From 2f209ea66450e6bc738a42cd943f885726dc0e5d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Tue, 28 Oct 2025 15:16:34 +0530 Subject: [PATCH 1/2] Added support for comma separated list of IPv4 addresses in network_interface list data --- packages/qualys_gav/changelog.yml | 5 + .../asset/_dev/test/pipeline/test-asset.log | 1 + .../pipeline/test-asset.log-expected.json | 410 +++++++++++++++++- .../elasticsearch/ingest_pipeline/default.yml | 62 ++- packages/qualys_gav/manifest.yml | 2 +- 5 files changed, 463 insertions(+), 17 deletions(-) diff --git a/packages/qualys_gav/changelog.yml b/packages/qualys_gav/changelog.yml index 2d7e3283d07..b386154e90c 100644 --- a/packages/qualys_gav/changelog.yml +++ b/packages/qualys_gav/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.1" + changes: + - description: Added support for comma separated list of IPv4 addresses in network_interface list data. + type: bugfix + link: https://github.com/elastic/integrations/pull/1111 - version: "0.3.0" changes: - description: Added support for configuring cel max_executions parameter. diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log index 19ac089047e..b13746cb9ce 100644 --- a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log +++ b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log @@ -1,3 +1,4 @@ {"assetId":12345,"assetUUID":"e114e6d5-5ec1-4b95-a220-a4b91b78133c","hostId":23456,"lastModifiedDate":"2025-09-17T07:58:52.000Z","agentId":"e114e6d5-5ec1-4b95-a220-a4b91b78133c","createdDate":"2022-05-24T10:37:04.000Z","sensorLastUpdatedDate":"2025-09-17T07:58:52.000Z","assetType":null,"address":"10.64.131.20","dnsName":"dnsName_value","assetName":"assetName_value","netbiosName":"netbiosName_value","timeZone":"UTC","biosDescription":"Xen 4.11.amazon 08/24/2006","lastBoot":"2024-06-10T02:42:22.000Z","totalMemory":7935,"cpuCount":2,"lastLoggedOnUser":"lastLoggedOnUser_value","domainRole":null,"hwUUID":"ec2b711d-6a28-36e4-b9df-f4bde7786085","biosSerialNumber":"biosSerialNumber_value","biosAssetTag":"Not Specified","isContainerHost":false,"operatingSystem":{"osName":"Ubuntu Linux 20.04.4","fullName":"Canonical Ubuntu Focal Fossa (20.04.4 LTS)","category":"Linux / Unidentified","category1":"Linux","category2":"Unidentified","productName":"Ubuntu","publisher":"Canonical","edition":null,"marketVersion":"Focal Fossa","version":"20.04 LTS","update":"20.04 LTS 20.04.4 LTS","architecture":"x86_64","lifecycle":null,"taxonomy":{"id":null,"name":"Linux / Unidentified","category1":"Linux","category2":"Unidentified"},"productUrl":null,"productFamily":null,"installDate":null,"release":"20.04.4","cpeId":null,"cpe":null,"cpeType":null},"hardware":{"fullName":"Xen Project HVM domU","category":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine","manufacturer":"Xen Project","productName":"HVM domU","model":null,"lifecycle":null,"taxonomy":{"id":null,"name":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine"},"productUrl":null,"productFamily":null},"userAccountListData":{"userAccount":[{"name":"user1"},{"name":"user2"}]},"openPortListData":{"openPort":[{"port":53,"description":"","protocol":"UDP","detectedService":"detectedService_value_1","firstFound":"2025-09-09T15:51:43.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":68,"description":"","protocol":"UDP","detectedService":"detectedService_value_2","firstFound":"2025-09-09T15:51:43.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":22,"description":"","protocol":"TCP","detectedService":"detectedService_value_3","firstFound":"2022-05-24T11:29:47.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"}]},"volumeListData":{"volume":[{"name":"/snap/amazon-ssm-agent/11797","free":0,"size":29097984},{"name":"/snap/snapd/24792","free":0,"size":51773440}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"hostname_value","addressIpV4":"175.16.199.1","addressIpV6":null,"macAddress":"","interfaceName":"","dnsAddress":null,"gatewayAddress":"","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null},{"hostname":"hostname_value","addressIpV4":"175.16.199.1","addressIpV6":"2a02:cf40::1","macAddress":"02:f7:67:61:19:81","interfaceName":"ens3","dnsAddress":"175.16.199.1","gatewayAddress":"175.16.199.1","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null}]},"softwareListData":{"software":[{"id":1350996231234171400,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"Canonical Vim 8.1.2269-1 (Ubuntu Focal Fossa)","softwareType":"Application","isIgnored":false,"ignoredReason":null,"category":"Application Development / Development Tool","category1":"Application Development","category2":"Development Tool","productName":"Vim","component":null,"publisher":"Canonical","edition":"Unknown","marketVersion":"8","version":"8.1","update":"8.1.2269-1 (Ubuntu Focal Fossa)","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:39:28.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"vim","discoveredVersion":"2:8.1.2269-1ubuntu5.22","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null},{"id":-2774205715073934300,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"vim-common 2:8.1.2269-1ubuntu5.22","softwareType":"Others","isIgnored":true,"ignoredReason":"Library Packages","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":null,"publisher":"Unknown","edition":null,"marketVersion":null,"version":"2:8.1.2269-1ubuntu5.22","update":"2:8.1.2269-1ubuntu5.22","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:39:28.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"vim-common","discoveredVersion":"2:8.1.2269-1ubuntu5.22","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null}]},"softwareComponent":null,"provider":"AWS","cloudProvider":{"aws":{"ec2":{"accountId":"1234","availabilityZone":"us-west-2a","hasAgent":true,"hostname":"hostname_value","imageId":"imageId_value","instanceId":"instanceId_value","instanceState":"RUNNING","instanceType":"m4.large","qualysScanner":false,"kernelId":null,"launchdate":1653386892000,"privateDNS":"privateDNS_value","privateIpAddress":"10.0.0.1","publicDNS":null,"publicIpAddress":"175.16.199.1","region":{"code":"us-west-2","name":"US West (Oregon)"},"spotInstance":false,"subnetId":"subnetId_value","vpcId":"vpcId_value"},"tags":[{"key":"tags_key_1","value":"tags_value_1"},{"key":"tags_key_2","value":"tags_value_2"}]},"azure":null,"gcp":null,"oci":null,"ibm":null,"alibaba":null},"agent":{"version":"7.2.0.38","configurationProfile":"configurationProfile_value","activations":[{"key":"key_value","status":"ACTIVE"}],"connectedFrom":"175.16.199.1","lastActivity":1758054146000,"lastCheckedIn":1758094769000,"lastInventory":1758054210000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["SCA","PC","VM"],"pendingActivationForModules":[],"lastVMScan":1758094767000,"lastComplianceScan":1681892534000,"lastFullScan":1758094767000,"lastVmScanDateScanner":0,"lastVmScanDateAgent":1758094767000,"lastPcScanDateScanner":0,"lastPcScanDateAgent":1681892534000,"firstEasmScanDate":null,"lastEasmScanDate":null},"container":{"product":null,"version":null,"noOfContainers":0,"noOfImages":0,"hasSensor":null},"inventory":{"source":"QAGENT","created":1653388624000,"lastUpdated":1758095776000},"activity":{"source":"QAGENT","lastScannedDate":1758095776000},"tagList":{"tag":[{"tagId":1234,"tagName":"env:development","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null},{"tagId":2345,"tagName":"asset_criticality:3","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null}]},"serviceList":{"service":[{"description":null,"name":"systemd-tmpfiles-setup-dev.service","status":"loaded/active/exited"},{"description":null,"name":"systemd-journal-flush.service","status":"loaded/active/exited"}]},"lastLocation":{"city":"Boardman","state":"Oregon","country":"United States","name":"Boardman, Oregon - United States","continent":"North America","postal":"97818"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2023-03-07T22:18:45.000Z"},"businessInformation":null,"assignedLocation":null,"businessAppListData":null,"riskScore":506,"passiveSensor":null,"domain":null,"subdomain":null,"missingSoftware":[],"whois":null,"organizationName":null,"isp":null,"asn":null,"easmTags":null,"hostingCategory1":null,"customAttributes":null,"lparId":null,"processor":{"description":"Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz","speed":2300,"numCPUs":2,"noOfSocket":1,"threadsPerCore":2,"coresPerSocket":1,"multithreadingStatus":"ENABLED"}} {"assetId":688003347,"assetUUID":"20247932-9ca8-4351-80ee-3a3769b85db7","hostId":547254569,"lastModifiedDate":"2025-09-17T08:40:35.000Z","agentId":"20247932-9ca8-4351-80ee-3a3769b85db7","createdDate":"2023-02-15T20:32:36.000Z","sensorLastUpdatedDate":"2025-09-17T08:40:35.000Z","assetType":null,"address":"10.128.0.2","dnsName":"dnsName_value","assetName":"assetName_value","netbiosName":"netbiosName_value","timeZone":"UTC","biosDescription":"Google Google 09/13/2024","lastBoot":"2025-05-24T04:01:12.000Z","totalMemory":16008,"cpuCount":4,"lastLoggedOnUser":"lastLoggedOnUser_value","domainRole":null,"hwUUID":"e40e2013-8702-b520-50cc-ebc21e34488a","biosSerialNumber":"GoogleCloud-E40E20138702B52050CCEBC21E34488A","biosAssetTag":"Not Specified","isContainerHost":true,"operatingSystem":{"osName":"Debian Linux 11.11","fullName":"Debian Project Debian Bullseye (11.11)","category":"Linux / Server","category1":"Linux","category2":"Server","productName":"Debian","publisher":"Debian Project","edition":null,"marketVersion":"Bullseye","version":"11.11","update":"11.11","architecture":"x86_64","lifecycle":null,"taxonomy":{"id":null,"name":"Linux / Server","category1":"Linux","category2":"Server"},"productUrl":null,"productFamily":null,"installDate":null,"release":"11.11","cpeId":null,"cpe":null,"cpeType":null},"hardware":{"fullName":"Google Compute Engine","category":"Virtualized / Cloud Instance","category1":"Virtualized","category2":"Cloud Instance","manufacturer":"Google","productName":"Compute Engine","model":null,"lifecycle":null,"taxonomy":{"id":null,"name":"Virtualized / Cloud Instance","category1":"Virtualized","category2":"Cloud Instance"},"productUrl":null,"productFamily":null},"userAccountListData":{"userAccount":[{"name":"root"}]},"openPortListData":{"openPort":[{"port":22,"description":"","protocol":"TCP","detectedService":"sshd","firstFound":"2023-04-07T04:07:38.000Z","lastUpdated":"2025-09-09T15:52:49.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":68,"description":"","protocol":"UDP","detectedService":"dhclient","firstFound":"2025-02-27T14:58:06.000Z","lastUpdated":"2025-09-09T15:52:49.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":323,"description":"","protocol":"UDP","detectedService":"chronyd","firstFound":"2025-02-27T14:58:06.000Z","lastUpdated":"2025-09-09T15:52:49.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"}]},"volumeListData":{"volume":[{"name":"/dev","free":8381861888,"size":8381861888},{"name":"/boot/efi","free":118566912,"size":129751040}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"hostname_value","addressIpV4":"175.16.199.1","addressIpV6":null,"macAddress":"","interfaceName":"","dnsAddress":null,"gatewayAddress":"","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null},{"hostname":"hostname_value","addressIpV4":null,"addressIpV6":"2a02:cf40::1","macAddress":"00:11:22:33:44:55","interfaceName":"interfaceName_value","dnsAddress":"175.16.199.1","gatewayAddress":"175.16.199.1","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null}]},"softwareListData":{"software":[{"id":3472954331957710000,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"libtasn1-6:amd64 4.16.0-2+deb11u2","softwareType":"Others","isIgnored":true,"ignoredReason":"Library Packages","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":null,"publisher":"Unknown","edition":null,"marketVersion":null,"version":"4.16.0-2+deb11u2","update":"4.16.0-2+deb11u2","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:48:42.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"libtasn1-6:amd64","discoveredVersion":"4.16.0-2+deb11u2","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null},{"id":-7272038036848305000,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"git-man 1:2.30.2-1+deb11u4","softwareType":"Others","isIgnored":true,"ignoredReason":"Helper Packages","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":null,"publisher":"Unknown","edition":null,"marketVersion":null,"version":"1:2.30.2-1+deb11u4","update":"1:2.30.2-1+deb11u4","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:48:42.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"git-man","discoveredVersion":"1:2.30.2-1+deb11u4","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null}]},"softwareComponent":null,"provider":"GCP","cloudProvider":{"aws":null,"azure":null,"gcp":{"compute":{"hostname":"hostname_value","instanceId":"instanceId_value","macAddress":"00:11:22:33:44:55","machineType":"e2-standard-4","network":"network_value","privateIpAddress":"175.16.199.1","projectId":"projectId_value","projectNumber":"123456789012","publicIpAddress":"34.0.0.1","zone":"us-central1-a","state":"RUNNING","imageId":"projects/debian-cloud/global/images/debian-11-bullseye-v20221206"},"tags":[{"key":"tags_key_1","value":"tags_value_1"},{"key":"tags_key_2","value":"tags_value_2"}]},"oci":null,"ibm":null,"alibaba":null},"agent":{"version":"7.2.0.38","configurationProfile":"configurationProfile_value","activations":[{"key":"key_value","status":"ACTIVE"}],"connectedFrom":"175.16.199.1","lastActivity":1758054384000,"lastCheckedIn":1758095323000,"lastInventory":1758054655000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["VM","SCA","VM"],"pendingActivationForModules":[],"lastVMScan":1758095321000,"lastComplianceScan":0,"lastFullScan":1758095321000,"lastVmScanDateScanner":0,"lastVmScanDateAgent":1758095321000,"lastPcScanDateScanner":0,"lastPcScanDateAgent":0,"firstEasmScanDate":null,"lastEasmScanDate":null},"container":{"product":"DOCKER","version":"28.3.2","noOfContainers":10,"noOfImages":5,"hasSensor":false},"inventory":{"source":"QAGENT","created":1676493156000,"lastUpdated":1758098346000},"activity":{"source":"QAGENT","lastScannedDate":1758098346000},"tagList":{"tag":[{"tagId":1234,"tagName":"env:development","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null},{"tagId":2345,"tagName":"asset_criticality:3","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null}]},"serviceList":{"service":[{"description":null,"name":"networkd-dispatcher.service","status":"loaded/active/running"},{"description":null,"name":"google-guest-agent-manager.service","status":"loaded/active/running"}]},"lastLocation":{"city":"Council Bluffs","state":"Iowa","country":"United States","name":"Council Bluffs, Iowa - United States","continent":"North America","postal":"51502"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2024-11-28T22:24:02.000Z"},"businessInformation":null,"assignedLocation":null,"businessAppListData":null,"riskScore":0,"passiveSensor":null,"domain":null,"subdomain":null,"missingSoftware":[],"whois":null,"organizationName":null,"isp":null,"asn":null,"easmTags":null,"hostingCategory1":null,"customAttributes":null,"lparId":null,"processor":{"description":"AMD EPYC 7B12","speed":null,"numCPUs":4,"noOfSocket":1,"threadsPerCore":2,"coresPerSocket":2,"multithreadingStatus":"ENABLED"}} {"assetId":1355987018,"assetUUID":"12a99663-9cc3-45ae-aac7-1140e5b760f8","hostId":1023155286,"lastModifiedDate":"2025-09-17T09:49:18.000Z","agentId":"12a99663-9cc3-45ae-aac7-1140e5b760f8","createdDate":"2025-07-03T09:13:57.000Z","sensorLastUpdatedDate":"2025-09-17T09:49:18.000Z","assetType":null,"address":"192.168.1.58","dnsName":"dnsName_value","assetName":"assetName_value","netbiosName":"netbiosName_value","timeZone":"+02:00","biosDescription":"MacBookPro18,2","lastBoot":"2025-09-12T09:08:00.000Z","totalMemory":32768,"cpuCount":10,"lastLoggedOnUser":"lastLoggedOnUser_value","domainRole":null,"hwUUID":"53277110-5fcd-5319-9f9c-ac6c109ab024","biosSerialNumber":"biosSerialNumber_value","biosAssetTag":"","isContainerHost":true,"operatingSystem":{"osName":"macOS 15.6.1","fullName":"Apple macOS Sequoia (15.6.1)","category":"Mac / Client","category1":"Mac","category2":"Client","productName":"macOS","publisher":"Apple","edition":null,"marketVersion":"Sequoia","version":"15.6","update":"15.6.1","architecture":"arm64_M1","lifecycle":null,"taxonomy":{"id":null,"name":"Mac / Client","category1":"Mac","category2":"Client"},"productUrl":null,"productFamily":null,"installDate":"2025-08-23T23:12:00.000Z","release":"15.6.1","cpeId":null,"cpe":null,"cpeType":null},"hardware":{"fullName":"Apple MacBook Pro MacBook Pro (16-inch, 2021)","category":"Computers / Notebook","category1":"Computers","category2":"Notebook","manufacturer":"Apple","productName":"MacBook Pro","model":"MacBook Pro (16-inch, 2021)","lifecycle":null,"taxonomy":{"id":null,"name":"Computers / Notebook","category1":"Computers","category2":"Notebook"},"productUrl":null,"productFamily":null},"userAccountListData":{"userAccount":[{"name":"user1"},{"name":"user2"}]},"openPortListData":{"openPort":[{"port":49417,"description":"","protocol":"TCP","detectedService":"ollama","firstFound":"2025-09-12T07:11:00.000Z","lastUpdated":"2025-09-12T07:11:00.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":6789,"description":"","protocol":"TCP","detectedService":"elastic-a","firstFound":"2025-09-12T07:11:00.000Z","lastUpdated":"2025-09-12T07:11:00.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":1900,"description":"","protocol":"UDP","detectedService":"spotify","firstFound":"2025-09-12T07:11:00.000Z","lastUpdated":"2025-09-12T07:11:00.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"}]},"volumeListData":{"volume":[{"name":"/System/Volumes/xarts","free":504315904,"size":510627840},{"name":"/System/Volumes/Data","free":113497677824,"size":959979847680}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"hostname_value","addressIpV4":"175.16.199.1","addressIpV6":null,"macAddress":"4e:f1:61:da:9b:3a","interfaceName":"en0","dnsAddress":"175.16.199.1","gatewayAddress":"175.16.199.1","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null}]},"softwareListData":{"software":[{"id":3349453983575593500,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"Apple Find My 1.0","softwareType":"Application","isIgnored":false,"ignoredReason":null,"category":"Security / Other","category1":"Security","category2":"Other","productName":"Find My","component":null,"publisher":"Apple","edition":"Unknown","marketVersion":"1","version":"1.0","update":"1.0","architecture":null,"installDate":"2025-08-16T18:44:29.000Z","installPath":"/System/Applications/FindMy.app","lastUpdated":"2025-09-17T09:38:25.000Z","lastUseDate":"2025-08-16T18:44:29.000Z","language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"Find My","discoveredVersion":"4.0","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null},{"id":9033964968011558000,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"Apple iCloud 1.0","softwareType":"Application","isIgnored":false,"ignoredReason":null,"category":"Storage / Backup and Recovery","category1":"Storage","category2":"Backup and Recovery","productName":"iCloud","component":null,"publisher":"Apple","edition":"Unknown","marketVersion":"1","version":"1.0","update":"1.0","architecture":null,"installDate":"2025-08-16T18:44:29.000Z","installPath":"/System/Library/CoreServices/iCloud.app","lastUpdated":"2025-09-17T09:38:25.000Z","lastUseDate":"2025-08-16T18:44:29.000Z","language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"iCloud","discoveredVersion":"1.0","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null}]},"softwareComponent":null,"provider":null,"cloudProvider":null,"agent":{"version":"6.3.0.41","configurationProfile":"configurationProfile_value","activations":[{"key":"key_value","status":"ACTIVE"}],"connectedFrom":"175.16.199.1","lastActivity":1758095990000,"lastCheckedIn":1758101907000,"lastInventory":1758096048000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["PM","VM"],"pendingActivationForModules":[],"lastVMScan":1758101903000,"lastComplianceScan":0,"lastFullScan":1758101903000,"lastVmScanDateScanner":0,"lastVmScanDateAgent":1758101903000,"lastPcScanDateScanner":0,"lastPcScanDateAgent":0,"firstEasmScanDate":null,"lastEasmScanDate":null},"container":{"product":"DOCKER","version":"28.3.3","noOfContainers":0,"noOfImages":0,"hasSensor":false},"inventory":{"source":"QAGENT","created":1751534037000,"lastUpdated":1758101907000},"activity":{"source":"QAGENT","lastScannedDate":1758101907000},"tagList":{"tag":[{"tagId":1234,"tagName":"status:running","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null},{"tagId":2345,"tagName":"status:running:other","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null}]},"serviceList":{"service":[{"description":null,"name":"com.apple.fpsd.arcadeservice","status":"stopped"},{"description":null,"name":"com.apple.IOUserDockChannelSerial-0x100000fd9","status":"running"}]},"lastLocation":{"city":"Boardman","state":"Oregon","country":"United States","name":"Boardman, Oregon - United States","continent":"North America","postal":"97818"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2025-07-03T09:13:57.000Z"},"businessInformation":null,"assignedLocation":null,"businessAppListData":null,"riskScore":369,"passiveSensor":null,"domain":null,"subdomain":null,"missingSoftware":[],"whois":null,"organizationName":null,"isp":null,"asn":null,"easmTags":null,"hostingCategory1":null,"customAttributes":null,"lparId":null,"processor":{"description":"Apple M1 Max","speed":3200,"numCPUs":10,"noOfSocket":null,"threadsPerCore":null,"coresPerSocket":10,"multithreadingStatus":"DISABLED"}} +{"assetId":12345,"assetUUID":"e114e6d5-5ec1-4b95-a220-a4b91b78133c","hostId":23456,"lastModifiedDate":"2025-09-17T07:58:52.000Z","agentId":"e114e6d5-5ec1-4b95-a220-a4b91b78133c","createdDate":"2022-05-24T10:37:04.000Z","sensorLastUpdatedDate":"2025-09-17T07:58:52.000Z","assetType":null,"address":"10.64.131.20","dnsName":"dnsName_value","assetName":"assetName_value","netbiosName":"netbiosName_value","timeZone":"UTC","biosDescription":"Xen 4.11.amazon 08/24/2006","lastBoot":"2024-06-10T02:42:22.000Z","totalMemory":7935,"cpuCount":2,"lastLoggedOnUser":"lastLoggedOnUser_value","domainRole":null,"hwUUID":"ec2b711d-6a28-36e4-b9df-f4bde7786085","biosSerialNumber":"biosSerialNumber_value","biosAssetTag":"Not Specified","isContainerHost":false,"operatingSystem":{"osName":"Ubuntu Linux 20.04.4","fullName":"Canonical Ubuntu Focal Fossa (20.04.4 LTS)","category":"Linux / Unidentified","category1":"Linux","category2":"Unidentified","productName":"Ubuntu","publisher":"Canonical","edition":null,"marketVersion":"Focal Fossa","version":"20.04 LTS","update":"20.04 LTS 20.04.4 LTS","architecture":"x86_64","lifecycle":null,"taxonomy":{"id":null,"name":"Linux / Unidentified","category1":"Linux","category2":"Unidentified"},"productUrl":null,"productFamily":null,"installDate":null,"release":"20.04.4","cpeId":null,"cpe":null,"cpeType":null},"hardware":{"fullName":"Xen Project HVM domU","category":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine","manufacturer":"Xen Project","productName":"HVM domU","model":null,"lifecycle":null,"taxonomy":{"id":null,"name":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine"},"productUrl":null,"productFamily":null},"userAccountListData":{"userAccount":[{"name":"user1"},{"name":"user2"}]},"openPortListData":{"openPort":[{"port":53,"description":"","protocol":"UDP","detectedService":"detectedService_value_1","firstFound":"2025-09-09T15:51:43.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":68,"description":"","protocol":"UDP","detectedService":"detectedService_value_2","firstFound":"2025-09-09T15:51:43.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"},{"port":22,"description":"","protocol":"TCP","detectedService":"detectedService_value_3","firstFound":"2022-05-24T11:29:47.000Z","lastUpdated":"2025-09-09T15:51:43.000Z","authorization":null,"detectionScore":null,"discoverySources":"Cloud Agent"}]},"volumeListData":{"volume":[{"name":"/snap/amazon-ssm-agent/11797","free":0,"size":29097984},{"name":"/snap/snapd/24792","free":0,"size":51773440}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"hostname_value","addressIpV4":"175.16.199.1, 10.64.131.20","addressIpV6":null,"macAddress":"","interfaceName":"","dnsAddress":null,"gatewayAddress":"","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null},{"hostname":"hostname_value","addressIpV4":"175.16.199.1,10.64.131.20","addressIpV6":"2a02:cf40::1","macAddress":"02:f7:67:61:19:81","interfaceName":"ens3","dnsAddress":"175.16.199.1","gatewayAddress":"175.16.199.1","manufacturer":null,"macVendorIntroDate":null,"netmask":null,"addresses":null}]},"softwareListData":{"software":[{"id":1350996231234171400,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"Canonical Vim 8.1.2269-1 (Ubuntu Focal Fossa)","softwareType":"Application","isIgnored":false,"ignoredReason":null,"category":"Application Development / Development Tool","category1":"Application Development","category2":"Development Tool","productName":"Vim","component":null,"publisher":"Canonical","edition":"Unknown","marketVersion":"8","version":"8.1","update":"8.1.2269-1 (Ubuntu Focal Fossa)","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:39:28.