Tenable SC (vulnerability) pipeline feature request: tenable_sc.vulnerability.age

[jgreene-TrappTech]

Please add tenable_sc.vulnerability.age or vulnerability.age derived from (tenable_sc.vulnerability.last_seen - tenable_sc.vulnerability.first_seen) to the logs-tenable_sc.vulnerability-<version> pipeline, formatted as days.

possible approach:

if(ctx?.tenable_sc.vulnerability.first_seen != null && ctx?.tenable_sc.vulnerability.last_seen !=null ) {ctx.tenable_sc.vulnerability.age = ChronoUnit.DAYS.between(ZonedDateTime.parse(ctx?.tenable_sc.vulnerability.last_seen), ZonedDateTime.parse(ctx?.tenable_sc.vulnerability.first_seen)); }

Justification: Many audits require the tracking and remediation of vulnerabilities discovered and have Vulnerability Remediation SLAs. Having this value calculated by the pipeline supports enriched reporting and alerting.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)