Skip to content

Commit

Permalink
qualys_vmdr: improve cloud.* field mappings (#10605)
Browse files Browse the repository at this point in the history
  • Loading branch information
@efd6
efd6 authored Jul 29, 2024
1 parent c8c2018 commit 8d7c8a2
Show file tree
Hide file tree
Showing 5 changed files with 728 additions and 3 deletions.
5 changes: 5 additions & 0 deletions packages/qualys_vmdr/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "4.2.0"
changes:
- description: Map cloud provider metadata to cloud fields.
type: enhancement
link: https://github.com/elastic/integrations/pull/10605
- version: "4.1.1"
changes:
- description: Fix handling of the activity_log API response body.
Expand Down
3 changes: 3 additions & 0 deletions ...ys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,6 @@
{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031", "LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822", "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"}
{"ASSET_ID":"27703780","DETECTION_LIST":{"FIRST_FOUND_DATETIME":"2023-05-30T11:49:24Z","IS_DISABLED":"0","LAST_FOUND_DATETIME":"2023-06-17T12:47:54Z","LAST_PROCESSED_DATETIME":"2023-06-17T13:20:12Z","QID":"70028","RESULTS":"User Name\t(none)\nDomain\t(none)\nAuthentication Scheme\tNULL session\nSecurity\tUser-based\nSMBv1 Signing\tDisabled\nDiscovery Method\tUnable to log in using credentials provided by user, fallback to NULL session\nCIFS Signing\tdefault","SEVERITY":"1","TIMES_FOUND":"38","TYPE":"Info"},"DNS":"win-d24ck5nn676.ldap.local","DNS_DATA":{"DOMAIN":"ldap.local","FQDN":"win-d24ck5nn676.ldap.local","HOSTNAME":"win-d24ck5nn676"},"ID":"11701931","IP":"10.50.2.122","LAST_PC_SCANNED_DATE":"2023-06-18T04:00:17Z","LAST_SCAN_DATETIME":"2023-06-17T13:20:12Z","LAST_VM_SCANNED_DATE":"2023-06-17T12:47:54Z","LAST_VM_SCANNED_DURATION":"1806","NETBIOS":"WIN-D24CK5NN676","OS":"Windows 2016","TAGS":{"TAG":{"NAME":"Windows","TAG_ID":"19429857"}},"TRACKING_METHOD":"IP"}
{"NETBIOS": "EXCHB10","NETWORK_ID": 0,"EC2_INSTANCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_SERVICE": "EC2","CLOUD_PROVIDER": "AWS","QG_HOSTID": "44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA": {"EC2": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"GOOGLE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"AZURE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}}},"CLOUD_PROVIDER_TAGS": {"CLOUD_TAG": {"NAME": "Name","VALUE": "allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z"}}, "IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"}
{"NETBIOS":"EXCHB10","NETWORK_ID":0,"IPV6":"0.0.0.0","OS_CPE":"xyz","EC2_INSTANCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_SERVICE":"EC2","CLOUD_PROVIDER":"AWS","QG_HOSTID":"44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA":{"EC2":{"ATTRIBUTE":[{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T13:50:30Z","NAME":"latest/dynamic/instance-identity/document/accountId","VALUE":"123456789123"},{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T13:50:30Z","NAME":"latest/dynamic/instance-identity/document/availabilityZone","VALUE":"us-west-2b"}]}},"CLOUD_PROVIDER_TAGS":{"CLOUD_TAG":[{"NAME":"Name","VALUE":"allