[Tenable IO] Add scanner dataset to experimental Tenable IO Integration

[MakoWish]

Type of Change

• Enhancement

What does this PR do?

This PR adds scanner and scan datasets to the Tenable.io Integration

List Scanners API Documentation
List Scans API Documentation

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-05-12T01:47:25.046+0000

• Duration: 16 min 57 sec

Test stats 🧪

Test	Results
Failed	0
Passed	30
Skipped	0
Total	30

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[efd6]

Can you provide a link to the API docs for the data set in the PR description?

[efd6]

/test

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (5/5)	💚
Files	100.0% (5/5)	💚 6.25
Classes	100.0% (5/5)	💚 6.25
Methods	96.774% (60/62)	👍 13.729
Lines	91.697% (2286/2493)	👍 5.771
Conditionals	100.0% (0/0)	💚

[MakoWish]

Going to add a dataset for scan to the same branch, so please continue to make any suggestions, and I will be sure to apply them to the scan dataset as well.

[MakoWish]

Aside from the above question, should be good. Let me know what you think on that one.

Eric

[efd6]

Scans instead of Scan?

[efd6]

Same here.

[efd6]

Suggested change

	- description: Added dataset for scanner and scan logs.
	- description: Added dataset for scanner and scans logs.

[efd6]

Rename to match scans.

[efd6]

/test

[MakoWish]

I also had a question on the three existing datasets. Each of them are using the fingerprint processor in the Ingest Pipeline, but as far as I am aware, Data Streams cannot update existing documents; only create new documents. Can you think of a reason for using the fingerprint processor on those datasets?

[MakoWish]

@efd6,

If you think this will get merged soon, I will hold off for now to prevent conflicts with the changelog and manifest, but I just opened #6147 for the fingerprint issue. The way it currently sits, any updates to existing objects in Tenable will not be reflected in Elastic, because the updated record will fail to ingest. This is pretty much creating static/non-updatable content. New assets, plugins, or vulnerabilities will be ingested, but changes to existing objects will never be reflected in Elastic.

[efd6]

I'm OK with the naming you have now given what already exists. You are right to open an issue for fongerprinting, it needs to have some thought and be handled separately from this.

[efd6]

There looks to be an issue with the dashboards. Can you investigate or show screenshots with the relevant panels showing data and no errors?

[MakoWish]

Hi @efd6,

Sure thing! Here are some screenshots (hiding details from our production Tenable):

[Logs Tenable IO] Scan

[Logs Tenable IO] Scanner

[efd6]

/test

[efd6]

Thanks

[elasticmachine]

Package tenable_io - 0.6.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io