â |
pluginType |
| Â |
pluginVulnerabilityType |
| Â |
pluginFamily |
| Â |
pluginAgent |
| Â |
pluginPublishedDate |
| Â |
pluginUpdatedDate |
| Â |
pluginInstanceId |
| Â |
parserUploadFileData |
| Â |
status |
| Â |
reworked |
| Â |
scannerReportedSeverity |
| Â |
hostAdditionalDetails |
| Â |
slaDetails |
| Â |
dueDate__setBy |
| Â |
dueDate__setByName |
| Â |
dueDate__uuid |
| Â |
scannerReportedPluginId |
| Â |
risk |
| Â |
scannerReported |
| Â |
cvssV2 |
| Â |
cvssV3 |
| Â |
state |
| Â |
groupId |
| Â |
groupIds |
| Â |
portId |
| Â |
hostname2 |
| Â |
ip |
| Â |
criticality |
| Â |
isExternal |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |