New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tenable IO] Add scanner
dataset to experimental Tenable IO Integration
#6113
Conversation
…/integrations into tenable_io_add_datasets
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you provide a link to the API docs for the data set in the PR description?
packages/tenable_io/data_stream/scanner/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/tenable_io/data_stream/scanner/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
/test |
🌐 Coverage report
|
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Going to add a dataset for |
…/integrations into tenable_io_add_datasets
…/integrations into tenable_io_add_datasets
Aside from the above question, should be good. Let me know what you think on that one. Eric |
@@ -18,6 +18,8 @@ The Tenable.io integration collects logs for three types of events: Asset, Plugi | |||
|
|||
**Scanner** is used to retrieve the current state of scanners, including licensing and activity. See more details in the API documentation [here](https://developer.tenable.com/reference/scanners-list). | |||
|
|||
**Scan** is used to retrieve details about existing scans, including scan statuses, assigned targets, and more. See more details in the API documentation [here](https://developer.tenable.com/reference/scans-list). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Scans instead of Scan?
### scan | ||
|
||
This is the `scan` dataset. | ||
|
||
#### Example | ||
|
||
{{event "scan"}} | ||
|
||
{{fields "scan"}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
packages/tenable_io/changelog.yml
Outdated
@@ -1,4 +1,9 @@ | |||
# newer versions go on top | |||
- version: "0.5.0" | |||
changes: | |||
- description: Added dataset for scanner and scan logs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- description: Added dataset for scanner and scan logs. | |
- description: Added dataset for scanner and scans logs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename to match scans.
/test |
I also had a question on the three existing datasets. Each of them are using the |
If you think this will get merged soon, I will hold off for now to prevent conflicts with the changelog and manifest, but I just opened #6147 for the fingerprint issue. The way it currently sits, any updates to existing objects in Tenable will not be reflected in Elastic, because the updated record will fail to ingest. This is pretty much creating static/non-updatable content. New assets, plugins, or vulnerabilities will be ingested, but changes to existing objects will never be reflected in Elastic. |
I'm OK with the naming you have now given what already exists. You are right to open an issue for fongerprinting, it needs to have some thought and be handled separately from this. |
Hi @efd6, Sure thing! Here are some screenshots (hiding details from our production Tenable):
|
…/integrations into tenable_io_add_datasets
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
Package tenable_io - 0.6.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io |
Type of Change
What does this PR do?
This PR adds
scanner
andscan
datasets to the Tenable.io IntegrationList Scanners API Documentation
List Scans API Documentation
Checklist
changelog.yml
file.