Document toolboxDocument toolbox

vuln.risksense

Owned by Sarah Bigault (Deactivated), created
Aug 23, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with vuln.risksenseidentify events generated by RiskSense as part of Ivanti.

Valid tags and data tables 

The full tag must have two levels. The first two are fixed as vuln.risksense. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Risk Sense

vuln.risksense.host

vuln.risksense.host

vuln.risksense.hostfindings

vuln.risksense.hostfindings

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

vuln.risksense.host

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

int8

 

clientId

int4

 

groupIds

str

 

rs3

str

 

xRS3

str

 

criticality

int4

 

tagIds

str

 

networkId

int4

 

findingsDistribution__total__value

int4

 

findingsDistribution__total__subject

str

 

findingsDistribution__total__filter

str

 

findingsDistribution__critical__value

int4

 

findingsDistribution__critical__subject

str

 

findingsDistribution__critical__filter

str

 

findingsDistribution__high__value

int4

 

findingsDistribution__high__subject

str

 

findingsDistribution__high__filter

str

 

findingsDistribution__medium__value

int4

 

findingsDistribution__medium__subject

str

 

findingsDistribution__medium__filter

str

 

findingsDistribution__low__value

int4

 

findingsDistribution__low__subject

str

 

findingsDistribution__low__filter

str

 

findingsDistribution__info__value

int4

 

findingsDistribution__info__subject

str

 

findingsDistribution__info__filter

str

 

findingsByVrrDistribution__total__value

int4

 

findingsByVrrDistribution__total__subject

str

 

findingsByVrrDistribution__total__filter

str

 

findingsByVrrDistribution__critical__value

int4

 

findingsByVrrDistribution__critical__subject

str

 

findingsByVrrDistribution__critical__filter

str

 

findingsByVrrDistribution__high__value

int4

 

findingsByVrrDistribution__high__subject

str

 

findingsByVrrDistribution__high__filter

str

 

findingsByVrrDistribution__medium__value

int4

 

findingsByVrrDistribution__medium__subject

str

 

findingsByVrrDistribution__medium__filter

str

 

findingsByVrrDistribution__low__value

int4

 

findingsByVrrDistribution__low__subject

str

 

findingsByVrrDistribution__low__filter

str

 

findingsByVrrDistribution__info__value

int4

 

findingsByVrrDistribution__info__subject

str

 

findingsByVrrDistribution__info__filter

str

 

discoveredOn

timestamp

 

lastFoundOn

timestamp

 

scannerFirstDiscoveredOn

str

 

scannerLastDiscoveredOn

str

 

platformFirstIngestedOn

timestamp

 

platformLastIngestedOn

timestamp

 

lastScanTime

timestamp

 

hostName

str

 

ipAddress

ip4

 

portIds

str

 

operatingSystemScanner__name

str

 

operatingSystemScanner__family

str

 

operatingSystemScanner__class

str

 

operatingSystemScanner__vendor

str

 

operatingSystemScanner__version

str

 

external

bool

 

configurationManagementDB

str

 

netbios

str

 

fqdn

str

 

rdns

str

 

macAddress

str

 

virtualMacAddress

str

 

authenticatedScan

str

 

policyUsed

str

 

scannerUniqueId

str

 

group__id

int4

 

group__name

str

 

group__hasGroupPermission

bool

 

groups

str

 

tags

str

 

network__id

int4

 

network__name

str

 

network__type

str

 

scannerLastDiscoveredOnOrigin

str

 

lastCredentialedScanDate

str

 

ports

str

 

services

str

 

notes

str

 

sources

str

 

tickets

str

 

lastVulnTrendingOn

str

 

lastThreatTrendingOn

str

 

trending

bool

 

oldestOpenFindingWithThreatDiscoveredOn

timestamp

 

xRS3date

timestamp

 

discoveredByRS

bool

 

openCveCount

int4

 

openThreatCount

int4

 

openRansomwareCount

int4

 

openRceAndPeCount

int4

 

manualExploitCount

int4

 

isp

str

 

srsLastScanTime

str

 

dns

str

 

ec2Identifier

str

 

vrrCriticalMax

str

 

vrrHighMax

str

 

vrrMediumMax

float8

 

vrrLowMax

float8

 

totalFindingCountOnAsset

int4

 

metricExcludeOverrideDetail

str

 

allIpAddresses

str

 

openAndClosedFindingCount

int4

 

additionalDetails

str

 

slaDetails

str

 

assetIdentifier

ip4

 

assetIdentifiedBy

str

 

lastAssetIdentifier

ip4

 

lastAssetIdentifiedBy

str

 

assetIdentifiedScannerUuid

str

 

lastAssetIdentifiedScannerUuid

str

 

assetIdentificationDetails

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

vuln.risksense.hostfindings

Field name

Type

Extra fields

Field name

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

int8

 

