Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tenable_io] Update Interval and Initial Interval of Asset, Vulnerability and Plugin Data Stream for Tenable IO #8144

Merged
merged 3 commits into from Oct 13, 2023
Merged

[tenable_io] Update Interval and Initial Interval of Asset, Vulnerability and Plugin Data Stream for Tenable IO #8144

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7013665
Change interval and initial interval of asset, vulnerability and plug…
mohitjha-elastic Oct 10, 2023
87fe79c
Update the changelog entry
mohitjha-elastic Oct 10, 2023
618d9d8
Update the changelog version from 2.3.1 to 2.4.0
mohitjha-elastic Oct 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/tenable_io/changelog.yml
View file
Open in desktop
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.3.1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- version: "2.3.1"
- version: "2.4.0"

Since it is an enhancement and not a fix.

changes:
- description: Update interval and initial interval for asset, vulnerability and plugin data stream.
type: enhancement
link: https://github.com/elastic/integrations/pull/8144
- version: 2.3.0
changes:
- description: ECS version updated to 8.10.0.
Expand Down
6 changes: 3 additions & 3 deletions packages/tenable_io/data_stream/asset/agent/stream/httpjson.yml.hbs
View file
Open in desktop
Expand Up @@ -22,7 +22,7 @@ request.transforms:
# Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
# NOTE: The "Build" version must be kept in sync with this package's version.
target: header.User-Agent
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/0.6.1)"]]'
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/2.3.1)"]]'
- set:
target: header.X-ApiKeys
value: 'accessKey={{access_key}}; secretKey={{secret_key}};'
Expand Down Expand Up @@ -59,7 +59,7 @@ chain:
# Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
# NOTE: The "Build" version must be kept in sync with this package's version.
target: header.User-Agent
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/0.6.1)"]]'
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/2.3.1)"]]'
- set:
target: header.X-ApiKeys
value: 'accessKey={{access_key}}; secretKey={{secret_key}};'
Expand All @@ -84,7 +84,7 @@ chain:
# Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
# NOTE: The "Build" version must be kept in sync with this package's version.
target: header.User-Agent
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/0.6.1)"]]'
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/2.3.1)"]]'
- set:
target: header.X-ApiKeys
value: 'accessKey={{access_key}}; secretKey={{secret_key}};'
Expand Down
4 changes: 2 additions & 2 deletions packages/tenable_io/data_stream/asset/manifest.yml
View file
Open in desktop
Expand Up @@ -10,7 +10,7 @@ streams:
type: text
title: Interval
description: "Duration between requests to the Tenable Vulnerability Management. NOTE: Supported units for this parameter are h/m/s."
default: 1h
