Merge pull request #540 from Cargill/tenable_sc_split

added vuln id split to teanable_sc
Cargill · Sep 25, 2024 · 80b45ed · 80b45ed
2 parents ff8c4e2 + 73461dc
commit 80b45ed
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/config/processors/vuln_tenable_asm.conf b/config/processors/vuln_tenable_asm.conf
@@ -171,6 +171,9 @@ filter {
   mutate {
     remove_field => [ "tmp" ]
   }
+  split {
+    field => "[vulnerability][id]"
+  }
 }
 output {
   pipeline { send_to => [enrichments] }

diff --git a/config/processors/vuln_tenable_sc.conf b/config/processors/vuln_tenable_sc.conf
@@ -10,6 +10,9 @@ filter {
     source => "message"
     target => "tmp"
   }
+  mutate {
+    split => { "[tmp][cve]" => "," }
+  }
   mutate{
     add_field => { "[log][source][hostname]" => "%{[tmp][netbiosName]}" }
   }
@@ -117,6 +120,9 @@ filter {
   mutate {
     remove_field => [ "tmp" ]
   }
+  split {
+    field => "[vulnerability][id]"
+  }
 }
 output {
   pipeline { send_to => [enrichments] }