wazuh/wazuh-indexer-plugins
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-indexer-plugins.git synced 2025-12-15 12:59:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
wazuh-indexer-plugins/ecs/states-vulnerabilities/docs/fields.csv
Wazuh Indexer Bot cbe095404c
Implement checksum fields into stateful ECS mappings (#519) 
* Implement checksum custom fields to stateful indices mappings

* Update ECS templates for modified modules: states-inventory-groups states-inventory-hardware states-inventory-hotfixes states-inventory-interfaces states-inventory-networks states-inventory-packages states-inventory-ports states-inventory-processes states-inventory-protocols states-inventory-system states-inventory-users states-vulnerabilities

* Update documentation

* Update event generators

* Update sha1 field description

* Update ECS templates for modified modules: states-inventory-groups states-inventory-hardware states-inventory-hotfixes states-inventory-interfaces states-inventory-networks states-inventory-packages states-inventory-ports states-inventory-processes states-inventory-protocols states-inventory-system states-inventory-users states-vulnerabilities

* Simplify checksum fields definition on subset.yml

* Fix transition table typo

* Fix typo on vulnerabilities mappingsd settings

* Update ECS templates for modified modules: states-inventory-groups states-inventory-hardware states-inventory-hotfixes states-inventory-interfaces states-inventory-networks states-inventory-packages states-inventory-ports states-inventory-processes states-inventory-protocols states-inventory-system states-inventory-users states-vulnerabilities

* Remove unnecesary print

* Remove extra log message

* Update ECS documentation

* Update documentation links

* Update ecs/states-inventory-groups/docs/README.md

Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>

---------

Signed-off-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>
Co-authored-by: QU3B1M <kevin.ledesma@wazuh.com>
Co-authored-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
2025-07-01 11:36:21 +02:00

5.7 KiB
Raw Blame History

1ECS_VersionIndexedField_SetFieldTypeLevelNormalizationExampleDescription
28.11.0trueagentagent.build.originalkeywordcoremetricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]Extended build information for the agent.
38.11.0trueagentagent.ephemeral_idkeywordextended8a4f500fEphemeral identifier of this agent.
48.11.0trueagentagent.idkeywordcore8a4f500dUnique identifier of this agent.
58.11.0trueagentagent.namekeywordcorefooCustom name of the agent.
68.11.0trueagentagent.typekeywordcorefilebeatType of the agent.
78.11.0trueagentagent.versionkeywordcore6.0.0-rc2Version of the agent.
88.11.0truechecksumchecksum.hash.sha1keywordcustomSHA1 hash used as checksum of the data collected by the agent.
98.11.0truehosthost.os.fullkeywordextendedMac OS MojaveOperating system name, including the version or code name.
108.11.0truehosthost.os.full.textkeywordextendedMac OS MojaveOperating system name, including the version or code name.
118.11.0truehosthost.os.kernelkeywordextended4.4.0-112-genericOperating system kernel version as a raw string.
128.11.0truehosthost.os.namekeywordextendedMac OS XOperating system name, without the version.
138.11.0truehosthost.os.name.textkeywordextendedMac OS XOperating system name, without the version.
148.11.0truehosthost.os.platformkeywordextendeddarwinOperating system platform (such centos, ubuntu, windows).
158.11.0truehosthost.os.typekeywordextendedmacosWhich commercial OS family (one of: linux, macos, unix, windows, ios or android).
168.11.0truehosthost.os.versionkeywordextended10.14.1Operating system version as a raw string.
178.11.0truepackagepackage.architecturekeywordextendedx86_64Package architecture.
188.11.0truepackagepackage.build_versionkeywordextended36f4f7e89dd61b0988b12ee000b98966867710cdBuild version information
198.11.0truepackagepackage.checksumkeywordextended68b329da9893e34099c7d8ad5cb9c940Checksum of the installed package for verification.
208.11.0truepackagepackage.descriptionkeywordextendedOpen source programming language to build simple/reliable/efficient software.Description of the package.
218.11.0truepackagepackage.install_scopekeywordextendedglobalIndicating how the package was installed, e.g. user-local, global.
228.11.0truepackagepackage.installeddateextendedTime when package was installed.
238.11.0truepackagepackage.licensekeywordextendedApache License 2.0Package license
248.11.0truepackagepackage.namekeywordextendedgoPackage name
258.11.0truepackagepackage.pathkeywordextended/usr/local/Cellar/go/1.12.9/Path where the package is installed.
268.11.0truepackagepackage.referencekeywordextendedhttps://golang.orgPackage home page or reference URL
278.11.0truepackagepackage.sizelongextended62231Package size in bytes.
288.11.0truepackagepackage.typekeywordextendedrpmPackage type
298.11.0truepackagepackage.versionkeywordextended1.12.9Package version
308.11.0truevulnerabilityvulnerability.categorykeywordextendedarray["Firewall"]Category of a vulnerability.
318.11.0truevulnerabilityvulnerability.classificationkeywordextendedCVSSClassification of the vulnerability.
328.11.0truevulnerabilityvulnerability.descriptionkeywordextendedIn macOS before 2.12.6, there is a vulnerability in the RPC...Description of the vulnerability.
338.11.0truevulnerabilityvulnerability.description.textkeywordextendedIn macOS before 2.12.6, there is a vulnerability in the RPC...Description of the vulnerability.
348.11.0truevulnerabilityvulnerability.detected_atdatecustomVulnerability's detection date.
358.11.0truevulnerabilityvulnerability.enumerationkeywordextendedCVEIdentifier of the vulnerability.
368.11.0truevulnerabilityvulnerability.idkeywordextendedCVE-2019-00001ID of the vulnerability.
378.11.0truevulnerabilityvulnerability.published_atdatecustomVulnerability's publication date.
388.11.0truevulnerabilityvulnerability.referencekeywordextendedhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111Reference of the vulnerability.
398.11.0truevulnerabilityvulnerability.report_idkeywordextended20191018.0001Scan identification number.
408.11.0truevulnerabilityvulnerability.scanner.conditionkeywordcustomThe condition matched by the package that led the scanner to consider it vulnerable.
418.11.0truevulnerabilityvulnerability.scanner.referencekeywordcustomScanner's resource that provides additional information, context, and mitigations for the identified vulnerability.
428.11.0truevulnerabilityvulnerability.scanner.sourcekeywordcustomThe origin of the decision of the scanner (AKA feed used to detect the vulnerability).
438.11.0truevulnerabilityvulnerability.scanner.vendorkeywordextendedTenableName of the scanner vendor.
448.11.0truevulnerabilityvulnerability.score.basefloatextended5.5Vulnerability Base score.
458.11.0truevulnerabilityvulnerability.score.environmentalfloatextended5.5Vulnerability Environmental score.
468.11.0truevulnerabilityvulnerability.score.temporalfloatextendedVulnerability Temporal score.
478.11.0truevulnerabilityvulnerability.score.versionkeywordextended2.0CVSS version.
488.11.0truevulnerabilityvulnerability.severitykeywordextendedCriticalSeverity of the vulnerability.
498.11.0truevulnerabilityvulnerability.under_evaluationbooleancustomIndicates if the vulnerability is awaiting analysis by the NVD.
508.11.0truewazuhwazuh.cluster.namekeywordcustomWazuh cluster name.
518.11.0truewazuhwazuh.cluster.nodekeywordcustomWazuh cluster node name.
528.11.0truewazuhwazuh.schema.versionkeywordcustomWazuh schema version.