default: 24h
multi: false
required: true
show_user: true
Expand All @@ -21,7 +21,7 @@ streams:
multi: false
required: true
show_user: true
default: 24h
default: 720h
- name: retry_wait_min
type: text
title: Minimum Wait Time
Expand Down
10 changes: 5 additions & 5 deletions packages/tenable_io/data_stream/asset/sample_event.json
View file
Open in desktop
@@ -1,8 +1,8 @@
{
"@timestamp": "2018-12-31T22:27:58.599Z",
"agent": {
"ephemeral_id": "c972edb3-4f26-46c6-b0b6-97b095789342",
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"ephemeral_id": "0a36656c-ec16-48b9-9bec-807010cfc59d",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
Expand All @@ -25,7 +25,7 @@
"version": "8.10.0"
},
"elastic_agent": {
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"snapshot": false,
"version": "8.7.1"
},
Expand All @@ -34,9 +34,9 @@
"category": [
"host"
],
"created": "2023-09-12T08:47:10.442Z",
"created": "2023-10-04T07:01:57.013Z",
"dataset": "tenable_io.asset",
"ingested": "2023-09-12T08:47:11Z",
"ingested": "2023-10-04T07:02:00Z",
"kind": "state",
"original": "{\"acr_score\":\"3\",\"agent_names\":[],\"agent_uuid\":\"22\",\"aws_availability_zone\":null,\"aws_ec2_instance_ami_id\":\"12\",\"aws_ec2_instance_group_name\":null,\"aws_ec2_instance_id\":\"12\",\"aws_ec2_instance_state_name\":null,\"aws_ec2_instance_type\":null,\"aws_ec2_name\":null,\"aws_ec2_product_code\":null,\"aws_owner_id\":\"44\",\"aws_region\":null,\"aws_subnet_id\":null,\"aws_vpc_id\":null,\"azure_resource_id\":\"12\",\"azure_vm_id\":\"12\",\"bigfix_asset_id\":null,\"bios_uuid\":\"33\",\"created_at\":\"2017-12-31T20:40:44.535Z\",\"deleted_at\":\"2017-12-31T20:40:44.535Z\",\"deleted_by\":\"user\",\"exposure_score\":\"721\",\"first_scan_time\":\"2017-12-31T20:40:23.447Z\",\"first_seen\":\"2017-12-31T20:40:23.447Z\",\"fqdns\":[\"example.com\"],\"gcp_instance_id\":\"12\",\"gcp_project_id\":\"12\",\"gcp_zone\":\"12\",\"has_agent\":false,\"has_plugin_results\":true,\"hostnames\":[],\"id\":\"95c2725c-7298-4a44-8a1d-63131ca3f01f\",\"installed_software\":[\"cpe:/a:test:xyz:12.8\",\"cpe:/a:test:abc:7.7.3\",\"cpe:/a:test:pqr:6.9\",\"cpe:/a:test:xyz\"],\"ipv4s\":[\"89.160.20.112\"],\"ipv6s\":[],\"last_authenticated_scan_date\":\"2017-12-31T20:40:44.535Z\",\"last_licensed_scan_date\":\"2018-12-31T22:27:52.869Z\",\"last_scan_id\":\"00283024-afee-44ea-b467-db5a6ed9fd50ab8f7ecb158c480e\",\"last_scan_time\":\"2018-03-31T22:27:52.869Z\",\"last_schedule_id\":\"72284901-7c68-42b2-a0c4-c1e75568849df60557ee0e264228\",\"last_seen\":\"2018-12-31T22:27:52.869Z\",\"mac_addresses\":[],\"manufacturer_tpm_ids\":[],\"mcafee_epo_agent_guid\":null,\"mcafee_epo_guid\":null,\"netbios_names\":[],\"network_interfaces\":[{\"fqdns\":[\"example.com\"],\"ipv4s\":[\"89.160.20.112\",\"81.2.69.144\"],\"ipv6s\":[\"2a02:cf40::\"],\"mac_addresses\":[\"00-00-5E-00-53-00\",\"00-00-5E-00-53-FF\"],\"name\":\"test.0.1234\"}],\"operating_systems\":[],\"qualys_asset_ids\":[],\"qualys_host_ids\":[],\"servicenow_sysid\":null,\"sources\":[{\"first_seen\":\"2017-12-31T20:40:23.447Z\",\"last_seen\":\"2018-12-31T22:27:52.869Z\",\"name\":\"TEST_SCAN\"}],\"ssh_fingerprints\":[],\"symantec_ep_hardware_keys\":[],\"system_types\":[],\"tags\":[{\"added_at\":\"2018-12-31T14:53:13.817Z\",\"added_by\":\"ac2e7ef6-fac9-47bf-9170-617331322885\",\"key\":\"Geographic