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE":"2023-06-22T12:44:21Z"}]},"IP":"81.2.69.192","ID":"11700976","LAST_PC_SCANNED_DATE":"2023-05-31T11:30:20Z","ASSET_ID":"27858031","TAGS":{"TAG":[{"NAME":"Sales","TAG_ID":"19427596","COLOR":"#FFFFF","BACKGROUND_COLOR":"#FFFFF"},{"TAG_ID":"19429855","NAME":"Linux"}]},"LAST_VM_SCANNED_DATE":"2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION":"1822","DNS":"abc10.fdgshb10.local","DNS_DATA":{"DOMAIN":"abc10.local","FQDN":"abc10.fdgshb10.local","HOSTNAME":"abc10"},"LAST_SCAN_DATETIME":"2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION":"1822","DETECTION_LIST":{"LAST_UPDATE_DATETIME":"2023-05-30T07:48:14Z","LAST_FIXED_DATETIME":"2023-05-22T02:09:49Z","FIRST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","LAST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","TIMES_REOPENED":"2","SERVICE":"service1","AFFECT_RUNNING_KERNEL":"kernel1","AFFECT_RUNNING_SERVICE":"service1","AFFECT_EXPLOITABLE_CONFIG":"config1","ASSET_CVE":"cve3","STATUS":"New","FQDN":"exchb10.exchb10.local","INSTANCE":"instance1","FIRST_FOUND_DATETIME":"2023-05-30T07:46:15Z","QID":"11827","SSL":"0","IS_IGNORED":"0","PORT":"443","SEVERITY":"2","LAST_FOUND_DATETIME":"2023-05-30T07:46:15Z","TYPE":"Confirmed","QDS":{"#text":"50","severity":"MEDIUM"},"QDS_FACTORS":{"QDS_FACTOR":[{"#text":"Easy_Exploit,No_Patch","name":"RTI"},{"#text":"5.0","name":"CVSS"}]},"LAST_PROCESSED_DATETIME":"2023-05-30T07:48:14Z","PROTOCOL":"tcp","TIMES_FOUND":"1","IS_DISABLED":"1","RESULTS":"X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME":"2023-05-30T07:46:15Z"},"OS":"Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD":"IP","LAST_VM_AUTH_SCANNED_DATE":"2023-05-31T12:34:44Z"}
{"NETBIOS":"EXCHB10","NETWORK_ID":0,"IPV6":"0.0.0.0","OS_CPE":"xyz","EC2_INSTANCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_SERVICE":"GCP","CLOUD_PROVIDER":"Google","QG_HOSTID":"44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA":{"GOOGLE":{"ATTRIBUTE":[{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T12:05:04Z","NAME":"machineType","VALUE":"custom-2-3072"},{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T12:05:04Z","NAME":"projectIdNo","VALUE":"123456789123"}]}},"CLOUD_PROVIDER_TAGS":{"CLOUD_TAG":[{"NAME":"Name","VALUE":"allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE":"2023-06-22T12:44:21Z"}]},"IP":"81.2.69.192","ID":"11700976","LAST_PC_SCANNED_DATE":"2023-05-31T11:30:20Z","ASSET_ID":"27858031","TAGS":{"TAG":[{"NAME":"Sales","TAG_ID":"19427596","COLOR":"#FFFFF","BACKGROUND_COLOR":"#FFFFF"},{"TAG_ID":"19429855","NAME":"Linux"}]},"LAST_VM_SCANNED_DATE":"2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION":"1822","DNS":"abc10.fdgshb10.local","DNS_DATA":{"DOMAIN":"abc10.local","FQDN":"abc10.fdgshb10.local","HOSTNAME":"abc10"},"LAST_SCAN_DATETIME":"2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION":"1822","DETECTION_LIST":{"LAST_UPDATE_DATETIME":"2023-05-30T07:48:14Z","LAST_FIXED_DATETIME":"2023-05-22T02:09:49Z","FIRST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","LAST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","TIMES_REOPENED":"2","SERVICE":"service1","AFFECT_RUNNING_KERNEL":"kernel1","AFFECT_RUNNING_SERVICE":"service