Tenable_sc: Update API lastseen parameter format (#12114)

The API documentation for `vulnerability` mentions the `lastSeen` parameter format should be `#:#` where `#` is in number of days. Although the existing format `@-@` where `@` is epoch seconds is still working, this discrepancy is addressed to avoid any future issues. Other changes: - Updated request's `header.User-Agent` versions in input files.
elastic · Dec 19, 2024 · cadea78 · cadea78
1 parent 51460fb
commit cadea78
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 6 deletions.
diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml
@@ -1,4 +1,12 @@
 # newer versions go on top
+- version: "1.28.0"
+  changes:
+    - description: Update lastSeen parameter format in vulnerablity data-stream.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12114
+    - description: Update request header.User-Agent versions in input files.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/12114
 - version: "1.27.0"
   changes:
     - description: Do not remove `event.original` in main ingest pipeline.

diff --git a/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs
@@ -20,7 +20,7 @@ request.transforms:
       # Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
       # NOTE: The "Build" version must be kept in sync with this package's version.
       target: header.User-Agent
-      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/1.24.0)'
+      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/2.0.0)'
   - set:
       target: body.query.tool
       value: 'sumip'

diff --git a/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs
@@ -20,7 +20,7 @@ request.transforms:
       # Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
       # NOTE: The "Build" version must be kept in sync with this package's version.
       target: header.User-Agent
-      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/1.24.0)'
+      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/2.0.0)'
   - set:
       target: url.params.fields
       value: id,name,description,family,type,copyright,version,sourceFile,dependencies,requiredPorts,requiredUDPPorts,cpe,srcPort,dstPort,protocol,riskFactor,solution,seeAlso,synopsis,checkType,exploitEase,exploitAvailable,exploitFrameworks,cvssVector,cvssVectorBF,baseScore,temporalScore,cvssV3Vector,cvssV3VectorBF,cvssV3BaseScore,cvssV3TemporalScore,vprScore,vprContext,stigSeverity,pluginPubDate,pluginModDate,patchPubDate,patchModDate,vulnPubDate,modifiedTime,md5,xrefs

diff --git a/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs
@@ -20,23 +20,25 @@ request.transforms:
       # Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
       # NOTE: The "Build" version must be kept in sync with this package's version.
       target: header.User-Agent
-      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/1.24.0)'
+      value: 'Integration/1.0 (Elastic; Tenable.sc; Build/2.0.0)'
   - set:
       target: body.query.tool
       value: 'vulndetails'
+{{!-- Implement a ceil division to prevent any data loss --}}
+{{!-- x/y is converted to ceil division by adding (y-1) to numerator. Hence adding (86400-1) before the division --}}
   - append:
       target: body.query.filters
       value: |-
         {
             "filterName":"lastSeen",
             "operator":"=",
-            "value": "[[.cursor.last_event_ts]]-[[(now).Unix]]"
+            "value": "0:[[div (add (add (toInt (now).Unix) (mul (toInt -1) (toInt .cursor.last_event_ts))) (toInt 86399)) 86400]]"
         }
       default: |-
         {
             "filterName":"lastSeen",
             "operator":"=",
-            "value": "[[(now (parseDuration "-{{initial_interval}}")).Unix]]-[[(now).Unix]]"
+            "value": "0:[[div (add (add (toInt (now).Unix) (mul (toInt -1) (toInt ((now (parseDuration "-{{initial_interval}}")).Unix)))) (toInt 86399)) 86400]]"
         }
       value_type: json
   - set:

diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml
@@ -2,7 +2,7 @@ format_version: "3.0.2"
 name: tenable_sc
 title: Tenable Security Center
 # The version must be updated in the input configuration templates as well, in order to set the correct User-Agent header. Until elastic/kibana#121310 is implemented we will have to manually sync these.
-version: "1.27.0"
+version: "1.28.0"
 description: |
   Collect data from Tenable Security Center with Elastic Agent.
 type: integration