Area\",\"uuid\":\"47e7f5f6-1013-4401-a705-479bfadc7826\",\"value\":\"APAC\"}],\"terminated_at\":\"2017-12-31T20:40:44.535Z\",\"terminated_by\":\"user\",\"updated_at\":\"2018-12-31T22:27:58.599Z\"}",
"type": [
Expand Down
4 changes: 2 additions & 2 deletions packages/tenable_io/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json
View file
Open in desktop
Expand Up @@ -144,7 +144,7 @@
},
"event": {
"kind": "state",
"original": "{\"id\":32,\"name\":\"Test S7-300 Series PLC CPU Firmware \u003c= 3.2.11 DoS\",\"attributes\":{\"intel_type\":\"SENSOR\",\"synopsis\":\"A Test S7-300 programmable logic controller (PLC) has been detected which is vulnerable to a Denial of Service (DoS) attack vector.\",\"description\":\"Test S7-300 PLC central processing units (CPUs) contain an unspecified flaw that may allow a remote attacker to use a specially crafted packet to cause the device to enter defect mode until a cold restart is performed.\",\"solution\":\"Upgrade the firmware to version 3.2.12 or later.\",\"see_also\":[],\"plugin_publication_date\":\"2019-05-21T00:00:00Z\",\"vuln_publication_date\":\"2016-06-08T00:00:00Z\",\"patch_publication_date\":\"2016-06-08T00:00:00Z\",\"has_patch\":true,\"exploit_available\":false,\"risk_factor\":\"HIGH\",\"plugin_modification_date\":\"2019-09-30T00:00:00Z\",\"always_run\":false,\"compliance\":false,\"cvss_vector\":{\"raw\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"AccessVector\":\"Network\",\"AccessComplexity\":\"Low\",\"Authentication\":\"None required\",\"Confidentiality-Impact\":\"None\",\"Integrity-Impact\":\"None\",\"Availability-Impact\":\"Complete\"},\"cvss_temporal_vector\":{\"raw\":\"E:U/RL:OF/RC:C\",\"Exploitability\":\"Unproven\",\"RemediationLevel\":\"Official Fix\",\"ReportConfidence\":\"Confirmed\"},\"cvss_temporal_score\":5.8,\"cvss3_vector\":{\"raw\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"AttackVector\":\"Network\",\"AttackComplexity\":\"Low\",\"PrivilegesRequired\":\"None\",\"UserInteraction\":\"None\",\"Scope\":\"Unchanged\",\"Confidentiality-Impact\":\"None\",\"Integrity-Impact\":\"None\",\"Availability-Impact\":\"High\"},\"cvss3_temporal_vector\":{\"raw\":\"E:U/RL:O/RC:C\",\"ExploitCodeMaturity\":\"Unproven\",\"RemediationLevel\":\"Official Fix\",\"ReportConfidence\":\"Confirmed\"},\"cvss3_temporal_score\":6.5,\"cvss3_base_score\":7.5,\"cve\":[\"CVE-2016-3949\"],\"bid\":[91133,23432,234234,235],\"xref\":[],\"xrefs\":[],\"vpr\":{\"score\":3.6,\"drivers\":{\"age_of_vuln\":{\"lower_bound\":731},\"exploit_code_maturity\":\"UNPROVEN\",\"cvss_impact_score_predicted\":false,\"threat_intensity_last28\":\"VERY_LOW\",\"threat_sources_last28\":[\"No recorded events\"],\"product_coverage\":\"LOW\"},\"updated\":\"2021-02-07T05:31:54Z\"}}}",
