diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 1f0980f829d..0d7be61047a 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -360,6 +360,7 @@
/packages/proofpoint_tap @elastic/security-service-integrations
/packages/proxysg @elastic/sec-deployment-and-devices
/packages/pulse_connect_secure @elastic/security-service-integrations
+/packages/qualys_gav @elastic/security-service-integrations
/packages/qualys_vmdr @elastic/security-service-integrations
/packages/qualys_was @elastic/security-service-integrations
/packages/qnap_nas @elastic/sec-deployment-and-devices
diff --git a/packages/qualys_gav/_dev/build/build.yml b/packages/qualys_gav/_dev/build/build.yml
new file mode 100644
index 00000000000..97fc8aa10cd
--- /dev/null
+++ b/packages/qualys_gav/_dev/build/build.yml
@@ -0,0 +1,3 @@
+dependencies:
+ ecs:
+ reference: git@v8.17.0
diff --git a/packages/qualys_gav/_dev/build/docs/README.md b/packages/qualys_gav/_dev/build/docs/README.md
new file mode 100644
index 00000000000..c30b389ee30
--- /dev/null
+++ b/packages/qualys_gav/_dev/build/docs/README.md
@@ -0,0 +1,58 @@
+# Qualys Global AssetView (GAV)
+
+## Overview
+
+[Qualys GAV](https://docs.qualys.com/en/gav/latest/) helps you to accurately assess complex IT infrastructure and quickly identify and remediate risk. Using a combination of Qualys sensors — Cloud Agents, scanners and passive network sensors — GAV collects and analyzes data about assets across hybrid environments, and delivers up-to-date, comprehensive and continuous information about those assets as well as their security and compliance posture.
+
+The Qualys GAV integration collect assets via REST API.
+
+## Data streams
+
+The Qualys GAV integration collects logs of the following type:
+
+1. **Asset:** This data stream will collect details of all assets.
+
+>**Note**: For the **Asset** Dashboard, ensure that the time range is aligned with the configured interval parameter to display accurate and consistent data.
+
+## Requirements
+
+### Agentless-enabled integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent-based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host.
+
+## Compatibility
+
+For Rest API, this module has been tested against the **2.0** API version.
+
+## Setup
+
+### Collect data from the Qualys GAV API:
+
+- The base URL corresponds to the API Gateway URL of the respective Qualys GAV instance. For reference, see: [Qualys Platform Identification](https://www.qualys.com/platform-identification/#:~:text=apps.qualysksa.com-,API%20URLs,-Use%20API%20Gateway).
+- The same username and password used for logging into the Qualys instance are required for authentication when fetching logs through the integration.
+
+### Enable the integration in Elastic
+
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search top bar, type **Qualys GAV**.
+3. Select the **Qualys GAV** integration and add it.
+4. Add all the required integration configuration parameters: URL, Username and Password.
+5. Save the integration.
+
+## Logs reference
+
+### Asset
+
+This is the `Asset` dataset.
+
+#### Example
+
+{{event "asset"}}
+
+{{fields "asset"}}
\ No newline at end of file
diff --git a/packages/qualys_gav/_dev/deploy/docker/docker-compose.yml b/packages/qualys_gav/_dev/deploy/docker/docker-compose.yml
new file mode 100644
index 00000000000..e93dff3fc15
--- /dev/null
+++ b/packages/qualys_gav/_dev/deploy/docker/docker-compose.yml
@@ -0,0 +1,15 @@
+version: '3.8'
+services:
+ qualys_gav:
+ image: docker.elastic.co/observability/stream:v0.18.0
+ hostname: qualys_gav
+ ports:
+ - 8090
+ volumes:
+ - ./files:/files:ro
+ environment:
+ PORT: '8090'
+ command:
+ - http-server
+ - --addr=:8090
+ - --config=/files/config.yml
diff --git a/packages/qualys_gav/_dev/deploy/docker/files/config.yml b/packages/qualys_gav/_dev/deploy/docker/files/config.yml
new file mode 100644
index 00000000000..d3c0bebcc01
--- /dev/null
+++ b/packages/qualys_gav/_dev/deploy/docker/files/config.yml
@@ -0,0 +1,2003 @@
+rules:
+ - path: /auth
+ methods: ['POST']
+ responses:
+ - status_code: 201
+ headers:
+ Content-Type:
+ - 'application/json'
+ body: "xxxx"
+ - path: /rest/2.0/search/am/asset
+ methods: ['POST']
+ query_params:
+ lastSeenAssetId: 0
+ pageSize: 2
+ request_headers:
+ Authorization:
+ - 'Bearer xxxx'
+ responses:
+ - status_code: 200
+ body: |
+ {{ minify_json `
+ {
+ "responseMessage": "Valid API Access",
+ "count": 2,
+ "responseCode": "SUCCESS",
+ "lastSeenAssetId": 67538043,
+ "hasMore": 1,
+ "assetListData": {
+ "asset": [
+ {
+ "assetId": 67533741,
+ "assetUUID": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "hostId": 1437386,
+ "lastModifiedDate": "2025-07-11T14:21:10.000Z",
+ "agentId": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "createdDate": "2025-07-09T14:21:12.000Z",
+ "sensorLastUpdatedDate": "2025-07-11T14:21:10.000Z",
+ "assetType": "HOST",
+ "address": "216.160.83.56",
+ "dnsName": "test_dns",
+ "assetName": "test_asset",
+ "netbiosName": "test_bios",
+ "timeZone": "+05:30",
+ "biosDescription": "Test",
+ "lastBoot": "2025-07-09T14:21:12.000Z",
+ "totalMemory": 10,
+ "cpuCount": 0,
+ "lastLoggedOnUser": "test_user",
+ "domainRole": "Member Workstation",
+ "hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "biosSerialNumber": "Test serial number",
+ "biosAssetTag": "Test asset tag",
+ "isContainerHost": false,
+ "operatingSystem": {
+ "osName": "Windows 10",
+ "fullName": "Microsoft Windows 10 Enterprise",
+ "category": "Operating System / Windows",
+ "category1": "Windows",
+ "category2": "Windows",
+ "productName": "Microsoft Windows 10 Enterprise",
+ "publisher": "test",
+ "edition": "Enterprise",
+ "marketVersion": "10.0.19042.1052",
+ "version": "10.0.19042.1052",
+ "update": "22.04 LTS 22.04.5 LTS",
+ "architecture": "x86",
+ "lifecycle": {
+ "gaDate": "2025-07-09T14:21:12.000Z",
+ "eolDate": "2025-07-09T14:21:12.000Z",
+ "eosDate": "2025-07-09T14:21:12.000Z",
+ "stage": "End-of-life",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "End-of-life",
+ "eosSupportStage": "End-of-life",
+ "detectionScore": 100
+ },
+ "taxonomy": {
+ "id": "mock_taxonomy_id",
+ "name": "Mock taxonomy name",
+ "category1": "Mock category1",
+ "category2": "Mock category2"
+ },
+ "productUrl": "https://mock_product_url.com",
+ "productFamily": "Mock product family",
+ "installDate": "2025-07-09T14:21:12.000Z",
+ "release": "Mock release",
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "Mock cpe type"
+ },
+ "hardware": {
+ "fullName": "Mock hardware",
+ "category": "Mock category 1 / Mock category 2",
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "manufacturer": "Mock manufacturer",
+ "productName": "Mock product name",
+ "model": "Mock model",
+ "lifecycle": {
+ "introDate": "2025-07-09T14:21:12.000Z",
+ "gaDate": "2025-07-09T14:21:12.000Z",
+ "eosDate": "2025-07-09T14:21:12.000Z",
+ "obsoleteDate": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable",
+ "lifeCycleConfidence": "Exact"
+ },
+ "taxonomy": {
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock hardware taxonomy name",
+ "category1": "Mock category 1",
+ "category2": "Mock category 2"
+ },
+ "productUrl": "https://mock_product_url.com",
+ "productFamily": "Mock product family"
+ },
+ "userAccountListData": {
+ "userAccount": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "openPortListData": {
+ "openPort": [
+ {
+ "port": 443,
+ "description": "http protocol over TLS/SSL",
+ "protocol": "TCP",
+ "detectedService": "HTTPs",
+ "firstFound": "2025-07-09T14:21:12.000Z",
+ "lastUpdated": "2025-07-09T14:21:12.000Z",
+ "authorization": "Mock authorization",
+ "detectionScore": 100,
+ "discoverySources": "EASM"
+ }
+ ]
+ },
+ "volumeListData": {
+ "volume": [
+ {
+ "name": "/",
+ "free": 34645118976,
+ "size": 48202350592
+ }
+ ]
+ },
+ "networkInterfaceListData": {
+ "networkInterface": [
+ {
+ "hostname": "mock_hostname",
+ "addressIpV4": "81.2.69.142",
+ "addressIpV6": "::ffff:5102:458e",
+ "macAddress": "00:0c:29:15:6a:72",
+ "interfaceName": "mock_interface_name",
+ "dnsAddress": "mock_dns_address",
+ "gatewayAddress": "mock_geteaway_address",
+ "manufacturer": "Mock manufacturer",
+ "macVendorIntroDate": 946944000000,
+ "netmask": "mock_net_mask",
+ "addresses": "mock_Address"
+ }
+ ]
+ },
+ "softwareListData": {
+ "software": [
+ {
+ "id": 8464359598295418000,
+ "discoverySources": "EASM",
+ "fullName": "Apache HTTP Server",
+ "softwareType": "Application",
+ "isIgnored": false,
+ "ignoredReason": "Insufficient Information",
+ "category": "Network Application / Web Servers",
+ "category1": "Network Application",
+ "category2": "Web Servers",
+ "productName": "Apache HTTP Server",
+ "component": "Server",
+ "publisher": "Apache",
+ "edition": "Unknown",
+ "marketVersion": "Unknown",
+ "version": "2.4.7",
+ "update": "2021-10-25",
+ "architecture": "x86_64",
+ "installDate": "2021-10-25T14:21:12.000Z",
+ "installPath": "/usr/local/apache2",
+ "lastUpdated": "2021-10-25T14:21:12.000Z",
+ "lastUseDate": "2021-10-25T14:21:12.000Z",
+ "language": "C",
+ "formerlyKnownAs": "httpd",
+ "isPackage": false,
+ "isPackageComponent": false,
+ "packageName": null,
+ "productUrl": "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,",
+ "lifecycle": {
+ "gaDate": "2021-10-25T14:21:12.000Z",
+ "eolDate": "2021-10-25T14:21:12.000Z",
+ "eosDate": "2021-10-25T14:21:12.000Z",
+ "stage": "Not Applicable",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "Mock eol support stage",
+ "eosSupportStage": "Mock eos support stage",
+ "detectionScore": 0
+ },
+ "supportStageDesc": "Mock support stage desc",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "authorization": "Mock authorization",
+ "discoveredPublisher": "Mock discovered publisher",
+ "discoveredName": "Mock discovered name",
+ "discoveredVersion": "mock_version",
+ "authorizationDetectionScore": 5,
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "Mock cpe type",
+ "softwareInstances": [
+ {
+ "firstSeen": "2025-07-08T01:15:52.000Z",
+ "lastSeen": "2025-07-14T19:20:15.000Z",
+ "InstanceName": "DOCKER",
+ "PROC": " 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock",
+ "BIN_PATH": "/usr/bin/docker -H unix:///var/run/docker.sock",
+ "PRODUCT": "Docker",
+ "VERSION": "24.0.7",
+ "TECHNOLOGY": "Docker CE_EE",
+ "CONF_PATH": "/etc/docker/daemon.json"
+ }
+ ]
+ }
+ ]
+ },
+ "softwareComponent": "Apache HTTP Server",
+ "provider": "Apache",
+ "cloudProvider": "Amazon Web Services",
+ "agent": {
+ "version": "2.4.7",
+ "configurationProfile": "Apache HTTP Server",
+ "activations": [
+ {
+ "key": "httpd",
+ "status": "ACTIVE"
+ }
+ ],
+ "connectedFrom": "216.160.83.56",
+ "lastActivity": 1752520814000,
+ "lastCheckedIn": 1752520814000,
+ "lastInventory": 1752520816000,
+ "udcManifestAssigned": false,
+ "errorStatus": false
+ },
+ "sensor": {
+ "activatedForModules": [
+ "mock_activated_module"
+ ],
+ "pendingActivationForModules": [
+ "mock_pending_module"
+ ],
+ "lastVMScan": 0,
+ "lastComplianceScan": 0,
+ "lastFullScan": 0,
+ "lastVmScanDateScanner": 0,
+ "lastVmScanDateAgent": 0,
+ "lastPcScanDateScanner": 0,
+ "lastPcScanDateAgent": 0,
+ "firstEasmScanDate": 1752243670000,
+ "lastEasmScanDate": 1752243670000
+ },
+ "container": {
+ "product": "mock_product",
+ "version": "mock_version",
+ "noOfContainers": 5,
+ "noOfImages": 3,
+ "hasSensor": "temp_value"
+ },
+ "inventory": {
+ "source": "EASM",
+ "created": 1752070872000,
+ "lastUpdated": 1752243670000
+ },
+ "activity": {
+ "source": "EASM",
+ "lastScannedDate": 1752243670000
+ },
+ "tagList": {
+ "tag": [
+ {
+ "tagId": 25971788,
+ "tagName": "Shodan",
+ "foregroundColor": 0,
+ "backgroundColor": 0,
+ "businessImpact": "mock_business_impact",
+ "criticalityScore": 3
+ }
+ ]
+ },
+ "serviceList": {
+ "service": [
+ {
+ "description": "temp_Decp",
+ "name": "systemd-networkd.service",
+ "status": "loaded/active/running"
+ }
+ ]
+ },
+ "lastLocation": {
+ "city": "New York",
+ "state": "California",
+ "country": "United States",
+ "name": "United States",
+ "continent": "North America",
+ "postal": "94040"
+ },
+ "criticality": {
+ "score": 3,
+ "isDefault": false,
+ "lastUpdated": "2025-07-09T14:21:11.000Z"
+ },
+ "businessInformation": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "ownedBy": "Paul",
+ "environment": "QA",
+ "managedBy": "Amit",
+ "supportedBy": "Nick",
+ "supportGroup": "ABC_01",
+ "operationalStatus": "Blocked"
+ },
+ "assignedLocation": {
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "city": "Pune",
+ "state": "MH",
+ "country": "IN"
+ },
+ "businessAppListData": {
+ "businessApp": [
+ {
+ "id": "BARCODE283904",
+ "name": "Quoting App",
+ "environment": "Production",
+ "businessCriticality": "2 - Less Critical",
+ "managedBy": "user",
+ "ownedBy": "ownerr",
+ "supportedBy": "sopporter",
+ "supportGroup": "SME Operations",
+ "operationalStatus": "Mended",
+ "status": "Installed",
+ "usedFor": "Production"
+ }
+ ]
+ },
+ "riskScore": 0,
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "missingSoftware": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "whois": [
+ {
+ "domain": "test_domainr",
+ "createdDate": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "registrantOrganization": "Domains By Proxy, LLC",
+ "registrantName": "1API GmbH",
+ "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrantContact": "temp",
+ "registrar": "1API GmbH",
+ "registrantCountry": "UNITED STATES",
+ "expirationDate": "2026-02-23T00:00:00.000Z",
+ "updatedDate": "2025-07-13T00:00:00.000Z"
+ }
+ ],
+ "organizationName": [
+ "mock"
+ ],
+ "isp": "test, Inc.",
+ "asn": "AS53831",
+ "easmTags": [
+ "cloud",
+ "cdn"
+ ],
+ "hostingCategory1": "CDN",
+ "customAttributes": [
+ {
+ "key": "Media State4",
+ "value": "Media disconnected",
+ "connectorName": "Qualys"
+ }
+ ],
+ "lparId": "mock_lpar_id",
+ "processor": {
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "speed": 3200,
+ "numCPUs": 4,
+ "noOfSocket": 2,
+ "threadsPerCore": 2,
+ "coresPerSocket": 2,
+ "multithreadingStatus": "test"
+ }
+ },
+ {
+ "assetId": 67538043,
+ "assetUUID": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "hostId": 1437387,
+ "lastModifiedDate": "2025-07-13T14:21:09.000Z",
+ "agentId": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "createdDate": "2025-07-09T14:21:14.000Z",
+ "sensorLastUpdatedDate": "2025-07-13T14:21:09.000Z",
+ "assetType": "HOST",
+ "address": "175.16.199.0",
+ "dnsName": "test_dns_1",
+ "assetName": "test",
+ "netbiosName": "test_bios1",
+ "timeZone": "IST",
+ "biosDescription": "Mock bios description",
+ "lastBoot": "2025-07-01T00:00:00.000Z",
+ "totalMemory": 0,
+ "cpuCount": 8,
+ "lastLoggedOnUser": "test_user_1",
+ "domainRole": "Member Server",
+ "hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "biosSerialNumber": "Test serial number_1",
+ "biosAssetTag": "Test asset tag_1",
+ "isContainerHost": false,
+ "operatingSystem": {
+ "osName": "Mock OS",
+ "fullName": "Mock OS",
+ "category": "Operating System / Windows",
+ "category1": "UBuntu",
+ "category2": "Windows",
+ "productName": "Mock OS",
+ "publisher": "Mock Publisher",
+ "edition": "Mock Edition",
+ "marketVersion": "Mock version",
+ "version": "1.0.0",
+ "update": "Mock update",
+ "architecture": "Mock architecture",
+ "lifecycle": {
+ "gaDate": "2022-01-01T00:00:00.000Z",
+ "eolDate": "2025-01-01T00:00:00.000Z",
+ "eosDate": "2030-01-01T00:00:00.000Z",
+ "stage": "End-of-Sale",
+ "lifeCycleConfidence": "Approximate",
+ "eolSupportStage": "End-of-Sale",
+ "eosSupportStage": "End-of-Life",
+ "detectionScore": 50
+ },
+ "taxonomy": {
+ "id": "mock_taxonomy_id_1",
+ "name": "Mock taxonomy test name",
+ "category1": "Mock category1 test",
+ "category2": "Mock category2 test"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "Mock product family",
+ "installDate": "2025-07-09T14:21:12.000Z",
+ "release": "Mock release 1",
+ "cpeId": "mock_cpe_id_3",
+ "cpe": "mock_cp_6",
+ "cpeType": "Mock test cpe type"
+ },
+ "hardware": {
+ "fullName": "Mock test full name",
+ "category": "Mock test category 1 / Mock test category 2",
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2",
+ "manufacturer": "Mock test manufacturer",
+ "productName": "Mock test product name",
+ "model": "Mock test model",
+ "lifecycle": {
+ "introDate": "2025-07-09T14:21:12.000Z",
+ "gaDate": "2025-07-09T14:21:12.000Z",
+ "eosDate": "2025-07-09T14:21:12.000Z",
+ "obsoleteDate": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable",
+ "lifeCycleConfidence": "Exact"
+ },
+ "taxonomy": {
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock test hardware taxonomy name",
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "Mock test product family"
+ },
+ "userAccountListData": {
+ "userAccount": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "openPortListData": {
+ "openPort": [
+ {
+ "port": 443,
+ "description": "http protocol over TLS/SSL",
+ "protocol": "TCP",
+ "detectedService": "HTTPs",
+ "firstFound": "2025-07-09T14:21:14.000Z",
+ "lastUpdated": "2025-07-09T14:21:14.000Z",
+ "authorization": "Mock test authorization",
+ "detectionScore": 1,
+ "discoverySources": "EASM"
+ }
+ ]
+ },
+ "volumeListData": {
+ "volume": [
+ {
+ "name": "/run/lock",
+ "free": 5242880,
+ "size": 5242880
+ }
+ ]
+ },
+ "networkInterfaceListData": {
+ "networkInterface": [
+ {
+ "hostname": "mock_hostname",
+ "addressIpV4": "81.2.69.144",
+ "addressIpV6": "::ffff:5102:4590",
+ "macAddress": "mock_mac_address",
+ "interfaceName": "mock_interface_name",
+ "dnsAddress": "mock_dns_address",
+ "gatewayAddress": "mock_gateway_address",
+ "manufacturer": "mock_manufacturer",
+ "macVendorIntroDate": 946944000000,
+ "netmask": "mock_net_mask",
+ "addresses": "mock_Addresses"
+ }
+ ]
+ },
+ "softwareListData": {
+ "software": [
+ {
+ "id": 2727678485371137000,
+ "discoverySources": "EASM",
+ "fullName": "Squarespace Commerce",
+ "softwareType": "Unknown",
+ "isIgnored": true,
+ "ignoredReason": "Unknown",
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "productName": "Unknown",
+ "component": "mock_component",
+ "publisher": "Unknown",
+ "edition": "mock_edition",
+ "marketVersion": "mock_market_version",
+ "version": "mock_version",
+ "update": "mock_update",
+ "architecture": "mock_architecture",
+ "installDate": "2021-10-25T14:21:11.000Z",
+ "installPath": "mock_install_path",
+ "lastUpdated": "2021-10-25T14:21:12.000Z",
+ "lastUseDate": "2021-10-25T14:21:13.000Z",
+ "language": "mock_language",
+ "formerlyKnownAs": "mock_formerly_known_as",
+ "isPackage": false,
+ "isPackageComponent": false,
+ "packageName": "mock_package_name",
+ "productUrl": "mock_product_url",
+ "lifecycle": {
+ "gaDate": "2021-10-25T14:21:12.000Z",
+ "eolDate": "2021-10-25T14:21:12.000Z",
+ "eosDate": "2021-10-25T14:21:12.000Z",
+ "stage": "Unknown",
+ "lifeCycleConfidence": "Mock life cycle confidence",
+ "eolSupportStage": "Mock eol support stage",
+ "eosSupportStage": "Mock eos support stage",
+ "detectionScore": 3
+ },
+ "supportStageDesc": "Mock support stage desc",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "authorization": "Mock authorization",
+ "discoveredPublisher": "Mock discovered publisher",
+ "discoveredName": "Squarespace Commerce",
+ "discoveredVersion": "mock_version",
+ "authorizationDetectionScore": 5,
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "Mock cpe type",
+ "softwareInstances": [
+ {
+ "firstSeen": "2025-06-01T01:00:00.000Z",
+ "lastSeen": "2025-06-15T01:00:00.000Z",
+ "InstanceName": "mock_instance_name",
+ "PROC": "/usr/bin/java -jar /opt/jetty/start.jar",
+ "BIN_PATH": "/usr/bin/java",
+ "PRODUCT": "Apache Jetty",
+ "VERSION": "11.0.9",
+ "TECHNOLOGY": "Java",
+ "CONF_PATH": "/opt/jetty/etc/jetty.xml"
+ }
+ ]
+ }
+ ]
+ },
+ "softwareComponent": "mock_software_component",
+ "provider": "mock_provider",
+ "cloudProvider": "mock_cloud_provider",
+ "agent": {
+ "version": "mock_agent_version",
+ "configurationProfile": "mock_agent_configuration_profile",
+ "activations": null,
+ "connectedFrom": "81.2.69.192",
+ "lastActivity": 0,
+ "lastCheckedIn": 0,
+ "lastInventory": 0,
+ "udcManifestAssigned": false,
+ "errorStatus": false
+ },
+ "sensor": {
+ "activatedForModules": [
+ "VM",
+ "PC"
+ ],
+ "pendingActivationForModules": [
+ "VULN",
+ "COMPLIANCE"
+ ],
+ "lastVMScan": 0,
+ "lastComplianceScan": 0,
+ "lastFullScan": 0,
+ "lastVmScanDateScanner": 0,
+ "lastVmScanDateAgent": 0,
+ "lastPcScanDateScanner": 0,
+ "lastPcScanDateAgent": 0,
+ "firstEasmScanDate": 1752416469000,
+ "lastEasmScanDate": 1752416469000
+ },
+ "container": {
+ "product": "mock_product",
+ "version": "mock_version",
+ "noOfContainers": 10,
+ "noOfImages": 5,
+ "hasSensor": "temp_values"
+ },
+ "inventory": {
+ "source": "EASM",
+ "created": 1752070874000,
+ "lastUpdated": 1752416469000
+ },
+ "activity": {
+ "source": "EASM",
+ "lastScannedDate": 1752416469000
+ },
+ "tagList": {
+ "tag": [
+ {
+ "tagId": 25971788,
+ "tagName": "Shodan",
+ "foregroundColor": 0,
+ "backgroundColor": 0,
+ "businessImpact": "Mock business impact",
+ "criticalityScore": 8
+ }
+ ]
+ },
+ "serviceList": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "systemd-journal-flush.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "lastLocation": {
+ "city": "New York",
+ "state": "California",
+ "country": "United States",
+ "name": "United States",
+ "continent": "North America",
+ "postal": "94041"
+ },
+ "criticality": {
+ "score": 3,
+ "isDefault": false,
+ "lastUpdated": "2025-07-09T14:21:13.000Z"
+ },
+ "businessInformation": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "ownedBy": "Paul",
+ "environment": "QA",
+ "managedBy": "Amit",
+ "supportedBy": "Nick",
+ "supportGroup": "ABC_01",
+ "operationalStatus": "Blocked"
+ },
+ "assignedLocation": {
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "city": "Pune",
+ "state": "MH",
+ "country": "IN"
+ },
+ "businessAppListData": {
+ "businessApp": [
+ {
+ "id": "BARCODE283904",
+ "name": "Quoting App",
+ "environment": "Production",
+ "businessCriticality": "2 - Less Critical",
+ "managedBy": "user",
+ "ownedBy": "ownerr",
+ "supportedBy": "sopporter",
+ "supportGroup": "SME Operations",
+ "operationalStatus": "Mended",
+ "status": "Installed",
+ "usedFor": "Production"
+ }
+ ]
+ },
+ "riskScore": 0,
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "missingSoftware": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "whois": [
+ {
+ "domain": "test_domainr",
+ "createdDate": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "registrantOrganization": "Domains By Proxy, LLC",
+ "registrantName": "1API GmbH",
+ "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrantContact": "temp",
+ "registrar": "1API GmbH",
+ "registrantCountry": "UNITED STATES",
+ "expirationDate": "2026-02-23T00:00:00.000Z",
+ "updatedDate": "2025-07-13T00:00:00.000Z"
+ }
+ ],
+ "organizationName": [
+ "mock_organization_name"
+ ],
+ "isp": "test, Inc.",
+ "asn": "AS53831",
+ "easmTags": [
+ "test"
+ ],
+ "hostingCategory1": "ThirdParty",
+ "customAttributes": [
+ {
+ "key": "Media State4",
+ "value": "Media disconnected",
+ "connectorName": "Qualys"
+ }
+ ],
+ "lparId": "mock_lpar_id",
+ "processor": {
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "speed": 3200,
+ "numCPUs": 4,
+ "noOfSocket": 2,
+ "threadsPerCore": 2,
+ "coresPerSocket": 2,
+ "multithreadingStatus": "test"
+ }
+ }
+ ]
+ }
+ }
+ `}}
+ - path: /rest/2.0/search/am/asset
+ methods: ['POST']
+ query_params:
+ lastSeenAssetId: 67538043
+ pageSize: 2
+ request_headers:
+ Authorization:
+ - 'Bearer xxxx'
+ responses:
+ - status_code: 200
+ body: |
+ {{ minify_json `
+ {
+ "responseMessage": "Valid API Access",
+ "count": 2,
+ "responseCode": "SUCCESS",
+ "lastSeenAssetId": 67663823,
+ "hasMore": 1,
+ "assetListData": {
+ "asset": [
+ {
+ "assetId": 67543783,
+ "assetUUID": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "hostId": 1437388,
+ "lastModifiedDate": "2025-07-14T19:20:16.000Z",
+ "agentId": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "createdDate": "2025-07-07T11:59:21.000Z",
+ "sensorLastUpdatedDate": "2025-07-14T19:20:16.000Z",
+ "assetType": "HOST",
+ "address": "1.128.0.0",
+ "dnsName": "test",
+ "assetName": "test",
+ "netbiosName": "test_bios_2",
+ "timeZone": "+05:30",
+ "biosDescription": "Test Bios Descriptor",
+ "lastBoot": "2025-07-07T11:58:14.000Z",
+ "totalMemory": 3875,
+ "cpuCount": 4,
+ "lastLoggedOnUser": "serviceuser",
+ "domainRole": null,
+ "hwUUID": "e3a60142-2b7d-d478-3da7-d45e576c7d76",
+ "biosSerialNumber": "VMware-42 01 a6 e3 7d 2b 78 d4-3d a7 d4 5e 57 6c 7d 76",
+ "biosAssetTag": "mock_asset_tag",
+ "isContainerHost": false,
+ "operatingSystem": {
+ "osName": "Ubuntu Linux 22.04.5",
+ "fullName": "Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)",
+ "category": "Linux / Unidentified",
+ "category1": "Linux",
+ "category2": "Unidentified",
+ "productName": "Ubuntu",
+ "publisher": "Mock Publisher",
+ "edition": "mock_edition",
+ "marketVersion": "Jammy Jellyfish",
+ "version": "22.04 LTS",
+ "update": "22.04 LTS 22.04.5 LTS",
+ "architecture": "x86_64",
+ "lifecycle": {
+ "gaDate": "2022-04-21T00:00:00.000Z",
+ "eolDate": "2027-04-30T00:00:00.000Z",
+ "eosDate": "2027-04-30T00:00:00.000Z",
+ "stage": "GA",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "End of Standard Support",
+ "eosSupportStage": "End of Standard Support",
+ "detectionScore": 0
+ },
+ "taxonomy": {
+ "id": "mock_taxonomy_id_4",
+ "name": "Linux / Unidentified",
+ "category1": "Linux",
+ "category2": "Unidentified"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "mock_product_family",
+ "installDate": "2025-07-07T11:58:14.000Z",
+ "release": "22.04.5",
+ "cpeId": "mock_cpe_id_8",
+ "cpe": "mock_cpe_0",
+ "cpeType": "NIST"
+ },
+ "hardware": {
+ "fullName": "VMware VMware Virtual Platform VMware Virtual Platform",
+ "category": "Virtualized / Virtual Machine",
+ "category1": "Virtualized",
+ "category2": "Virtual Machine",
+ "manufacturer": "VMware",
+ "productName": "VMware Virtual Platform",
+ "model": "VMware Virtual Platform",
+ "lifecycle": {
+ "introDate": "2025-07-07T11:58:14.000Z",
+ "gaDate": "2025-07-07T11:58:14.000Z",
+ "eosDate": "2025-07-07T11:58:14.000Z",
+ "obsoleteDate": "2025-07-07T11:58:14.000Z",
+ "stage": "Unknown",
+ "lifeCycleConfidence": "Exact"
+ },
+ "taxonomy": {
+ "id": "mock_hardware_taxonomy_id_2",
+ "name": "Virtualized / Virtual Machine",
+ "category1": "Virtualized",
+ "category2": "Virtual Machine"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "mock_product_family_2"
+ },
+ "userAccountListData": {
+ "userAccount": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "openPortListData": {
+ "openPort": [
+ {
+ "port": 53,
+ "description": "Mock Description",
+ "protocol": "TCP",
+ "detectedService": "add and remove users and groups",
+ "firstFound": "2025-07-07T12:42:33.000Z",
+ "lastUpdated": "2025-07-07T12:42:33.000Z",
+ "authorization": "mock_authorization_1",
+ "detectionScore": 56,
+ "discoverySources": "Cloud Agent"
+ }
+ ]
+ },
+ "volumeListData": {
+ "volume": [
+ {
+ "name": "/dev/shm",
+ "free": 2032058368,
+ "size": 2032058368
+ }
+ ]
+ },
+ "networkInterfaceListData": {
+ "networkInterface": [
+ {
+ "hostname": "ub-43-156-0",
+ "addressIpV4": "67.43.156.0",
+ "addressIpV6": "::ffff:432b:9c00",
+ "macAddress": "00:50:56:81:41:84",
+ "interfaceName": "mock_interface_name",
+ "dnsAddress": "mock_dns_address",
+ "gatewayAddress": "mock_gateway_address",
+ "manufacturer": "mock_manufacturer",
+ "macVendorIntroDate": 946944000000,
+ "netmask": "mock_net_mask",
+ "addresses": "mock_Addresses"
+ }
+ ]
+ },
+ "softwareListData": {
+ "software": [
+ {
+ "id": -458390650433303040,
+ "discoverySources": "Cloud Agent",
+ "fullName": "libblockdev-swap2:amd64 2.26-1ubuntu0.1",
+ "softwareType": "Others",
+ "isIgnored": true,
+ "ignoredReason": "Library Packages",
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "productName": "Unknown",
+ "component": "mock_component",
+ "publisher": "Unknown",
+ "edition": "mock",
+ "marketVersion": "mack",
+ "version": "2.26-1ubuntu0.1",
+ "update": "2.26-1ubuntu0.1",
+ "architecture": "mock_architecture",
+ "installDate": "2025-07-07T11:58:14.000Z",
+ "installPath": "mock_install_path",
+ "lastUpdated": "2025-07-07T11:58:14.000Z",
+ "lastUseDate": "2025-07-07T11:58:14.000Z",
+ "language": "mock_language",
+ "formerlyKnownAs": "mock_formerly_known_as",
+ "isPackage": false,
+ "isPackageComponent": false,
+ "packageName": "mock_package_name",
+ "productUrl": "https://example.com",
+ "lifecycle": {
+ "gaDate": "2025-07-07T11:58:14.000Z",
+ "eolDate": "2025-07-07T11:58:14.000Z",
+ "eosDate": "2025-07-07T11:58:14.000Z",
+ "stage": "End-of-Life",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "End-of-Sale",
+ "eosSupportStage": "End-of-Life",
+ "detectionScore": 5
+ },
+ "supportStageDesc": "mock_support_stage_desc",
+ "license": {
+ "category": "mock_license_category",
+ "subcategory": "mock_license_subcategory"
+ },
+ "authorization": "mock_authorization",
+ "discoveredPublisher": "mock_discovered_publisher",
+ "discoveredName": "mock_discovered_name",
+ "discoveredVersion": "mock_discovered_version",
+ "authorizationDetectionScore": 5,
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "mock_cpe_type",
+ "softwareInstances": [
+ {
+ "firstSeen": "2025-08-01T01:00:00.000Z",
+ "lastSeen": "2025-08-15T01:00:00.000Z",
+ "InstanceName": "mock_instance_name_changed",
+ "PROC": "/usr/bin/python /opt/elastic-agent/elastic-agent.py",
+ "BIN_PATH": "/usr/bin/python",
+ "PRODUCT": "Elastic Agent",
+ "VERSION": "7.2.0",
+ "TECHNOLOGY": "Python",
+ "CONF_PATH": "/opt/elastic-agent/elastic-agent.yml"
+ }
+ ]
+ }
+ ]
+ },
+ "softwareComponent": "mock_software_component",
+ "provider": "mock_provider",
+ "cloudProvider": "mock_cloud_provider",
+ "agent": {
+ "version": "7.2.0.38",
+ "configurationProfile": "config_modules",
+ "activations": [
+ {
+ "key": "cb825267-f182-4583-a0a8-784e17e8efe7",
+ "status": "ACTIVE"
+ }
+ ],
+ "connectedFrom": "2a02:cf40::",
+ "lastActivity": 1752520814000,
+ "lastCheckedIn": 1752520814000,
+ "lastInventory": 1752520816000,
+ "udcManifestAssigned": false,
+ "errorStatus": false
+ },
+ "sensor": {
+ "activatedForModules": [
+ "mock_activated_module"
+ ],
+ "pendingActivationForModules": [
+ "mock_pending_module"
+ ],
+ "lastVMScan": 0,
+ "lastComplianceScan": 0,
+ "lastFullScan": 0,
+ "lastVmScanDateScanner": 0,
+ "lastVmScanDateAgent": 0,
+ "lastPcScanDateScanner": 0,
+ "lastPcScanDateAgent": 0,
+ "firstEasmScanDate": null,
+ "lastEasmScanDate": null
+ },
+ "container": {
+ "product": "mock_product",
+ "version": "mock_version",
+ "noOfContainers": 0,
+ "noOfImages": 0,
+ "hasSensor": "temp_value"
+ },
+ "inventory": {
+ "source": "QAGENT",
+ "created": 1751889561000,
+ "lastUpdated": 1752520814000
+ },
+ "activity": {
+ "source": "QAGENT",
+ "lastScannedDate": 1752520814000
+ },
+ "tagList": {
+ "tag": [
+ {
+ "tagId": 25184898,
+ "tagName": "Cloud Agent",
+ "foregroundColor": 0,
+ "backgroundColor": 0,
+ "businessImpact": "mock_business_impact",
+ "criticalityScore": 5
+ }
+ ]
+ },
+ "serviceList": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "snapd.apparmor.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "lastLocation": {
+ "city": "New York",
+ "state": "California",
+ "country": "United States",
+ "name": "United States",
+ "continent": "North America",
+ "postal": "94041"
+ },
+ "criticality": {
+ "score": 2,
+ "isDefault": true,
+ "lastUpdated": "2025-07-09T14:21:13.000Z"
+ },
+ "businessInformation": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "ownedBy": "Paul",
+ "environment": "QA",
+ "managedBy": "Amit",
+ "supportedBy": "Nick",
+ "supportGroup": "ABC_01",
+ "operationalStatus": "Blocked"
+ },
+ "assignedLocation": {
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "city": "Pune",
+ "state": "MH",
+ "country": "IN"
+ },
+ "businessAppListData": {
+ "businessApp": [
+ {
+ "id": "BARCODE283904",
+ "name": "Quoting App",
+ "environment": "Production",
+ "businessCriticality": "2 - Less Critical",
+ "managedBy": "user",
+ "ownedBy": "ownerr",
+ "supportedBy": "sopporter",
+ "supportGroup": "SME Operations",
+ "operationalStatus": "Mended",
+ "status": "Installed",
+ "usedFor": "Production"
+ }
+ ]
+ },
+ "riskScore": 0,
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "missingSoftware": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "whois": [
+ {
+ "domain": "test_domainr",
+ "createdDate": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "registrantOrganization": "Domains By Proxy, LLC",
+ "registrantName": "1API GmbH",
+ "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrantContact": "temp",
+ "registrar": "1API GmbH",
+ "registrantCountry": "UNITED STATES",
+ "expirationDate": "2026-02-23T00:00:00.000Z",
+ "updatedDate": "2025-07-13T00:00:00.000Z"
+ }
+ ],
+ "organizationName": [
+ "mock_organization_name"
+ ],
+ "isp": "test, Inc.",
+ "asn": "AS53831",
+ "easmTags": [
+ "mock-easm-tag1",
+ "mock-easm-tag2"
+ ],
+ "hostingCategory1": "mock-hosting-category1",
+ "customAttributes": [
+ {
+ "key": "Media State4",
+ "value": "Media disconnected",
+ "connectorName": "Qualys"
+ }
+ ],
+ "lparId": "mock_lpar_id",
+ "processor": {
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "speed": 3200,
+ "numCPUs": 4,
+ "noOfSocket": 2,
+ "threadsPerCore": 2,
+ "coresPerSocket": 2,
+ "multithreadingStatus": "test"
+ }
+ },
+ {
+ "assetId": 67663823,
+ "assetUUID": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "hostId": 1437388,
+ "lastModifiedDate": "2025-07-14T19:21:16.000Z",
+ "agentId": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "createdDate": "2025-07-07T11:59:21.000Z",
+ "sensorLastUpdatedDate": "2025-07-14T19:20:16.000Z",
+ "assetType": "HOST",
+ "address": "1.128.0.0",
+ "dnsName": "test",
+ "assetName": "test",
+ "netbiosName": "test_bios_2",
+ "timeZone": "+05:30",
+ "biosDescription": "Test Bios Descriptor",
+ "lastBoot": "2025-07-07T11:58:14.000Z",
+ "totalMemory": 3875,
+ "cpuCount": 4,
+ "lastLoggedOnUser": "serviceuser",
+ "domainRole": null,
+ "hwUUID": "e3a60142-2b7d-d478-3da7-d45e576c7d76",
+ "biosSerialNumber": "VMware-42 01 a6 e3 7d 2b 78 d4-3d a7 d4 5e 57 6c 7d 76",
+ "biosAssetTag": "mock_asset_tag",
+ "isContainerHost": false,
+ "operatingSystem": {
+ "osName": "Ubuntu Linux 22.04.5",
+ "fullName": "Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)",
+ "category": "Linux / Unidentified",
+ "category1": "Linux",
+ "category2": "Unidentified",
+ "productName": "Ubuntu",
+ "publisher": "Mock Publisher",
+ "edition": "mock_edition",
+ "marketVersion": "Jammy Jellyfish",
+ "version": "22.04 LTS",
+ "update": "22.04 LTS 22.04.5 LTS",
+ "architecture": "x86_64",
+ "lifecycle": {
+ "gaDate": "2022-04-21T00:00:00.000Z",
+ "eolDate": "2027-04-30T00:00:00.000Z",
+ "eosDate": "2027-04-30T00:00:00.000Z",
+ "stage": "GA",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "End of Standard Support",
+ "eosSupportStage": "End of Standard Support",
+ "detectionScore": 0
+ },
+ "taxonomy": {
+ "id": "mock_taxonomy_id_4",
+ "name": "Linux / Unidentified",
+ "category1": "Linux",
+ "category2": "Unidentified"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "mock_product_family",
+ "installDate": "2025-07-07T11:58:14.000Z",
+ "release": "22.04.5",
+ "cpeId": "mock_cpe_id_8",
+ "cpe": "mock_cpe_0",
+ "cpeType": "NIST"
+ },
+ "hardware": {
+ "fullName": "VMware VMware Virtual Platform VMware Virtual Platform",
+ "category": "Virtualized / Virtual Machine",
+ "category1": "Virtualized",
+ "category2": "Virtual Machine",
+ "manufacturer": "VMware",
+ "productName": "VMware Virtual Platform",
+ "model": "VMware Virtual Platform",
+ "lifecycle": {
+ "introDate": "2025-07-07T11:58:14.000Z",
+ "gaDate": "2025-07-07T11:58:14.000Z",
+ "eosDate": "2025-07-07T11:58:14.000Z",
+ "obsoleteDate": "2025-07-07T11:58:14.000Z",
+ "stage": "Unknown",
+ "lifeCycleConfidence": "Exact"
+ },
+ "taxonomy": {
+ "id": "mock_hardware_taxonomy_id_2",
+ "name": "Virtualized / Virtual Machine",
+ "category1": "Virtualized",
+ "category2": "Virtual Machine"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "mock_product_family_2"
+ },
+ "userAccountListData": {
+ "userAccount": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "openPortListData": {
+ "openPort": [
+ {
+ "port": 53,
+ "description": "Mock Description",
+ "protocol": "TCP",
+ "detectedService": "add and remove users and groups",
+ "firstFound": "2025-07-07T12:42:33.000Z",
+ "lastUpdated": "2025-07-07T12:42:33.000Z",
+ "authorization": "mock_authorization_1",
+ "detectionScore": 56,
+ "discoverySources": "Cloud Agent"
+ }
+ ]
+ },
+ "volumeListData": {
+ "volume": [
+ {
+ "name": "/dev/shm",
+ "free": 2032058368,
+ "size": 2032058368
+ }
+ ]
+ },
+ "networkInterfaceListData": {
+ "networkInterface": [
+ {
+ "hostname": "ub-43-156-0",
+ "addressIpV4": "67.43.156.0",
+ "addressIpV6": "::ffff:432b:9c00",
+ "macAddress": "00:50:56:81:41:84",
+ "interfaceName": "mock_interface_name",
+ "dnsAddress": "mock_dns_address",
+ "gatewayAddress": "mock_gateway_address",
+ "manufacturer": "mock_manufacturer",
+ "macVendorIntroDate": 946944000000,
+ "netmask": "mock_net_mask",
+ "addresses": "mock_Addresses"
+ }
+ ]
+ },
+ "softwareListData": {
+ "software": [
+ {
+ "id": -458390650433303040,
+ "discoverySources": "Cloud Agent",
+ "fullName": "libblockdev-swap2:amd64 2.26-1ubuntu0.1",
+ "softwareType": "Others",
+ "isIgnored": true,
+ "ignoredReason": "Library Packages",
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "productName": "Unknown",
+ "component": "mock_component",
+ "publisher": "Unknown",
+ "edition": "mock",
+ "marketVersion": "mack",
+ "version": "2.26-1ubuntu0.1",
+ "update": "2.26-1ubuntu0.1",
+ "architecture": "mock_architecture",
+ "installDate": "2025-07-07T11:58:14.000Z",
+ "installPath": "mock_install_path",
+ "lastUpdated": "2025-07-07T11:58:14.000Z",
+ "lastUseDate": "2025-07-07T11:58:14.000Z",
+ "language": "mock_language",
+ "formerlyKnownAs": "mock_formerly_known_as",
+ "isPackage": false,
+ "isPackageComponent": false,
+ "packageName": "mock_package_name",
+ "productUrl": "https://example.com",
+ "lifecycle": {
+ "gaDate": "2025-07-07T11:58:14.000Z",
+ "eolDate": "2025-07-07T11:58:14.000Z",
+ "eosDate": "2025-07-07T11:58:14.000Z",
+ "stage": "End-of-Life",
+ "lifeCycleConfidence": "Exact",
+ "eolSupportStage": "End-of-Sale",
+ "eosSupportStage": "End-of-Life",
+ "detectionScore": 5
+ },
+ "supportStageDesc": "mock_support_stage_desc",
+ "license": {
+ "category": "mock_license_category",
+ "subcategory": "mock_license_subcategory"
+ },
+ "authorization": "mock_authorization",
+ "discoveredPublisher": "mock_discovered_publisher",
+ "discoveredName": "mock_discovered_name",
+ "discoveredVersion": "mock_discovered_version",
+ "authorizationDetectionScore": 5,
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "mock_cpe_type",
+ "softwareInstances": [
+ {
+ "firstSeen": "2025-08-01T01:00:00.000Z",
+ "lastSeen": "2025-08-15T01:00:00.000Z",
+ "InstanceName": "mock_instance_name_changed",
+ "PROC": "/usr/bin/python /opt/elastic-agent/elastic-agent.py",
+ "BIN_PATH": "/usr/bin/python",
+ "PRODUCT": "Elastic Agent",
+ "VERSION": "7.2.0",
+ "TECHNOLOGY": "Python",
+ "CONF_PATH": "/opt/elastic-agent/elastic-agent.yml"
+ }
+ ]
+ }
+ ]
+ },
+ "softwareComponent": "mock_software_component",
+ "provider": "mock_provider",
+ "cloudProvider": "mock_cloud_provider",
+ "agent": {
+ "version": "7.2.0.38",
+ "configurationProfile": "config_modules",
+ "activations": [
+ {
+ "key": "cb825267-f182-4583-a0a8-784e17e8efe7",
+ "status": "ACTIVE"
+ }
+ ],
+ "connectedFrom": "2a02:cf40::",
+ "lastActivity": 1752520814000,
+ "lastCheckedIn": 1752520814000,
+ "lastInventory": 1752520816000,
+ "udcManifestAssigned": false,
+ "errorStatus": false
+ },
+ "sensor": {
+ "activatedForModules": [
+ "mock_activated_module"
+ ],
+ "pendingActivationForModules": [
+ "mock_pending_module"
+ ],
+ "lastVMScan": 0,
+ "lastComplianceScan": 0,
+ "lastFullScan": 0,
+ "lastVmScanDateScanner": 0,
+ "lastVmScanDateAgent": 0,
+ "lastPcScanDateScanner": 0,
+ "lastPcScanDateAgent": 0,
+ "firstEasmScanDate": null,
+ "lastEasmScanDate": null
+ },
+ "container": {
+ "product": "mock_product",
+ "version": "mock_version",
+ "noOfContainers": 0,
+ "noOfImages": 0,
+ "hasSensor": "temp_value"
+ },
+ "inventory": {
+ "source": "QAGENT",
+ "created": 1751889561000,
+ "lastUpdated": 1752520814000
+ },
+ "activity": {
+ "source": "QAGENT",
+ "lastScannedDate": 1752520814000
+ },
+ "tagList": {
+ "tag": [
+ {
+ "tagId": 25184898,
+ "tagName": "Cloud Agent",
+ "foregroundColor": 0,
+ "backgroundColor": 0,
+ "businessImpact": "mock_business_impact",
+ "criticalityScore": 5
+ }
+ ]
+ },
+ "serviceList": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "snapd.apparmor.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "lastLocation": {
+ "city": "New York",
+ "state": "California",
+ "country": "United States",
+ "name": "United States",
+ "continent": "North America",
+ "postal": "94041"
+ },
+ "criticality": {
+ "score": 2,
+ "isDefault": true,
+ "lastUpdated": "2025-07-09T14:21:13.000Z"
+ },
+ "businessInformation": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "ownedBy": "Paul",
+ "environment": "QA",
+ "managedBy": "Amit",
+ "supportedBy": "Nick",
+ "supportGroup": "ABC_01",
+ "operationalStatus": "Blocked"
+ },
+ "assignedLocation": {
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "city": "Pune",
+ "state": "MH",
+ "country": "IN"
+ },
+ "businessAppListData": {
+ "businessApp": [
+ {
+ "id": "BARCODE283904",
+ "name": "Quoting App",
+ "environment": "Production",
+ "businessCriticality": "2 - Less Critical",
+ "managedBy": "user",
+ "ownedBy": "ownerr",
+ "supportedBy": "sopporter",
+ "supportGroup": "SME Operations",
+ "operationalStatus": "Mended",
+ "status": "Installed",
+ "usedFor": "Production"
+ }
+ ]
+ },
+ "riskScore": 0,
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "missingSoftware": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "whois": [
+ {
+ "domain": "test_domainr",
+ "createdDate": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "registrantOrganization": "Domains By Proxy, LLC",
+ "registrantName": "1API GmbH",
+ "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrantContact": "temp",
+ "registrar": "1API GmbH",
+ "registrantCountry": "UNITED STATES",
+ "expirationDate": "2026-02-23T00:00:00.000Z",
+ "updatedDate": "2025-07-13T00:00:00.000Z"
+ }
+ ],
+ "organizationName": [
+ "mock_organization_name"
+ ],
+ "isp": "test, Inc.",
+ "asn": "AS53831",
+ "easmTags": [
+ "mock-easm-tag1",
+ "mock-easm-tag2"
+ ],
+ "hostingCategory1": "mock-hosting-category1",
+ "customAttributes": [
+ {
+ "key": "Media State4",
+ "value": "Media disconnected",
+ "connectorName": "Qualys"
+ }
+ ],
+ "lparId": "mock_lpar_id",
+ "processor": {
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "speed": 3200,
+ "numCPUs": 4,
+ "noOfSocket": 2,
+ "threadsPerCore": 2,
+ "coresPerSocket": 2,
+ "multithreadingStatus": "test"
+ }
+ }
+ ]
+ }
+ }
+ `}}
+ - path: /rest/2.0/search/am/asset
+ methods: ['POST']
+ query_params:
+ lastSeenAssetId: 67663823
+ pageSize: 2
+ request_headers:
+ Authorization:
+ - 'Bearer xxxx'
+ responses:
+ - status_code: 200
+ body: |
+ {{ minify_json `
+ {
+ "responseMessage": "Valid API Access",
+ "count": 1,
+ "responseCode": "SUCCESS",
+ "lastSeenAssetId": 67937113,
+ "hasMore": 0,
+ "assetListData": {
+ "asset": [
+ {
+ "assetId": 67937113,
+ "assetUUID": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "hostId": 1437387,
+ "lastModifiedDate": "2025-07-13T14:21:09.000Z",
+ "agentId": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "createdDate": "2025-07-09T14:21:14.000Z",
+ "sensorLastUpdatedDate": "2025-07-13T14:21:09.000Z",
+ "assetType": "HOST",
+ "address": "175.16.199.0",
+ "dnsName": "test_dns_1",
+ "assetName": "test",
+ "netbiosName": "test_bios1",
+ "timeZone": "IST",
+ "biosDescription": "Mock bios description",
+ "lastBoot": "2025-07-01T00:00:00.000Z",
+ "totalMemory": 0,
+ "cpuCount": 8,
+ "lastLoggedOnUser": "test_user_1",
+ "domainRole": "Member Server",
+ "hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "biosSerialNumber": "Test serial number_1",
+ "biosAssetTag": "Test asset tag_1",
+ "isContainerHost": false,
+ "operatingSystem": {
+ "osName": "Mock OS",
+ "fullName": "Mock OS",
+ "category": "Operating System / Windows",
+ "category1": "UBuntu",
+ "category2": "Windows",
+ "productName": "Mock OS",
+ "publisher": "Mock Publisher",
+ "edition": "Mock Edition",
+ "marketVersion": "Mock version",
+ "version": "1.0.0",
+ "update": "Mock update",
+ "architecture": "Mock architecture",
+ "lifecycle": {
+ "gaDate": "2022-01-01T00:00:00.000Z",
+ "eolDate": "2025-01-01T00:00:00.000Z",
+ "eosDate": "2030-01-01T00:00:00.000Z",
+ "stage": "End-of-Sale",
+ "lifeCycleConfidence": "Approximate",
+ "eolSupportStage": "End-of-Sale",
+ "eosSupportStage": "End-of-Life",
+ "detectionScore": 50
+ },
+ "taxonomy": {
+ "id": "mock_taxonomy_id_1",
+ "name": "Mock taxonomy test name",
+ "category1": "Mock category1 test",
+ "category2": "Mock category2 test"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "Mock product family",
+ "installDate": "2025-07-09T14:21:12.000Z",
+ "release": "Mock release 1",
+ "cpeId": "mock_cpe_id_3",
+ "cpe": "mock_cp_6",
+ "cpeType": "Mock test cpe type"
+ },
+ "hardware": {
+ "fullName": "Mock test full name",
+ "category": "Mock test category 1 / Mock test category 2",
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2",
+ "manufacturer": "Mock test manufacturer",
+ "productName": "Mock test product name",
+ "model": "Mock test model",
+ "lifecycle": {
+ "introDate": "2025-07-09T14:21:12.000Z",
+ "gaDate": "2025-07-09T14:21:12.000Z",
+ "eosDate": "2025-07-09T14:21:12.000Z",
+ "obsoleteDate": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable",
+ "lifeCycleConfidence": "Exact"
+ },
+ "taxonomy": {
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock test hardware taxonomy name",
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2"
+ },
+ "productUrl": "https://example.com",
+ "productFamily": "Mock test product family"
+ },
+ "userAccountListData": {
+ "userAccount": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "openPortListData": {
+ "openPort": [
+ {
+ "port": 443,
+ "description": "http protocol over TLS/SSL",
+ "protocol": "TCP",
+ "detectedService": "HTTPs",
+ "firstFound": "2025-07-09T14:21:14.000Z",
+ "lastUpdated": "2025-07-09T14:21:14.000Z",
+ "authorization": "Mock test authorization",
+ "detectionScore": 1,
+ "discoverySources": "EASM"
+ }
+ ]
+ },
+ "volumeListData": {
+ "volume": [
+ {
+ "name": "/run/lock",
+ "free": 5242880,
+ "size": 5242880
+ }
+ ]
+ },
+ "networkInterfaceListData": {
+ "networkInterface": [
+ {
+ "hostname": "mock_hostname",
+ "addressIpV4": "81.2.69.144",
+ "addressIpV6": "::ffff:5102:4590",
+ "macAddress": "mock_mac_address",
+ "interfaceName": "mock_interface_name",
+ "dnsAddress": "mock_dns_address",
+ "gatewayAddress": "mock_gateway_address",
+ "manufacturer": "mock_manufacturer",
+ "macVendorIntroDate": 946944000000,
+ "netmask": "mock_net_mask",
+ "addresses": "mock_Addresses"
+ }
+ ]
+ },
+ "softwareListData": {
+ "software": [
+ {
+ "id": 2727678485371137000,
+ "discoverySources": "EASM",
+ "fullName": "Squarespace Commerce",
+ "softwareType": "Unknown",
+ "isIgnored": true,
+ "ignoredReason": "Unknown",
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "productName": "Unknown",
+ "component": "mock_component",
+ "publisher": "Unknown",
+ "edition": "mock_edition",
+ "marketVersion": "mock_market_version",
+ "version": "mock_version",
+ "update": "mock_update",
+ "architecture": "mock_architecture",
+ "installDate": "2021-10-25T14:21:11.000Z",
+ "installPath": "mock_install_path",
+ "lastUpdated": "2021-10-25T14:21:12.000Z",
+ "lastUseDate": "2021-10-25T14:21:13.000Z",
+ "language": "mock_language",
+ "formerlyKnownAs": "mock_formerly_known_as",
+ "isPackage": false,
+ "isPackageComponent": false,
+ "packageName": "mock_package_name",
+ "productUrl": "mock_product_url",
+ "lifecycle": {
+ "gaDate": "2021-10-25T14:21:12.000Z",
+ "eolDate": "2021-10-25T14:21:12.000Z",
+ "eosDate": "2021-10-25T14:21:12.000Z",
+ "stage": "Unknown",
+ "lifeCycleConfidence": "Mock life cycle confidence",
+ "eolSupportStage": "Mock eol support stage",
+ "eosSupportStage": "Mock eos support stage",
+ "detectionScore": 3
+ },
+ "supportStageDesc": "Mock support stage desc",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "authorization": "Mock authorization",
+ "discoveredPublisher": "Mock discovered publisher",
+ "discoveredName": "Squarespace Commerce",
+ "discoveredVersion": "mock_version",
+ "authorizationDetectionScore": 5,
+ "cpeId": "mock_cpe_id",
+ "cpe": "mock_cpe",
+ "cpeType": "Mock cpe type",
+ "softwareInstances": [
+ {
+ "firstSeen": "2025-06-01T01:00:00.000Z",
+ "lastSeen": "2025-06-15T01:00:00.000Z",
+ "InstanceName": "mock_instance_name",
+ "PROC": "/usr/bin/java -jar /opt/jetty/start.jar",
+ "BIN_PATH": "/usr/bin/java",
+ "PRODUCT": "Apache Jetty",
+ "VERSION": "11.0.9",
+ "TECHNOLOGY": "Java",
+ "CONF_PATH": "/opt/jetty/etc/jetty.xml"
+ }
+ ]
+ }
+ ]
+ },
+ "softwareComponent": "mock_software_component",
+ "provider": "mock_provider",
+ "cloudProvider": "mock_cloud_provider",
+ "agent": {
+ "version": "mock_agent_version",
+ "configurationProfile": "mock_agent_configuration_profile",
+ "activations": null,
+ "connectedFrom": "81.2.69.192",
+ "lastActivity": 0,
+ "lastCheckedIn": 0,
+ "lastInventory": 0,
+ "udcManifestAssigned": false,
+ "errorStatus": false
+ },
+ "sensor": {
+ "activatedForModules": [
+ "VM",
+ "PC"
+ ],
+ "pendingActivationForModules": [
+ "VULN",
+ "COMPLIANCE"
+ ],
+ "lastVMScan": 0,
+ "lastComplianceScan": 0,
+ "lastFullScan": 0,
+ "lastVmScanDateScanner": 0,
+ "lastVmScanDateAgent": 0,
+ "lastPcScanDateScanner": 0,
+ "lastPcScanDateAgent": 0,
+ "firstEasmScanDate": 1752416469000,
+ "lastEasmScanDate": 1752416469000
+ },
+ "container": {
+ "product": "mock_product",
+ "version": "mock_version",
+ "noOfContainers": 10,
+ "noOfImages": 5,
+ "hasSensor": "temp_values"
+ },
+ "inventory": {
+ "source": "EASM",
+ "created": 1752070874000,
+ "lastUpdated": 1752416469000
+ },
+ "activity": {
+ "source": "EASM",
+ "lastScannedDate": 1752416469000
+ },
+ "tagList": {
+ "tag": [
+ {
+ "tagId": 25971788,
+ "tagName": "Shodan",
+ "foregroundColor": 0,
+ "backgroundColor": 0,
+ "businessImpact": "Mock business impact",
+ "criticalityScore": 8
+ }
+ ]
+ },
+ "serviceList": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "systemd-journal-flush.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "lastLocation": {
+ "city": "New York",
+ "state": "California",
+ "country": "United States",
+ "name": "United States",
+ "continent": "North America",
+ "postal": "94041"
+ },
+ "criticality": {
+ "score": 3,
+ "isDefault": false,
+ "lastUpdated": "2025-07-09T14:21:13.000Z"
+ },
+ "businessInformation": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "ownedBy": "Paul",
+ "environment": "QA",
+ "managedBy": "Amit",
+ "supportedBy": "Nick",
+ "supportGroup": "ABC_01",
+ "operationalStatus": "Blocked"
+ },
+ "assignedLocation": {
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "city": "Pune",
+ "state": "MH",
+ "country": "IN"
+ },
+ "businessAppListData": {
+ "businessApp": [
+ {
+ "id": "BARCODE283904",
+ "name": "Quoting App",
+ "environment": "Production",
+ "businessCriticality": "2 - Less Critical",
+ "managedBy": "user",
+ "ownedBy": "ownerr",
+ "supportedBy": "sopporter",
+ "supportGroup": "SME Operations",
+ "operationalStatus": "Mended",
+ "status": "Installed",
+ "usedFor": "Production"
+ }
+ ]
+ },
+ "riskScore": 0,
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "missingSoftware": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "whois": [
+ {
+ "domain": "test_domainr",
+ "createdDate": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domainStatus": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "registrantOrganization": "Domains By Proxy, LLC",
+ "registrantName": "1API GmbH",
+ "registrantEmail": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrantContact": "temp",
+ "registrar": "1API GmbH",
+ "registrantCountry": "UNITED STATES",
+ "expirationDate": "2026-02-23T00:00:00.000Z",
+ "updatedDate": "2025-07-13T00:00:00.000Z"
+ }
+ ],
+ "organizationName": [
+ "mock_organization_name"
+ ],
+ "isp": "test, Inc.",
+ "asn": "AS53831",
+ "easmTags": [
+ "test"
+ ],
+ "hostingCategory1": "ThirdParty",
+ "customAttributes": [
+ {
+ "key": "Media State4",
+ "value": "Media disconnected",
+ "connectorName": "Qualys"
+ }
+ ],
+ "lparId": "mock_lpar_id",
+ "processor": {
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "speed": 3200,
+ "numCPUs": 4,
+ "noOfSocket": 2,
+ "threadsPerCore": 2,
+ "coresPerSocket": 2,
+ "multithreadingStatus": "test"
+ }
+ }
+ ]
+ }
+ }
+ `}}
diff --git a/packages/qualys_gav/changelog.yml b/packages/qualys_gav/changelog.yml
new file mode 100644
index 00000000000..0094468cc3b
--- /dev/null
+++ b/packages/qualys_gav/changelog.yml
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: 0.1.0
+ changes:
+ - description: Initial release.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/14644
diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log
new file mode 100644
index 00000000000..3e6085af52b
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log
@@ -0,0 +1,3 @@
+{"assetId":67669565,"assetUUID":"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9","hostId":1437386,"lastModifiedDate":"2025-07-11T14:21:10.000Z","agentId":"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9","createdDate":"2025-07-09T14:21:12.000Z","sensorLastUpdatedDate":"2025-07-11T14:21:10.000Z","assetType":"HOST","address":"216.160.83.56","dnsName":"test_dns","assetName":"test_asset","netbiosName":"test_bios","timeZone":"+05:30","biosDescription":"Test","lastBoot":"2025-07-09T14:21:12.000Z","totalMemory":10,"cpuCount":0,"lastLoggedOnUser":"test_user","domainRole":"Member Workstation","hwUUID":"422a2b16-4c8b-588a-a20c-c1851ad7e376","biosSerialNumber":"Test serial number","biosAssetTag":"Test asset tag","isContainerHost":false,"operatingSystem":{"osName":"Windows 10","fullName":"Microsoft Windows 10 Enterprise","category":"Operating System / Windows","category1":"Windows","category2":"Windows","productName":"Microsoft Windows 10 Enterprise","publisher":"test","edition":"Enterprise","marketVersion":"10.0.19042.1052","version":"10.0.19042.1052","update":"22.04 LTS 22.04.5 LTS","architecture":"x86","lifecycle":{"gaDate":"2025-07-09T14:21:12.000Z","eolDate":"2025-07-09T14:21:12.000Z","eosDate":"2025-07-09T14:21:12.000Z","stage":"End-of-life","lifeCycleConfidence":"Exact","eolSupportStage":"End-of-life","eosSupportStage":"End-of-life","detectionScore":100},"taxonomy":{"id":"mock_taxonomy_id","name":"Mock taxonomy name","category1":"Mock category1","category2":"Mock category2"},"productUrl":"https://mock_product_url.com","productFamily":"Mock product family","installDate":"2025-07-09T14:21:12.000Z","release":"Mock release","cpeId":"mock_cpe_id","cpe":"mock_cpe","cpeType":"Mock cpe type"},"hardware":{"fullName":"Mock hardware","category":"Mock category 1 / Mock category 2","category1":"Mock category 1","category2":"Mock category 2","manufacturer":"Mock manufacturer","productName":"Mock product name","model":"Mock model","lifecycle":{"introDate":"2025-07-09T14:21:12.000Z","gaDate":"2025-07-09T14:21:12.000Z","eosDate":"2025-07-09T14:21:12.000Z","obsoleteDate":"2025-07-09T14:21:12.000Z","stage":"Not Applicable","lifeCycleConfidence":"Exact"},"taxonomy":{"id":"mock_hardware_taxonomy_id","name":"Mock hardware taxonomy name","category1":"Mock category 1","category2":"Mock category 2"},"productUrl":"https://mock_product_url.com","productFamily":"Mock product family"},"userAccountListData":{"userAccount":[{"name":"root"},{"name":"serviceuser"},{"name":"devuser"}]},"openPortListData":{"openPort":[{"port":443,"description":"http protocol over TLS/SSL","protocol":"TCP","detectedService":"HTTPs","firstFound":"2025-07-09T14:21:12.000Z","lastUpdated":"2025-07-09T14:21:12.000Z","authorization":"Mock authorization","detectionScore":100,"discoverySources":"EASM"}]},"volumeListData":{"volume":[{"name":"/","free":34645118976,"size":48202350592}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"mock_hostname","addressIpV4":"81.2.69.142","addressIpV6":"::ffff:5102:458e","macAddress":"00:00:5e:00:53:00","interfaceName":"mock_interface_name","dnsAddress":"mock_dns_address","gatewayAddress":"mock_geteaway_address","manufacturer":"Mock manufacturer","macVendorIntroDate":946944000000,"netmask":"mock_net_mask","addresses":"mock_Address"}]},"softwareListData":{"software":[{"id":8464359598295418000,"discoverySources":"EASM","fullName":"Apache HTTP Server","softwareType":"Application","isIgnored":false,"ignoredReason":"Insufficient Information","category":"Network Application / Web Servers","category1":"Network Application","category2":"Web Servers","productName":"Apache HTTP Server","component":"Server","publisher":"Apache","edition":"Unknown","marketVersion":"Unknown","version":"2.4.7","update":"2021-10-25","architecture":"x86_64","installDate":"2021-10-25T14:21:12.000Z","installPath":"/usr/local/apache2","lastUpdated":"2021-10-25T14:21:12.000Z","lastUseDate":"2021-10-25T14:21:12.000Z","language":"C","formerlyKnownAs":"httpd","isPackage":false,"isPackageComponent":false,"packageName":null,"productUrl":"https://en.wikipedia.org/wiki/Apache_HTTP_Server,,","lifecycle":{"gaDate":"2021-10-25T14:21:12.000Z","eolDate":"2021-10-25T14:21:12.000Z","eosDate":"2021-10-25T14:21:12.000Z","stage":"Not Applicable","lifeCycleConfidence":"Exact","eolSupportStage":"Mock eol support stage","eosSupportStage":"Mock eos support stage","detectionScore":0},"supportStageDesc":"Mock support stage desc","license":{"category":"Mock license category","subcategory":"Mock license subcategory"},"authorization":"Mock authorization","discoveredPublisher":"Mock discovered publisher","discoveredName":"Mock discovered name","discoveredVersion":"mock_version","authorizationDetectionScore":5,"cpeId":"mock_cpe_id","cpe":"mock_cpe","cpeType":"Mock cpe type","softwareInstances":[{"firstSeen":"2025-07-08T01:15:52.000Z","lastSeen":"2025-07-14T19:20:15.000Z","InstanceName":"DOCKER","PROC":" 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock","BIN_PATH":"/usr/bin/docker -H unix:///var/run/docker.sock","PRODUCT":"Docker","VERSION":"24.0.7","TECHNOLOGY":"Docker CE_EE","CONF_PATH":"/etc/docker/daemon.json"}]}]},"softwareComponent":"Apache HTTP Server","provider":"Apache","cloudProvider":"Amazon Web Services","agent":{"version":"2.4.7","configurationProfile":"Apache HTTP Server","activations":[{"key":"httpd","status":"ACTIVE"}],"connectedFrom":"216.160.83.56","lastActivity":1752520814000,"lastCheckedIn":1752520814000,"lastInventory":1752520816000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["mock_activated_module"],"pendingActivationForModules":["mock_pending_module"],"lastVMScan":0,"lastComplianceScan":0,"lastFullScan":0,"lastVmScanDateScanner":0,"lastVmScanDateAgent":0,"lastPcScanDateScanner":0,"lastPcScanDateAgent":0,"firstEasmScanDate":1752243670000,"lastEasmScanDate":1752243670000},"container":{"product":"mock_product","version":"mock_version","noOfContainers":5,"noOfImages":3,"hasSensor":"temp_value"},"inventory":{"source":"EASM","created":1752070872000,"lastUpdated":1752243670000},"activity":{"source":"EASM","lastScannedDate":1752243670000},"tagList":{"tag":[{"tagId":25971788,"tagName":"Shodan","foregroundColor":0,"backgroundColor":0,"businessImpact":"mock_business_impact","criticalityScore":3}]},"serviceList":{"service":[{"description":"temp_Decp","name":"systemd-networkd.service","status":"loaded/active/running"}]},"lastLocation":{"city":"New York","state":"California","country":"United States","name":"United States","continent":"North America","postal":"94040"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2025-07-09T14:21:11.000Z"},"businessInformation":{"company":"Qualys","department":"Engineering","ownedBy":"Paul","environment":"QA","managedBy":"Amit","supportedBy":"Nick","supportGroup":"ABC_01","operationalStatus":"Blocked"},"assignedLocation":{"name":"4492 Camino De La Plaza, Pune,IN","city":"Pune","state":"MH","country":"IN"},"businessAppListData":{"businessApp":[{"id":"BARCODE283904","name":"Quoting App","environment":"Production","businessCriticality":"2 - Less Critical","managedBy":"user","ownedBy":"ownerr","supportedBy":"sopporter","supportGroup":"SME Operations","operationalStatus":"Mended","status":"Installed","usedFor":"Production"}]},"riskScore":0,"domain":["domain1","domain2"],"subdomain":["subdomain1","subdomain2"],"missingSoftware":["test1","test2","test3"],"whois":[{"domain":"test_domainr","createdDate":"2024-02-23T00:00:00.000Z","dnssec":"test","domainStatus":"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited","registrantOrganization":"Domains By Proxy, LLC","registrantName":"1API GmbH","registrantEmail":"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com","registrantContact":"temp","registrar":"1API GmbH","registrantCountry":"UNITED STATES","expirationDate":"2026-02-23T00:00:00.000Z","updatedDate":"2025-07-13T00:00:00.000Z"}],"organizationName":["mock"],"isp":"test, Inc.","asn":"AS53831","easmTags":["cloud","cdn"],"hostingCategory1":"CDN","customAttributes":[{"key":"Media State4","value":"Media disconnected","connectorName":"Qualys"}],"lparId":"mock_lpar_id","processor":{"description":"Intel(R) Xeon(R) Gold 6430","speed":3200,"numCPUs":4,"noOfSocket":2,"threadsPerCore":2,"coresPerSocket":2,"multithreadingStatus":"test"}}
+{"assetId":67671740,"assetUUID":"4cf3040a-82a5-46a1-b059-17372b051ec7","hostId":1437387,"lastModifiedDate":"2025-07-13T14:21:09.000Z","agentId":"4cf3040a-82a5-46a1-b059-17372b051ec7","createdDate":"2025-07-09T14:21:14.000Z","sensorLastUpdatedDate":"2025-07-13T14:21:09.000Z","assetType":"HOST","address":"175.16.199.0","dnsName":"test_dns_1","assetName":"test","netbiosName":"test_bios1","timeZone":"IST","biosDescription":"Mock bios description","lastBoot":"2025-07-01T00:00:00.000Z","totalMemory":0,"cpuCount":8,"lastLoggedOnUser":"test_user_1","domainRole":"Member Server","hwUUID":"422a2b16-4c8b-588a-a20c-c1851ad7e376","biosSerialNumber":"Test serial number_1","biosAssetTag":"Test asset tag_1","isContainerHost":false,"operatingSystem":{"osName":"Mock OS","fullName":"Mock OS","category":"Operating System / Windows","category1":"UBuntu","category2":"Windows","productName":"Mock OS","publisher":"Mock Publisher","edition":"Mock Edition","marketVersion":"Mock version","version":"1.0.0","update":"Mock update","architecture":"Mock architecture","lifecycle":{"gaDate":"2022-01-01T00:00:00.000Z","eolDate":"2025-01-01T00:00:00.000Z","eosDate":"2030-01-01T00:00:00.000Z","stage":"End-of-Sale","lifeCycleConfidence":"Approximate","eolSupportStage":"End-of-Sale","eosSupportStage":"End-of-Life","detectionScore":50},"taxonomy":{"id":"mock_taxonomy_id_1","name":"Mock taxonomy test name","category1":"Mock category1 test","category2":"Mock category2 test"},"productUrl":"https://example.com","productFamily":"Mock product family","installDate":"2025-07-09T14:21:12.000Z","release":"Mock release 1","cpeId":"mock_cpe_id_3","cpe":"mock_cp_6","cpeType":"Mock test cpe type"},"hardware":{"fullName":"Mock test full name","category":"Mock test category 1 / Mock test category 2","category1":"Mock test category 1","category2":"Mock test category 2","manufacturer":"Mock test manufacturer","productName":"Mock test product name","model":"Mock test model","lifecycle":{"introDate":"2025-07-09T14:21:12.000Z","gaDate":"2025-07-09T14:21:12.000Z","eosDate":"2025-07-09T14:21:12.000Z","obsoleteDate":"2025-07-09T14:21:12.000Z","stage":"Not Applicable","lifeCycleConfidence":"Exact"},"taxonomy":{"id":"mock_hardware_taxonomy_id","name":"Mock test hardware taxonomy name","category1":"Mock test category 1","category2":"Mock test category 2"},"productUrl":"https://example.com","productFamily":"Mock test product family"},"userAccountListData":{"userAccount":[{"name":"root"},{"name":"serviceuser"},{"name":"devuser"}]},"openPortListData":{"openPort":[{"port":443,"description":"http protocol over TLS/SSL","protocol":"TCP","detectedService":"HTTPs","firstFound":"2025-07-09T14:21:14.000Z","lastUpdated":"2025-07-09T14:21:14.000Z","authorization":"Mock test authorization","detectionScore":1,"discoverySources":"EASM"}]},"volumeListData":{"volume":[{"name":"/run/lock","free":5242880,"size":5242880}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"mock_hostname","addressIpV4":"81.2.69.144","addressIpV6":"::ffff:5102:4590","macAddress":"01:00:5e:90:10:00","interfaceName":"mock_interface_name","dnsAddress":"mock_dns_address","gatewayAddress":"mock_gateway_address","manufacturer":"mock_manufacturer","macVendorIntroDate":946944000000,"netmask":"mock_net_mask","addresses":"mock_Addresses"}]},"softwareListData":{"software":[{"id":2727678485371137000,"discoverySources":"EASM","fullName":"Squarespace Commerce","softwareType":"Unknown","isIgnored":true,"ignoredReason":"Unknown","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":"mock_component","publisher":"Unknown","edition":"mock_edition","marketVersion":"mock_market_version","version":"mock_version","update":"mock_update","architecture":"mock_architecture","installDate":"2021-10-25T14:21:11.000Z","installPath":"mock_install_path","lastUpdated":"2021-10-25T14:21:12.000Z","lastUseDate":"2021-10-25T14:21:13.000Z","language":"mock_language","formerlyKnownAs":"mock_formerly_known_as","isPackage":false,"isPackageComponent":false,"packageName":"mock_package_name","productUrl":"mock_product_url","lifecycle":{"gaDate":"2021-10-25T14:21:12.000Z","eolDate":"2021-10-25T14:21:12.000Z","eosDate":"2021-10-25T14:21:12.000Z","stage":"Unknown","lifeCycleConfidence":"Mock life cycle confidence","eolSupportStage":"Mock eol support stage","eosSupportStage":"Mock eos support stage","detectionScore":3},"supportStageDesc":"Mock support stage desc","license":{"category":"Mock license category","subcategory":"Mock license subcategory"},"authorization":"Mock authorization","discoveredPublisher":"Mock discovered publisher","discoveredName":"Squarespace Commerce","discoveredVersion":"mock_version","authorizationDetectionScore":5,"cpeId":"mock_cpe_id","cpe":"mock_cpe","cpeType":"Mock cpe type","softwareInstances":[{"firstSeen":"2025-06-01T01:00:00.000Z","lastSeen":"2025-06-15T01:00:00.000Z","InstanceName":"mock_instance_name","PROC":"/usr/bin/java -jar /opt/jetty/start.jar","BIN_PATH":"/usr/bin/java","PRODUCT":"Apache Jetty","VERSION":"11.0.9","TECHNOLOGY":"Java","CONF_PATH":"/opt/jetty/etc/jetty.xml"}]}]},"softwareComponent":"mock_software_component","provider":"mock_provider","cloudProvider":"mock_cloud_provider","agent":{"version":"mock_agent_version","configurationProfile":"mock_agent_configuration_profile","activations":null,"connectedFrom":"81.2.69.192","lastActivity":0,"lastCheckedIn":0,"lastInventory":0,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["VM","PC"],"pendingActivationForModules":["VULN","COMPLIANCE"],"lastVMScan":0,"lastComplianceScan":0,"lastFullScan":0,"lastVmScanDateScanner":0,"lastVmScanDateAgent":0,"lastPcScanDateScanner":0,"lastPcScanDateAgent":0,"firstEasmScanDate":1752416469000,"lastEasmScanDate":1752416469000},"container":{"product":"mock_product","version":"mock_version","noOfContainers":10,"noOfImages":5,"hasSensor":"temp_values"},"inventory":{"source":"EASM","created":1752070874000,"lastUpdated":1752416469000},"activity":{"source":"EASM","lastScannedDate":1752416469000},"tagList":{"tag":[{"tagId":25971788,"tagName":"Shodan","foregroundColor":0,"backgroundColor":0,"businessImpact":"Mock business impact","criticalityScore":8}]},"serviceList":{"service":[{"description":"mock_description","name":"systemd-journal-flush.service","status":"loaded/active/exited"}]},"lastLocation":{"city":"New York","state":"California","country":"United States","name":"United States","continent":"North America","postal":"94041"},"criticality":{"score":3,"isDefault":false,"lastUpdated":"2025-07-09T14:21:13.000Z"},"businessInformation":{"company":"Qualys","department":"Engineering","ownedBy":"Paul","environment":"QA","managedBy":"Amit","supportedBy":"Nick","supportGroup":"ABC_01","operationalStatus":"Blocked"},"assignedLocation":{"name":"4492 Camino De La Plaza, Pune,IN","city":"Pune","state":"MH","country":"IN"},"businessAppListData":{"businessApp":[{"id":"BARCODE283904","name":"Quoting App","environment":"Production","businessCriticality":"2 - Less Critical","managedBy":"user","ownedBy":"ownerr","supportedBy":"sopporter","supportGroup":"SME Operations","operationalStatus":"Mended","status":"Installed","usedFor":"Production"}]},"riskScore":0,"domain":["domain1","domain2"],"subdomain":["subdomain1","subdomain2"],"missingSoftware":["test1","test2","test3"],"whois":[{"domain":"test_domainr","createdDate":"2024-02-23T00:00:00.000Z","dnssec":"test","domainStatus":"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited","registrantOrganization":"Domains By Proxy, LLC","registrantName":"1API GmbH","registrantEmail":"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com","registrantContact":"temp","registrar":"1API GmbH","registrantCountry":"UNITED STATES","expirationDate":"2026-02-23T00:00:00.000Z","updatedDate":"2025-07-13T00:00:00.000Z"}],"organizationName":["mock_organization_name"],"isp":"test, Inc.","asn":"AS53831","easmTags":["test"],"hostingCategory1":"ThirdParty","customAttributes":[{"key":"Media State4","value":"Media disconnected","connectorName":"Qualys"}],"lparId":"mock_lpar_id","processor":{"description":"Intel(R) Xeon(R) Gold 6430","speed":3200,"numCPUs":4,"noOfSocket":2,"threadsPerCore":2,"coresPerSocket":2,"multithreadingStatus":"test"}}
+{"assetId":67543783,"assetUUID":"15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e","hostId":1437388,"lastModifiedDate":"2025-07-14T19:20:16.000Z","agentId":"15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e","createdDate":"2025-07-10T09:55:55.000Z","sensorLastUpdatedDate":"2025-07-14T19:20:16.000Z","assetType":"HOST","address":"1.128.0.0","dnsName":"test","assetName":"test","netbiosName":"test_bios_2","timeZone":"+05:30","biosDescription":"Test Bios Descriptor","lastBoot":"2025-07-10T18:15:44.000Z","totalMemory":3875,"cpuCount":4,"lastLoggedOnUser":"serviceuser","domainRole":null,"hwUUID":"e3a60142-2b7d-d478-3da7-d45e576c7d76","biosSerialNumber":"VMware-42 01 a6 e3 7d 2b 78 d4-3d a7 d4 5e 57 6c 7d 76","biosAssetTag":"mock_asset_tag","isContainerHost":false,"operatingSystem":{"osName":"Ubuntu Linux 22.04.5","fullName":"Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)","category":"Linux / Unidentified","category1":"Linux","category2":"Unidentified","productName":"Ubuntu","publisher":"Mock Publisher","edition":"mock_edition","marketVersion":"Jammy Jellyfish","version":"22.04 LTS","update":"22.04 LTS 22.04.5 LTS","architecture":"x86_64","lifecycle":{"gaDate":"2022-04-21T00:00:00.000Z","eolDate":"2027-04-30T00:00:00.000Z","eosDate":"2027-04-30T00:00:00.000Z","stage":"GA","lifeCycleConfidence":"Exact","eolSupportStage":"End of Standard Support","eosSupportStage":"End of Standard Support","detectionScore":0},"taxonomy":{"id":"mock_taxonomy_id_4","name":"Linux / Unidentified","category1":"Linux","category2":"Unidentified"},"productUrl":"https://example.com","productFamily":"mock_product_family","installDate":"2025-07-07T11:58:14.000Z","release":"22.04.5","cpeId":"mock_cpe_id_8","cpe":"mock_cpe_0","cpeType":"NIST"},"hardware":{"fullName":"VMware VMware Virtual Platform VMware Virtual Platform","category":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine","manufacturer":"VMware","productName":"VMware Virtual Platform","model":"VMware Virtual Platform","lifecycle":{"introDate":"2025-07-07T11:58:14.000Z","gaDate":"2025-07-07T11:58:14.000Z","eosDate":"2025-07-07T11:58:14.000Z","obsoleteDate":"2025-07-07T11:58:14.000Z","stage":"Unknown","lifeCycleConfidence":"Exact"},"taxonomy":{"id":"mock_hardware_taxonomy_id_2","name":"Virtualized / Virtual Machine","category1":"Virtualized","category2":"Virtual Machine"},"productUrl":"https://example.com","productFamily":"mock_product_family_2"},"userAccountListData":{"userAccount":[{"name":"root"},{"name":"serviceuser"},{"name":"devuser"}]},"openPortListData":{"openPort":[{"port":53,"description":"Mock Description","protocol":"TCP","detectedService":"add and remove users and groups","firstFound":"2025-07-07T12:42:33.000Z","lastUpdated":"2025-07-07T12:42:33.000Z","authorization":"mock_authorization_1","detectionScore":56,"discoverySources":"Cloud Agent"}]},"volumeListData":{"volume":[{"name":"/dev/shm","free":2032058368,"size":2032058368}]},"networkInterfaceListData":{"networkInterface":[{"hostname":"ub-43-156-0","addressIpV4":"67.43.156.0","addressIpV6":"::ffff:432b:9c00","macAddress":"00:00:5e:00:53:00","interfaceName":"mock_interface_name","dnsAddress":"mock_dns_address","gatewayAddress":"mock_gateway_address","manufacturer":"mock_manufacturer","macVendorIntroDate":946944000000,"netmask":"mock_net_mask","addresses":"mock_Addresses"}]},"softwareListData":{"software":[{"id":-458390650433303040,"discoverySources":"Cloud Agent","fullName":"libblockdev-swap2:amd64 2.26-1ubuntu0.1","softwareType":"Others","isIgnored":true,"ignoredReason":"Library Packages","category":"Unknown / Unknown","category1":"Unknown","category2":"Unknown","productName":"Unknown","component":"mock_component","publisher":"Unknown","edition":"mock","marketVersion":"mack","version":"2.26-1ubuntu0.1","update":"2.26-1ubuntu0.1","architecture":"mock_architecture","installDate":"2025-07-07T11:58:14.000Z","installPath":"mock_install_path","lastUpdated":"2025-07-07T11:58:14.000Z","lastUseDate":"2025-07-07T11:58:14.000Z","language":"mock_language","formerlyKnownAs":"mock_formerly_known_as","isPackage":false,"isPackageComponent":false,"packageName":"mock_package_name","productUrl":"https://example.com","lifecycle":{"gaDate":"2025-07-07T11:58:14.000Z","eolDate":"2025-07-07T11:58:14.000Z","eosDate":"2025-07-07T11:58:14.000Z","stage":"End-of-Life","lifeCycleConfidence":"Exact","eolSupportStage":"End-of-Sale","eosSupportStage":"End-of-Life","detectionScore":5},"supportStageDesc":"mock_support_stage_desc","license":{"category":"mock_license_category","subcategory":"mock_license_subcategory"},"authorization":"mock_authorization","discoveredPublisher":"mock_discovered_publisher","discoveredName":"mock_discovered_name","discoveredVersion":"mock_discovered_version","authorizationDetectionScore":5,"cpeId":"mock_cpe_id","cpe":"mock_cpe","cpeType":"mock_cpe_type","softwareInstances":[{"firstSeen":"2025-08-01T01:00:00.000Z","lastSeen":"2025-08-15T01:00:00.000Z","InstanceName":"mock_instance_name_changed","PROC":"/usr/bin/python /opt/elastic-agent/elastic-agent.py","BIN_PATH":"/usr/bin/python","PRODUCT":"Elastic Agent","VERSION":"7.2.0","TECHNOLOGY":"Python","CONF_PATH":"/opt/elastic-agent/elastic-agent.yml"}]}]},"softwareComponent":"mock_software_component","provider":"mock_provider","cloudProvider":"mock_cloud_provider","agent":{"version":"7.2.0.38","configurationProfile":"config_modules","activations":[{"key":"cb825267-f182-4583-a0a8-784e17e8efe7","status":"ACTIVE"}],"connectedFrom":"2a02:cf40::","lastActivity":1752520814000,"lastCheckedIn":1752520814000,"lastInventory":1752520816000,"udcManifestAssigned":false,"errorStatus":false},"sensor":{"activatedForModules":["mock_activated_module"],"pendingActivationForModules":["mock_pending_module"],"lastVMScan":0,"lastComplianceScan":0,"lastFullScan":0,"lastVmScanDateScanner":0,"lastVmScanDateAgent":0,"lastPcScanDateScanner":0,"lastPcScanDateAgent":0,"firstEasmScanDate":null,"lastEasmScanDate":null},"container":{"product":"mock_product","version":"mock_version","noOfContainers":0,"noOfImages":0,"hasSensor":"temp_value"},"inventory":{"source":"QAGENT","created":1751889561000,"lastUpdated":1752520814000},"activity":{"source":"QAGENT","lastScannedDate":1752520814000},"tagList":{"tag":[{"tagId":25184898,"tagName":"Cloud Agent","foregroundColor":0,"backgroundColor":0,"businessImpact":"mock_business_impact","criticalityScore":5}]},"serviceList":{"service":[{"description":"mock_description","name":"snapd.apparmor.service","status":"loaded/active/exited"}]},"lastLocation":{"city":"New York","state":"California","country":"United States","name":"United States","continent":"North America","postal":"94041"},"criticality":{"score":2,"isDefault":true,"lastUpdated":"2025-07-09T14:21:13.000Z"},"businessInformation":{"company":"Qualys","department":"Engineering","ownedBy":"Paul","environment":"QA","managedBy":"Amit","supportedBy":"Nick","supportGroup":"ABC_01","operationalStatus":"Blocked"},"assignedLocation":{"name":"4492 Camino De La Plaza, Pune,IN","city":"Pune","state":"MH","country":"IN"},"businessAppListData":{"businessApp":[{"id":"BARCODE283904","name":"Quoting App","environment":"Production","businessCriticality":"2 - Less Critical","managedBy":"user","ownedBy":"ownerr","supportedBy":"sopporter","supportGroup":"SME Operations","operationalStatus":"Mended","status":"Installed","usedFor":"Production"}]},"riskScore":0,"domain":["domain1","domain2"],"subdomain":["subdomain1","subdomain2"],"missingSoftware":["test1","test2","test3"],"whois":[{"domain":"test_domainr","createdDate":"2024-02-23T00:00:00.000Z","dnssec":"test","domainStatus":"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited","registrantOrganization":"Domains By Proxy, LLC","registrantName":"1API GmbH","registrantEmail":"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com","registrantContact":"temp","registrar":"1API GmbH","registrantCountry":"UNITED STATES","expirationDate":"2026-02-23T00:00:00.000Z","updatedDate":"2025-07-13T00:00:00.000Z"}],"organizationName":["mock_organization_name"],"isp":"test, Inc.","asn":"AS53831","easmTags":["mock-easm-tag1","mock-easm-tag2"],"hostingCategory1":"mock-hosting-category1","customAttributes":[{"key":"Media State4","value":"Media disconnected","connectorName":"Qualys"}],"lparId":"mock_lpar_id","processor":{"description":"Intel(R) Xeon(R) Gold 6430","speed":3200,"numCPUs":4,"noOfSocket":2,"threadsPerCore":2,"coresPerSocket":2,"multithreadingStatus":"test"}}
diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json
new file mode 100644
index 00000000000..9c423f85d60
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json
@@ -0,0 +1,1502 @@
+{
+ "expected": [
+ {
+ "cloud": {
+ "provider": "Amazon Web Services"
+ },
+ "device": {
+ "manufacturer": "Mock manufacturer",
+ "model": {
+ "name": "Mock model"
+ }
+ },
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "event": {
+ "category": [
+ "host"
+ ],
+ "created": "2025-07-09T14:21:12.000Z",
+ "kind": "event",
+ "original": "{\"assetId\":67669565,\"assetUUID\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"hostId\":1437386,\"lastModifiedDate\":\"2025-07-11T14:21:10.000Z\",\"agentId\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"createdDate\":\"2025-07-09T14:21:12.000Z\",\"sensorLastUpdatedDate\":\"2025-07-11T14:21:10.000Z\",\"assetType\":\"HOST\",\"address\":\"216.160.83.56\",\"dnsName\":\"test_dns\",\"assetName\":\"test_asset\",\"netbiosName\":\"test_bios\",\"timeZone\":\"+05:30\",\"biosDescription\":\"Test\",\"lastBoot\":\"2025-07-09T14:21:12.000Z\",\"totalMemory\":10,\"cpuCount\":0,\"lastLoggedOnUser\":\"test_user\",\"domainRole\":\"Member Workstation\",\"hwUUID\":\"422a2b16-4c8b-588a-a20c-c1851ad7e376\",\"biosSerialNumber\":\"Test serial number\",\"biosAssetTag\":\"Test asset tag\",\"isContainerHost\":false,\"operatingSystem\":{\"osName\":\"Windows 10\",\"fullName\":\"Microsoft Windows 10 Enterprise\",\"category\":\"Operating System / Windows\",\"category1\":\"Windows\",\"category2\":\"Windows\",\"productName\":\"Microsoft Windows 10 Enterprise\",\"publisher\":\"test\",\"edition\":\"Enterprise\",\"marketVersion\":\"10.0.19042.1052\",\"version\":\"10.0.19042.1052\",\"update\":\"22.04 LTS 22.04.5 LTS\",\"architecture\":\"x86\",\"lifecycle\":{\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"eolDate\":\"2025-07-09T14:21:12.000Z\",\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"stage\":\"End-of-life\",\"lifeCycleConfidence\":\"Exact\",\"eolSupportStage\":\"End-of-life\",\"eosSupportStage\":\"End-of-life\",\"detectionScore\":100},\"taxonomy\":{\"id\":\"mock_taxonomy_id\",\"name\":\"Mock taxonomy name\",\"category1\":\"Mock category1\",\"category2\":\"Mock category2\"},\"productUrl\":\"https://mock_product_url.com\",\"productFamily\":\"Mock product family\",\"installDate\":\"2025-07-09T14:21:12.000Z\",\"release\":\"Mock release\",\"cpeId\":\"mock_cpe_id\",\"cpe\":\"mock_cpe\",\"cpeType\":\"Mock cpe type\"},\"hardware\":{\"fullName\":\"Mock hardware\",\"category\":\"Mock category 1 / Mock category 2\",\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\",\"manufacturer\":\"Mock manufacturer\",\"productName\":\"Mock product name\",\"model\":\"Mock model\",\"lifecycle\":{\"introDate\":\"2025-07-09T14:21:12.000Z\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"obsoleteDate\":\"2025-07-09T14:21:12.000Z\",\"stage\":\"Not Applicable\",\"lifeCycleConfidence\":\"Exact\"},\"taxonomy\":{\"id\":\"mock_hardware_taxonomy_id\",\"name\":\"Mock hardware taxonomy name\",\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\"},\"productUrl\":\"https://mock_product_url.com\",\"productFamily\":\"Mock product family\"},\"userAccountListData\":{\"userAccount\":[{\"name\":\"root\"},{\"name\":\"serviceuser\"},{\"name\":\"devuser\"}]},\"openPortListData\":{\"openPort\":[{\"port\":443,\"description\":\"http protocol over TLS/SSL\",\"protocol\":\"TCP\",\"detectedService\":\"HTTPs\",\"firstFound\":\"2025-07-09T14:21:12.000Z\",\"lastUpdated\":\"2025-07-09T14:21:12.000Z\",\"authorization\":\"Mock authorization\",\"detectionScore\":100,\"discoverySources\":\"EASM\"}]},\"volumeListData\":{\"volume\":[{\"name\":\"/\",\"free\":34645118976,\"size\":48202350592}]},\"networkInterfaceListData\":{\"networkInterface\":[{\"hostname\":\"mock_hostname\",\"addressIpV4\":\"81.2.69.142\",\"addressIpV6\":\"::ffff:5102:458e\",\"macAddress\":\"00:00:5e:00:53:00\",\"interfaceName\":\"mock_interface_name\",\"dnsAddress\":\"mock_dns_address\",\"gatewayAddress\":\"mock_geteaway_address\",\"manufacturer\":\"Mock manufacturer\",\"macVendorIntroDate\":946944000000,\"netmask\":\"mock_net_mask\",\"addresses\":\"mock_Address\"}]},\"softwareListData\":{\"software\":[{\"id\":8464359598295418000,\"discoverySources\":\"EASM\",\"fullName\":\"Apache HTTP Server\",\"softwareType\":\"Application\",\"isIgnored\":false,\"ignoredReason\":\"Insufficient Information\",\"category\":\"Network Application / Web Servers\",\"category1\":\"Network Application\",\"category2\":\"Web Servers\",\"productName\":\"Apache HTTP Server\",\"component\":\"Server\",\"publisher\":\"Apache\",\"edition\":\"Unknown\",\"marketVersion\":\"Unknown\",\"version\":\"2.4.7\",\"update\":\"2021-10-25\",\"architecture\":\"x86_64\",\"installDate\":\"2021-10-25T14:21:12.000Z\",\"installPath\":\"/usr/local/apache2\",\"lastUpdated\":\"2021-10-25T14:21:12.000Z\",\"lastUseDate\":\"2021-10-25T14:21:12.000Z\",\"language\":\"C\",\"formerlyKnownAs\":\"httpd\",\"isPackage\":false,\"isPackageComponent\":false,\"packageName\":null,\"productUrl\":\"https://en.wikipedia.org/wiki/Apache_HTTP_Server,,\",\"lifecycle\":{\"gaDate\":\"2021-10-25T14:21:12.000Z\",\"eolDate\":\"2021-10-25T14:21:12.000Z\",\"eosDate\":\"2021-10-25T14:21:12.000Z\",\"stage\":\"Not Applicable\",\"lifeCycleConfidence\":\"Exact\",\"eolSupportStage\":\"Mock eol support stage\",\"eosSupportStage\":\"Mock eos support stage\",\"detectionScore\":0},\"supportStageDesc\":\"Mock support stage desc\",\"license\":{\"category\":\"Mock license category\",\"subcategory\":\"Mock license subcategory\"},\"authorization\":\"Mock authorization\",\"discoveredPublisher\":\"Mock discovered publisher\",\"discoveredName\":\"Mock discovered name\",\"discoveredVersion\":\"mock_version\",\"authorizationDetectionScore\":5,\"cpeId\":\"mock_cpe_id\",\"cpe\":\"mock_cpe\",\"cpeType\":\"Mock cpe type\",\"softwareInstances\":[{\"firstSeen\":\"2025-07-08T01:15:52.000Z\",\"lastSeen\":\"2025-07-14T19:20:15.000Z\",\"InstanceName\":\"DOCKER\",\"PROC\":\" 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\",\"BIN_PATH\":\"/usr/bin/docker -H unix:///var/run/docker.sock\",\"PRODUCT\":\"Docker\",\"VERSION\":\"24.0.7\",\"TECHNOLOGY\":\"Docker CE_EE\",\"CONF_PATH\":\"/etc/docker/daemon.json\"}]}]},\"softwareComponent\":\"Apache HTTP Server\",\"provider\":\"Apache\",\"cloudProvider\":\"Amazon Web Services\",\"agent\":{\"version\":\"2.4.7\",\"configurationProfile\":\"Apache HTTP Server\",\"activations\":[{\"key\":\"httpd\",\"status\":\"ACTIVE\"}],\"connectedFrom\":\"216.160.83.56\",\"lastActivity\":1752520814000,\"lastCheckedIn\":1752520814000,\"lastInventory\":1752520816000,\"udcManifestAssigned\":false,\"errorStatus\":false},\"sensor\":{\"activatedForModules\":[\"mock_activated_module\"],\"pendingActivationForModules\":[\"mock_pending_module\"],\"lastVMScan\":0,\"lastComplianceScan\":0,\"lastFullScan\":0,\"lastVmScanDateScanner\":0,\"lastVmScanDateAgent\":0,\"lastPcScanDateScanner\":0,\"lastPcScanDateAgent\":0,\"firstEasmScanDate\":1752243670000,\"lastEasmScanDate\":1752243670000},\"container\":{\"product\":\"mock_product\",\"version\":\"mock_version\",\"noOfContainers\":5,\"noOfImages\":3,\"hasSensor\":\"temp_value\"},\"inventory\":{\"source\":\"EASM\",\"created\":1752070872000,\"lastUpdated\":1752243670000},\"activity\":{\"source\":\"EASM\",\"lastScannedDate\":1752243670000},\"tagList\":{\"tag\":[{\"tagId\":25971788,\"tagName\":\"Shodan\",\"foregroundColor\":0,\"backgroundColor\":0,\"businessImpact\":\"mock_business_impact\",\"criticalityScore\":3}]},\"serviceList\":{\"service\":[{\"description\":\"temp_Decp\",\"name\":\"systemd-networkd.service\",\"status\":\"loaded/active/running\"}]},\"lastLocation\":{\"city\":\"New York\",\"state\":\"California\",\"country\":\"United States\",\"name\":\"United States\",\"continent\":\"North America\",\"postal\":\"94040\"},\"criticality\":{\"score\":3,\"isDefault\":false,\"lastUpdated\":\"2025-07-09T14:21:11.000Z\"},\"businessInformation\":{\"company\":\"Qualys\",\"department\":\"Engineering\",\"ownedBy\":\"Paul\",\"environment\":\"QA\",\"managedBy\":\"Amit\",\"supportedBy\":\"Nick\",\"supportGroup\":\"ABC_01\",\"operationalStatus\":\"Blocked\"},\"assignedLocation\":{\"name\":\"4492 Camino De La Plaza, Pune,IN\",\"city\":\"Pune\",\"state\":\"MH\",\"country\":\"IN\"},\"businessAppListData\":{\"businessApp\":[{\"id\":\"BARCODE283904\",\"name\":\"Quoting App\",\"environment\":\"Production\",\"businessCriticality\":\"2 - Less Critical\",\"managedBy\":\"user\",\"ownedBy\":\"ownerr\",\"supportedBy\":\"sopporter\",\"supportGroup\":\"SME Operations\",\"operationalStatus\":\"Mended\",\"status\":\"Installed\",\"usedFor\":\"Production\"}]},\"riskScore\":0,\"domain\":[\"domain1\",\"domain2\"],\"subdomain\":[\"subdomain1\",\"subdomain2\"],\"missingSoftware\":[\"test1\",\"test2\",\"test3\"],\"whois\":[{\"domain\":\"test_domainr\",\"createdDate\":\"2024-02-23T00:00:00.000Z\",\"dnssec\":\"test\",\"domainStatus\":\"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited\",\"registrantOrganization\":\"Domains By Proxy, LLC\",\"registrantName\":\"1API GmbH\",\"registrantEmail\":\"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com\",\"registrantContact\":\"temp\",\"registrar\":\"1API GmbH\",\"registrantCountry\":\"UNITED STATES\",\"expirationDate\":\"2026-02-23T00:00:00.000Z\",\"updatedDate\":\"2025-07-13T00:00:00.000Z\"}],\"organizationName\":[\"mock\"],\"isp\":\"test, Inc.\",\"asn\":\"AS53831\",\"easmTags\":[\"cloud\",\"cdn\"],\"hostingCategory1\":\"CDN\",\"customAttributes\":[{\"key\":\"Media State4\",\"value\":\"Media disconnected\",\"connectorName\":\"Qualys\"}],\"lparId\":\"mock_lpar_id\",\"processor\":{\"description\":\"Intel(R) Xeon(R) Gold 6430\",\"speed\":3200,\"numCPUs\":4,\"noOfSocket\":2,\"threadsPerCore\":2,\"coresPerSocket\":2,\"multithreadingStatus\":\"test\"}}",
+ "risk_score": 0.0,
+ "timezone": "+05:30",
+ "type": [
+ "info"
+ ]
+ },
+ "host": {
+ "architecture": "x86",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "geo": {
+ "city_name": "New York",
+ "continent_name": "North America",
+ "country_name": "United States",
+ "postal_code": "94040"
+ },
+ "hostname": "test_dns",
+ "id": "67669565",
+ "ip": [
+ "216.160.83.56"
+ ],
+ "name": "test_asset",
+ "os": {
+ "family": "Mock product family",
+ "full": "Microsoft Windows 10 Enterprise",
+ "name": "Windows 10",
+ "platform": "Microsoft Windows 10 Enterprise",
+ "type": "windows",
+ "version": "10.0.19042.1052"
+ },
+ "type": "HOST"
+ },
+ "observer": {
+ "product": "Global AssetView",
+ "vendor": "Qualys"
+ },
+ "package": {
+ "architecture": [
+ "x86_64"
+ ],
+ "description": [
+ "Mock support stage desc"
+ ],
+ "installed": [
+ "2021-10-25T14:21:12.000Z"
+ ],
+ "license": [
+ "Mock license category"
+ ],
+ "name": [
+ "Apache HTTP Server"
+ ],
+ "path": [
+ "/usr/local/apache2"
+ ],
+ "reference": [
+ "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,"
+ ],
+ "type": [
+ "Application"
+ ],
+ "version": [
+ "2.4.7"
+ ]
+ },
+ "qualys_gav": {
+ "asset": {
+ "activity": {
+ "last_scanned_date": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "address": "216.160.83.56",
+ "agent": {
+ "activations": [
+ {
+ "key": "httpd",
+ "status": "ACTIVE"
+ }
+ ],
+ "configuration_profile": "Apache HTTP Server",
+ "connected_from": "216.160.83.56",
+ "error_status": false,
+ "last_activity": "2025-07-14T19:20:14.000Z",
+ "last_checked_in": "2025-07-14T19:20:14.000Z",
+ "last_inventory": "2025-07-14T19:20:16.000Z",
+ "udc_manifest_assigned": false,
+ "version": "2.4.7"
+ },
+ "agent_id": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "asn": "AS53831",
+ "asset_id": "67669565",
+ "asset_name": "test_asset",
+ "asset_type": "HOST",
+ "asset_uuid": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "assigned_location": {
+ "city": "Pune",
+ "country": "IN",
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "state": "MH"
+ },
+ "bios_asset_tag": "Test asset tag",
+ "bios_description": "Test",
+ "bios_serial_number": "Test serial number",
+ "business_app_list_data": {
+ "business_app": [
+ {
+ "business_criticality": "2 - Less Critical",
+ "environment": "Production",
+ "id": "BARCODE283904",
+ "managed_by": "user",
+ "name": "Quoting App",
+ "operational_status": "Mended",
+ "owned_by": "ownerr",
+ "status": "Installed",
+ "support_group": "SME Operations",
+ "supported_by": "sopporter",
+ "used_for": "Production"
+ }
+ ]
+ },
+ "business_information": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "environment": "QA",
+ "managed_by": "Amit",
+ "operational_status": "Blocked",
+ "owned_by": "Paul",
+ "support_group": "ABC_01",
+ "supported_by": "Nick"
+ },
+ "cloud_provider": "Amazon Web Services",
+ "container": {
+ "has_sensor": "temp_value",
+ "no_of_containers": 5,
+ "no_of_images": 3,
+ "product": "mock_product",
+ "version": "mock_version"
+ },
+ "cpu_count": 0,
+ "created_date": "2025-07-09T14:21:12.000Z",
+ "criticality": {
+ "is_default": false,
+ "last_updated": "2025-07-09T14:21:11.000Z",
+ "score": 3
+ },
+ "custom_attributes": [
+ {
+ "connector_name": "Qualys",
+ "key": "Media State4",
+ "value": "Media disconnected"
+ }
+ ],
+ "dns_name": "test_dns",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "domain_role": "Member Workstation",
+ "easm_tags": [
+ "cloud",
+ "cdn"
+ ],
+ "hardware": {
+ "category": "Mock category 1 / Mock category 2",
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "full_name": "Mock hardware",
+ "lifecycle": {
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "intro_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "obsolete_date": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable"
+ },
+ "manufacturer": "Mock manufacturer",
+ "model": "Mock model",
+ "product_family": "Mock product family",
+ "product_name": "Mock product name",
+ "product_url": "https://mock_product_url.com",
+ "taxonomy": {
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock hardware taxonomy name"
+ }
+ },
+ "host_id": "1437386",
+ "hosting_category1": "CDN",
+ "hw_uuid": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "inventory": {
+ "created": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "is_container_host": false,
+ "isp": "test, Inc.",
+ "last_boot": "2025-07-09T14:21:12.000Z",
+ "last_location": {
+ "city": "New York",
+ "continent": "North America",
+ "country": "United States",
+ "name": "United States",
+ "postal": "94040",
+ "state": "California"
+ },
+ "last_logged_on_user": "test_user",
+ "last_modified_date": "2025-07-11T14:21:10.000Z",
+ "lpar_id": "mock_lpar_id",
+ "missing_software": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "netbios_name": "test_bios",
+ "network_interface_list_data": {
+ "network_interface": [
+ {
+ "address_ip_v4": "81.2.69.142",
+ "address_ip_v6": [
+ "::ffff:5102:458e"
+ ],
+ "addresses": "mock_Address",
+ "dns_address": "mock_dns_address",
+ "gateway_address": "mock_geteaway_address",
+ "hostname": "mock_hostname",
+ "interface_name": "mock_interface_name",
+ "mac_address": "00-00-5E-00-53-00",
+ "mac_vendor_intro_date": "2000-01-04T00:00:00.000Z",
+ "manufacturer": "Mock manufacturer",
+ "netmask": "mock_net_mask"
+ }
+ ]
+ },
+ "open_port_list_data": {
+ "open_port": [
+ {
+ "authorization": "Mock authorization",
+ "description": "http protocol over TLS/SSL",
+ "detected_service": "HTTPs",
+ "detection_score": 100,
+ "discovery_sources": "EASM",
+ "first_found": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-09T14:21:12.000Z",
+ "port": 443,
+ "protocol": "TCP"
+ }
+ ]
+ },
+ "operating_system": {
+ "architecture": "x86",
+ "category": "Operating System / Windows",
+ "category1": "Windows",
+ "category2": "Windows",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "edition": "Enterprise",
+ "full_name": "Microsoft Windows 10 Enterprise",
+ "install_date": "2025-07-09T14:21:12.000Z",
+ "lifecycle": {
+ "detection_score": 100,
+ "eol_date": "2025-07-09T14:21:12.000Z",
+ "eol_support_stage": "End-of-life",
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "eos_support_stage": "End-of-life",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "End-of-life"
+ },
+ "market_version": "10.0.19042.1052",
+ "os_name": "Windows 10",
+ "product_family": "Mock product family",
+ "product_name": "Microsoft Windows 10 Enterprise",
+ "product_url": "https://mock_product_url.com",
+ "publisher": "test",
+ "release": "Mock release",
+ "taxonomy": {
+ "category1": "Mock category1",
+ "category2": "Mock category2",
+ "id": "mock_taxonomy_id",
+ "name": "Mock taxonomy name"
+ },
+ "update": "22.04 LTS 22.04.5 LTS",
+ "version": "10.0.19042.1052"
+ },
+ "organization_name": [
+ "mock"
+ ],
+ "processor": {
+ "cores_per_socket": 2,
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "multithreading_status": "test",
+ "no_of_socket": 2,
+ "num_cpus": 4,
+ "speed": 3200,
+ "threads_per_core": 2
+ },
+ "provider": "Apache",
+ "risk_score": 0.0,
+ "sensor": {
+ "activated_for_modules": [
+ "mock_activated_module"
+ ],
+ "first_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "last_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "pending_activation_for_modules": [
+ "mock_pending_module"
+ ]
+ },
+ "sensor_last_updated_date": "2025-07-11T14:21:10.000Z",
+ "service_list": {
+ "service": [
+ {
+ "description": "temp_Decp",
+ "name": "systemd-networkd.service",
+ "status": "loaded/active/running"
+ }
+ ]
+ },
+ "software_component": "Apache HTTP Server",
+ "software_list_data": {
+ "software": [
+ {
+ "architecture": "x86_64",
+ "authorization": "Mock authorization",
+ "authorization_detection_score": 5,
+ "category": "Network Application / Web Servers",
+ "category1": "Network Application",
+ "category2": "Web Servers",
+ "component": "Server",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "discovered_name": "Mock discovered name",
+ "discovered_publisher": "Mock discovered publisher",
+ "discovered_version": "mock_version",
+ "discovery_sources": "EASM",
+ "edition": "Unknown",
+ "formerly_known_as": "httpd",
+ "full_name": "Apache HTTP Server",
+ "id": "8464359598295418000",
+ "ignored_reason": "Insufficient Information",
+ "install_date": "2021-10-25T14:21:12.000Z",
+ "install_path": "/usr/local/apache2",
+ "is_ignored": false,
+ "is_package": false,
+ "is_package_component": false,
+ "language": "C",
+ "last_updated": "2021-10-25T14:21:12.000Z",
+ "last_use_date": "2021-10-25T14:21:12.000Z",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "lifecycle": {
+ "detection_score": 0,
+ "eol_date": "2021-10-25T14:21:12.000Z",
+ "eol_support_stage": "Mock eol support stage",
+ "eos_date": "2021-10-25T14:21:12.000Z",
+ "eos_support_stage": "Mock eos support stage",
+ "ga_date": "2021-10-25T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "Not Applicable"
+ },
+ "market_version": "Unknown",
+ "product_name": "Apache HTTP Server",
+ "product_url": "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,",
+ "publisher": "Apache",
+ "software_instances": [
+ {
+ "bin_path": "/usr/bin/docker -H unix:///var/run/docker.sock",
+ "conf_path": "/etc/docker/daemon.json",
+ "first_seen": "2025-07-08T01:15:52.000Z",
+ "instance_name": "DOCKER",
+ "last_seen": "2025-07-14T19:20:15.000Z",
+ "proc": " 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock",
+ "product": "Docker",
+ "technology": "Docker CE_EE",
+ "version": "24.0.7"
+ }
+ ],
+ "software_type": "Application",
+ "support_stage_desc": "Mock support stage desc",
+ "update": "2021-10-25",
+ "version": "2.4.7"
+ }
+ ]
+ },
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "tag_list": {
+ "tag": [
+ {
+ "background_color": "0",
+ "business_impact": "mock_business_impact",
+ "criticality_score": 3.0,
+ "foreground_color": "0",
+ "tag_id": "25971788",
+ "tag_name": "Shodan"
+ }
+ ]
+ },
+ "time_zone": "+05:30",
+ "total_memory": 10,
+ "user_account_list_data": {
+ "user_account": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "volume_list_data": {
+ "volume": [
+ {
+ "free": 34645118976,
+ "name": "/",
+ "size": 48202350592
+ }
+ ]
+ },
+ "whois": [
+ {
+ "created_date": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domain": "test_domainr",
+ "domain_status": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "expiration_date": "2026-02-23T00:00:00.000Z",
+ "registrant_contact": "temp",
+ "registrant_country": "UNITED STATES",
+ "registrant_email": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrant_name": "1API GmbH",
+ "registrant_organization": "Domains By Proxy, LLC",
+ "registrar": "1API GmbH",
+ "updated_date": "2025-07-13T00:00:00.000Z"
+ }
+ ]
+ }
+ },
+ "related": {
+ "hosts": [
+ "67669565",
+ "test_asset",
+ "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "test_dns",
+ "domain1",
+ "domain2",
+ "subdomain1",
+ "subdomain2",
+ "1437386",
+ "test_bios",
+ "mock_hostname",
+ "test_domainr"
+ ],
+ "ip": [
+ "216.160.83.56",
+ "81.2.69.142",
+ "::ffff:5102:458e"
+ ],
+ "user": [
+ "test_user"
+ ]
+ },
+ "tags": [
+ "preserve_original_event",
+ "preserve_duplicate_custom_fields"
+ ],
+ "user": {
+ "name": "test_user"
+ }
+ },
+ {
+ "cloud": {
+ "provider": "mock_cloud_provider"
+ },
+ "device": {
+ "manufacturer": "Mock test manufacturer",
+ "model": {
+ "name": "Mock test model"
+ }
+ },
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "event": {
+ "category": [
+ "host"
+ ],
+ "created": "2025-07-09T14:21:14.000Z",
+ "kind": "event",
+ "original": "{\"assetId\":67671740,\"assetUUID\":\"4cf3040a-82a5-46a1-b059-17372b051ec7\",\"hostId\":1437387,\"lastModifiedDate\":\"2025-07-13T14:21:09.000Z\",\"agentId\":\"4cf3040a-82a5-46a1-b059-17372b051ec7\",\"createdDate\":\"2025-07-09T14:21:14.000Z\",\"sensorLastUpdatedDate\":\"2025-07-13T14:21:09.000Z\",\"assetType\":\"HOST\",\"address\":\"175.16.199.0\",\"dnsName\":\"test_dns_1\",\"assetName\":\"test\",\"netbiosName\":\"test_bios1\",\"timeZone\":\"IST\",\"biosDescription\":\"Mock bios description\",\"lastBoot\":\"2025-07-01T00:00:00.000Z\",\"totalMemory\":0,\"cpuCount\":8,\"lastLoggedOnUser\":\"test_user_1\",\"domainRole\":\"Member Server\",\"hwUUID\":\"422a2b16-4c8b-588a-a20c-c1851ad7e376\",\"biosSerialNumber\":\"Test serial number_1\",\"biosAssetTag\":\"Test asset tag_1\",\"isContainerHost\":false,\"operatingSystem\":{\"osName\":\"Mock OS\",\"fullName\":\"Mock OS\",\"category\":\"Operating System / Windows\",\"category1\":\"UBuntu\",\"category2\":\"Windows\",\"productName\":\"Mock OS\",\"publisher\":\"Mock Publisher\",\"edition\":\"Mock Edition\",\"marketVersion\":\"Mock version\",\"version\":\"1.0.0\",\"update\":\"Mock update\",\"architecture\":\"Mock architecture\",\"lifecycle\":{\"gaDate\":\"2022-01-01T00:00:00.000Z\",\"eolDate\":\"2025-01-01T00:00:00.000Z\",\"eosDate\":\"2030-01-01T00:00:00.000Z\",\"stage\":\"End-of-Sale\",\"lifeCycleConfidence\":\"Approximate\",\"eolSupportStage\":\"End-of-Sale\",\"eosSupportStage\":\"End-of-Life\",\"detectionScore\":50},\"taxonomy\":{\"id\":\"mock_taxonomy_id_1\",\"name\":\"Mock taxonomy test name\",\"category1\":\"Mock category1 test\",\"category2\":\"Mock category2 test\"},\"productUrl\":\"https://example.com\",\"productFamily\":\"Mock product family\",\"installDate\":\"2025-07-09T14:21:12.000Z\",\"release\":\"Mock release 1\",\"cpeId\":\"mock_cpe_id_3\",\"cpe\":\"mock_cp_6\",\"cpeType\":\"Mock test cpe type\"},\"hardware\":{\"fullName\":\"Mock test full name\",\"category\":\"Mock test category 1 / Mock test category 2\",\"category1\":\"Mock test category 1\",\"category2\":\"Mock test category 2\",\"manufacturer\":\"Mock test manufacturer\",\"productName\":\"Mock test product name\",\"model\":\"Mock test model\",\"lifecycle\":{\"introDate\":\"2025-07-09T14:21:12.000Z\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"obsoleteDate\":\"2025-07-09T14:21:12.000Z\",\"stage\":\"Not Applicable\",\"lifeCycleConfidence\":\"Exact\"},\"taxonomy\":{\"id\":\"mock_hardware_taxonomy_id\",\"name\":\"Mock test hardware taxonomy name\",\"category1\":\"Mock test category 1\",\"category2\":\"Mock test category 2\"},\"productUrl\":\"https://example.com\",\"productFamily\":\"Mock test product family\"},\"userAccountListData\":{\"userAccount\":[{\"name\":\"root\"},{\"name\":\"serviceuser\"},{\"name\":\"devuser\"}]},\"openPortListData\":{\"openPort\":[{\"port\":443,\"description\":\"http protocol over TLS/SSL\",\"protocol\":\"TCP\",\"detectedService\":\"HTTPs\",\"firstFound\":\"2025-07-09T14:21:14.000Z\",\"lastUpdated\":\"2025-07-09T14:21:14.000Z\",\"authorization\":\"Mock test authorization\",\"detectionScore\":1,\"discoverySources\":\"EASM\"}]},\"volumeListData\":{\"volume\":[{\"name\":\"/run/lock\",\"free\":5242880,\"size\":5242880}]},\"networkInterfaceListData\":{\"networkInterface\":[{\"hostname\":\"mock_hostname\",\"addressIpV4\":\"81.2.69.144\",\"addressIpV6\":\"::ffff:5102:4590\",\"macAddress\":\"01:00:5e:90:10:00\",\"interfaceName\":\"mock_interface_name\",\"dnsAddress\":\"mock_dns_address\",\"gatewayAddress\":\"mock_gateway_address\",\"manufacturer\":\"mock_manufacturer\",\"macVendorIntroDate\":946944000000,\"netmask\":\"mock_net_mask\",\"addresses\":\"mock_Addresses\"}]},\"softwareListData\":{\"software\":[{\"id\":2727678485371137000,\"discoverySources\":\"EASM\",\"fullName\":\"Squarespace Commerce\",\"softwareType\":\"Unknown\",\"isIgnored\":true,\"ignoredReason\":\"Unknown\",\"category\":\"Unknown / Unknown\",\"category1\":\"Unknown\",\"category2\":\"Unknown\",\"productName\":\"Unknown\",\"component\":\"mock_component\",\"publisher\":\"Unknown\",\"edition\":\"mock_edition\",\"marketVersion\":\"mock_market_version\",\"version\":\"mock_version\",\"update\":\"mock_update\",\"architecture\":\"mock_architecture\",\"installDate\":\"2021-10-25T14:21:11.000Z\",\"installPath\":\"mock_install_path\",\"lastUpdated\":\"2021-10-25T14:21:12.000Z\",\"lastUseDate\":\"2021-10-25T14:21:13.000Z\",\"language\":\"mock_language\",\"formerlyKnownAs\":\"mock_formerly_known_as\",\"isPackage\":false,\"isPackageComponent\":false,\"packageName\":\"mock_package_name\",\"productUrl\":\"mock_product_url\",\"lifecycle\":{\"gaDate\":\"2021-10-25T14:21:12.000Z\",\"eolDate\":\"2021-10-25T14:21:12.000Z\",\"eosDate\":\"2021-10-25T14:21:12.000Z\",\"stage\":\"Unknown\",\"lifeCycleConfidence\":\"Mock life cycle confidence\",\"eolSupportStage\":\"Mock eol support stage\",\"eosSupportStage\":\"Mock eos support stage\",\"detectionScore\":3},\"supportStageDesc\":\"Mock support stage desc\",\"license\":{\"category\":\"Mock license category\",\"subcategory\":\"Mock license subcategory\"},\"authorization\":\"Mock authorization\",\"discoveredPublisher\":\"Mock discovered publisher\",\"discoveredName\":\"Squarespace Commerce\",\"discoveredVersion\":\"mock_version\",\"authorizationDetectionScore\":5,\"cpeId\":\"mock_cpe_id\",\"cpe\":\"mock_cpe\",\"cpeType\":\"Mock cpe type\",\"softwareInstances\":[{\"firstSeen\":\"2025-06-01T01:00:00.000Z\",\"lastSeen\":\"2025-06-15T01:00:00.000Z\",\"InstanceName\":\"mock_instance_name\",\"PROC\":\"/usr/bin/java -jar /opt/jetty/start.jar\",\"BIN_PATH\":\"/usr/bin/java\",\"PRODUCT\":\"Apache Jetty\",\"VERSION\":\"11.0.9\",\"TECHNOLOGY\":\"Java\",\"CONF_PATH\":\"/opt/jetty/etc/jetty.xml\"}]}]},\"softwareComponent\":\"mock_software_component\",\"provider\":\"mock_provider\",\"cloudProvider\":\"mock_cloud_provider\",\"agent\":{\"version\":\"mock_agent_version\",\"configurationProfile\":\"mock_agent_configuration_profile\",\"activations\":null,\"connectedFrom\":\"81.2.69.192\",\"lastActivity\":0,\"lastCheckedIn\":0,\"lastInventory\":0,\"udcManifestAssigned\":false,\"errorStatus\":false},\"sensor\":{\"activatedForModules\":[\"VM\",\"PC\"],\"pendingActivationForModules\":[\"VULN\",\"COMPLIANCE\"],\"lastVMScan\":0,\"lastComplianceScan\":0,\"lastFullScan\":0,\"lastVmScanDateScanner\":0,\"lastVmScanDateAgent\":0,\"lastPcScanDateScanner\":0,\"lastPcScanDateAgent\":0,\"firstEasmScanDate\":1752416469000,\"lastEasmScanDate\":1752416469000},\"container\":{\"product\":\"mock_product\",\"version\":\"mock_version\",\"noOfContainers\":10,\"noOfImages\":5,\"hasSensor\":\"temp_values\"},\"inventory\":{\"source\":\"EASM\",\"created\":1752070874000,\"lastUpdated\":1752416469000},\"activity\":{\"source\":\"EASM\",\"lastScannedDate\":1752416469000},\"tagList\":{\"tag\":[{\"tagId\":25971788,\"tagName\":\"Shodan\",\"foregroundColor\":0,\"backgroundColor\":0,\"businessImpact\":\"Mock business impact\",\"criticalityScore\":8}]},\"serviceList\":{\"service\":[{\"description\":\"mock_description\",\"name\":\"systemd-journal-flush.service\",\"status\":\"loaded/active/exited\"}]},\"lastLocation\":{\"city\":\"New York\",\"state\":\"California\",\"country\":\"United States\",\"name\":\"United States\",\"continent\":\"North America\",\"postal\":\"94041\"},\"criticality\":{\"score\":3,\"isDefault\":false,\"lastUpdated\":\"2025-07-09T14:21:13.000Z\"},\"businessInformation\":{\"company\":\"Qualys\",\"department\":\"Engineering\",\"ownedBy\":\"Paul\",\"environment\":\"QA\",\"managedBy\":\"Amit\",\"supportedBy\":\"Nick\",\"supportGroup\":\"ABC_01\",\"operationalStatus\":\"Blocked\"},\"assignedLocation\":{\"name\":\"4492 Camino De La Plaza, Pune,IN\",\"city\":\"Pune\",\"state\":\"MH\",\"country\":\"IN\"},\"businessAppListData\":{\"businessApp\":[{\"id\":\"BARCODE283904\",\"name\":\"Quoting App\",\"environment\":\"Production\",\"businessCriticality\":\"2 - Less Critical\",\"managedBy\":\"user\",\"ownedBy\":\"ownerr\",\"supportedBy\":\"sopporter\",\"supportGroup\":\"SME Operations\",\"operationalStatus\":\"Mended\",\"status\":\"Installed\",\"usedFor\":\"Production\"}]},\"riskScore\":0,\"domain\":[\"domain1\",\"domain2\"],\"subdomain\":[\"subdomain1\",\"subdomain2\"],\"missingSoftware\":[\"test1\",\"test2\",\"test3\"],\"whois\":[{\"domain\":\"test_domainr\",\"createdDate\":\"2024-02-23T00:00:00.000Z\",\"dnssec\":\"test\",\"domainStatus\":\"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited\",\"registrantOrganization\":\"Domains By Proxy, LLC\",\"registrantName\":\"1API GmbH\",\"registrantEmail\":\"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com\",\"registrantContact\":\"temp\",\"registrar\":\"1API GmbH\",\"registrantCountry\":\"UNITED STATES\",\"expirationDate\":\"2026-02-23T00:00:00.000Z\",\"updatedDate\":\"2025-07-13T00:00:00.000Z\"}],\"organizationName\":[\"mock_organization_name\"],\"isp\":\"test, Inc.