vuln.qualys
Introduction
The tags begin with vuln.qualys
identifies events generated by Qualys.
Valid tags and data tables
The full tag must have four levels. The first two are fixed as vuln.qualys
. The third level identifies the type of events sent. The fourth level identifies the event subtype.
Product / Service | Tags | Data tables |
---|---|---|
Qualys |
This source tag is used in collector's versions less than 1.5.0 |
|
| ||
|
| |
|
| |
|
|
How is the data sent to Devo?
To send logs to these tables, Devo uses a collector that retrieves the required events and sends them to your Devo domain. Contact us to start sending your logs to Devo using the collector.
Table structure
These are the fields displayed in these tables:
vuln.qualys.hostdetections
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
host_id |
| Â | Â | Â |
asset_id |
| Â | Â | Â |
ip |
| Â | Â | Â |
tracking_method |
| Â | Â | Â |
network_id |
| Â | Â | Â |
os |
| Â | Â | Â |
os_cpe |
| Â | Â | Â |
dns |
| Â | Â | Â |
dns_hostname |
| Â | Â | Â |
dns_domain |
| Â | Â | Â |
dns_fqdn |
| Â | Â | Â |
cloud_provider |
| Â | Â | Â |
cloud_service |
| Â | Â | Â |
cloud_resource_id |
| Â | Â | Â |
ec2_instance_id |
| Â | Â | Â |
netbios |
| Â | Â | Â |
qg_host_id |
| Â | Â | Â |
last_scan_datetime |
| Â | Â | Â |
last_vm_scanned_date |
| Â | Â | Â |
last_vm_scanned_duration |
| Â | Â | Â |
last_vm_auth_scanned_date |
| Â | Â | Â |
last_vm_auth_scanned_duration |
| Â | Â | Â |
last_pc_scanned_date |
| Â | Â | Â |
tag_ids |
| join(tag_ids_array, "|||") | tag_ids_array | Â |
tag_names |
| join(tag_names_array, "|||") | tag_names_array | Â |
tag_colors |
| join(tag_colors_array, "|||") | tag_colors_array | Â |
tag_background_colors |
| tag_background_colors_array | Â | |
metadata__ec2__attribute |
| metadata__ec2__attribute_array | Â | |
metadata__google__attribute |
| metadata__google__attribute_array | Â | |
metadata__azure__attribute |
| metadata__azure__attribute_array | Â | |
cloud_tag_names |
| cloud_tag_names_array | Â | |
cloud_tag_values |
| cloud_tag_values_array | Â | |
cloud_tag_last_success_date |
| cloud_tag_last_success_date_array | Â | |
detection_unique_vuln_id |
| Â | Â | Â |
detection_qid |
| Â | Â | Â |
detection_type |
| Â | Â | Â |
detection_severity |
| Â | Â | Â |
detection_port |
| Â | Â | Â |
detection_protocol |
| Â | Â | Â |
detection_fqdn |
| Â | Â | Â |
detection_ssl |
| Â | Â | Â |
detection_instance |
| Â | Â | Â |
detection_results |
| Â | Â | Â |
detection_status |
| Â | Â | Â |
detection_first_found_datetime |
| Â | Â | Â |
detection_last_found_datetime |
| Â | Â | Â |
detection_times_found |
| Â | Â | Â |
detection_last_test_datetime |
| Â | Â | Â |
detection_last_update_datetime |
| Â | Â | Â |
detection_last_fixed_datetime |
| Â | Â | Â |
detection_first_reopened_datetime |
| Â | Â | Â |
detection_last_reopened_datetime |
| Â | Â | Â |
detection_times_reopened |
| Â | Â | Â |
detection_service |
| Â | Â | Â |
detection_is_ignored |
| Â | Â | Â |
detection_is_disabled |
| Â | Â | Â |
detection_affect_running_kernel |
| Â | Â | Â |
detection_affect_running_service |
| Â | Â | Â |
detection_affect_exploitable_config |
| Â | Â | Â |
detection_last_processed_datetime |
| Â | Â | Â |
rawMessage |
|  |  | ✓ |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
vuln.qualys.hosts
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
host_id |
| Â | Â | Â |
asset_id |
| Â | Â | Â |
ip |
| Â | Â | Â |
tracking_method |
| Â | Â | Â |
network_id |
| Â | Â | Â |
dns |
| Â | Â | Â |
dns_hostname |
| Â | Â | Â |
dns_domain |
| Â | Â | Â |
dns_fqdn |
| Â | Â | Â |
cloud_provider |
| Â | Â | Â |
cloud_service |
| Â | Â | Â |
cloud_resource_id |
| Â | Â | Â |
ec2_instance_id |
| Â | Â | Â |
netbios |
| Â | Â | Â |
os |
| Â | Â | Â |
qg_hostid |
| Â | Â | Â |
last_boot |
| Â | Â | Â |
serial_number |
| Â | Â | Â |
hardware_uuid |
| Â | Â | Â |
last_activity |
| Â | Â | Â |
agent_status |
| Â | Â | Â |
cloud_agent_running_on |
| Â | Â | Â |
tag_ids |
| tag_ids_array | Â | |
tag_names |
| tag_names_array | Â | |
metadata__ec2__attribute |
| metadata__ec2__attribute_array | Â | |
metadata__google__attribute |
| metadata__google__attribute_array | Â | |
metadata__azure__attribute |
| metadata__azure__attribute_array | Â | |
cloud_tag_names |
| cloud_tag_names_array | Â | |
cloud_tag_values |
| cloud_tag_values_array | Â | |
cloud_tag_last_success_date |
| cloud_tag_last_success_date_array | Â | |
last_vuln_scan_datetime |
| Â | Â | Â |
last_vm_scanned_date |
| Â | Â | Â |
last_vm_scanned_duration |
| Â | Â | Â |
last_vm_auth_scanned_date |
| Â | Â | Â |
last_vm_auth_scanned_duration |
| Â | Â | Â |
last_compliance_scan_datetime |
| Â | Â | Â |
last_scap_scan_datetime |
| Â | Â | Â |
owner |
| Â | Â | Â |
comments |
| Â | Â | Â |
user_def_value1 |
| Â | Â | Â |
user_def_value2 |
| Â | Â | Â |
user_def_value3 |
| Â | Â | Â |
asset_group_ids |
| Â | Â | Â |
rawMessage |
|  |  | ✓ |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
vuln.qualys.useractivitylog
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
date |
| Â |
action |
| Â |
module |
| Â |
details |
| Â |
user_name |
| Â |
user_role |
| Â |
user_ip |
| Â |
rawMessage |
| ✓ |
hostchain |
| ✓ |
tag |
| ✓ |
vuln.qualys.vulnerabilities
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
ip |
| Â |
dns |
| Â |
netbios |
| Â |
os |
| Â |
ip_status |
| Â |
qid |
| Â |
title |
| Â |
type |
| Â |
severity |
| Â |
port |
| Â |
protocol |
| Â |
fqdn |
| Â |
ssl |
| Â |
cve_id |
| Â |
vendor_reference |
| Â |
bugtraq_id |
| Â |
cvss_base |
| Â |
cvss_temporal |
| Â |
cvss3_base |
| Â |
cvss3_temporal |
| Â |
threat |
| Â |
impact |
| Â |
solution |
| Â |
exploitability |
| Â |
associated_malware |
| Â |
results |
| Â |
pci_vuln |
| Â |
instance_str |
| Â |
category |
| Â |
scan_reference |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |