vuln.kenna
Introduction
The tags begin with vuln.kenna
identifies events generated by Kenna.
Valid tags and data tables
The full tag must have four levels. The first two are fixed as vuln.kenna
. The third level identifies the type of events sent. The fourth level identifies the event subtype.
Table structure
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
hostname |
| Â | Â | Â |
id |
| Â | Â | Â |
created_at |
| Â | Â | Â |
priority |
| Â | Â | Â |
operating_system |
| Â | Â | Â |
notes |
| Â | Â | Â |
last_booted_at |
| Â | Â | Â |
primary_locator |
| Â | Â | Â |
locator |
| Â | Â | Â |
vulnerabilities_count |
| Â | Â | Â |
status |
| Â | Â | Â |
last_seen_time |
| Â | Â | Â |
tags_str |
| join(tags, ',') Â | tags | Â |
owner |
| Â | Â | Â |
inactive_at |
| Â | Â | Â |
status_set_manually |
| Â | Â | Â |
urls__vulnerabilities |
| Â | Â | Â |
ip_address |
| Â | Â | Â |
database |
| Â | Â | Â |
hostname2 |
| Â | Â | Â |
fqdn |
| Â | Â | Â |
netbios |
| Â | Â | Â |
application |
| Â | Â | Â |
file |
| Â | Â | Â |
mac_address |
| Â | Â | Â |
ec2 |
| Â | Â | Â |
url |
| Â | Â | Â |
external_id |
| Â | Â | Â |
image |
| Â | Â | Â |
container |
| Â | Â | Â |
ipv6 |
| Â | Â | Â |
risk_meter_score |
| Â | Â | Â |
asset_groups__id_str |
| replace(replace(stringify(json(asset_groups__id)), '[', ''), ']', '') | asset_groups__id | Â |
asset_groups__name_str |
| join(asset_groups__name, ',') | asset_groups__name | Â |
vulnerability__connectors__name_str |
| vulnerability__connectors__name | Â | |
vulnerability__connectors__id_str |
| vulnerability__connectors__id | Â | |
vulnerability__connectors__connector_definition_name_str |
| vulnerability__connectors__connector_definition_name | Â | |
vulnerability__connectors__vendor_str |
| vulnerability__connectors__vendor | Â | |
vulnerability__notes |
| Â | Â | Â |
vulnerability__fix_id |
| Â | Â | Â |
vulnerability__service_ticket |
| Â | Â | Â |
vulnerability__created_at |
| Â | Â | Â |
vulnerability__asset_id |
| Â | Â | Â |
vulnerability__id |
| Â | Â | Â |
vulnerability__last_seen_time |
| Â | Â | Â |
vulnerability__closed_at |
| Â | Â | Â |
vulnerability__identifiers_str |
| vulnerability__identifiers | Â | |
vulnerability__due_date |
| Â | Â | Â |
vulnerability__priority |
| Â | Â | Â |
vulnerability__port_str |
| vulnerability__port | Â | |
vulnerability__scanner_vulnerabilities__port_str |
| vulnerability__scanner_vulnerabilities__port | Â | |
vulnerability__scanner_vulnerabilities__external_unique_id_str |
| vulnerability__scanner_vulnerabilities__external_unique_id | Â | |
vulnerability__scanner_vulnerabilities__open_str |
| vulnerability__scanner_vulnerabilities__open | Â | |
vulnerability__scanner_score |
| Â | Â | Â |
vulnerability__status |
| Â | Â | Â |
vulnerability__urls__asset |
| Â | Â | Â |
vulnerability__solution |
| Â | Â | Â |
vulnerability__patch |
| Â | Â | Â |
vulnerability__patch_published_at |
| Â | Â | Â |
vulnerability__cve_id |
| Â | Â | Â |
vulnerability__cve_description |
| Â | Â | Â |
vulnerability__cve_published_at |
| Â | Â | Â |
vulnerability__description |
| Â | Â | Â |
vulnerability__wasc_id |
| Â | Â | Â |
vulnerability__severity |
| Â | Â | Â |
vulnerability__threat |
| Â | Â | Â |
vulnerability__popular_target |
| Â | Â | Â |
vulnerability__active_internet_breach |
| Â | Â | Â |
vulnerability__easily_exploitable |
| Â | Â | Â |
vulnerability__malware_exploitable |
| Â | Â | Â |
vulnerability__remote_code_execution |
| Â | Â | Â |
vulnerability__predicted_exploitable |
| Â | Â | Â |
vulnerability__custom_fields__name_str |
| vulnerability__custom_fields__name | Â | |
vulnerability__custom_fields__custom_field_definition_id_str |
| vulnerability__custom_fields__custom_field_definition_id | Â | |
vulnerability__custom_fields__value_str |
| vulnerability__custom_fields__value | Â | |
vulnerability__first_found_on |
| Â | Â | Â |
vulnerability__risk_meter_score |
| Â | Â | Â |
vulnerability__top_priority |
| Â | Â | Â |
vulnerability__closed |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
| Â | Â | Â |