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"vim","discoveredVersion":"2:8.1.2269-1ubuntu5.22","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null},{"id":-2774205715073934300,"discoverySources":"Cloud Agent, Cloud Agent","fullName":"vim-common 2:8.1.2269-1ubuntu5.22","softwareType":"Others","isIgnored":true,"ignoredReason":"Library Packages","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":null,"publisher":"Unknown","edition":null,"marketVersion":null,"version":"2:8.1.2269-1ubuntu5.22","update":"2:8.1.2269-1ubuntu5.22","architecture":null,"installDate":null,"installPath":null,"lastUpdated":"2025-09-17T07:39:28.000Z","lastUseDate":null,"language":null,"formerlyKnownAs":null,"isPackage":null,"isPackageComponent":null,"packageName":null,"productUrl":null,"lifecycle":null,"supportStageDesc":null,"license":null,"authorization":null,"discoveredPublisher":null,"discoveredName":"vim-common","discoveredVersion":"2:8.1.2269-1ubuntu5.22","authorizationDetectionScore":null,"cpeId":null,"cpe":null,"cpeType":null,"softwareInstances":null}]},"softwareComponent":null,"provider":"AWS","cloudProvider":{"aws":{"ec2":{"accountId":"1234","availabilityZone":"us-west-2a","hasAgent":true,"hostname":"hostname_value","imageId":"imageId_value","instanceId":"instanceId_value","instanceState":"RUNNING","instanceType":"m4.large","qualysScanner":false,"kernelId":null,"launchdate":1653386892000,"privateDNS":"privateDNS_value","privateIpAddress":"10.0.0.1","publicDNS":null,"publicIpAddress":"175.16.199.1","region":{"code":"us-west-2","name":"US West (Oregon)"},"spotInstance":false,"subnetId":"subnetId_value","vpcId":"vpcId_value"},"tags":[{"key":"tags_key_1","value":"tags_value_1"},{"key":"tags_key_2","value":"tags_value_2"}]},"azure":null,"gcp":null,"oci":null,"ibm":null,"alibaba":null},"agent":{"version":"7.2.0.38","configurationProfile":"configurationProfile_value","activations":[{"key":"key_value","status":"ACTIVE"}],"connectedFrom":"175.16.199.1","lastActivity":1758054146000,"lastCheckedIn":1758094769000,"lastInventory":1758054210000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["SCA","PC","VM"],"pendingActivationForModules":[],"lastVMScan":1758094767000,"lastComplianceScan":1681892534000,"lastFullScan":1758094767000,"lastVmScanDateScanner":0,"lastVmScanDateAgent":1758094767000,"lastPcScanDateScanner":0,"lastPcScanDateAgent":1681892534000,"firstEasmScanDate":null,"lastEasmScanDate":null},"container":{"product":null,"version":null,"noOfContainers":0,"noOfImages":0,"hasSensor":null},"inventory":{"source":"QAGENT","created":1653388624000,"lastUpdated":1758095776000},"activity":{"source":"QAGENT","lastScannedDate":1758095776000},"tagList":{"tag":[{"tagId":1234,"tagName":"env:development","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null},{"tagId":2345,"tagName":"asset_criticality:3","foregroundColor":0,"backgroundColor":0,"businessImpact":null,"criticalityScore":null}]},"serviceList":{"service":[{"description":null,"name":"systemd-tmpfiles-setup-dev.service","status":"loaded/active/exited"},{"description":null,"name":"systemd-journal-flush.service","status":"loaded/active/exited"}]},"lastLocation":{"city":"Boardman","state":"Oregon","country":"United States","name":"Boardman, Oregon - United States","continent":"North America","postal":"97818"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2023-03-07T22:18:45.000Z"},"businessInformation":null,"assignedLocation":null,"businessAppListData":null,"riskScore":506,"passiveSensor":null,"domain":null,"subdomain":null,"missingSoftware":[],"whois":null,"organizationName":null,"isp":null,"asn":null,"easmTags":null,"hostingCategory1":null,"customAttributes":null,"lparId":null,"processor":{"description":"Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz","speed":2300,"numCPUs":2,"noOfSocket":1,"threadsPerCore":2,"coresPerSocket":1,"multithreadingStatus":"ENABLED"}} diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 428be252cc0..13ce2e4f5c9 100644 --- a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -177,11 +177,15 @@ "network_interface_list_data": { "network_interface": [ { - "address_ip_v4": "175.16.199.1", + "address_ip_v4": [ + "175.16.199.1" + ], "hostname": "hostname_value" }, { - "address_ip_v4": "175.16.199.1", + "address_ip_v4": [ + "175.16.199.1" + ], "address_ip_v6": [ "2a02:cf40::1" ], @@ -559,7 +563,9 @@ "network_interface_list_data": { "network_interface": [ { - "address_ip_v4": "175.16.199.1", + "address_ip_v4": [ + "175.16.199.1" + ], "hostname": "hostname_value" }, { @@ -910,7 +916,9 @@ "network_interface_list_data": { "network_interface": [ { - "address_ip_v4": "175.16.199.1", + "address_ip_v4": [ + "175.16.199.1" + ], "dns_address": "175.16.199.1", "gateway_address": "175.16.199.1", "hostname": "hostname_value", @@ -1114,6 +1122,400 @@ "user": { "name": "lastLoggedOnUser_value" } + }, + { + "cloud": { + "provider": "aws" + }, + "device": { + "manufacturer": "Xen Project" + }, + "ecs": { + "version": "8.17.0" + }, + "event": { + "category": [ + "host" + ], + "created": "2022-05-24T10:37:04.000Z", + "kind": "event", + "original": "{\"assetId\":12345,\"assetUUID\":\"e114e6d5-5ec1-4b95-a220-a4b91b78133c\",\"hostId\":23456,\"lastModifiedDate\":\"2025-09-17T07:58:52.000Z\",\"agentId\":\"e114e6d5-5ec1-4b95-a220-a4b91b78133c\",\"createdDate\":\"2022-05-24T10:37:04.000Z\",\"sensorLastUpdatedDate\":\"2025-09-17T07:58:52.000Z\",\"assetType\":null,\"address\":\"10.64.131.20\",\"dnsName\":\"dnsName_value\",\"assetName\":\"assetName_value\",\"netbiosName\":\"netbiosName_value\",\"timeZone\":\"UTC\",\"biosDescription\":\"Xen 4.11.amazon 08/24/2006\",\"lastBoot\":\"2024-06-10T02:42:22.000Z\",\"totalMemory\":7935,\"cpuCount\":2,\"lastLoggedOnUser\":\"lastLoggedOnUser_value\",\"domainRole\":null,\"hwUUID\":\"ec2b711d-6a28-36e4-b9df-f4bde7786085\",\"biosSerialNumber\":\"biosSerialNumber_value\",\"biosAssetTag\":\"Not Specified\",\"isContainerHost\":false,\"operatingSystem\":{\"osName\":\"Ubuntu Linux 20.04.4\",\"fullName\":\"Canonical Ubuntu Focal Fossa (20.04.4 LTS)\",\"category\":\"Linux / Unidentified\",\"category1\":\"Linux\",\"category2\":\"Unidentified\",\"productName\":\"Ubuntu\",\"publisher\":\"Canonical\",\"edition\":null,\"marketVersion\":\"Focal Fossa\",\"version\":\"20.04 LTS\",\"update\":\"20.04 LTS 20.04.4 LTS\",\"architecture\":\"x86_64\",\"lifecycle\":null,\"taxonomy\":{\"id\":null,\"name\":\"Linux / Unidentified\",\"category1\":\"Linux\",\"category2\":\"Unidentified\"},\"productUrl\":null,\"productFamily\":null,\"installDate\":null,\"release\":\"20.04.4\",\"cpeId\":null,\"cpe\":null,\"cpeType\":null},\"hardware\":{\"fullName\":\"Xen Project HVM domU\",\"category\":\"Virtualized / Virtual Machine\",\"category1\":\"Virtualized\",\"category2\":\"Virtual Machine\",\"manufacturer\":\"Xen Project\",\"productName\":\"HVM domU\",\"model\":null,\"lifecycle\":null,\"taxonomy\":{\"id\":null,\"name\":\"Virtualized / Virtual Machine\",\"category1\":\"Virtualized\",\"category2\":\"Virtual Machine\"},\"productUrl\":null,\"productFamily\":null},\"userAccountListData\":{\"userAccount\":[{\"name\":\"user1\"},{\"name\":\"user2\"}]},\"openPortListData\":{\"openPort\":[{\"port\":53,\"description\":\"\",\"protocol\":\"UDP\",\"detectedService\":\"detectedService_value_1\",\"firstFound\":\"2025-09-09T15:51:43.000Z\",\"lastUpdated\":\"2025-09-09T15:51:43.000Z\",\"authorization\":null,\"detectionScore\":null,\"discoverySources\":\"Cloud