/
vuln.risksense
Document toolboxDocument toolbox

vuln.risksense

Owned by Former user (Deleted), created
Last updated: Jun 02, 2025 by Virginia Camuñas Núñez
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with vuln.risksenseidentify events generated by RiskSense as part of Ivanti.

Valid tags and data tables 

The full tag must have two levels. The first two are fixed as vuln.risksense. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Risk Sense

vuln.risksense.host

vuln.risksense.host

vuln.risksense.hostfindings

vuln.risksense.hostfindings

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

vuln.risksense.host

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

int8

 

clientId

int4

 

groupIds

str

 

rs3

str

 

xRS3

str

 

criticality

int4

 

tagIds

str

 

networkId

int4

 

findingsDistribution__total__value

int4

 

findingsDistribution__total__subject

str

 

findingsDistribution__total__filter

str

 

findingsDistribution__critical__value

int4

 

findingsDistribution__critical__subject

str

 

findingsDistribution__critical__filter

str

 

findingsDistribution__high__value

int4

 

findingsDistribution__high__subject

str

 

findingsDistribution__high__filter

str

 

findingsDistribution__medium__value

int4

 

findingsDistribution__medium__subject

str

 

findingsDistribution__medium__filter

str

 

findingsDistribution__low__value

int4

 

findingsDistribution__low__subject

str

 

findingsDistribution__low__filter

str

 

findingsDistribution__info__value

int4

 

findingsDistribution__info__subject

str

 

findingsDistribution__info__filter

str

 

findingsByVrrDistribution__total__value

int4

 

findingsByVrrDistribution__total__subject

str

 

findingsByVrrDistribution__total__filter

str

 

findingsByVrrDistribution__critical__value

int4

 

findingsByVrrDistribution__critical__subject

str

 

findingsByVrrDistribution__critical__filter

str

 

findingsByVrrDistribution__high__value

int4

 

findingsByVrrDistribution__high__subject

str

 

findingsByVrrDistribution__high__filter

str

 

findingsByVrrDistribution__medium__value

int4

 

findingsByVrrDistribution__medium__subject

str

 

findingsByVrrDistribution__medium__filter

str

 

findingsByVrrDistribution__low__value

int4

 

findingsByVrrDistribution__low__subject

str

 

findingsByVrrDistribution__low__filter

str

 

findingsByVrrDistribution__info__value

int4

 

findingsByVrrDistribution__info__subject

str

 

findingsByVrrDistribution__info__filter

str

 

discoveredOn

timestamp

 

lastFoundOn

timestamp

 

scannerFirstDiscoveredOn

str

 

scannerLastDiscoveredOn

str

 

platformFirstIngestedOn

timestamp

 

platformLastIngestedOn

timestamp

 

lastScanTime

timestamp

 

hostName

str

 

ipAddress

ip4

 

portIds

str

 

operatingSystemScanner__name

str

 

operatingSystemScanner__family

str

 

operatingSystemScanner__class

str

 

operatingSystemScanner__vendor

str

 

operatingSystemScanner__version

str

 

external

bool

 

configurationManagementDB

str

 

netbios

str

 

fqdn

str

 

rdns

str

 

macAddress

str

 

virtualMacAddress

str

 

authenticatedScan

str

 

policyUsed

str

 

scannerUniqueId

str

 

group__id

int4

 

group__name

str

 

group__hasGroupPermission

bool

 

groups

str

 

tags

str

 

network__id

int4

 

network__name

str

 

network__type

str

 

scannerLastDiscoveredOnOrigin

str

 

lastCredentialedScanDate

str

 

ports

str

 

services

str

 

notes

str

 

sources

str

 

tickets

str

 

lastVulnTrendingOn

str

 

lastThreatTrendingOn

str

 

trending

bool

 

oldestOpenFindingWithThreatDiscoveredOn

timestamp

 

xRS3date

timestamp

 

discoveredByRS

bool

 

openCveCount

int4

 

openThreatCount

int4

 

openRansomwareCount

int4

 

openRceAndPeCount

int4

 

manualExploitCount

int4

 

isp

str

 

srsLastScanTime

str

 

dns

str

 

ec2Identifier

str

 

vrrCriticalMax

str

 

vrrHighMax

str

 

vrrMediumMax

float8

 

vrrLowMax

float8

 

totalFindingCountOnAsset

int4

 

metricExcludeOverrideDetail

str

 

allIpAddresses

str

 

openAndClosedFindingCount

int4

 

additionalDetails

str

 

slaDetails

str

 

assetIdentifier

ip4

 

assetIdentifiedBy

str

 

lastAssetIdentifier

ip4

 

lastAssetIdentifiedBy

str

 

assetIdentifiedScannerUuid

str

 

lastAssetIdentifiedScannerUuid

str

 

assetIdentificationDetails

str

 

hostchain

str

tag

str

rawMessage

str

vuln.risksense.hostfindings

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

int8

 

source

str

 

sourceId

str

 

title

str

 

port

str

 

protocol

str

 

description

str

 

services

str

 

group__id

int4

 

group__name

str

 

group__hasGroupPermission

bool

 

groups

str

 

host__hostId

int8