[qualys_gav]: Incorrect parsing of ip_v4 #15155
Description
Integration Name
Qualys Global AssetView [qualys_gav]
Dataset Name
qualys_gav.asset
Integration Version
0.1.0
Agent Version
9.1.0
Agent Output Type
elasticsearch
Elasticsearch Version
9.1.0
OS Version and Architecture
elastic-package
Software/API Version
2.0
Error Message
Processor convert with tag convert_asset_network_interface_list_data_network_interface_address_ip_v4 in pipeline logs-qualys_gav.asset-0.1.0 failed with message: 'XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX' is not an IP string literal.
Event Original
{
"activity": { "lastScannedDate": 1736429592000, "source": "DNSNAME" },
"address": "XXX.XXX.XXX.XXX",
"agent": {
"activations": null,
"configurationProfile": null,
"connectedFrom": null,
"errorStatus": null,
"lastActivity": 0,
"lastCheckedIn": 0,
"lastInventory": 0,
"udcManifestAssigned": null,
"version": null
},
"agentId": null,
"asn": null,
"assetId": 760617201,
"assetName": "XXX",
"assetType": null,
"assetUUID": "XXX",
"assignedLocation": null,
"biosAssetTag": "",
"biosDescription": null,
"biosSerialNumber": "",
"businessAppListData": null,
"businessInformation": null,
"cloudProvider": null,
"container": {
"hasSensor": null,
"noOfContainers": 0,
"noOfImages": 0,
"product": null,
"version": null
},
"cpuCount": 0,
"createdDate": "2023-06-01T15:08:06.000Z",
"criticality": {
"isDefault": false,
"lastUpdated": "2023-06-01T15:08:05.000Z",
"score": 3
},
"customAttributes": null,
"dnsName": "XXX",
"domain": null,
"domainRole": null,
"easmTags": null,
"hardware": {
"category": "Computers / Unidentified",
"category1": "Computers",
"category2": "Unidentified",
"fullName": null,
"lifecycle": null,
"manufacturer": "Unidentified",
"model": null,
"productFamily": null,
"productName": "Unidentified",
"productUrl": null,
"taxonomy": {
"category1": "Computers",
"category2": "Unidentified",
"id": null,
"name": "Computers / Unidentified"
}
},
"hostId": 1234,
"hostingCategory1": null,
"hwUUID": "",
"inventory": {
"created": 1685632086000,
"lastUpdated": 1736429592000,
"source": "DNSNAME"
},
"isContainerHost": false,
"isp": null,
"lastBoot": null,
"lastLocation": {
"city": "Ashburn",
"continent": "North America",
"country": "United States",
"name": "Ashburn, Virginia - United States",
"postal": "20149",
"state": "Virginia"
},
"lastLoggedOnUser": null,
"lastModifiedDate": "2025-01-09T13:43:47.000Z",
"lparId": null,
"missingSoftware": [],
"netbiosName": null,
"networkInterfaceListData": {
"networkInterface": [
{
"addressIpV4": "XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX",
"addressIpV6": null,
"addresses": null,
"dnsAddress": null,
"gatewayAddress": "",
"hostname": "XXX",
"interfaceName": "",
"macAddress": "",
"macVendorIntroDate": null,
"manufacturer": null,
"netmask": null
}
]
},
"openPortListData": {
"openPort": [
{
"authorization": null,
"description": "HyperText Transport Protocol",
"detectedService": "http",
"detectionScore": null,
"discoverySources": "IP Scanner",
"firstFound": "2023-06-01T15:08:05.000Z",
"lastUpdated": "2024-03-07T13:37:43.000Z",
"port": 443,
"protocol": "TCP"
}
]
},
"operatingSystem": {
"architecture": null,
"category": "Linux / Unidentified",
"category1": "Linux",
"category2": "Unidentified",
"cpe": null,
"cpeId": null,
"cpeType": null,
"edition": null,
"fullName": "Canonical Ubuntu",
"installDate": null,
"lifecycle": null,
"marketVersion": null,
"osName": "Ubuntu/Linux",
"productFamily": null,
"productName": "Ubuntu",
"productUrl": null,
"publisher": "Canonical",
"release": "",
"taxonomy": {
"category1": "Linux",
"category2": "Unidentified",
"id": null,
"name": "Linux / Unidentified"
},
"update": null,
"version": null
},
"organizationName": null,
"passiveSensor": null,
"processor": {
"coresPerSocket": null,
"description": null,
"multithreadingStatus": null,
"noOfSocket": null,
"numCPUs": 0,
"speed": null,
"threadsPerCore": null
},
"provider": null,
"riskScore": 0,
"sensor": {
"activatedForModules": ["VM", "CERTVIEW"],
"firstEasmScanDate": null,
"lastComplianceScan": 0,
"lastEasmScanDate": null,
"lastFullScan": 1736429592000,
"lastPcScanDateAgent": 0,
"lastPcScanDateScanner": 0,
"lastVMScan": 1736429592000,
"lastVmScanDateAgent": 0,
"lastVmScanDateScanner": 1736429592000,
"pendingActivationForModules": []
},
"sensorLastUpdatedDate": "2025-01-09T13:43:47.000Z",
"serviceList": { "service": [] },
"softwareComponent": null,
"softwareListData": { "software": [] },
"subdomain": null,
"tagList": {
"tag": []
},
"timeZone": null,
"totalMemory": 0,
"userAccountListData": { "userAccount": [] },
"volumeListData": { "volume": [] },
"whois": null
}What did you do?
Default configuration and modified the following:
- HTTP Client Timeout: 30s to 10m
- Preserve duplicate custom fields: Enabled
- Hide Sensitive Details: DIsabled
What did you see?
cf error message
What did you expect to see?
Correct parsing of IPs