elastic · kcreddy · May 28, 2025 · Apr 17, 2025 · Apr 17, 2025 · Apr 23, 2025
@@ -33,10 +33,9 @@ Agentless integrations allow you to collect data without having to manage Elasti
 
 Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
 
-### Agent based installation
-Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
-You can install only one Elastic Agent per host.
-Elastic Agent is required to stream data from the GCP Pub/Sub or REST API and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
+### Agent-based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host.
 
 ## Compatibility
 ###  This integration supports below API versions to collect data.

@@ -1,3 +1,5 @@
 fields:
   tags:
     - preserve_duplicate_custom_fields
+dynamic_fields:
+  "event.id": ".*"
@@ -1,3 +1,4 @@
+{"affectedMachine":{"id":"fd43e5b3ba69b8ecffb165017d9c8687f24e246a-_-CVE-2025-4372-_-microsoft-_-edge_chromium-based-_-131.0.2903.63-_-","machineId":"fd43e5b3ba69b8ecffb165017d9c8687f24e246a","mergedIntoMachineId":null,"fixingKbId":null,"productName":"edge_chromium-based","productVendor":"microsoft","productVersion":"131.0.2903.63","isPotentialDuplication":false,"isExcluded":false,"exclusionReason":null,"computerDnsName":"c-lab-14","firstSeen":"2024-11-05T11:55:28.5899758Z","lastSeen":"2025-05-09T02:46:35.9053932Z","osPlatform":"Windows10","osVersion":null,"osProcessor":"x64","version":"22H2","lastIpAddress":"1.128.0.0","lastExternalIpAddress":"175.16.199.0","agentVersion":"10.8760.19045.5011","osBuild":19045,"healthStatus":"Active","deviceValue":"Normal","rbacGroupId":0,"rbacGroupName":null,"riskScore":"High","exposureLevel":"High","isAadJoined":true,"aadDeviceId":"79dc383d-1ba1-4ac9-9dca-792e881a5034","machineTags":[],"onboardingStatus":"Onboarded","osArchitecture":"64-bit","managedBy":"Intune","managedByStatus":"Unknown","severity":"High","ipAddresses":[{"ipAddress":"1.128.0.0","macAddress":"00505683B889","type":"Ethernet","operationalStatus":"Up"},{"ipAddress":"2a02:cf40::","macAddress":"00505683B889","type":"Ethernet","operationalStatus":"Up"},{"ipAddress":"175.16.199.0","macAddress":null,"type":"SoftwareLoopback","operationalStatus":"Up"},{"ipAddress":"81.2.69.144","macAddress":null,"type":"SoftwareLoopback","operationalStatus":"Up"}],"vmMetadata":null},"id":"CVE-2025-47669","name":"CVE-2025-47669","description":"Summary: A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the Sabuj Kundu CBX Map for Google Map &amp; OpenStreetMap plugin, affecting versions up to and including 1.1.12. Impact: Exploitation of this vulnerability could allow attackers to execute arbitrary scripts in the context of the users browser, potentially leading to data theft or session hijacking. AdditionalInformation: The vulnerability arises from improper neutralization of input during web page generation, specifically in the DOM context. Remediation: Upgrade to a version of Codeboxr Cbx Map later than 1.1.12. [Generated by AI]","severity":"High","cvssV3":8.8,"cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","exposedMachines":29,"publishedOn":"2025-05-06T00:00:00Z","updatedOn":"2025-05-08T23:20:05Z","firstDetected":"2025-05-06T19:55:17Z","patchFirstAvailable":null,"publicExploit":false,"exploitVerified":false,"exploitInKit":false,"exploitTypes":[],"exploitUris":[],"cveSupportability":"Supported","tags":[],"epss":0.00043}
 {"affectedMachine":{"aadDeviceId":"79dc383d-1ba1-4ac9-9dca-792e881a5034","agentVersion":"10.8760.19045.5011","computerDnsName":"c-lab-14","cveId":"CVE-2025-24062","deviceValue":"Normal","exclusionReason":null,"exposureLevel":"High","firstSeen":"2024-11-05T11:55:28.5899758Z","fixingKbId":"5055518","healthStatus":"Active","id":"fd43e5b3ba69b8ecffb165017d9c8687f24e246a-_-CVE-2025-24062-_-microsoft-_-windows_10-_-10.0.19045.5011-_-5055518","ipAddresses":[{"ipAddress":"1.128.0.0","macAddress":"00505683B889","operationalStatus":"Up","type":"Ethernet"},{"ipAddress":"2a02:cf40::","macAddress":"00505683B889","operationalStatus":"Up","type":"Ethernet"},{"ipAddress":"81.2.69.192","macAddress":null,"operationalStatus":"Up","type":"SoftwareLoopback"}],"isAadJoined":true,"isExcluded":false,"isPotentialDuplication":false,"lastExternalIpAddress":"89.160.20.112","lastIpAddress":"175.16.199.0","lastSeen":"2025-04-21T08:24:41.3833512Z","machineId":"fd43e5b3ba69b8ecffb165017d9c8687f24e246a","machineTags":[],"managedBy":"Intune","managedByStatus":"Unknown","mergedIntoMachineId":null,"onboardingStatus":"Onboarded","osArchitecture":"64-bit","osBuild":19045,"osPlatform":"Windows10","osProcessor":"x64","osVersion":null,"productName":"windows_10","productVendor":"microsoft","productVersion":"10.0.19045.5011","rbacGroupId":0,"rbacGroupName":null,"riskScore":"None","severity":"High","version":"22H2","vmMetadata":null},"cveSupportability":"Supported","cvssV3":7.8,"cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","description":"Summary: An improper input validation vulnerability exists in the Windows DWM Core Library, which could allow an authorized attacker to locally elevate their privileges. Impact: Successful exploitation of this vulnerability could result in unauthorized privilege escalation, potentially compromising system integrity. Remediation: Apply the latest patches and updates provided by the respective vendors. [Generated by AI]","epss":0.00073,"exploitInKit":false,"exploitTypes":["PrivilegeEscalation"],"exploitUris":[],"exploitVerified":false,"exposedMachines":7,"firstDetected":"2025-04-08T18:00:48Z","id":"CVE-2025-24062","name":"CVE-2025-24062","patchFirstAvailable":null,"publicExploit":false,"publishedOn":"2025-04-08T07:00:00Z","severity":"High","tags":["test"],"updatedOn":"2025-04-09T20:03:01.577Z"}
 {"id":"TVM-2020-0002","name":"TVM-2020-0002","description":"Summary: The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) condition on the affected system. The issue is due to improper input validation of user-supplied data, which can be exploited to execute arbitrary commands or crash the system. Attackers can exploit this vulnerability by sending specially crafted requests to the targeted system. Impact: Successful exploitation of this vulnerability could result in remote code execution, allowing attackers to gain unauthorized access to the affected system, execute arbitrary commands, and potentially take control of the system. Additionally, a successful attack could cause a denial of service condition, rendering the system unavailable to legitimate users. Remediation: Apply the latest patches and updates provided by the respective vendors. [Generated by AI]","severity":"Critical","cvssV3":9.4,"cvssVector":"","exposedMachines":0,"publishedOn":"2020-12-16T00:00:00Z","updatedOn":"2020-12-16T00:00:00Z","firstDetected":null,"patchFirstAvailable":null,"publicExploit":false,"exploitVerified":false,"exploitInKit":false,"exploitTypes":[],"exploitUris":[],"cveSupportability":"Supported","tags":[],"epss":0,"affectedMachine":null}
 {"affectedMachine":{"aadDeviceId":"d78dc223-8dc8-4210-9700-019b3b03505b","agentVersion":"10.8792.19045.5737","computerDnsName":"c-lab-08","cveId":"TVM-2020-0002","deviceValue":"Normal","exclusionReason":null,"exposureLevel":"Low","firstSeen":"2024-11-05T11:54:59.5717001Z","fixingKbId":null,"healthStatus":"Active","id":"0e23b8b23f6dc0e9d84846f877b45d19c04a522d-_-TVM-2020-0002-_-vmware-_-tools-_-12.0.6.0-_-","ipAddresses":[{"ipAddress":"216.160.83.56","macAddress":"00505683B880","operationalStatus":"Up","type":"Ethernet"}],"isAadJoined":true,"isExcluded":false,"isPotentialDuplication":false,"lastExternalIpAddress":"67.43.156.0","lastIpAddress":"89.160.20.128","lastSeen":"2025-04-22T05:48:04.7550736Z","machineId":"0e23b8b23f6dc0e9d84846f877b45d19c04a522d","machineTags":["test tag 1"],"managedBy":"Intune","managedByStatus":"Unknown","mergedIntoMachineId":null,"onboardingStatus":"Onboarded","osArchitecture":"64-bit","osBuild":19045,"osPlatform":"Windows10","osProcessor":"x64","osVersion":null,"productName":"tools","productVendor":"vmware","productVersion":"12.0.6.0","rbacGroupId":0,"rbacGroupName":null,"riskScore":"None","severity":"High","version":"22H2","vmMetadata":null},"cveSupportability":"Supported","cvssV3":7,"cvssVector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","description":"Summary: VMware Tools and Open Virtual Machine Tools are vulnerable to a local privilege escalation vulnerability. An attacker with local non-administrative access to the Guest OS can exploit this vulnerability to escalate privileges as a root user in the virtual machine. Impact: If exploited, this vulnerability could allow a malicious actor to gain elevated privileges on the system, potentially leading to unauthorized access, data theft, or further compromise of the virtual machine. AdditionalInformation: TVM-2020-0002 is associated with this vulnerability. It is recommended to refer to the CVE page for more details, including the impact, CVSS score, and acknowledgments. Remediation: Apply the latest patches and updates provided by the respective vendors. [Generated by AI]","epss":0.00053,"exploitInKit":false,"exploitTypes":["PrivilegeEscalation"],"exploitUris":[],"exploitVerified":false,"exposedMachines":12,"firstDetected":"2025-01-01T08:22:58Z","id":"TVM-2020-0002","name":"TVM-2020-0002","patchFirstAvailable":null,"publicExploit":false,"publishedOn":"2022-08-23T00:00:00Z","severity":"High","tags":[],"updatedOn":"2024-12-10T00:00:00Z"}