\",\"asn\":\"AS53831\",\"easmTags\":[\"test\"],\"hostingCategory1\":\"ThirdParty\",\"customAttributes\":[{\"key\":\"Media State4\",\"value\":\"Media disconnected\",\"connectorName\":\"Qualys\"}],\"lparId\":\"mock_lpar_id\",\"processor\":{\"description\":\"Intel(R) Xeon(R) Gold 6430\",\"speed\":3200,\"numCPUs\":4,\"noOfSocket\":2,\"threadsPerCore\":2,\"coresPerSocket\":2,\"multithreadingStatus\":\"test\"}}",
+ "risk_score": 0.0,
+ "timezone": "IST",
+ "type": [
+ "info"
+ ]
+ },
+ "host": {
+ "architecture": "Mock architecture",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "geo": {
+ "city_name": "New York",
+ "continent_name": "North America",
+ "country_name": "United States",
+ "postal_code": "94041"
+ },
+ "hostname": "test_dns_1",
+ "id": "67671740",
+ "ip": [
+ "175.16.199.0"
+ ],
+ "name": "test",
+ "os": {
+ "family": "Mock product family",
+ "full": "Mock OS",
+ "name": "Mock OS",
+ "platform": "Mock OS",
+ "type": "linux",
+ "version": "1.0.0"
+ },
+ "type": "HOST"
+ },
+ "observer": {
+ "product": "Global AssetView",
+ "vendor": "Qualys"
+ },
+ "package": {
+ "architecture": [
+ "mock_architecture"
+ ],
+ "description": [
+ "Mock support stage desc"
+ ],
+ "installed": [
+ "2021-10-25T14:21:11.000Z"
+ ],
+ "license": [
+ "Mock license category"
+ ],
+ "name": [
+ "Squarespace Commerce"
+ ],
+ "path": [
+ "mock_install_path"
+ ],
+ "reference": [
+ "mock_product_url"
+ ],
+ "type": [
+ "Unknown"
+ ],
+ "version": [
+ "mock_version"
+ ]
+ },
+ "qualys_gav": {
+ "asset": {
+ "activity": {
+ "last_scanned_date": "2025-07-13T14:21:09.000Z",
+ "source": "EASM"
+ },
+ "address": "175.16.199.0",
+ "agent": {
+ "configuration_profile": "mock_agent_configuration_profile",
+ "connected_from": "81.2.69.192",
+ "error_status": false,
+ "last_activity": "1970-01-01T00:00:00.000Z",
+ "last_checked_in": "1970-01-01T00:00:00.000Z",
+ "last_inventory": "1970-01-01T00:00:00.000Z",
+ "udc_manifest_assigned": false,
+ "version": "mock_agent_version"
+ },
+ "agent_id": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "asn": "AS53831",
+ "asset_id": "67671740",
+ "asset_name": "test",
+ "asset_type": "HOST",
+ "asset_uuid": "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "assigned_location": {
+ "city": "Pune",
+ "country": "IN",
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "state": "MH"
+ },
+ "bios_asset_tag": "Test asset tag_1",
+ "bios_description": "Mock bios description",
+ "bios_serial_number": "Test serial number_1",
+ "business_app_list_data": {
+ "business_app": [
+ {
+ "business_criticality": "2 - Less Critical",
+ "environment": "Production",
+ "id": "BARCODE283904",
+ "managed_by": "user",
+ "name": "Quoting App",
+ "operational_status": "Mended",
+ "owned_by": "ownerr",
+ "status": "Installed",
+ "support_group": "SME Operations",
+ "supported_by": "sopporter",
+ "used_for": "Production"
+ }
+ ]
+ },
+ "business_information": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "environment": "QA",
+ "managed_by": "Amit",
+ "operational_status": "Blocked",
+ "owned_by": "Paul",
+ "support_group": "ABC_01",
+ "supported_by": "Nick"
+ },
+ "cloud_provider": "mock_cloud_provider",
+ "container": {
+ "has_sensor": "temp_values",
+ "no_of_containers": 10,
+ "no_of_images": 5,
+ "product": "mock_product",
+ "version": "mock_version"
+ },
+ "cpu_count": 8,
+ "created_date": "2025-07-09T14:21:14.000Z",
+ "criticality": {
+ "is_default": false,
+ "last_updated": "2025-07-09T14:21:13.000Z",
+ "score": 3
+ },
+ "custom_attributes": [
+ {
+ "connector_name": "Qualys",
+ "key": "Media State4",
+ "value": "Media disconnected"
+ }
+ ],
+ "dns_name": "test_dns_1",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "domain_role": "Member Server",
+ "easm_tags": [
+ "test"
+ ],
+ "hardware": {
+ "category": "Mock test category 1 / Mock test category 2",
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2",
+ "full_name": "Mock test full name",
+ "lifecycle": {
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "intro_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "obsolete_date": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable"
+ },
+ "manufacturer": "Mock test manufacturer",
+ "model": "Mock test model",
+ "product_family": "Mock test product family",
+ "product_name": "Mock test product name",
+ "product_url": "https://example.com",
+ "taxonomy": {
+ "category1": "Mock test category 1",
+ "category2": "Mock test category 2",
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock test hardware taxonomy name"
+ }
+ },
+ "host_id": "1437387",
+ "hosting_category1": "ThirdParty",
+ "hw_uuid": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "inventory": {
+ "created": "2025-07-09T14:21:14.000Z",
+ "last_updated": "2025-07-13T14:21:09.000Z",
+ "source": "EASM"
+ },
+ "is_container_host": false,
+ "isp": "test, Inc.",
+ "last_boot": "2025-07-01T00:00:00.000Z",
+ "last_location": {
+ "city": "New York",
+ "continent": "North America",
+ "country": "United States",
+ "name": "United States",
+ "postal": "94041",
+ "state": "California"
+ },
+ "last_logged_on_user": "test_user_1",
+ "last_modified_date": "2025-07-13T14:21:09.000Z",
+ "lpar_id": "mock_lpar_id",
+ "missing_software": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "netbios_name": "test_bios1",
+ "network_interface_list_data": {
+ "network_interface": [
+ {
+ "address_ip_v4": "81.2.69.144",
+ "address_ip_v6": [
+ "::ffff:5102:4590"
+ ],
+ "addresses": "mock_Addresses",
+ "dns_address": "mock_dns_address",
+ "gateway_address": "mock_gateway_address",
+ "hostname": "mock_hostname",
+ "interface_name": "mock_interface_name",
+ "mac_address": "01-00-5E-90-10-00",
+ "mac_vendor_intro_date": "2000-01-04T00:00:00.000Z",
+ "manufacturer": "mock_manufacturer",
+ "netmask": "mock_net_mask"
+ }
+ ]
+ },
+ "open_port_list_data": {
+ "open_port": [
+ {
+ "authorization": "Mock test authorization",
+ "description": "http protocol over TLS/SSL",
+ "detected_service": "HTTPs",
+ "detection_score": 1,
+ "discovery_sources": "EASM",
+ "first_found": "2025-07-09T14:21:14.000Z",
+ "last_updated": "2025-07-09T14:21:14.000Z",
+ "port": 443,
+ "protocol": "TCP"
+ }
+ ]
+ },
+ "operating_system": {
+ "architecture": "Mock architecture",
+ "category": "Operating System / Windows",
+ "category1": "UBuntu",
+ "category2": "Windows",
+ "cpe": "mock_cp_6",
+ "cpe_id": "mock_cpe_id_3",
+ "cpe_type": "Mock test cpe type",
+ "edition": "Mock Edition",
+ "full_name": "Mock OS",
+ "install_date": "2025-07-09T14:21:12.000Z",
+ "lifecycle": {
+ "detection_score": 50,
+ "eol_date": "2025-01-01T00:00:00.000Z",
+ "eol_support_stage": "End-of-Sale",
+ "eos_date": "2030-01-01T00:00:00.000Z",
+ "eos_support_stage": "End-of-Life",
+ "ga_date": "2022-01-01T00:00:00.000Z",
+ "life_cycle_confidence": "Approximate",
+ "stage": "End-of-Sale"
+ },
+ "market_version": "Mock version",
+ "os_name": "Mock OS",
+ "product_family": "Mock product family",
+ "product_name": "Mock OS",
+ "product_url": "https://example.com",
+ "publisher": "Mock Publisher",
+ "release": "Mock release 1",
+ "taxonomy": {
+ "category1": "Mock category1 test",
+ "category2": "Mock category2 test",
+ "id": "mock_taxonomy_id_1",
+ "name": "Mock taxonomy test name"
+ },
+ "update": "Mock update",
+ "version": "1.0.0"
+ },
+ "organization_name": [
+ "mock_organization_name"
+ ],
+ "processor": {
+ "cores_per_socket": 2,
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "multithreading_status": "test",
+ "no_of_socket": 2,
+ "num_cpus": 4,
+ "speed": 3200,
+ "threads_per_core": 2
+ },
+ "provider": "mock_provider",
+ "risk_score": 0.0,
+ "sensor": {
+ "activated_for_modules": [
+ "VM",
+ "PC"
+ ],
+ "first_easm_scan_date": "2025-07-13T14:21:09.000Z",
+ "last_easm_scan_date": "2025-07-13T14:21:09.000Z",
+ "pending_activation_for_modules": [
+ "VULN",
+ "COMPLIANCE"
+ ]
+ },
+ "sensor_last_updated_date": "2025-07-13T14:21:09.000Z",
+ "service_list": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "systemd-journal-flush.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "software_component": "mock_software_component",
+ "software_list_data": {
+ "software": [
+ {
+ "architecture": "mock_architecture",
+ "authorization": "Mock authorization",
+ "authorization_detection_score": 5,
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "component": "mock_component",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "discovered_name": "Squarespace Commerce",
+ "discovered_publisher": "Mock discovered publisher",
+ "discovered_version": "mock_version",
+ "discovery_sources": "EASM",
+ "edition": "mock_edition",
+ "formerly_known_as": "mock_formerly_known_as",
+ "full_name": "Squarespace Commerce",
+ "id": "2727678485371137000",
+ "ignored_reason": "Unknown",
+ "install_date": "2021-10-25T14:21:11.000Z",
+ "install_path": "mock_install_path",
+ "is_ignored": true,
+ "is_package": false,
+ "is_package_component": false,
+ "language": "mock_language",
+ "last_updated": "2021-10-25T14:21:12.000Z",
+ "last_use_date": "2021-10-25T14:21:13.000Z",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "lifecycle": {
+ "detection_score": 3,
+ "eol_date": "2021-10-25T14:21:12.000Z",
+ "eol_support_stage": "Mock eol support stage",
+ "eos_date": "2021-10-25T14:21:12.000Z",
+ "eos_support_stage": "Mock eos support stage",
+ "ga_date": "2021-10-25T14:21:12.000Z",
+ "life_cycle_confidence": "Mock life cycle confidence",
+ "stage": "Unknown"
+ },
+ "market_version": "mock_market_version",
+ "package_name": "mock_package_name",
+ "product_name": "Unknown",
+ "product_url": "mock_product_url",
+ "publisher": "Unknown",
+ "software_instances": [
+ {
+ "bin_path": "/usr/bin/java",
+ "conf_path": "/opt/jetty/etc/jetty.xml",
+ "first_seen": "2025-06-01T01:00:00.000Z",
+ "instance_name": "mock_instance_name",
+ "last_seen": "2025-06-15T01:00:00.000Z",
+ "proc": "/usr/bin/java -jar /opt/jetty/start.jar",
+ "product": "Apache Jetty",
+ "technology": "Java",
+ "version": "11.0.9"
+ }
+ ],
+ "software_type": "Unknown",
+ "support_stage_desc": "Mock support stage desc",
+ "update": "mock_update",
+ "version": "mock_version"
+ }
+ ]
+ },
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "tag_list": {
+ "tag": [
+ {
+ "background_color": "0",
+ "business_impact": "Mock business impact",
+ "criticality_score": 8.0,
+ "foreground_color": "0",
+ "tag_id": "25971788",
+ "tag_name": "Shodan"
+ }
+ ]
+ },
+ "time_zone": "IST",
+ "total_memory": 0,
+ "user_account_list_data": {
+ "user_account": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "volume_list_data": {
+ "volume": [
+ {
+ "free": 5242880,
+ "name": "/run/lock",
+ "size": 5242880
+ }
+ ]
+ },
+ "whois": [
+ {
+ "created_date": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domain": "test_domainr",
+ "domain_status": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "expiration_date": "2026-02-23T00:00:00.000Z",
+ "registrant_contact": "temp",
+ "registrant_country": "UNITED STATES",
+ "registrant_email": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrant_name": "1API GmbH",
+ "registrant_organization": "Domains By Proxy, LLC",
+ "registrar": "1API GmbH",
+ "updated_date": "2025-07-13T00:00:00.000Z"
+ }
+ ]
+ }
+ },
+ "related": {
+ "hosts": [
+ "67671740",
+ "test",
+ "4cf3040a-82a5-46a1-b059-17372b051ec7",
+ "test_dns_1",
+ "domain1",
+ "domain2",
+ "subdomain1",
+ "subdomain2",
+ "1437387",
+ "test_bios1",
+ "mock_hostname",
+ "test_domainr"
+ ],
+ "ip": [
+ "175.16.199.0",
+ "81.2.69.192",
+ "81.2.69.144",
+ "::ffff:5102:4590"
+ ],
+ "user": [
+ "test_user_1"
+ ]
+ },
+ "tags": [
+ "preserve_original_event",
+ "preserve_duplicate_custom_fields"
+ ],
+ "user": {
+ "name": "test_user_1"
+ }
+ },
+ {
+ "cloud": {
+ "provider": "mock_cloud_provider"
+ },
+ "device": {
+ "manufacturer": "VMware",
+ "model": {
+ "name": "VMware Virtual Platform"
+ }
+ },
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "event": {
+ "category": [
+ "host"
+ ],
+ "created": "2025-07-10T09:55:55.000Z",
+ "kind": "event",
+ "original": "{\"assetId\":67543783,\"assetUUID\":\"15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e\",\"hostId\":1437388,\"lastModifiedDate\":\"2025-07-14T19:20:16.000Z\",\"agentId\":\"15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e\",\"createdDate\":\"2025-07-10T09:55:55.000Z\",\"sensorLastUpdatedDate\":\"2025-07-14T19:20:16.000Z\",\"assetType\":\"HOST\",\"address\":\"1.128.0.0\",\"dnsName\":\"test\",\"assetName\":\"test\",\"netbiosName\":\"test_bios_2\",\"timeZone\":\"+05:30\",\"biosDescription\":\"Test Bios Descriptor\",\"lastBoot\":\"2025-07-10T18:15:44.000Z\",\"totalMemory\":3875,\"cpuCount\":4,\"lastLoggedOnUser\":\"serviceuser\",\"domainRole\":null,\"hwUUID\":\"e3a60142-2b7d-d478-3da7-d45e576c7d76\",\"biosSerialNumber\":\"VMware-42 01 a6 e3 7d 2b 78 d4-3d a7 d4 5e 57 6c 7d 76\",\"biosAssetTag\":\"mock_asset_tag\",\"isContainerHost\":false,\"operatingSystem\":{\"osName\":\"Ubuntu Linux 22.04.5\",\"fullName\":\"Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)\",\"category\":\"Linux / Unidentified\",\"category1\":\"Linux\",\"category2\":\"Unidentified\",\"productName\":\"Ubuntu\",\"publisher\":\"Mock Publisher\",\"edition\":\"mock_edition\",\"marketVersion\":\"Jammy Jellyfish\",\"version\":\"22.04 LTS\",\"update\":\"22.04 LTS 22.04.5 LTS\",\"architecture\":\"x86_64\",\"lifecycle\":{\"gaDate\":\"2022-04-21T00:00:00.000Z\",\"eolDate\":\"2027-04-30T00:00:00.000Z\",\"eosDate\":\"2027-04-30T00:00:00.000Z\",\"stage\":\"GA\",\"lifeCycleConfidence\":\"Exact\",\"eolSupportStage\":\"End of Standard Support\",\"eosSupportStage\":\"End of Standard Support\",\"detectionScore\":0},\"taxonomy\":{\"id\":\"mock_taxonomy_id_4\",\"name\":\"Linux / Unidentified\",\"category1\":\"Linux\",\"category2\":\"Unidentified\"},\"productUrl\":\"https://example.com\",\"productFamily\":\"mock_product_family\",\"installDate\":\"2025-07-07T11:58:14.000Z\",\"release\":\"22.04.5\",\"cpeId\":\"mock_cpe_id_8\",\"cpe\":\"mock_cpe_0\",\"cpeType\":\"NIST\"},\"hardware\":{\"fullName\":\"VMware VMware Virtual Platform VMware Virtual Platform\",\"category\":\"Virtualized / Virtual Machine\",\"category1\":\"Virtualized\",\"category2\":\"Virtual Machine\",\"manufacturer\":\"VMware\",\"productName\":\"VMware Virtual Platform\",\"model\":\"VMware Virtual Platform\",\"lifecycle\":{\"introDate\":\"2025-07-07T11:58:14.000Z\",\"gaDate\":\"2025-07-07T11:58:14.000Z\",\"eosDate\":\"2025-07-07T11:58:14.000Z\",\"obsoleteDate\":\"2025-07-07T11:58:14.000Z\",\"stage\":\"Unknown\",\"lifeCycleConfidence\":\"Exact\"},\"taxonomy\":{\"id\":\"mock_hardware_taxonomy_id_2\",\"name\":\"Virtualized / Virtual Machine\",\"category1\":\"Virtualized\",\"category2\":\"Virtual Machine\"},\"productUrl\":\"https://example.com\",\"productFamily\":\"mock_product_family_2\"},\"userAccountListData\":{\"userAccount\":[{\"name\":\"root\"},{\"name\":\"serviceuser\"},{\"name\":\"devuser\"}]},\"openPortListData\":{\"openPort\":[{\"port\":53,\"description\":\"Mock Description\",\"protocol\":\"TCP\",\"detectedService\":\"add and remove users and groups\",\"firstFound\":\"2025-07-07T12:42:33.000Z\",\"lastUpdated\":\"2025-07-07T12:42:33.000Z\",\"authorization\":\"mock_authorization_1\",\"detectionScore\":56,\"discoverySources\":\"Cloud