"original": "{\"id\":32,\"name\":\"Test S7-300 Series PLC CPU Firmware <= 3.2.11 DoS\",\"attributes\":{\"intel_type\":\"SENSOR\",\"synopsis\":\"A Test S7-300 programmable logic controller (PLC) has been detected which is vulnerable to a Denial of Service (DoS) attack vector.\",\"description\":\"Test S7-300 PLC central processing units (CPUs) contain an unspecified flaw that may allow a remote attacker to use a specially crafted packet to cause the device to enter defect mode until a cold restart is performed.\",\"solution\":\"Upgrade the firmware to version 3.2.12 or later.\",\"see_also\":[],\"plugin_publication_date\":\"2019-05-21T00:00:00Z\",\"vuln_publication_date\":\"2016-06-08T00:00:00Z\",\"patch_publication_date\":\"2016-06-08T00:00:00Z\",\"has_patch\":true,\"exploit_available\":false,\"risk_factor\":\"HIGH\",\"plugin_modification_date\":\"2019-09-30T00:00:00Z\",\"always_run\":false,\"compliance\":false,\"cvss_vector\":{\"raw\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"AccessVector\":\"Network\",\"AccessComplexity\":\"Low\",\"Authentication\":\"None required\",\"Confidentiality-Impact\":\"None\",\"Integrity-Impact\":\"None\",\"Availability-Impact\":\"Complete\"},\"cvss_temporal_vector\":{\"raw\":\"E:U/RL:OF/RC:C\",\"Exploitability\":\"Unproven\",\"RemediationLevel\":\"Official Fix\",\"ReportConfidence\":\"Confirmed\"},\"cvss_temporal_score\":5.8,\"cvss3_vector\":{\"raw\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"AttackVector\":\"Network\",\"AttackComplexity\":\"Low\",\"PrivilegesRequired\":\"None\",\"UserInteraction\":\"None\",\"Scope\":\"Unchanged\",\"Confidentiality-Impact\":\"None\",\"Integrity-Impact\":\"None\",\"Availability-Impact\":\"High\"},\"cvss3_temporal_vector\":{\"raw\":\"E:U/RL:O/RC:C\",\"ExploitCodeMaturity\":\"Unproven\",\"RemediationLevel\":\"Official Fix\",\"ReportConfidence\":\"Confirmed\"},\"cvss3_temporal_score\":6.5,\"cvss3_base_score\":7.5,\"cve\":[\"CVE-2016-3949\"],\"bid\":[91133,23432,234234,235],\"xref\":[],\"xrefs\":[],\"vpr\":{\"score\":3.6,\"drivers\":{\"age_of_vuln\":{\"lower_bound\":731},\"exploit_code_maturity\":\"UNPROVEN\",\"cvss_impact_score_predicted\":false,\"threat_intensity_last28\":\"VERY_LOW\",\"threat_sources_last28\":[\"No recorded events\"],\"product_coverage\":\"LOW\"},\"updated\":\"2021-02-07T05:31:54Z\"}}}",
"type": [
"info"
]
Expand Down Expand Up @@ -245,7 +245,7 @@
"vuln_publication_date": "2016-06-08T00:00:00.000Z"
},
"id": "32",
"name": "Test S7-300 Series PLC CPU Firmware \u003c= 3.2.11 DoS"
"name": "Test S7-300 Series PLC CPU Firmware <= 3.2.11 DoS"
}
},
"vulnerability": {
Expand Down
4 changes: 2 additions & 2 deletions packages/tenable_io/data_stream/plugin/agent/stream/httpjson.yml.hbs
View file
Open in desktop
Expand Up @@ -21,7 +21,7 @@ request.transforms:
# Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
# NOTE: The "Build" version must be kept in sync with this package's version.
target: header.User-Agent
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/0.6.1)"]]'
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/2.3.1)"]]'
- set:
target: header.X-ApiKeys
value: 'accessKey={{access_key}}; secretKey={{secret_key}};'
Expand All @@ -34,7 +34,7 @@ request.transforms:
- set:
target: url.params.last_updated
value: '[[.cursor.last_event_timestamp]]'
default: '[[formatDate (now (parseDuration (sprintf "-%dh" (mul {{initial_interval}} 24)))) "2006-01-02"]]'
default: '1970-01-01'
response.pagination:
- set:
target: url.params.last_updated
Expand Down
8 changes: 0 additions & 8 deletions packages/tenable_io/data_stream/plugin/manifest.yml
View file
Open in desktop
Expand Up @@ -14,14 +14,6 @@ streams:
multi: false
required: true
show_user: true
- name: initial_interval
type: integer
title: Initial Interval
description: "How far back to pull the plugin data from Tenable Vulnerability Management. NOTE: Provide the number of days in positive integer value only. e.g. 5"
multi: false
required: true
show_user: true
default: 7
- name: batch_size
type: integer
title: Size
Expand Down
10 changes: 5 additions & 5 deletions packages/tenable_io/data_stream/plugin/sample_event.json
View file
Open in desktop
@@ -1,8 +1,8 @@
{
"@timestamp": "2018-07-19T00:00:00.000Z",
"agent": {
"ephemeral_id": "c972edb3-4f26-46c6-b0b6-97b095789342",
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"ephemeral_id": "c773a1f3-b256-46c0-8b0f-d59137734081",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
Expand All @@ -16,15 +16,15 @@
"version": "8.10.0"
},
"elastic_agent": {
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"snapshot": false,
"version": "8.7.1"
},
"event": {
"agent_id_status": "verified",
"created": "2023-09-12T08:47:48.515Z",
"created": "2023-10-04T07:02:44.312Z",
"dataset": "tenable_io.plugin",
"ingested": "2023-09-12T08:47:49Z",
"ingested": "2023-10-04T07:02:48Z",
"kind": "state",
"original": "{\"attributes\":{\"cpe\":[\"p-cpe:/a:fedoraproject:fedora:kernel-source\",\"cpe:/o:fedoraproject:fedora_core:1\",\"p-cpe:/a:fedoraproject:fedora:kernel-BOOT\",\"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo\",\"p-cpe:/a:fedoraproject:fedora:kernel\",\"p-cpe:/a:fedoraproject:fedora:kernel-doc\",\"p-cpe:/a:fedoraproject:fedora:kernel-smp\"],\"cve\":[\"CVE-2003-0984\"],\"cvss3_base_score\":0,\"cvss3_temporal_score\":0,\"cvss_base_score\":4.6,\"cvss_temporal_score\":0,\"cvss_vector\":{\"AccessComplexity\":\"Low\",\"AccessVector\":\"Local-access\",\"Authentication\":\"None required\",\"Availability-Impact\":\"Partial\",\"Confidentiality-Impact\":\"Partial\",\"Integrity-Impact\":\"Partial\",\"raw\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\"},\"default_account\":false,\"description\":\"Various RTC drivers had the potential to leak...\",\"exploit_available\":false,\"exploit_framework_canvas\":false,\"exploit_framework_core\":false,\"exploit_framework_d2_elliot\":false,\"exploit_framework_exploithub\":false,\"exploit_framework_metasploit\":false,\"exploited_by_malware\":false,\"exploited_by_nessus\":false,\"has_patch\":true,\"in_the_news\":false,\"malware\":false,\"patch_publication_date\":\"2004-01-07T00:00:00Z\",\"plugin_modification_date\":\"2018-07-19T00:00:00Z\",\"plugin_publication_date\":\"2004-07-23T00:00:00Z\",\"plugin_type\":\"local\",\"plugin_version\":\"1.17\",\"risk_factor\":\"Medium\",\"see_also\":[\"http://example.com/u?07bc9e7f\"],\"solution\":\"Update the affected packages.\",\"synopsis\":\"The remote Fedora Core host is missing a security update.\",\"unsupported_by_vendor\":false,\"vpr\":{\"drivers\":{\"age_of_vuln\":{\"lower_bound\":366,\"upper_bound\":730},\"cvss3_impact_score\":5.9,\"cvss_impact_score_predicted\":false,\"exploit_code_maturity\":\"UNPROVEN\",\"product_coverage\":\"LOW\",\"threat_intensity_last28\":\"VERY_LOW\",\"threat_recency\":{\"lower_bound\":366,\"upper_bound\":730},\"threat_sources_last28\":[\"No recorded events\"]},\"score\":5.5,\"updated\":\"2018-07-19T00:00:00Z\"},\"xref\":[\"FEDORA:2003-047\"],\"xrefs\":[{\"id\":\"2003-047\",\"type\":\"FEDORA\"}]},\"id\":13670,\"name\":\"Fedora Core 1 : kernel-2.4.22-1.2140.nptl (2003-047)\"}",
"type": [
Expand Down
2 changes: 1 addition & 1 deletion packages/tenable_io/data_stream/scan/agent/stream/httpjson.yml.hbs
View file
Open in desktop
Expand Up @@ -18,7 +18,7 @@ request.transforms:
# Follow Tenable's format: https://developer.tenable.com/docs/user-agent-header
# NOTE: The "Build" version must be kept in sync with this package's version.
target: header.User-Agent
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/0.6.1)"]]'
value: '[[userAgent "Integration/1.0 (Elastic; Tenable.io; Build/2.3.1)"]]'
- set:
target: header.X-ApiKeys
value: 'accessKey={{access_key}}; secretKey={{secret_key}};'
Expand Down
15 changes: 13 additions & 2 deletions packages/tenable_io/data_stream/scan/manifest.yml
View file
Open in desktop
Expand Up @@ -8,11 +8,22 @@ streams:
description: Collect Scan logs from Tenable Vulnerability Management.
vars:
- name: interval
type: text
type: select
kcreddy marked this conversation as resolved.
Show resolved Hide resolved
title: Interval
description: "Duration between requests to the Tenable Vulnerability Management. NOTE: Supported units for this parameter are h/m/s."
default: 24h
default: 1h
multi: false
options:
- value: 1h
text: 1h
- value: 5h
text: 5h
- value: 10h
text: 10h
- value: 20h
text: 20h
- value: 24h
text: 24h
required: true
show_user: true
- name: retry_wait_min
Expand Down
12 changes: 6 additions & 6 deletions packages/tenable_io/data_stream/scan/sample_event.json
View file
Open in desktop
@@ -1,8 +1,8 @@
{
"@timestamp": "2023-09-12T08:48:29.597Z",
"@timestamp": "2023-10-04T07:03:32.179Z",
"agent": {
"ephemeral_id": "c972edb3-4f26-46c6-b0b6-97b095789342",
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"ephemeral_id": "b5449981-ac71-4706-a83f-fa759d85bc4e",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
Expand All @@ -16,7 +16,7 @@
"version": "8.10.0"
},
"elastic_agent": {
"id": "9e23d05e-ba36-4bf1-a014-a7b4ab4408af",
"id": "3c385f00-c1f1-40dd-b812-1cf0a8cc55cf",
"snapshot": false,
"version": "8.7.1"
},
Expand All @@ -25,9 +25,9 @@
"category": [
"configuration"
],
"created": "2023-09-12T08:48:29.597Z",
"created": "2023-10-04T07:03:32.179Z",
"dataset": "tenable_io.scan",
"ingested": "2023-09-12T08:48:30Z",
"ingested": "2023-10-04T07:03:36Z",
"kind": "state",
"original": "{\"control\":true,\"creation_date\":1683282785,\"enabled\":true,\"has_triggers\":false,\"id\":195,\"last_modification_date\":1683283158,\"legacy\":false,\"name\":\"Client Discovery\",\"owner\":\"jdoe@contoso.com\",\"permissions\":128,\"policy_id\":194,\"progress\":100,\"read\":false,\"rrules\":\"FREQ=WEEKLY;INTERVAL=1;BYDAY=FR\",\"schedule_uuid\":\"11c56dea-as5f-65ce-ad45-9978045df65ecade45b6e3a76871\",\"shared\":true,\"starttime\":\"20220708T033000\",\"status\":\"completed\",\"status_times\":{\"initializing\":2623,\"pending\":52799,\"processing\":1853,\"publishing\":300329,\"running\":15759},\"template_uuid\":\"a1efc3b4-cd45-a65d-fbc4-0079ebef4a56cd32a05ec2812bcf\",\"timezone\":\"America/Los_Angeles\",\"total_targets\":21,\"type\":\"remote\",\"user_permissions\":128,\"uuid\":\"a456ef1c-cbd4-ad41-f654-119b766ff61f\",\"wizard_uuid\":\"32cbd657-fe65-a45e-a45f-0079eb89e56a1c23fd5ec2812bcf\"}",
"type": [
Expand Down