1","AFFECT_EXPLOITABLE_CONFIG":"config1","ASSET_CVE":"cve3","STATUS":"New","FQDN":"exchb10.exchb10.local","INSTANCE":"instance1","FIRST_FOUND_DATETIME":"2023-05-30T07:46:15Z","QID":"11827","SSL":"0","IS_IGNORED":"0","PORT":"443","SEVERITY":"2","LAST_FOUND_DATETIME":"2023-05-30T07:46:15Z","TYPE":"Confirmed","QDS":{"#text":"50","severity":"MEDIUM"},"QDS_FACTORS":{"QDS_FACTOR":[{"#text":"Easy_Exploit,No_Patch","name":"RTI"},{"#text":"5.0","name":"CVSS"}]},"LAST_PROCESSED_DATETIME":"2023-05-30T07:48:14Z","PROTOCOL":"tcp","TIMES_FOUND":"1","IS_DISABLED":"1","RESULTS":"X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME":"2023-05-30T07:46:15Z"},"OS":"Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD":"IP","LAST_VM_AUTH_SCANNED_DATE":"2023-05-31T12:34:44Z"}
{"NETBIOS":"EXCHB10","NETWORK_ID":0,"IPV6":"0.0.0.0","OS_CPE":"xyz","EC2_INSTANCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID":"i-07f91cxxx3axxxb3f","CLOUD_SERVICE":"Azure","CLOUD_PROVIDER":"Azure","QG_HOSTID":"44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA":{"AZURE":{"ATTRIBUTE":[{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T12:24:57Z","NAME":"location","VALUE":"eastus2"},{"LAST_ERROR":"","LAST_ERROR_DATE":"","LAST_STATUS":"Success","LAST_SUCCESS_DATE":"2024-07-25T12:24:57Z","NAME":"subscriptionId","VALUE":"00000000-0000-0000-0000-000000000000"}]}},"CLOUD_PROVIDER_TAGS":{"CLOUD_TAG":[{"NAME":"Name","VALUE":"allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE":"2023-06-22T12:44:21Z"}]},"IP":"81.2.69.192","ID":"11700976","LAST_PC_SCANNED_DATE":"2023-05-31T11:30:20Z","ASSET_ID":"27858031","TAGS":{"TAG":[{"NAME":"Sales","TAG_ID":"19427596","COLOR":"#FFFFF","BACKGROUND_COLOR":"#FFFFF"},{"TAG_ID":"19429855","NAME":"Linux"}]},"LAST_VM_SCANNED_DATE":"2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION":"1822","DNS":"abc10.fdgshb10.local","DNS_DATA":{"DOMAIN":"abc10.local","FQDN":"abc10.fdgshb10.local","HOSTNAME":"abc10"},"LAST_SCAN_DATETIME":"2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION":"1822","DETECTION_LIST":{"LAST_UPDATE_DATETIME":"2023-05-30T07:48:14Z","LAST_FIXED_DATETIME":"2023-05-22T02:09:49Z","FIRST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","LAST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","TIMES_REOPENED":"2","SERVICE":"service1","AFFECT_RUNNING_KERNEL":"kernel1","AFFECT_RUNNING_SERVICE":"service1","AFFECT_EXPLOITABLE_CONFIG":"config1","ASSET_CVE":"cve3","STATUS":"New","FQDN":"exchb10.exchb10.local","INSTANCE":"instance1","FIRST_FOUND_DATETIME":"2023-05-30T07:46:15Z","QID":"11827","SSL":"0","IS_IGNORED":"0","PORT":"443","SEVERITY":"2","LAST_FOUND_DATETIME":"2023-05-30T07:46:15Z","TYPE":"Confirmed","QDS":{"#text":"50","severity":"MEDIUM"},"QDS_FACTORS":{"QDS_FACTOR":[{"#text":"Easy_Exploit,No_Patch","name":"RTI"},{"#text":"5.0","name":"CVSS"}]},"LAST_PROCESSED_DATETIME":"2023-05-30T07:48:14Z","PROTOCOL":"tcp","TIMES_FOUND":"1","IS_DISABLED":"1","RESULTS":"X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME":"2023-05-30T07:46:15Z"},"OS":"Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD":"IP","LAST_VM_AUTH_SCANNED_DATE":"2023-05-31T12:34:44Z"}
Loading

0 comments on commit 8d7c8a2

Please sign in to comment.