From 5e0b9c18b913bc3bd08c6b69da586ec89152696c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 14 Nov 2025 16:05:27 +0530 Subject: [PATCH 1/4] added support for exclude/include fields --- packages/qualys_gav/changelog.yml | 5 +++++ .../data_stream/asset/agent/stream/cel.yml.hbs | 6 +++++- packages/qualys_gav/data_stream/asset/manifest.yml | 14 ++++++++++++++ packages/qualys_gav/manifest.yml | 2 +- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/packages/qualys_gav/changelog.yml b/packages/qualys_gav/changelog.yml index f05ec2697c0..99110c5f08a 100644 --- a/packages/qualys_gav/changelog.yml +++ b/packages/qualys_gav/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Added support for excluding and including fields in the asset object in the response. + type: enhancement + link: https://github.com/elastic/integrations/pull/1111 - version: "0.4.1" changes: - description: Refactor date processing for asset inventory list to use foreach processor. diff --git a/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs b/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs index 841f3adfd92..d27b4dd5ffa 100644 --- a/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs +++ b/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs @@ -23,6 +23,8 @@ state: username: {{username}} password: {{password}} asset_id: 0 + exclude_fields: {{exclude_fields}} + include_fields: {{include_fields}} redact: fields: - password @@ -67,7 +69,9 @@ program: | "POST", base_url + "/rest/2.0/search/am/asset?" + { "pageSize": [string(state.batch_size)], - "lastSeenAssetId": [string(int(state.asset_id))] + "lastSeenAssetId": [string(int(state.asset_id))], + ?"exclude_fields": (state.?exclude_fields.orValue("") != "") ? optional.of([string(state.exclude_fields)]) : optional.none(), + ?"include_fields": (state.?include_fields.orValue("") != "") ? optional.of([string(state.include_fields)]) : optional.none(), }.format_query() ).with({ "Header":{ diff --git a/packages/qualys_gav/data_stream/asset/manifest.yml b/packages/qualys_gav/data_stream/asset/manifest.yml index 19cade6c266..cb0eac3e9ac 100644 --- a/packages/qualys_gav/data_stream/asset/manifest.yml +++ b/packages/qualys_gav/data_stream/asset/manifest.yml @@ -23,6 +23,20 @@ streams: required: true show_user: false default: 100 + - name: exclude_fields + type: text + title: Exclude Fields + description: Comma separated list of fields to exclude from the asset object in the response. + multi: true + required: false + show_user: false + - name: include_fields + type: text + title: Include Fields + description: Comma separated list of fields to be included in the asset object in the response. + multi: true + required: false + show_user: false - name: max_executions type: integer title: Maximum Pages Per Interval diff --git a/packages/qualys_gav/manifest.yml b/packages/qualys_gav/manifest.yml index 798e82a7f10..ed781b07d97 100644 --- a/packages/qualys_gav/manifest.yml +++ b/packages/qualys_gav/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.2 name: qualys_gav title: Qualys Global AssetView -version: 0.4.1 +version: 0.5.0 description: Collect logs from Qualys Global AssetView with Elastic Agent. type: integration categories: From 22ce2663af94836eb1c6c1ab35cdd986b3ec78e8 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 14 Nov 2025 16:14:37 +0530 Subject: [PATCH 2/4] updated changelog --- packages/qualys_gav/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/qualys_gav/changelog.yml b/packages/qualys_gav/changelog.yml index 99110c5f08a..b24692b5523 100644 --- a/packages/qualys_gav/changelog.yml +++ b/packages/qualys_gav/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Added support for excluding and including fields in the asset object in the response. type: enhancement - link: https://github.com/elastic/integrations/pull/1111 + link: https://github.com/elastic/integrations/pull/15980 - version: "0.4.1" changes: - description: Refactor date processing for asset inventory list to use foreach processor. From c46c6ba1bb01e1c5e8f72a16b8c1d1deb28bffb2 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 14 Nov 2025 16:15:51 +0530 Subject: [PATCH 3/4] updated manifest --- packages/qualys_gav/data_stream/asset/manifest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/qualys_gav/data_stream/asset/manifest.yml b/packages/qualys_gav/data_stream/asset/manifest.yml index cb0eac3e9ac..2cc4e2940e4 100644 --- a/packages/qualys_gav/data_stream/asset/manifest.yml +++ b/packages/qualys_gav/data_stream/asset/manifest.yml @@ -27,14 +27,14 @@ streams: type: text title: Exclude Fields description: Comma separated list of fields to exclude from the asset object in the response. - multi: true + multi: false required: false show_user: false - name: include_fields type: text title: Include Fields description: Comma separated list of fields to be included in the asset object in the response. - multi: true + multi: false required: false show_user: false - name: max_executions From 855cefb3c80c18d9fd1c179c51b4f0e63f72c10a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Mon, 17 Nov 2025 15:46:36 +0530 Subject: [PATCH 4/4] added relevant system tests --- .../_dev/deploy/docker/files/config.yml | 877 ++++++++++++++++++ .../test-exclude-include-fields-config.yml | 15 + 2 files changed, 892 insertions(+) create mode 100644 packages/qualys_gav/data_stream/asset/_dev/test/system/test-exclude-include-fields-config.yml diff --git a/packages/qualys_gav/_dev/deploy/docker/files/config.yml b/packages/qualys_gav/_dev/deploy/docker/files/config.yml index 9689333381f..f6ebc569670 100644 --- a/packages/qualys_gav/_dev/deploy/docker/files/config.yml +++ b/packages/qualys_gav/_dev/deploy/docker/files/config.yml @@ -2093,3 +2093,880 @@ rules: } } `}} + - path: /rest/2.0/search/am/asset + methods: ['POST'] + query_params: + lastSeenAssetId: 0 + pageSize: 0 + exclude_fields: field1,field2,field3 + include_fields: field4,field5,field6 + request_headers: + Authorization: + - 'Bearer xxxx' + responses: + - status_code: 200 + body: | + {{ minify_json ` + { + "responseMessage": "Valid API Access", + "count": 2, + "responseCode": "SUCCESS", + "lastSeenAssetId": 67538043, + "hasMore": 0, + "assetListData": { + "asset": [ + { + "assetId": 67533741, + "assetUUID": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9", + "hostId": 1437386, + "lastModifiedDate": "2025-07-11T14:21:10.000Z", + "agentId": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9", + "createdDate": "2025-07-09T14:21:12.000Z", + "sensorLastUpdatedDate": "2025-07-11T14:21:10.000Z", + "assetType": "HOST", + "address": "216.160.83.56", + "dnsName": "test_dns", + "assetName": "test_asset", + "netbiosName": "test_bios", + "timeZone": "+05:30", + "biosDescription": "Test", + "lastBoot": "2025-07-09T14:21:12.000Z", + "totalMemory": 10, + "cpuCount": 0, + "lastLoggedOnUser": "test_user", + "domainRole": "Member Workstation", + "hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376", + "biosSerialNumber": "Test serial number", + "biosAssetTag": "Test asset tag", + "isContainerHost": false, + "operatingSystem": { + "osName": "Windows 10", + "fullName": "Microsoft Windows 10 Enterprise", + "category": "Operating System / Windows", + "category1": "Windows", + "category2": "Windows", + "productName": "Microsoft Windows 10 Enterprise", + "publisher": "test", + "edition": "Enterprise", + "marketVersion": "10.0.19042.1052", + "version": "10.0.19042.1052", + "update": "22.04 LTS 22.04.5 LTS", + "architecture": "x86", + "lifecycle": { + "gaDate": "2025-07-09T14:21:12.000Z", + "eolDate": "2025-07-09T14:21:12.000Z", + "eosDate": "2025-07-09T14:21:12.000Z", + "stage": "End-of-life", + "lifeCycleConfidence": "Exact", + "eolSupportStage": "End-of-life", + "eosSupportStage": "End-of-life", + "detectionScore": 100 + }, + "taxonomy": { + "id": "mock_taxonomy_id", + "name": "Mock taxonomy name", + "category1": "Mock category1", + "category2": "Mock category2" + }, + "productUrl": "https://mock_product_url.com", + "productFamily": "Mock product family", + "installDate": "2025-07-09T14:21:12.000Z", + "release": "Mock release", + "cpeId": "mock_cpe_id", + "cpe": "mock_cpe", + "cpeType": "Mock cpe type" + }, + "hardware": { + "fullName": "Mock hardware", + "category": "Mock category 1 / Mock category 2", + "category1": "Mock category 1", + "category2": "Mock category 2", + "manufacturer": "Mock manufacturer", + "productName": "Mock product name", + "model": "Mock model", + "lifecycle": { + "introDate": "2025-07-09T14:21:12.000Z", + "gaDate": "2025-07-09T14:21:12.000Z", + "eosDate": "2025-07-09T14:21:12.000Z", + "obsoleteDate": "2025-07-09T14:21:12.000Z", + "stage": "Not Applicable", + "lifeCycleConfidence": "Exact" + }, + "taxonomy": { + "id": "mock_hardware_taxonomy_id", + "name": "Mock hardware taxonomy name", + "category1": "Mock category 1", + "category2": "Mock category 2" + }, + "productUrl": "https://mock_product_url.com", + "productFamily": "Mock product family" + }, + "userAccountListData": { + "userAccount": [ + { + "name": "root" + }, + { + "name": "serviceuser" + }, + { + "name": "devuser" + } + ] + }, + "openPortListData": { + "openPort": [ + { + "port": 443, + "description": "http protocol over TLS/SSL", + "protocol": "TCP", + "detectedService": "HTTPs", + "firstFound": "2025-07-09T14:21:12.000Z", + "lastUpdated": "2025-07-09T14:21:12.000Z", + "authorization": "Mock authorization", + "detectionScore": 100, + "discoverySources": "EASM" + } + ] + }, + "volumeListData": { + "volume": [ + { + "name": "/", + "free": 34645118976, + "size": 48202350592 + } + ] + }, + "networkInterfaceListData": { + "networkInterface": [ + { + "hostname": "mock_hostname", + "addressIpV4": "81.2.69.142", + "addressIpV6": "::ffff:5102:458e", + "macAddress": "00:0c:29:15:6a:72", + "interfaceName": "mock_interface_name", + "dnsAddress": "mock_dns_address", + "gatewayAddress": "mock_geteaway_address", + "manufacturer": "Mock manufacturer", + "macVendorIntroDate": 946944000000, + "netmask": "mock_net_mask", + "addresses": "mock_Address" + } + ] + }, + "softwareListData": { + "software": [ + { + "id": 8464359598295418000, + "discoverySources": "EASM", + "fullName": "Apache HTTP Server", + "softwareType": "Application", + "isIgnored": false, + "ignoredReason": "Insufficient Information", + "category": "Network Application / Web Servers", + "category1": "Network Application", + "category2": "Web Servers", + "productName": "Apache HTTP Server", + "component": "Server", + "publisher": "Apache", + "edition": "Unknown", + "marketVersion": "Unknown", + "version": "2.4.7", + "update": "2021-10-25", + "architecture": "x86_64", + "installDate": "2021-10-25T14:21:12.000Z", + "installPath": "/usr/local/apache2", + "lastUpdated": "2021-10-25T14:21:12.000Z", + "lastUseDate": "2021-10-25T14:21:12.000Z", + "language": "C", + "formerlyKnownAs": "httpd", + "isPackage": false, + "isPackageComponent": false, + "packageName": null, + "productUrl": "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,", + "lifecycle": { + "gaDate": "2021-10-25T14:21:12.000Z", + "eolDate": "2021-10-25T14:21:12.000Z", + "eosDate": "2021-10-25T14:21:12.000Z", + "stage": "Not Applicable", + "lifeCycleConfidence": "Exact", + "eolSupportStage": "Mock eol support stage", + "eosSupportStage": "Mock eos support stage", + "detectionScore": 0 + }, + "supportStageDesc": "Mock support stage desc", + "license": { + "category": "Mock license category", + "subcategory": "Mock license subcategory" + }, + "authorization": "Mock authorization", + "discoveredPublisher": "Mock discovered publisher", + "discoveredName": "Mock discovered name", + "discoveredVersion": "mock_version", + "authorizationDetectionScore": 5, + "cpeId": "mock_cpe_id", + "cpe": "mock_cpe", + "cpeType": "Mock cpe type", + "softwareInstances": [ + { + "firstSeen": "2025-07-08T01:15:52.000Z", + "lastSeen": "2025-07-14T19:20:15.000Z", + "InstanceName": "DOCKER", + "PROC": " 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock", + "BIN_PATH": "/usr/bin/docker -H unix:///var/run/docker.sock", + "PRODUCT": "Docker", + "VERSION": "24.0.7", + "TECHNOLOGY": "Docker CE_EE", + "CONF_PATH": "/etc/docker/daemon.json" + } + ] + } + ] + }, + "softwareComponent": "Apache HTTP Server", + "provider": "AWS", + "cloudProvider": { + "aws": { + "ec2": { + "accountId": "1234", + "availabilityZone": "us-west-2a", + "hasAgent": true, + "hostname": "hostname_value", + "imageId": "imageId_value", + "instanceId": "instanceId_value", + "instanceState": "RUNNING", + "instanceType": "m4.large", + "qualysScanner": false, + "kernelId": null, + "launchdate": 1653386892000, + "privateDNS": "privateDNS_value", + "privateIpAddress": "10.0.0.1", + "publicDNS": null, + "publicIpAddress": "175.16.199.1", + "region": { + "code": "us-west-2", + "name": "US West (Oregon)" + }, + "spotInstance": false, + "subnetId": "subnetId_value", + "vpcId": "vpcId_value" + }, + "tags": [ + { + "key": "tags_key_1", + "value": "tags_value_1" + }, + { + "key": "tags_key_2", + "value": "tags_value_2" + } + ] + }, + "azure": null, + "gcp": null, + "oci": null, + "ibm": null, + "alibaba": null + }, + "agent": { + "version": "2.4.7", + "configurationProfile": "Apache HTTP Server", + "activations": [ + { + "key": "httpd", + "status": "ACTIVE" + } + ], + "connectedFrom": "216.160.83.56", + "lastActivity": 1752520814000, + "lastCheckedIn": 1752520814000, + "lastInventory": 1752520816000, + "udcManifestAssigned": false, + "errorStatus": false + }, + "sensor": { + "activatedForModules": [ + "mock_activated_module" + ], + "pendingActivationForModules": [ + "mock_pending_module" + ], + "lastVMScan": 0, + "lastComplianceScan": 0, + "lastFullScan": 0, + "lastVmScanDateScanner": 0, + "lastVmScanDateAgent": 0, + "lastPcScanDateScanner": 0, + "lastPcScanDateAgent": 0, + "firstEasmScanDate": 1752243670000, + "lastEasmScanDate": 1752243670000 + }, + "container": { + "product": "mock_product", + "version": "mock_version", + "noOfContainers": 5, + "noOfImages": 3, + "hasSensor": "temp_value" + }, + "inventory": { + "source": "EASM", + "created": 1752070872000, + "lastUpdated": 1752243670000 + }, + "inventory_list_data": { + "inventory": [ + { + "last_updated": "2025-11-04T08:08:04.000Z", + "created": "2024-01-12T03:40:12.000Z", + "source": "EASM" + } + ] + }, + "activity": { + "source": "EASM", + "lastScannedDate": 1752243670000 + }, + "tagList": { + "tag": [ + { + "tagId": 25971788, + "tagName": "Shodan", + "foregroundColor": 0, + "backgroundColor": 0, + "businessImpact": "mock_business_impact", + "criticalityScore": 3 + } + ] + }, + "serviceList": { + "service": [ + { + "description": "temp_Decp", + "name": "systemd-networkd.service", + "status": "loaded/active/running" + } + ] + }, + "lastLocation": { + "city": "New York", + "state": "California", + "country": "United States", + "name": "United States", + "continent": "North America", + "postal": "94040" + }, + "criticality": { + "score": 3, + "isDefault": false, + "lastUpdated": "2025-07-09T14:21:11.000Z" + }, + "businessInformation": { + "company": "Qualys", + "department": "Engineering", + "ownedBy": "Paul", + "environment": "QA", + "managedBy": "Amit", + "supportedBy": "Nick", + "supportGroup": "ABC_01", + "operationalStatus": "Blocked" + }, + "assignedLocation": { + "name": "4492 Camino De La Plaza, Pune,IN", + "city": "Pune", + "state": "MH", + "country": "IN" + }, + "businessAppListData": { + "businessApp": [ + { + "id": "BARCODE283904", + "name": "Quoting App", + "environment": "Production", + "businessCriticality": "2 - Less Critical", + "managedBy": "user", + "ownedBy": "ownerr", + "supportedBy": "sopporter", + "supportGroup": "SME Operations", + "operationalStatus": "Mended", + "status": "Installed", + "usedFor": "Production" + } + ] + }, + "riskScore": 0, + "domain": [ + "domain1", + "domain2" + ], + "subdomain": [ + "subdomain1", + "subdomain2" + ], + "missingSoftware": [ + "test1", + "test2", + "test3" + ], + "whois": [ + { + "domain": "test_domainr", + "createdDate": "2024-02-23T00:00:00.000Z", + "dnssec": "test", + "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited", + "registrantOrganization": "Domains By Proxy, LLC", + "registrantName": "1API GmbH", + "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com", + "registrantContact": "temp", + "registrar": "1API GmbH", + "registrantCountry": "UNITED STATES", + "expirationDate": "2026-02-23T00:00:00.000Z", + "updatedDate": "2025-07-13T00:00:00.000Z" + } + ], + "organizationName": [ + "mock" + ], + "isp": "test, Inc.", + "asn": "AS53831", + "easmTags": [ + "cloud", + "cdn" + ], + "hostingCategory1": "CDN", + "customAttributes": [ + { + "key": "Media State4", + "value": "Media disconnected", + "connectorName": "Qualys" + } + ], + "lparId": "mock_lpar_id", + "processor": { + "description": "Intel(R) Xeon(R) Gold 6430", + "speed": 3200, + "numCPUs": 4, + "noOfSocket": 2, + "threadsPerCore": 2, + "coresPerSocket": 2, + "multithreadingStatus": "test" + } + }, + { + "assetId": 67538043, + "assetUUID": "4cf3040a-82a5-46a1-b059-17372b051ec7", + "hostId": 1437387, + "lastModifiedDate": "2025-07-13T14:21:09.000Z", + "agentId": "4cf3040a-82a5-46a1-b059-17372b051ec7", + "createdDate": "2025-07-09T14:21:14.000Z", + "sensorLastUpdatedDate": "2025-07-13T14:21:09.000Z", + "assetType": "HOST", + "address": "175.16.199.0", + "dnsName": "test_dns_1", + "assetName": "test", + "netbiosName": "test_bios1", + "timeZone": "IST", + "biosDescription": "Mock bios description", + "lastBoot": "2025-07-01T00:00:00.000Z", + "totalMemory": 