Agent\"},{\"port\":68,\"description\":\"\",\"protocol\":\"UDP\",\"detectedService\":\"detectedService_value_2\",\"firstFound\":\"2025-09-09T15:51:43.000Z\",\"lastUpdated\":\"2025-09-09T15:51:43.000Z\",\"authorization\":null,\"detectionScore\":null,\"discoverySources\":\"Cloud Agent\"},{\"port\":22,\"description\":\"\",\"protocol\":\"TCP\",\"detectedService\":\"detectedService_value_3\",\"firstFound\":\"2022-05-24T11:29:47.000Z\",\"lastUpdated\":\"2025-09-09T15:51:43.000Z\",\"authorization\":null,\"detectionScore\":null,\"discoverySources\":\"Cloud Agent\"}]},\"volumeListData\":{\"volume\":[{\"name\":\"/snap/amazon-ssm-agent/11797\",\"free\":0,\"size\":29097984},{\"name\":\"/snap/snapd/24792\",\"free\":0,\"size\":51773440}]},\"networkInterfaceListData\":{\"networkInterface\":[{\"hostname\":\"hostname_value\",\"addressIpV4\":\"175.16.199.1, 10.64.131.20\",\"addressIpV6\":null,\"macAddress\":\"\",\"interfaceName\":\"\",\"dnsAddress\":null,\"gatewayAddress\":\"\",\"manufacturer\":null,\"macVendorIntroDate\":null,\"netmask\":null,\"addresses\":null},{\"hostname\":\"hostname_value\",\"addressIpV4\":\"175.16.199.1,10.64.131.20\",\"addressIpV6\":\"2a02:cf40::1\",\"macAddress\":\"02:f7:67:61:19:81\",\"interfaceName\":\"ens3\",\"dnsAddress\":\"175.16.199.1\",\"gatewayAddress\":\"175.16.199.1\",\"manufacturer\":null,\"macVendorIntroDate\":null,\"netmask\":null,\"addresses\":null}]},\"softwareListData\":{\"software\":[{\"id\":1350996231234171400,\"discoverySources\":\"Cloud Agent, Cloud Agent\",\"fullName\":\"Canonical Vim 8.1.2269-1 (Ubuntu Focal Fossa)\",\"softwareType\":\"Application\",\"isIgnored\":false,\"ignoredReason\":null,\"category\":\"Application Development / Development Tool\",\"category1\":\"Application Development\",\"category2\":\"Development Tool\",\"productName\":\"Vim\",\"component\":null,\"publisher\":\"Canonical\",\"edition\":\"Unknown\",\"marketVersion\":\"8\",\"version\":\"8.1\",\"update\":\"8.1.2269-1 (Ubuntu Focal Fossa)\",\"architecture\":null,\"installDate\":null,\"installPath\":null,\"lastUpdated\":\"2025-09-17T07:39:28.000Z\",\"lastUseDate\":null,\"language\":null,\"formerlyKnownAs\":null,\"isPackage\":null,\"isPackageComponent\":null,\"packageName\":null,\"productUrl\":null,\"lifecycle\":null,\"supportStageDesc\":null,\"license\":null,\"authorization\":null,\"discoveredPublisher\":null,\"discoveredName\":\"vim\",\"discoveredVersion\":\"2:8.1.2269-1ubuntu5.22\",\"authorizationDetectionScore\":null,\"cpeId\":null,\"cpe\":null,\"cpeType\":null,\"softwareInstances\":null},{\"id\":-2774205715073934300,\"discoverySources\":\"Cloud Agent, Cloud Agent\",\"fullName\":\"vim-common 2:8.1.2269-1ubuntu5.22\",\"softwareType\":\"Others\",\"isIgnored\":true,\"ignoredReason\":\"Library Packages\",\"category\":\"Unknown / Unknown\",\"category1\":\"Unknown\",\"category2\":\"Unknown\",\"productName\":\"Unknown\",\"component\":null,\"publisher\":\"Unknown\",\"edition\":null,\"marketVersion\":null,\"version\":\"2:8.1.2269-1ubuntu5.22\",\"update\":\"2:8.1.2269-1ubuntu5.22\",\"architecture\":null,\"installDate\":null,\"installPath\":null,\"lastUpdated\":\"2025-09-17T07:39:28.000Z\",\"lastUseDate\":null,\"language\":null,\"formerlyKnownAs\":null,\"isPackage\":null,\"isPackageComponent\":null,\"packageName\":null,\"productUrl\":null,\"lifecycle\":null,\"supportStageDesc\":null,\"license\":null,\"authorization\":null,\"discoveredPublisher\":null,\"discoveredName\":\"vim-common\",\"discoveredVersion\":\"2:8.1.2269-1ubuntu5.22\",\"authorizationDetectionScore\":null,\"cpeId\":null,\"cpe\":null,\"cpeType\":null,\"softwareInstances\":null}]},\"softwareComponent\":null,\"provider\":\"AWS\",\"cloudProvider\":{\"aws\":{\"ec2\":{\"accountId\":\"1234\",\"availabilityZone\":\"us-west-2a\",\"hasAgent\":true,\"hostname\":\"hostname_value\",\"imageId\":\"imageId_value\",\"instanceId\":\"instanceId_value\",\"instanceState\":\"RUNNING\",\"instanceType\":\"m4.large\",\"qualysScanner\":false,\"kernelId\":null,\"launchdate\":1653386892000,\"privateDNS\":\"privateDNS_value\",\"privateIpAddress\":\"10.0.0.1\",\"publicDNS\":null,\"publicIpAddress\":\"175.16.199.1\",\"region\":{\"code\":\"us-west-2\",\"name\":\"US West (Oregon)\"},\"spotInstance\":false,\"subnetId\":\"subnetId_value\",\"vpcId\":\"vpcId_value\"},\"tags\":[{\"key\":\"tags_key_1\",\"value\":\"tags_value_1\"},{\"key\":\"tags_key_2\",\"value\":\"tags_value_2\"}]},\"azure\":null,\"gcp\":null,\"oci\":null,\"ibm\":null,\"alibaba\":null},\"agent\":{\"version\":\"7.2.0.38\",\"configurationProfile\":\"configurationProfile_value\",\"activations\":[{\"key\":\"key_value\",\"status\":\"ACTIVE\"}],\"connectedFrom\":\"175.16.199.1\",\"lastActivity\":1758054146000,\"lastCheckedIn\":1758094769000,\"lastInventory\":1758054210000,\"udcManifestAssigned\":false,\"errorStatus\":false},\"sensor\":{\"activatedForModules\":[\"SCA\",\"PC\",\"VM\"],\"pendingActivationForModules\":[],\"lastVMScan\":1758094767000,\"lastComplianceScan\":1681892534000,\"lastFullScan\":1758094767000,\"lastVmScanDateScanner\":0,\"lastVmScanDateAgent\":1758094767000,\"lastPcScanDateScanner\":0,\"lastPcScanDateAgent\":1681892534000,\"firstEasmScanDate\":null,\"lastEasmScanDate\":null},\"container\":{\"product\":null,\"version\":null,\"noOfContainers\":0,\"noOfImages\":0,\"hasSensor\":null},\"inventory\":{\"source\":\"QAGENT\",\"created\":1653388624000,\"lastUpdated\":1758095776000},\"activity\":{\"source\":\"QAGENT\",\"lastScannedDate\":1758095776000},\"tagList\":{\"tag\":[{\"tagId\":1234,\"tagName\":\"env:development\",\"foregroundColor\":0,\"backgroundColor\":0,\"businessImpact\":null,\"criticalityScore\":null},{\"tagId\":2345,\"tagName\":\"asset_criticality:3\",\"foregroundColor\":0,\"backgroundColor\":0,\"businessImpact\":null,\"criticalityScore\":null}]},\"serviceList\":{\"service\":[{\"description\":null,\"name\":\"systemd-tmpfiles-setup-dev.service\",\"status\":\"loaded/active/exited\"},{\"description\":null,\"name\":\"systemd-journal-flush.service\",\"status\":\"loaded/active/exited\"}]},\"lastLocation\":{\"city\":\"Boardman\",\"state\":\"Oregon\",\"country\":\"United States\",\"name\":\"Boardman, Oregon - United States\",\"continent\":\"North America\",\"postal\":\"97818\"},\"criticality\":{\"score\":3,\"isDefault\":false,\"lastUpdated\":\"2023-03-07T22:18:45.000Z\"},\"businessInformation\":null,\"assignedLocation\":null,\"businessAppListData\":null,\"riskScore\":506,\"passiveSensor\":null,\"domain\":null,\"subdomain\":null,\"missingSoftware\":[],\"whois\":null,\"organizationName\":null,\"isp\":null,\"asn\":null,\"easmTags\":null,\"hostingCategory1\":null,\"customAttributes\":null,\"lparId\":null,\"processor\":{\"description\":\"Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz\",\"speed\":2300,\"numCPUs\":2,\"noOfSocket\":1,\"threadsPerCore\":2,\"coresPerSocket\":1,\"multithreadingStatus\":\"ENABLED\"}}", + "risk_score": 