source

str

 

sourceId

str

 

title

str

 

port

str

 

protocol

str

 

description

str

 

services

str

 

group__id

int4

 

group__name

str

 

group__hasGroupPermission

bool

 

groups

str

 

host__hostId

int8

 

host__hostName

str

 

host__ipAddress

ip4

 

host__criticality

int4

 

host__external

bool

 

host__ports

str

 

host__rs3

int4

 

host__lastScannedTime

str

 

host__fqdn

str

 

host__rdns

str

 

host__macAddress

str

 

host__virtualMacAddress

str

 

host__dns

str

 

host__netbios

str

 

host__ec2Identifier

str

 

host__assetIdentifier

str

 

host__assetIdentifiedBy

str

 

host__lastAssetIdentifier

str

 

host__lastAssetIdentifiedBy

str

 

host__assetIdentifiedScannerUuid

str

 

host__lastAssetIdentifiedScannerUuid

str

 

operatingSystemScanner__name

str

 

operatingSystemScanner__family

str

 

operatingSystemScanner__class

str

 

operatingSystemScanner__vendor

str

 

operatingSystemScanner__version

str

 

network__id

int4

 

network__name

str

 

network__type

str

 

statusEmbedded__state

str

 

statusEmbedded__stateName

str

 

statusEmbedded__stateDescription

str

 

statusEmbedded__status

bool

 

statusEmbedded__userIds

str

 

statusEmbedded__durationInDays

str

 

statusEmbedded__dueDate

str

 

statusEmbedded__expirationDate

str

 

assessments

str

 

assignments

str

 

vulnerabilities__vulnInfoList

str

 

vulnerabilities__vulnLastTrendingOn

str

 

vulnerabilities__trending

bool

 

vulnerabilitiesWithV3

str

 

threats__manualExploits

str

 

threats__threats

str

 

threats__threatLastTrendingOn

str

 

threats__trending

bool

 

manualFindingReports

str

 

solution

str

 

patches

str

 

manualExploitCount

int4

 

tags

str

 

tagsAsset

str

 

tickets

str

 

notes

str

 

authScanDetail

str

 

authScanHistory

str

 

output

str

 

severity

float8

 

severityEmbedded__combined

float8

 

severityEmbedded__overridden

bool

 

severityEmbedded__scanner

str

 

severityEmbedded__cvssV2

float8

 

severityEmbedded__cvssV3

float8

 

severityEmbedded__aggregated

float8

 

severityEmbedded__state

str

 

severityEmbedded__stateName

str

 

severityEmbedded__expirationDate

str

 

riskRating

float8

 

xrs3Impact

int4

 

xrs3ImpactOnCategory

int4

 

lastFoundOn

timestamp

 

discoveredOn

timestamp

 

scannerFirstDiscoveredOn

timestamp

 

scannerLastDiscoveredOn

timestamp

 

platformFirstIngestedOn

timestamp

 

platformLastIngestedOn

timestamp

 

slaDiscoveredOnDerived

timestamp

 

slaDiscoveredOnDerivedOrigin

str

 

resolvedOn

str

 

scannerName

str

 

scannerPrettyName

str

 

findingType

str

 

machineId

str

 

detailedDescription

str

 

detailedSolution

str

 

cloudSecurityGroups

str

 

cloudScalingGroups

str

 

scannerPluginStatus

str

 

additionalInfo

str

 

netbios

str

 

dns

str

 

scannerReferences

str

 

workflowGeneratedNames

str

 

workflowDistribution__actionableWorkflows

str

 

workflowDistribution__latestSystemWorkflows

str

 

workflowDistribution__approvedWorkflows

str

 

workflowDistribution__expiredWorkflows

str

 

workflowDistribution__rejectedWorkflows

str

 

workflowDistribution__requestedWorkflows

str

 

workflowDistribution__reworkedWorkflows

str

 

pluginCpes

str

 

scannerPluginDetails

str

 

cloudInformation

str

 

pluginType

str

 

pluginVulnerabilityType

str

 

pluginFamily

str

 

pluginAgent

str

 

pluginPublishedDate

str

 

pluginUpdatedDate

str

 

pluginInstanceId

str

 

parserUploadFileData

str

 

status

str

 

reworked

bool

 

scannerReportedSeverity

str

 

hostAdditionalDetails

str

 

slaDetails

str

 

dueDate__setBy

str

 

dueDate__setByName

str

 

dueDate__uuid

str

 

scannerReportedPluginId

str

 

risk

float8

 

scannerReported

str

 

cvssV2

str

 

cvssV3

str

 

state

str

 

groupId

int4

 

groupIds

str

 

portId

int8

 

hostname2

str

 

ip

ip4

 

criticality

int4

 

isExternal

bool

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