0, + "cpuCount": 8, + "lastLoggedOnUser": "test_user_1", + "domainRole": "Member Server", + "hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376", + "biosSerialNumber": "Test serial number_1", + "biosAssetTag": "Test asset tag_1", + "isContainerHost": false, + "operatingSystem": { + "osName": "Mock OS", + "fullName": "Mock OS", + "category": "Operating System / Windows", + "category1": "UBuntu", + "category2": "Windows", + "productName": "Mock OS", + "publisher": "Mock Publisher", + "edition": "Mock Edition", + "marketVersion": "Mock version", + "version": "1.0.0", + "update": "Mock update", + "architecture": "Mock architecture", + "lifecycle": { + "gaDate": "2022-01-01T00:00:00.000Z", + "eolDate": "2025-01-01T00:00:00.000Z", + "eosDate": "2030-01-01T00:00:00.000Z", + "stage": "End-of-Sale", + "lifeCycleConfidence": "Approximate", + "eolSupportStage": "End-of-Sale", + "eosSupportStage": "End-of-Life", + "detectionScore": 50 + }, + "taxonomy": { + "id": "mock_taxonomy_id_1", + "name": "Mock taxonomy test name", + "category1": "Mock category1 test", + "category2": "Mock category2 test" + }, + "productUrl": "https://example.com", + "productFamily": "Mock product family", + "installDate": "2025-07-09T14:21:12.000Z", + "release": "Mock release 1", + "cpeId": "mock_cpe_id_3", + "cpe": "mock_cp_6", + "cpeType": "Mock test cpe type" + }, + "hardware": { + "fullName": "Mock test full name", + "category": "Mock test category 1 / Mock test category 2", + "category1": "Mock test category 1", + "category2": "Mock test category 2", + "manufacturer": "Mock test manufacturer", + "productName": "Mock test product name", + "model": "Mock test model", + "lifecycle": { + "introDate": "2025-07-09T14:21:12.000Z", + "gaDate": "2025-07-09T14:21:12.000Z", + "eosDate": "2025-07-09T14:21:12.000Z", + "obsoleteDate": "2025-07-09T14:21:12.000Z", + "stage": "Not Applicable", + "lifeCycleConfidence": "Exact" + }, + "taxonomy": { + "id": "mock_hardware_taxonomy_id", + "name": "Mock test hardware taxonomy name", + "category1": "Mock test category 1", + "category2": "Mock test category 2" + }, + "productUrl": "https://example.com", + "productFamily": "Mock test product family" + }, + "userAccountListData": { + "userAccount": [ + { + "name": "root" + }, + { + "name": "serviceuser" + }, + { + "name": "devuser" + } + ] + }, + "openPortListData": { + "openPort": [ + { + "port": 443, + "description": "http protocol over TLS/SSL", + "protocol": "TCP", + "detectedService": "HTTPs", + "firstFound": "2025-07-09T14:21:14.000Z", + "lastUpdated": "2025-07-09T14:21:14.000Z", + "authorization": "Mock test authorization", + "detectionScore": 1, + "discoverySources": "EASM" + } + ] + }, + "volumeListData": { + "volume": [ + { + "name": "/run/lock", + "free": 5242880, + "size": 5242880 + } + ] + }, + "networkInterfaceListData": { + "networkInterface": [ + { + "hostname": "mock_hostname", + "addressIpV4": "81.2.69.144", + "addressIpV6": "::ffff:5102:4590", + "macAddress": "mock_mac_address", + "interfaceName": "mock_interface_name", + "dnsAddress": "mock_dns_address", + "gatewayAddress": "mock_gateway_address", + "manufacturer": "mock_manufacturer", + "macVendorIntroDate": 946944000000, + "netmask": "mock_net_mask", + "addresses": "mock_Addresses" + } + ] + }, + "softwareListData": { + "software": [ + { + "id": 2727678485371137000, + "discoverySources": "EASM", + "fullName": "Squarespace Commerce", + "softwareType": "Unknown", + "isIgnored": true, + "ignoredReason": "Unknown", + "category": "Unknown / Unknown", + "category1": "Unknown", + "category2": "Unknown", + "productName": "Unknown", + "component": "mock_component", + "publisher": "Unknown", + "edition": "mock_edition", + "marketVersion": "mock_market_version", + "version": "mock_version", + "update": "mock_update", + "architecture": "mock_architecture", + "installDate": "2021-10-25T14:21:11.000Z", + "installPath": "mock_install_path", + "lastUpdated": "2021-10-25T14:21:12.000Z", + "lastUseDate": "2021-10-25T14:21:13.000Z", + "language": "mock_language", + "formerlyKnownAs": "mock_formerly_known_as", + "isPackage": false, + "isPackageComponent": false, + "packageName": "mock_package_name", + "productUrl": "mock_product_url", + "lifecycle": { + "gaDate": "2021-10-25T14:21:12.000Z", + "eolDate": "2021-10-25T14:21:12.000Z", + "eosDate": "2021-10-25T14:21:12.000Z", + "stage": "Unknown", + "lifeCycleConfidence": "Mock life cycle confidence", + "eolSupportStage": "Mock eol support stage", + "eosSupportStage": "Mock eos support stage", + "detectionScore": 3 + }, + "supportStageDesc": "Mock support stage desc", + "license": { + "category": "Mock license category", + "subcategory": "Mock license subcategory" + }, + "authorization": "Mock authorization", + "discoveredPublisher": "Mock discovered publisher", + "discoveredName": "Squarespace Commerce", + "discoveredVersion": "mock_version", + "authorizationDetectionScore": 5, + "cpeId": "mock_cpe_id", + "cpe": "mock_cpe", + "cpeType": "Mock cpe type", + "softwareInstances": [ + { + "firstSeen": "2025-06-01T01:00:00.000Z", + "lastSeen": "2025-06-15T01:00:00.000Z", + "InstanceName": "mock_instance_name", + "PROC": "/usr/bin/java -jar /opt/jetty/start.jar", + "BIN_PATH": "/usr/bin/java", + "PRODUCT": "Apache Jetty", + "VERSION": "11.0.9", + "TECHNOLOGY": "Java", + "CONF_PATH": "/opt/jetty/etc/jetty.xml" + } + ] + } + ] + }, + "softwareComponent": "mock_software_component", + "provider": "GCP", + "cloudProvider": { + "aws": null, + "azure": null, + "gcp": { + "compute": { + "hostname": "hostname_value", + "instanceId": "instanceId_value", + "macAddress": "00:11:22:33:44:55", + "machineType": "e2-standard-4", + "network": "network_value", + "privateIpAddress": "175.16.199.1", + "projectId": "projectId_value", + "projectNumber": "123456789012", + "publicIpAddress": "34.0.0.1", + "zone": "us-central1-a", + "state": "RUNNING", + "imageId": "projects/debian-cloud/global/images/debian-11-bullseye-v20221206" + }, + "tags": [ + { + "key": "tags_key_1", + "value": "tags_value_1" + }, + { + "key": "tags_key_2", + "value": "tags_value_2" + } + ] + }, + "oci": null, + "ibm": null, + "alibaba": null + }, + "agent": { + "version": "mock_agent_version", + "configurationProfile": "mock_agent_configuration_profile", + "activations": null, + "connectedFrom": "81.2.69.192", + "lastActivity": 0, + "lastCheckedIn": 0, + "lastInventory": 0, + "udcManifestAssigned": false, + "errorStatus": false + }, + "sensor": { + "activatedForModules": [ + "VM", + "PC" + ], + "pendingActivationForModules": [ + "VULN", + "COMPLIANCE" + ], + "lastVMScan": 0, + "lastComplianceScan": 0, + "lastFullScan": 0, + "lastVmScanDateScanner": 0, + "lastVmScanDateAgent": 0, + "lastPcScanDateScanner": 0, + "lastPcScanDateAgent": 0, + "firstEasmScanDate": 1752416469000, + "lastEasmScanDate": 1752416469000 + }, + "container": { + "product": "mock_product", + "version": "mock_version", + "noOfContainers": 10, + "noOfImages": 5, + "hasSensor": "temp_values" + }, + "inventory": { + "source": "EASM", + "created": 