tenable_io: update dashboards, fix timestamp and improve fingerprinting

* update dashboard branding for the branding change
* make timestamp reflect last seen rather than first seen
* reduce event collision by adding fingerprint processor

packages/tenable_io/changelog.yml

@@ -1,4 +1,15 @@
 # newer versions go on top
+- version: "2.0.1"
+  changes:
+    - description: Update dashboards for 2.0 changes.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7696
+    - description: Fix timestamp to refer to last seen rather than indexed.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7696
+    - description: Improve fingerprinting behavior.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7696
 - version: "2.0.0"
   changes:
     - description: Adjust default collection interval and remove Scanner data stream.

packages/tenable_io/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json

@@ -1,7 +1,7 @@
 {
     "expected": [
         {
-            "@timestamp": "2022-11-30T14:09:12.061Z",
+            "@timestamp": "2018-12-31T20:59:47.000Z",
             "ecs": {
                 "version": "8.9.0"
             },

packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml

@@ -47,9 +47,19 @@ processors:
         - append:
             field: error.message
             value: '{{{_ingest.on_failure_message}}}'
+  - date:
+      field: json.last_found
+      target_field: tenable_io.vulnerability.last_found
+      formats:
+        - ISO8601
+      if: ctx.json?.last_found != null && ctx.json.last_found != ''
+      on_failure:
+        - append:
+            field: error.message
+            value: '{{{_ingest.on_failure_message}}}'
   - set:
       field: '@timestamp'
-      copy_from: tenable_io.vulnerability.indexed
+      copy_from: tenable_io.vulnerability.last_found
       ignore_empty_value: true
   - rename:
       field: json.asset.netbios_name
@@ -883,16 +893,6 @@ processors:
         - append:
             field: error.message
             value: '{{{_ingest.on_failure_message}}}'
-  - date:
-      field: json.last_found
-      target_field: tenable_io.vulnerability.last_found
-      formats:
-        - ISO8601
-      if: ctx.json?.last_found != null && ctx.json.last_found != ''
-      on_failure:
-        - append:
-            field: error.message
-            value: '{{{_ingest.on_failure_message}}}'
   - rename:
       field: json.state
       target_field: tenable_io.vulnerability.state
@@ -965,6 +965,16 @@ processors:
         - append:
             field: error.message
             value: '{{{_ingest.on_failure_message}}}'
+  - fingerprint:
+      fields:
+        - tenable_io.vulnerability.plugin.id
+        - host.ip
+        - tenable_io.vulnerability.last_found
+        - tenable_io.vulnerability.port.value
+        - tenable_io.vulnerability.plugin.modification_dat
+      target_field: _id
+      method: MurmurHash3
+      ignore_missing: true
   - remove:
       field: json
       ignore_missing: true

packages/tenable_io/kibana/dashboard/tenable_io-0d902a50-edec-11ed-b550-bd5e656b580f.json

@@ -589,7 +589,7 @@
             }
         ],
         "timeRestore": false,
-        "title": "[Logs Tenable IO] Scan",
+        "title": "[Logs Tenable Vulnerability Management] Scan",
         "version": 1
     },
     "coreMigrationVersion": "8.7.1",

packages/tenable_io/kibana/dashboard/tenable_io-4d784610-1ec2-11ed-bad4-551c615a34d1.json

@@ -1,6 +1,6 @@
 {
     "attributes": {
-        "description": "This dashboard shows plugin logs collected by the Tenable IO integration.",
+        "description": "This dashboard shows plugin logs collected by the Tenable Vulnerability Management integration.",
         "kibanaSavedObjectMeta": {
             "searchSourceJSON": {
                 "filter": [
@@ -135,7 +135,7 @@
                     "y": 0
                 },
                 "panelIndex": "c8f294c5-2d3b-4562-8a0e-c1c8a3abcdf8",
-                "title": "Total Plugins [Logs Tenable IO]",
+                "title": "Total Plugins [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -259,7 +259,7 @@
                     "y": 0
                 },
                 "panelIndex": "a2f99371-1e7e-4407-867d-566d28a59db3",
-                "title": "Total Plugins Exploited by Malware [Logs Tenable IO]",
+                "title": "Total Plugins Exploited by Malware [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -386,7 +386,7 @@
                     "y": 15
                 },
                 "panelIndex": "5b655c8d-f1f8-4eb1-9157-3c5f107ec099",
-                "title": "Top 10 Most Common Solutions [Logs Tenable IO]",
+                "title": "Top 10 Most Common Solutions [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -518,7 +518,7 @@
                     "y": 15
                 },
                 "panelIndex": "b4b6cd6c-1f93-47a6-b6ef-88807356de6d",
-                "title": "Distribution of Plugins based on Risk Factors [Logs Tenable IO]",
+                "title": "Distribution of Plugins based on Risk Factors [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -650,7 +650,7 @@
                     "y": 30
                 },
                 "panelIndex": "f2c832e3-c99d-4716-a2a1-8d3a33a8834f",
-                "title": "Distribution of Plugin Vulnerabilities by Patches [Logs Tenable IO]",
+                "title": "Distribution of Plugin Vulnerabilities by Patches [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -782,13 +782,13 @@
                     "y": 30
                 },
                 "panelIndex": "84e47932-741f-4852-a222-0eab1321b9b7",
-                "title": "Top 10 plugins with Highest VPR Score [Logs Tenable IO]",
+                "title": "Top 10 plugins with Highest VPR Score [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             }
         ],
         "timeRestore": false,
-        "title": "[Logs Tenable IO] Plugin",
+        "title": "[Logs Tenable Vulnerability Management] Plugin",
         "version": 1
     },
     "coreMigrationVersion": "8.7.1",

packages/tenable_io/kibana/dashboard/tenable_io-84586900-1ed4-11ed-bad4-551c615a34d1.json

@@ -1,6 +1,6 @@
 {
     "attributes": {
-        "description": "This dashboard shows vulnerability logs collected by the Tenable IO integration.",
+        "description": "This dashboard shows vulnerability logs collected by the Tenable Vulnerability Management integration.",
         "kibanaSavedObjectMeta": {
             "searchSourceJSON": {
                 "filter": [
@@ -135,7 +135,7 @@
                     "y": 0
                 },
                 "panelIndex": "f71477b9-9f08-4c4e-bfb4-bc6be7d4237c",
-                "title": "Total Vulnerabilities [Logs Tenable IO]",
+                "title": "Total Vulnerabilities [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -263,7 +263,7 @@
                     "y": 0
                 },
                 "panelIndex": "6891edc0-34c6-42b6-a7ac-cdeba5ff4eda",
-                "title": "Total Active Vulnerabilities [Logs Tenable IO]",
+                "title": "Total Active Vulnerabilities [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -391,7 +391,7 @@
                     "y": 0
                 },
                 "panelIndex": "6e2279dc-0619-437d-8283-49bfff2a3b40",
-                "title": "Total Fixed Vulnerabilities [Logs Tenable IO]",
+                "title": "Total Fixed Vulnerabilities [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -523,7 +523,7 @@
                     "y": 10
                 },
                 "panelIndex": "08011b1b-b5e0-4c61-8b32-ea577b76b21a",
-                "title": "Distribution of Vulnerabilities by Severity [Logs Tenable IO]",
+                "title": "Distribution of Vulnerabilities by Severity [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -655,7 +655,7 @@
                     "y": 10
                 },
                 "panelIndex": "8ddb2cb4-fc49-4c7e-b404-ee8e0c3643a9",
-                "title": "Distribution of Plugins by Family [Logs Tenable IO]",
+                "title": "Distribution of Plugins by Family [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -782,7 +782,7 @@
                     "y": 25
                 },
                 "panelIndex": "afad7b54-841b-4f10-ad54-0eca8a66ea0c",
-                "title": "Top 10 Plugin Names [Logs Tenable IO]",
+                "title": "Top 10 Plugin Names [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -914,7 +914,7 @@
                     "y": 25
                 },
                 "panelIndex": "945ef9e7-8d79-47fb-a468-40f5fcca9ebe",
-                "title": "Distribution of Plugins by Risk Factor [Logs Tenable IO]",
+                "title": "Distribution of Plugins by Risk Factor [Logs Tenable Vulnerability Management]",
                 "type": "lens",
                 "version": "8.7.1"
             },
@@ -1048,7 +1048,7 @@
             }
         ],
         "timeRestore": false,
-        "title": "[Logs Tenable IO] Vulnerability",
+        "title": "[Logs Tenable Vulnerability Management] Vulnerability",
         "version": 1
     },
     "coreMigrationVersion": "8.7.1",