506.0, + "timezone": "UTC", + "type": [ + "info" + ] + }, + "host": { + "architecture": "x86_64", + "geo": { + "city_name": "Boardman", + "continent_name": "North America", + "country_name": "Boardman, Oregon - United States", + "postal_code": "97818" + }, + "hostname": "dnsName_value", + "id": "12345", + "ip": [ + "10.64.131.20" + ], + "name": "assetname_value", + "os": { + "full": "Canonical Ubuntu Focal Fossa (20.04.4 LTS)", + "name": "Ubuntu Linux 20.04.4", + "platform": "Ubuntu", + "type": "linux", + "version": "20.04 LTS" + } + }, + "observer": { + "product": "Global AssetView", + "vendor": "Qualys" + }, + "package": { + "name": [ + "Canonical Vim 8.1.2269-1 (Ubuntu Focal Fossa)", + "vim-common 2:8.1.2269-1ubuntu5.22" + ], + "type": [ + "Application", + "Others" + ], + "version": [ + "8.1", + "2:8.1.2269-1ubuntu5.22" + ] + }, + "qualys_gav": { + "asset": { + "activity": { + "last_scanned_date": "2025-09-17T07:56:16.000Z", + "source": "QAGENT" + }, + "address": "10.64.131.20", + "agent": { + "activations": [ + { + "key": "key_value", + "status": "ACTIVE" + } + ], + "configuration_profile": "configurationProfile_value", + "connected_from": "175.16.199.1", + "error_status": false, + "last_activity": "2025-09-16T20:22:26.000Z", + "last_checked_in": "2025-09-17T07:39:29.000Z", + "last_inventory": "2025-09-16T20:23:30.000Z", + "udc_manifest_assigned": false, + "version": "7.2.0.38" + }, + "agent_id": "e114e6d5-5ec1-4b95-a220-a4b91b78133c", + "asset_id": "12345", + "asset_name": "assetName_value", + "asset_uuid": "e114e6d5-5ec1-4b95-a220-a4b91b78133c", + "bios_asset_tag": "Not Specified", + "bios_description": "Xen 4.11.amazon 08/24/2006", + "bios_serial_number": "biosSerialNumber_value", + "cloud_provider": { + "aws": { + "ec2": { + "account_id": "1234", + "availability_zone": "us-west-2a", + "has_agent": true, + "hostname": "hostname_value", + "image_id": "imageId_value", + "instance_id": "instanceId_value", + "instance_state": "RUNNING", + "instance_type": "m4.large", + "launchdate": "2022-05-24T10:08:12.000Z", + "private_dns": "privateDNS_value", + "private_ip_address": "10.0.0.1", + "public_ip_address": "175.16.199.1", + "qualys_scanner": false, + "region": { + "code": "us-west-2", + "name": "US West (Oregon)" + }, + "spot_instance": false, + "subnet_id": "subnetId_value", + "vpc_id": "vpcId_value" + }, + "tags": [ + { + "key": "tags_key_1", + "value": "tags_value_1" + }, + { + "key": "tags_key_2", + "value": "tags_value_2" + } + ] + } + }, + "container": { + "no_of_containers": 0, + "no_of_images": 0 + }, + "cpu_count": 2, + "created_date": "2022-05-24T10:37:04.000Z", + "criticality": { + "is_default": false, + "last_updated": "2023-03-07T22:18:45.000Z", + "score": 3 + }, + "dns_name": "dnsName_value", + "hardware": { + "category": "Virtualized / Virtual Machine", + "category1": "Virtualized", + "category2": "Virtual Machine", + "full_name": "Xen Project HVM domU", + "manufacturer": "Xen Project", + "product_name": "HVM domU", + "taxonomy": { + "category1": "Virtualized", + "category2": "Virtual Machine", + "name": "Virtualized / Virtual Machine" + } + }, + "host_id": "23456", + "hw_uuid": "ec2b711d-6a28-36e4-b9df-f4bde7786085", + "inventory": { + "created": "2022-05-24T10:37:04.000Z", + "last_updated": "2025-09-17T07:56:16.000Z", + "source": "QAGENT" + }, + "is_container_host": false, + "last_boot": "2024-06-10T02:42:22.000Z", + "last_location": { + "city": "Boardman", + "continent": "North America", + "country": "United States", + "name": "Boardman, Oregon - United States", + "postal": "97818", + "state": "Oregon" + }, + "last_logged_on_user": "lastLoggedOnUser_value", + "last_modified_date": "2025-09-17T07:58:52.000Z", + "netbios_name": "netbiosName_value", + "network_interface_list_data": { + "network_interface": [ + { + "address_ip_v4": [ + "175.16.199.1", + "10.64.131.20" + ], + "hostname": "hostname_value" + }, + { + "address_ip_v4": [ + "175.16.199.1", + "10.64.131.20" + ], + "address_ip_v6": [ + "2a02:cf40::1" + ], + "dns_address": "175.16.199.1", + "gateway_address": "175.16.199.1", + "hostname": "hostname_value", + "interface_name": "ens3", + "mac_address": "02-F7-67-61-19-81" + } + ] + }, + "open_port_list_data": { + "open_port": [ + { + "detected_service": "detectedService_value_1", + "discovery_sources": "Cloud Agent", + "first_found": "2025-09-09T15:51:43.000Z", + "last_updated": "2025-09-09T15:51:43.000Z", + "port": 53, + "protocol": "UDP" + }, + { + "detected_service": "detectedService_value_2", + "discovery_sources": "Cloud Agent", + "first_found": "2025-09-09T15:51:43.000Z", + "last_updated": "2025-09-09T15:51:43.000Z", + "port": 68, + "protocol": "UDP" + }, + { + "detected_service": "detectedService_value_3", + "discovery_sources": "Cloud Agent", + "first_found": "2022-05-24T11:29:47.000Z", + "last_updated": "2025-09-09T15:51:43.000Z", + "port": 22, + "protocol": "TCP" + } + ] + }, + "operating_system": { + "architecture": "x86_64", + "category": "Linux / Unidentified", + "category1": "Linux", + "category2": "Unidentified", + "full_name": "Canonical Ubuntu Focal Fossa (20.04.4 LTS)", + "market_version": "Focal Fossa", + "os_name": "Ubuntu Linux 20.04.4", + "product_name": "Ubuntu", + "publisher": "Canonical", + "release": "20.04.4", + "taxonomy": { + "category1": "Linux", + "category2": "Unidentified", + "name": "Linux / Unidentified" + }, + "update": "20.04 LTS 20.04.4 LTS", + "version": "20.04 LTS" + }, + "processor": { + "cores_per_socket": 1, + "description": "Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz", + "multithreading_status": "ENABLED", + "no_of_socket": 1, + "num_cpus": 2, + "speed": 2300, + "threads_per_core": 2 + }, + "provider": "AWS", + "risk_score": 506.0, + "sensor": { + "activated_for_modules": [ + "SCA", + "PC", + "VM" + ], + "last_compliance_scan": "2023-04-19T08:22:14.000Z", + "last_full_scan": "2025-09-17T07:39:27.000Z", + "last_pc_scan_date_agent": "2023-04-19T08:22:14.000Z", + "last_vm_scan_date_agent": "2025-09-17T07:39:27.000Z", + "last_vmscan": "2025-09-17T07:39:27.000Z" + }, + "sensor_last_updated_date": "2025-09-17T07:58:52.000Z", + "service_list": { + "service": [ + { + "name": "systemd-tmpfiles-setup-dev.service", + "status": "loaded/active/exited" + }, + { + "name": "systemd-journal-flush.service", + "status": "loaded/active/exited" + } + ] + }, + "software_list_data": { + "software": [ + { + "category": "Application