1752070874000, + "lastUpdated": 1752416469000 + }, + "activity": { + "source": "EASM", + "lastScannedDate": 1752416469000 + }, + "tagList": { + "tag": [ + { + "tagId": 25971788, + "tagName": "Shodan", + "foregroundColor": 0, + "backgroundColor": 0, + "businessImpact": "Mock business impact", + "criticalityScore": 8 + } + ] + }, + "serviceList": { + "service": [ + { + "description": "mock_description", + "name": "systemd-journal-flush.service", + "status": "loaded/active/exited" + } + ] + }, + "lastLocation": { + "city": "New York", + "state": "California", + "country": "United States", + "name": "United States", + "continent": "North America", + "postal": "94041" + }, + "criticality": { + "score": 3, + "isDefault": false, + "lastUpdated": "2025-07-09T14:21:13.000Z" + }, + "businessInformation": { + "company": "Qualys", + "department": "Engineering", + "ownedBy": "Paul", + "environment": "QA", + "managedBy": "Amit", + "supportedBy": "Nick", + "supportGroup": "ABC_01", + "operationalStatus": "Blocked" + }, + "assignedLocation": { + "name": "4492 Camino De La Plaza, Pune,IN", + "city": "Pune", + "state": "MH", + "country": "IN" + }, + "businessAppListData": { + "businessApp": [ + { + "id": "BARCODE283904", + "name": "Quoting App", + "environment": "Production", + "businessCriticality": "2 - Less Critical", + "managedBy": "user", + "ownedBy": "ownerr", + "supportedBy": "sopporter", + "supportGroup": "SME Operations", + "operationalStatus": "Mended", + "status": "Installed", + "usedFor": "Production" + } + ] + }, + "riskScore": 0, + "domain": [ + "domain1", + "domain2" + ], + "subdomain": [ + "subdomain1", + "subdomain2" + ], + "missingSoftware": [ + "test1", + "test2", + "test3" + ], + "whois": [ + { + "domain": "test_domainr", + "createdDate": "2024-02-23T00:00:00.000Z", + "dnssec": "test", + "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited", + "registrantOrganization": "Domains By Proxy, LLC", + "registrantName": "1API GmbH", + "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com", + "registrantContact": "temp", + "registrar": "1API GmbH", + "registrantCountry": "UNITED STATES", + "expirationDate": "2026-02-23T00:00:00.000Z", + "updatedDate": "2025-07-13T00:00:00.000Z" + } + ], + "organizationName": [ + "mock_organization_name" + ], + "isp": "test, Inc.", + "asn": "AS53831", + "easmTags": [ + "test" + ], + "hostingCategory1": "ThirdParty", + "customAttributes": [ + { + "key": "Media State4", + "value": "Media disconnected", + "connectorName": "Qualys" + } + ], + "lparId": "mock_lpar_id", + "processor": { + "description": "Intel(R) Xeon(R) Gold 6430", + "speed": 3200, + "numCPUs": 4, + "noOfSocket": 2, + "threadsPerCore": 2, + "coresPerSocket": 2, + "multithreadingStatus": "test" + } + } + ] + } + } + `}} \ No newline at end of file diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/system/test-exclude-include-fields-config.yml b/packages/qualys_gav/data_stream/asset/_dev/test/system/test-exclude-include-fields-config.yml new file mode 100644 index 00000000000..7d41a7f3b47 --- /dev/null +++ b/packages/qualys_gav/data_stream/asset/_dev/test/system/test-exclude-include-fields-config.yml @@ -0,0 +1,15 @@ +input: cel +service: qualys_gav +vars: + url: http://{{Hostname}}:{{Port}} + username: xxxx + password: xxxx +data_stream: + vars: + preserve_original_event: true + preserve_duplicate_custom_fields: true + batch_size: 0 + exclude_fields: field1,field2,field3 + include_fields: field4,field5,field6 +assert: + hit_count: 2