elastic · brijesh-elastic · Jun 19, 2025 · May 29, 2025 · May 30, 2025 · May 30, 2025
@@ -14,9 +14,19 @@ The Rapid7 InsightVM integration collects two type of events: Asset and Vulnerab
 
 **Vulnerability** is used to retrieve all vulnerabilities that can be assessed. See more details in the API documentation [here](https://help.rapid7.com/insightvm/en-us/api/integrations.html#operation/searchIntegrationVulnerabilities).
 
+**Asset Vulnerability** is used to gather and aggregate data on assets and vulnerabilities to support Native CDR Workflows. 
+
 ## Requirements
 
-Elasticsearch is needed to store and search data, and Kibana is needed for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your hardware.
+### Agent-based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
+
+### Agentless-enabled integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
 
 This module uses **InsightVM Cloud Integrations API v4**.
 
@@ -38,6 +48,16 @@ This is the `asset` dataset.
 
 {{fields "asset"}}
 
+### asset_vulnerability
+
+This is the `asset_vulnerability` dataset.
+
+#### Example
+
+{{event "asset_vulnerability"}}
+
+{{fields "asset_vulnerability"}}
+
 ### vulnerability
 
 This is the `vulnerability` dataset.

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.0.0"
+  changes:
+    - description: Add asset_vulnerability datastream support for Cloud Detection and Response (CDR) vulnerability workflow.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14079
 - version: "1.16.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.

@@ -177,4 +177,4 @@
         },
         null
     ]
-}
+}
@@ -15,9 +15,17 @@ processors:
       value: [info]
   - rename:
       field: message
+      tag: rename_message_to_event_original
       target_field: event.original
       ignore_missing: true
+      description: Renames the original `message` field to `event.original` to store a copy of the original message. The `event.original` field is not touched if the document already has one; it may happen when Logstash sends the document.
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      description: The `message` field is no longer required if the document has an `event.original` field.
+      if: ctx.event?.original != null
   - json:
       field: event.original
       tag: 'json_decoding'

@@ -1,33 +1,33 @@
 {
-    "@timestamp": "2023-05-23T16:17:06.996Z",
+    "@timestamp": "2025-05-30T11:10:37.869Z",
     "agent": {
-        "ephemeral_id": "163d2260-4499-492b-bbd5-4d90487865b9",
-        "id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "6545769f-e426-4e1c-9549-44bd7f788ee4",
+        "id": "afb159d9-5bc3-429a-b8a7-3cda969112a5",
+        "name": "elastic-agent-88629",
         "type": "filebeat",
-        "version": "8.9.0"
+        "version": "8.18.0"
     },
     "data_stream": {
         "dataset": "rapid7_insightvm.asset",
-        "namespace": "ep",
+        "namespace": "81787",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
-        "snapshot": true,
-        "version": "8.9.0"
+        "id": "afb159d9-5bc3-429a-b8a7-3cda969112a5",
+        "snapshot": false,
+        "version": "8.18.0"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "host"
         ],
-        "created": "2023-05-23T16:17:06.996Z",
+        "created": "2025-05-30T11:10:37.869Z",
         "dataset": "rapid7_insightvm.asset",
-        "ingested": "2023-05-23T16:17:08Z",
+        "ingested": "2025-05-30T11:10:40Z",
         "kind": "state",
         "original": "{\"assessed_for_policies\":false,\"assessed_for_vulnerabilities\":true,\"critical_vulnerabilities\":0,\"exploits\":0,\"id\":\"452534235-25a7-40a3-9321-28ce0b5cc90e-default-asset-199\",\"ip\":\"10.1.0.128\",\"last_assessed_for_vulnerabilities\":\"2020-03-20T19:19:42.611Z\",\"last_scan_end\":\"2020-03-20T19:19:42.611Z\",\"last_scan_start\":\"2020-03-20T19:18:13.611Z\",\"malware_kits\":0,\"moderate_vulnerabilities\":2,\"new\":[],\"os_architecture\":\"x86_64\",\"os_description\":\"CentOS Linux 2.6.18\",\"os_family\":\"Linux\",\"os_name\":\"Linux\",\"os_system_name\":\"CentOS Linux\",\"os_type\":\"General\",\"os_vendor\":\"CentOS\",\"os_version\":\"2.6.18\",\"remediated\":[],\"risk_score\":0,\"severe_vulnerabilities\":0,\"tags\":[{\"name\":\"lab\",\"type\":\"SITE\"}],\"total_vulnerabilities\":2}",
         "type": [
@@ -100,4 +100,4 @@
         "forwarded",
         "rapid7_insightvm-asset"
     ]
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -177,4 +177,4 @@ @@
             },
             null
         ]
-    }
+    }