Development / Development Tool", + "category1": "Application Development", + "category2": "Development Tool", + "discovered_name": "vim", + "discovered_version": "2:8.1.2269-1ubuntu5.22", + "discovery_sources": "Cloud Agent, Cloud Agent", + "edition": "Unknown", + "full_name": "Canonical Vim 8.1.2269-1 (Ubuntu Focal Fossa)", + "id": "1350996231234171400", + "is_ignored": false, + "last_updated": "2025-09-17T07:39:28.000Z", + "market_version": "8", + "product_name": "Vim", + "publisher": "Canonical", + "software_type": "Application", + "update": "8.1.2269-1 (Ubuntu Focal Fossa)", + "version": "8.1" + }, + { + "category": "Unknown / Unknown", + "category1": "Unknown", + "category2": "Unknown", + "discovered_name": "vim-common", + "discovered_version": "2:8.1.2269-1ubuntu5.22", + "discovery_sources": "Cloud Agent, Cloud Agent", + "full_name": "vim-common 2:8.1.2269-1ubuntu5.22", + "id": "-2774205715073934300", + "ignored_reason": "Library Packages", + "is_ignored": true, + "last_updated": "2025-09-17T07:39:28.000Z", + "product_name": "Unknown", + "publisher": "Unknown", + "software_type": "Others", + "update": "2:8.1.2269-1ubuntu5.22", + "version": "2:8.1.2269-1ubuntu5.22" + } + ] + }, + "tag_list": { + "tag": [ + { + "background_color": "0", + "foreground_color": "0", + "tag_id": "1234", + "tag_name": "env:development" + }, + { + "background_color": "0", + "foreground_color": "0", + "tag_id": "2345", + "tag_name": "asset_criticality:3" + } + ] + }, + "time_zone": "UTC", + "total_memory": 7935, + "user_account_list_data": { + "user_account": [ + { + "name": "user1" + }, + { + "name": "user2" + } + ] + }, + "volume_list_data": { + "volume": [ + { + "free": 0, + "name": "/snap/amazon-ssm-agent/11797", + "size": 29097984 + }, + { + "free": 0, + "name": "/snap/snapd/24792", + "size": 51773440 + } + ] + } + } + }, + "related": { + "hosts": [ + "12345", + "assetName_value", + "e114e6d5-5ec1-4b95-a220-a4b91b78133c", + "dnsName_value", + "23456", + "netbiosName_value", + "hostname_value" + ], + "ip": [ + "10.64.131.20", + "175.16.199.1", + "2a02:cf40::1" + ], + "user": [ + "lastLoggedOnUser_value" + ] + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "user": { + "name": "lastLoggedOnUser_value" + } } ] } diff --git a/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index cde5f1394ef..93b69bbfd7a 100644 --- a/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -728,31 +728,69 @@ processors: if: ctx.qualys_gav?.asset?.netbios_name != null - foreach: field: qualys_gav.asset.network_interface_list_data.network_interface - tag: foreach_asset_network_interface_list_data_network_interface_to_convert_address_ip_v4 + tag: foreach_network_interface_list_data_network_interface_to_split_address_ip_v4 if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List processor: - convert: + split: field: _ingest._value.address_ip_v4 - tag: convert_asset_network_interface_list_data_network_interface_address_ip_v4 - type: ip + separator: ',' + tag: split_asset_network_interface_list_data_network_interface_address_ip_v4 ignore_missing: true on_failure: - - remove: - field: _ingest._value.address_ip_v4 - ignore_missing: true - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - foreach: + field: qualys_gav.asset.network_interface_list_data.network_interface + tag: foreach_network_interface_list_data_network_interface_to_trim_address_ip_v4 + if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List + processor: + foreach: + field: _ingest._value.address_ip_v4 + tag: foreach_asset_network_interface_list_data_network_interface_address_ip_v4_trim + ignore_failure: true + processor: + trim: + field: _ingest._value + tag: trim_asset_network_interface_list_data_network_interface_address_ip_v4 + ignore_missing: true + - foreach: + field: qualys_gav.asset.network_interface_list_data.network_interface + tag: foreach_asset_network_interface_list_data_network_interface_to_convert_address_ip_v4 + if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List + processor: + foreach: + field: _ingest._value.address_ip_v4 + tag: foreach_asset_network_interface_list_data_network_interface_address_ip_v4 + ignore_failure: true + processor: + convert: + field: _ingest._value + tag: convert_asset_network_interface_list_data_network_interface_address_ip_v4 + type: ip + ignore_missing: true + on_failure: + - remove: + field: _ingest._value + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - foreach: field: qualys_gav.asset.network_interface_list_data.network_interface tag: foreach_network_interface_list_data_network_interface_to_set_related_ip_from_address_ip_v4 if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List processor: - append: - field: related.ip - tag: append_network_interface_list_data_network_interface_address_ip_v4_into_related_ip - value: '{{{_ingest._value.address_ip_v4}}}' - allow_duplicates: false + foreach: + field: _ingest._value.address_ip_v4 + tag: foreach_asset_network_interface_list_data_network_interface_address_ip_v4 + ignore_failure: true + processor: + append: + field: related.ip + tag: append_network_interface_list_data_network_interface_address_ip_v4_into_related_ip + value: '{{{_ingest._value}}}' + allow_duplicates: false - foreach: field: qualys_gav.asset.network_interface_list_data.network_interface tag: foreach_network_interface_list_data_network_interface_to_gsub_mac_address diff --git a/packages/qualys_gav/manifest.yml b/packages/qualys_gav/manifest.yml index 579aa83e43d..8d4ca22efa5 100644 --- a/packages/qualys_gav/manifest.yml +++ b/packages/qualys_gav/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.2 name: qualys_gav title: Qualys Global AssetView -version: 0.3.0 +version: 0.3.1 description: Collect logs from Qualys Global AssetView with Elastic Agent. type: integration categories: From 6436f81166bcbe3ab8492c15183283de8e9c694f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Tue, 28 Oct 2025 15:24:05 +0530 Subject: [PATCH 2/2] updated changelog --- packages/qualys_gav/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/qualys_gav/changelog.yml b/packages/qualys_gav/changelog.yml index b386154e90c..8d9662d465e 100644 --- a/packages/qualys_gav/changelog.yml +++ b/packages/qualys_gav/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Added support for comma separated list of IPv4 addresses in network_interface list data. type: bugfix - link: https://github.com/elastic/integrations/pull/1111 + link: https://github.com/elastic/integrations/pull/15782 - version: "0.3.0" changes: - description: Added support for configuring cel max_executions parameter.