search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
187 stars 391 forks source link

[qualys_vmdr.asset_host_detection] Align field names with Qualys field names #10276

Closed clement-fouque closed 19 hours ago

clement-fouque commented 1 week ago

There is a misalignment between the Qualys API and fields stored in elastic. It's making troubleshooting harder.

I'm proposing to align Qualys field names and Elastic names as following.

Qualys field name Elastic current field name Elastic new field name
json.DNS qualys_vmdr.asset_host_detection.dns.value qualys_vmdr.asset_host_detection.dns
json.CLOUD_RESOURCE_ID qualys_vmdr.asset_host_detection.cloud.resource_id qualys_vmdr.asset_host_detection.cloud_resource_id
json.CLOUD_SERVICE qualys_vmdr.asset_host_detection.cloud.service qualys_vmdr.asset_host_detection.cloud_service
json.CLOUD_PROVIDER qualys_vmdr.asset_host_detection.cloud.provider.name qualys_vmdr.asset_host_detection.cloud_provider
json.QG_HOSTID qualys_vmdr.asset_host_detection.qg_host_id qualys_vmdr.asset_host_detection.qg_hostid
json.OS_CPE qualys_vmdr.asset_host_detection.os.cpe qualys_vmdr.asset_host_detection.os_cpe
json.OS qualys_vmdr.asset_host_detection.os.value qualys_vmdr.asset_host_detection.os
json.LAST_PC_SCANNED_DATE qualys_vmdr.asset_host_detection.last.pc_scanned_date qualys_vmdr.asset_host_detection.last_pc_scanned_date
json.LAST_SCAN_DATETIME qualys_vmdr.asset_host_detection.last.scan_datetime qualys_vmdr.asset_host_detection.last_scan_datetime
json.LAST_VM_AUTH_SCANNED_DATE qualys_vmdr.asset_host_detection.last.vm.auth.scanned_date qualys_vmdr.asset_host_detection.last_vm_auth_scanned_date
json.LAST_VM_SCANNED_DATE qualys_vmdr.asset_host_detection.last.vm.scanned_date qualys_vmdr.asset_host_detection.last_vm_scanned_date
json.LAST_VM_AUTH_SCANNED_DURATION qualys_vmdr.asset_host_detection.last.vm.auth.scanned_duration qualys_vmdr.asset_host_detection.last_vm_auth_scanned_duration
json.LAST_VM_SCANNED_DURATION qualys_vmdr.asset_host_detection.last.vm.scanned_duration qualys_vmdr.asset_host_detection.last_vm_scanned_duration
json.CLOUD_PROVIDER_TAGS.CLOUD_TAG qualys_vmdr.asset_host_detection.cloud.provider.tags.cloud_tag qualys_vmdr.asset_host_detection.cloud_provider_tags.cloud_tag
elasticmachine commented 1 week ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)