Agent\"}]},\"volumeListData\":{\"volume\":[{\"name\":\"/dev/shm\",\"free\":2032058368,\"size\":2032058368}]},\"networkInterfaceListData\":{\"networkInterface\":[{\"hostname\":\"ub-43-156-0\",\"addressIpV4\":\"67.43.156.0\",\"addressIpV6\":\"::ffff:432b:9c00\",\"macAddress\":\"00:00:5e:00:53:00\",\"interfaceName\":\"mock_interface_name\",\"dnsAddress\":\"mock_dns_address\",\"gatewayAddress\":\"mock_gateway_address\",\"manufacturer\":\"mock_manufacturer\",\"macVendorIntroDate\":946944000000,\"netmask\":\"mock_net_mask\",\"addresses\":\"mock_Addresses\"}]},\"softwareListData\":{\"software\":[{\"id\":-458390650433303040,\"discoverySources\":\"Cloud Agent\",\"fullName\":\"libblockdev-swap2:amd64 2.26-1ubuntu0.1\",\"softwareType\":\"Others\",\"isIgnored\":true,\"ignoredReason\":\"Library Packages\",\"category\":\"Unknown / Unknown\",\"category1\":\"Unknown\",\"category2\":\"Unknown\",\"productName\":\"Unknown\",\"component\":\"mock_component\",\"publisher\":\"Unknown\",\"edition\":\"mock\",\"marketVersion\":\"mack\",\"version\":\"2.26-1ubuntu0.1\",\"update\":\"2.26-1ubuntu0.1\",\"architecture\":\"mock_architecture\",\"installDate\":\"2025-07-07T11:58:14.000Z\",\"installPath\":\"mock_install_path\",\"lastUpdated\":\"2025-07-07T11:58:14.000Z\",\"lastUseDate\":\"2025-07-07T11:58:14.000Z\",\"language\":\"mock_language\",\"formerlyKnownAs\":\"mock_formerly_known_as\",\"isPackage\":false,\"isPackageComponent\":false,\"packageName\":\"mock_package_name\",\"productUrl\":\"https://example.com\",\"lifecycle\":{\"gaDate\":\"2025-07-07T11:58:14.000Z\",\"eolDate\":\"2025-07-07T11:58:14.000Z\",\"eosDate\":\"2025-07-07T11:58:14.000Z\",\"stage\":\"End-of-Life\",\"lifeCycleConfidence\":\"Exact\",\"eolSupportStage\":\"End-of-Sale\",\"eosSupportStage\":\"End-of-Life\",\"detectionScore\":5},\"supportStageDesc\":\"mock_support_stage_desc\",\"license\":{\"category\":\"mock_license_category\",\"subcategory\":\"mock_license_subcategory\"},\"authorization\":\"mock_authorization\",\"discoveredPublisher\":\"mock_discovered_publisher\",\"discoveredName\":\"mock_discovered_name\",\"discoveredVersion\":\"mock_discovered_version\",\"authorizationDetectionScore\":5,\"cpeId\":\"mock_cpe_id\",\"cpe\":\"mock_cpe\",\"cpeType\":\"mock_cpe_type\",\"softwareInstances\":[{\"firstSeen\":\"2025-08-01T01:00:00.000Z\",\"lastSeen\":\"2025-08-15T01:00:00.000Z\",\"InstanceName\":\"mock_instance_name_changed\",\"PROC\":\"/usr/bin/python /opt/elastic-agent/elastic-agent.py\",\"BIN_PATH\":\"/usr/bin/python\",\"PRODUCT\":\"Elastic Agent\",\"VERSION\":\"7.2.0\",\"TECHNOLOGY\":\"Python\",\"CONF_PATH\":\"/opt/elastic-agent/elastic-agent.yml\"}]}]},\"softwareComponent\":\"mock_software_component\",\"provider\":\"mock_provider\",\"cloudProvider\":\"mock_cloud_provider\",\"agent\":{\"version\":\"7.2.0.38\",\"configurationProfile\":\"config_modules\",\"activations\":[{\"key\":\"cb825267-f182-4583-a0a8-784e17e8efe7\",\"status\":\"ACTIVE\"}],\"connectedFrom\":\"2a02:cf40::\",\"lastActivity\":1752520814000,\"lastCheckedIn\":1752520814000,\"lastInventory\":1752520816000,\"udcManifestAssigned\":false,\"errorStatus\":false},\"sensor\":{\"activatedForModules\":[\"mock_activated_module\"],\"pendingActivationForModules\":[\"mock_pending_module\"],\"lastVMScan\":0,\"lastComplianceScan\":0,\"lastFullScan\":0,\"lastVmScanDateScanner\":0,\"lastVmScanDateAgent\":0,\"lastPcScanDateScanner\":0,\"lastPcScanDateAgent\":0,\"firstEasmScanDate\":null,\"lastEasmScanDate\":null},\"container\":{\"product\":\"mock_product\",\"version\":\"mock_version\",\"noOfContainers\":0,\"noOfImages\":0,\"hasSensor\":\"temp_value\"},\"inventory\":{\"source\":\"QAGENT\",\"created\":1751889561000,\"lastUpdated\":1752520814000},\"activity\":{\"source\":\"QAGENT\",\"lastScannedDate\":1752520814000},\"tagList\":{\"tag\":[{\"tagId\":25184898,\"tagName\":\"Cloud Agent\",\"foregroundColor\":0,\"backgroundColor\":0,\"businessImpact\":\"mock_business_impact\",\"criticalityScore\":5}]},\"serviceList\":{\"service\":[{\"description\":\"mock_description\",\"name\":\"snapd.apparmor.service\",\"status\":\"loaded/active/exited\"}]},\"lastLocation\":{\"city\":\"New York\",\"state\":\"California\",\"country\":\"United States\",\"name\":\"United States\",\"continent\":\"North America\",\"postal\":\"94041\"},\"criticality\":{\"score\":2,\"isDefault\":true,\"lastUpdated\":\"2025-07-09T14:21:13.000Z\"},\"businessInformation\":{\"company\":\"Qualys\",\"department\":\"Engineering\",\"ownedBy\":\"Paul\",\"environment\":\"QA\",\"managedBy\":\"Amit\",\"supportedBy\":\"Nick\",\"supportGroup\":\"ABC_01\",\"operationalStatus\":\"Blocked\"},\"assignedLocation\":{\"name\":\"4492 Camino De La Plaza, Pune,IN\",\"city\":\"Pune\",\"state\":\"MH\",\"country\":\"IN\"},\"businessAppListData\":{\"businessApp\":[{\"id\":\"BARCODE283904\",\"name\":\"Quoting App\",\"environment\":\"Production\",\"businessCriticality\":\"2 - Less Critical\",\"managedBy\":\"user\",\"ownedBy\":\"ownerr\",\"supportedBy\":\"sopporter\",\"supportGroup\":\"SME Operations\",\"operationalStatus\":\"Mended\",\"status\":\"Installed\",\"usedFor\":\"Production\"}]},\"riskScore\":0,\"domain\":[\"domain1\",\"domain2\"],\"subdomain\":[\"subdomain1\",\"subdomain2\"],\"missingSoftware\":[\"test1\",\"test2\",\"test3\"],\"whois\":[{\"domain\":\"test_domainr\",\"createdDate\":\"2024-02-23T00:00:00.000Z\",\"dnssec\":\"test\",\"domainStatus\":\"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited\",\"registrantOrganization\":\"Domains By Proxy, LLC\",\"registrantName\":\"1API GmbH\",\"registrantEmail\":\"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com\",\"registrantContact\":\"temp\",\"registrar\":\"1API GmbH\",\"registrantCountry\":\"UNITED STATES\",\"expirationDate\":\"2026-02-23T00:00:00.000Z\",\"updatedDate\":\"2025-07-13T00:00:00.000Z\"}],\"organizationName\":[\"mock_organization_name\"],\"isp\":\"test, Inc.\",\"asn\":\"AS53831\",\"easmTags\":[\"mock-easm-tag1\",\"mock-easm-tag2\"],\"hostingCategory1\":\"mock-hosting-category1\",\"customAttributes\":[{\"key\":\"Media State4\",\"value\":\"Media disconnected\",\"connectorName\":\"Qualys\"}],\"lparId\":\"mock_lpar_id\",\"processor\":{\"description\":\"Intel(R) Xeon(R) Gold 6430\",\"speed\":3200,\"numCPUs\":4,\"noOfSocket\":2,\"threadsPerCore\":2,\"coresPerSocket\":2,\"multithreadingStatus\":\"test\"}}",
+ "risk_score": 0.0,
+ "timezone": "+05:30",
+ "type": [
+ "info"
+ ]
+ },
+ "host": {
+ "architecture": "x86_64",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "geo": {
+ "city_name": "New York",
+ "continent_name": "North America",
+ "country_name": "United States",
+ "postal_code": "94041"
+ },
+ "hostname": "test",
+ "id": "67543783",
+ "ip": [
+ "1.128.0.0"
+ ],
+ "name": "test",
+ "os": {
+ "family": "mock_product_family",
+ "full": "Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)",
+ "name": "Ubuntu Linux 22.04.5",
+ "platform": "Ubuntu",
+ "type": "linux",
+ "version": "22.04 LTS"
+ },
+ "type": "HOST"
+ },
+ "observer": {
+ "product": "Global AssetView",
+ "vendor": "Qualys"
+ },
+ "package": {
+ "architecture": [
+ "mock_architecture"
+ ],
+ "description": [
+ "mock_support_stage_desc"
+ ],
+ "installed": [
+ "2025-07-07T11:58:14.000Z"
+ ],
+ "license": [
+ "mock_license_category"
+ ],
+ "name": [
+ "libblockdev-swap2:amd64 2.26-1ubuntu0.1"
+ ],
+ "path": [
+ "mock_install_path"
+ ],
+ "reference": [
+ "https://example.com"
+ ],
+ "type": [
+ "Others"
+ ],
+ "version": [
+ "2.26-1ubuntu0.1"
+ ]
+ },
+ "qualys_gav": {
+ "asset": {
+ "activity": {
+ "last_scanned_date": "2025-07-14T19:20:14.000Z",
+ "source": "QAGENT"
+ },
+ "address": "1.128.0.0",
+ "agent": {
+ "activations": [
+ {
+ "key": "cb825267-f182-4583-a0a8-784e17e8efe7",
+ "status": "ACTIVE"
+ }
+ ],
+ "configuration_profile": "config_modules",
+ "connected_from": "2a02:cf40::",
+ "error_status": false,
+ "last_activity": "2025-07-14T19:20:14.000Z",
+ "last_checked_in": "2025-07-14T19:20:14.000Z",
+ "last_inventory": "2025-07-14T19:20:16.000Z",
+ "udc_manifest_assigned": false,
+ "version": "7.2.0.38"
+ },
+ "agent_id": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "asn": "AS53831",
+ "asset_id": "67543783",
+ "asset_name": "test",
+ "asset_type": "HOST",
+ "asset_uuid": "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "assigned_location": {
+ "city": "Pune",
+ "country": "IN",
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "state": "MH"
+ },
+ "bios_asset_tag": "mock_asset_tag",
+ "bios_description": "Test Bios Descriptor",
+ "bios_serial_number": "VMware-42 01 a6 e3 7d 2b 78 d4-3d a7 d4 5e 57 6c 7d 76",
+ "business_app_list_data": {
+ "business_app": [
+ {
+ "business_criticality": "2 - Less Critical",
+ "environment": "Production",
+ "id": "BARCODE283904",
+ "managed_by": "user",
+ "name": "Quoting App",
+ "operational_status": "Mended",
+ "owned_by": "ownerr",
+ "status": "Installed",
+ "support_group": "SME Operations",
+ "supported_by": "sopporter",
+ "used_for": "Production"
+ }
+ ]
+ },
+ "business_information": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "environment": "QA",
+ "managed_by": "Amit",
+ "operational_status": "Blocked",
+ "owned_by": "Paul",
+ "support_group": "ABC_01",
+ "supported_by": "Nick"
+ },
+ "cloud_provider": "mock_cloud_provider",
+ "container": {
+ "has_sensor": "temp_value",
+ "no_of_containers": 0,
+ "no_of_images": 0,
+ "product": "mock_product",
+ "version": "mock_version"
+ },
+ "cpu_count": 4,
+ "created_date": "2025-07-10T09:55:55.000Z",
+ "criticality": {
+ "is_default": true,
+ "last_updated": "2025-07-09T14:21:13.000Z",
+ "score": 2
+ },
+ "custom_attributes": [
+ {
+ "connector_name": "Qualys",
+ "key": "Media State4",
+ "value": "Media disconnected"
+ }
+ ],
+ "dns_name": "test",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "easm_tags": [
+ "mock-easm-tag1",
+ "mock-easm-tag2"
+ ],
+ "hardware": {
+ "category": "Virtualized / Virtual Machine",
+ "category1": "Virtualized",
+ "category2": "Virtual Machine",
+ "full_name": "VMware VMware Virtual Platform VMware Virtual Platform",
+ "lifecycle": {
+ "eos_date": "2025-07-07T11:58:14.000Z",
+ "ga_date": "2025-07-07T11:58:14.000Z",
+ "intro_date": "2025-07-07T11:58:14.000Z",
+ "life_cycle_confidence": "Exact",
+ "obsolete_date": "2025-07-07T11:58:14.000Z",
+ "stage": "Unknown"
+ },
+ "manufacturer": "VMware",
+ "model": "VMware Virtual Platform",
+ "product_family": "mock_product_family_2",
+ "product_name": "VMware Virtual Platform",
+ "product_url": "https://example.com",
+ "taxonomy": {
+ "category1": "Virtualized",
+ "category2": "Virtual Machine",
+ "id": "mock_hardware_taxonomy_id_2",
+ "name": "Virtualized / Virtual Machine"
+ }
+ },
+ "host_id": "1437388",
+ "hosting_category1": "mock-hosting-category1",
+ "hw_uuid": "e3a60142-2b7d-d478-3da7-d45e576c7d76",
+ "inventory": {
+ "created": "2025-07-07T11:59:21.000Z",
+ "last_updated": "2025-07-14T19:20:14.000Z",
+ "source": "QAGENT"
+ },
+ "is_container_host": false,
+ "isp": "test, Inc.",
+ "last_boot": "2025-07-10T18:15:44.000Z",
+ "last_location": {
+ "city": "New York",
+ "continent": "North America",
+ "country": "United States",
+ "name": "United States",
+ "postal": "94041",
+ "state": "California"
+ },
+ "last_logged_on_user": "serviceuser",
+ "last_modified_date": "2025-07-14T19:20:16.000Z",
+ "lpar_id": "mock_lpar_id",
+ "missing_software": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "netbios_name": "test_bios_2",
+ "network_interface_list_data": {
+ "network_interface": [
+ {
+ "address_ip_v4": "67.43.156.0",
+ "address_ip_v6": [
+ "::ffff:432b:9c00"
+ ],
+ "addresses": "mock_Addresses",
+ "dns_address": "mock_dns_address",
+ "gateway_address": "mock_gateway_address",
+ "hostname": "ub-43-156-0",
+ "interface_name": "mock_interface_name",
+ "mac_address": "00-00-5E-00-53-00",
+ "mac_vendor_intro_date": "2000-01-04T00:00:00.000Z",
+ "manufacturer": "mock_manufacturer",
+ "netmask": "mock_net_mask"
+ }
+ ]
+ },
+ "open_port_list_data": {
+ "open_port": [
+ {
+ "authorization": "mock_authorization_1",
+ "description": "Mock Description",
+ "detected_service": "add and remove users and groups",
+ "detection_score": 56,
+ "discovery_sources": "Cloud Agent",
+ "first_found": "2025-07-07T12:42:33.000Z",
+ "last_updated": "2025-07-07T12:42:33.000Z",
+ "port": 53,
+ "protocol": "TCP"
+ }
+ ]
+ },
+ "operating_system": {
+ "architecture": "x86_64",
+ "category": "Linux / Unidentified",
+ "category1": "Linux",
+ "category2": "Unidentified",
+ "cpe": "mock_cpe_0",
+ "cpe_id": "mock_cpe_id_8",
+ "cpe_type": "NIST",
+ "edition": "mock_edition",
+ "full_name": "Canonical Ubuntu Jammy Jellyfish (22.04.5 LTS)",
+ "install_date": "2025-07-07T11:58:14.000Z",
+ "lifecycle": {
+ "detection_score": 0,
+ "eol_date": "2027-04-30T00:00:00.000Z",
+ "eol_support_stage": "End of Standard Support",
+ "eos_date": "2027-04-30T00:00:00.000Z",
+ "eos_support_stage": "End of Standard Support",
+ "ga_date": "2022-04-21T00:00:00.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "GA"
+ },
+ "market_version": "Jammy Jellyfish",
+ "os_name": "Ubuntu Linux 22.04.5",
+ "product_family": "mock_product_family",
+ "product_name": "Ubuntu",
+ "product_url": "https://example.com",
+ "publisher": "Mock Publisher",
+ "release": "22.04.5",
+ "taxonomy": {
+ "category1": "Linux",
+ "category2": "Unidentified",
+ "id": "mock_taxonomy_id_4",
+ "name": "Linux / Unidentified"
+ },
+ "update": "22.04 LTS 22.04.5 LTS",
+ "version": "22.04 LTS"
+ },
+ "organization_name": [
+ "mock_organization_name"
+ ],
+ "processor": {
+ "cores_per_socket": 2,
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "multithreading_status": "test",
+ "no_of_socket": 2,
+ "num_cpus": 4,
+ "speed": 3200,
+ "threads_per_core": 2
+ },
+ "provider": "mock_provider",
+ "risk_score": 0.0,
+ "sensor": {
+ "activated_for_modules": [
+ "mock_activated_module"
+ ],
+ "pending_activation_for_modules": [
+ "mock_pending_module"
+ ]
+ },
+ "sensor_last_updated_date": "2025-07-14T19:20:16.000Z",
+ "service_list": {
+ "service": [
+ {
+ "description": "mock_description",
+ "name": "snapd.apparmor.service",
+ "status": "loaded/active/exited"
+ }
+ ]
+ },
+ "software_component": "mock_software_component",
+ "software_list_data": {
+ "software": [
+ {
+ "architecture": "mock_architecture",
+ "authorization": "mock_authorization",
+ "authorization_detection_score": 5,
+ "category": "Unknown / Unknown",
+ "category1": "Unknown",
+ "category2": "Unknown",
+ "component": "mock_component",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "mock_cpe_type",
+ "discovered_name": "mock_discovered_name",
+ "discovered_publisher": "mock_discovered_publisher",
+ "discovered_version": "mock_discovered_version",
+ "discovery_sources": "Cloud Agent",
+ "edition": "mock",
+ "formerly_known_as": "mock_formerly_known_as",
+ "full_name": "libblockdev-swap2:amd64 2.26-1ubuntu0.1",
+ "id": "-458390650433303040",
+ "ignored_reason": "Library Packages",
+ "install_date": "2025-07-07T11:58:14.000Z",
+ "install_path": "mock_install_path",
+ "is_ignored": true,
+ "is_package": false,
+ "is_package_component": false,
+ "language": "mock_language",
+ "last_updated": "2025-07-07T11:58:14.000Z",
+ "last_use_date": "2025-07-07T11:58:14.000Z",
+ "license": {
+ "category": "mock_license_category",
+ "subcategory": "mock_license_subcategory"
+ },
+ "lifecycle": {
+ "detection_score": 5,
+ "eol_date": "2025-07-07T11:58:14.000Z",
+ "eol_support_stage": "End-of-Sale",
+ "eos_date": "2025-07-07T11:58:14.000Z",
+ "eos_support_stage": "End-of-Life",
+ "ga_date": "2025-07-07T11:58:14.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "End-of-Life"
+ },
+ "market_version": "mack",
+ "package_name": "mock_package_name",
+ "product_name": "Unknown",
+ "product_url": "https://example.com",
+ "publisher": "Unknown",
+ "software_instances": [
+ {
+ "bin_path": "/usr/bin/python",
+ "conf_path": "/opt/elastic-agent/elastic-agent.yml",
+ "first_seen": "2025-08-01T01:00:00.000Z",
+ "instance_name": "mock_instance_name_changed",
+ "last_seen": "2025-08-15T01:00:00.000Z",
+ "proc": "/usr/bin/python /opt/elastic-agent/elastic-agent.py",
+ "product": "Elastic Agent",
+ "technology": "Python",
+ "version": "7.2.0"
+ }
+ ],
+ "software_type": "Others",
+ "support_stage_desc": "mock_support_stage_desc",
+ "update": "2.26-1ubuntu0.1",
+ "version": "2.26-1ubuntu0.1"
+ }
+ ]
+ },
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "tag_list": {
+ "tag": [
+ {
+ "background_color": "0",
+ "business_impact": "mock_business_impact",
+ "criticality_score": 5.0,
+ "foreground_color": "0",
+ "tag_id": "25184898",
+ "tag_name": "Cloud Agent"
+ }
+ ]
+ },
+ "time_zone": "+05:30",
+ "total_memory": 3875,
+ "user_account_list_data": {
+ "user_account": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "volume_list_data": {
+ "volume": [
+ {
+ "free": 2032058368,
+ "name": "/dev/shm",
+ "size": 2032058368
+ }
+ ]
+ },
+ "whois": [
+ {
+ "created_date": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domain": "test_domainr",
+ "domain_status": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "expiration_date": "2026-02-23T00:00:00.000Z",
+ "registrant_contact": "temp",
+ "registrant_country": "UNITED STATES",
+ "registrant_email": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrant_name": "1API GmbH",
+ "registrant_organization": "Domains By Proxy, LLC",
+ "registrar": "1API GmbH",
+ "updated_date": "2025-07-13T00:00:00.000Z"
+ }
+ ]
+ }
+ },
+ "related": {
+ "hosts": [
+ "67543783",
+ "test",
+ "15f6fbbe-4c26-4a9f-a1ce-8e22fb64c66e",
+ "domain1",
+ "domain2",
+ "subdomain1",
+ "subdomain2",
+ "1437388",
+ "test_bios_2",
+ "ub-43-156-0",
+ "test_domainr"
+ ],
+ "ip": [
+ "1.128.0.0",
+ "2a02:cf40::",
+ "67.43.156.0",
+ "::ffff:432b:9c00"
+ ],
+ "user": [
+ "serviceuser"
+ ]
+ },
+ "tags": [
+ "preserve_original_event",
+ "preserve_duplicate_custom_fields"
+ ],
+ "user": {
+ "name": "serviceuser"
+ }
+ }
+ ]
+}
diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-common-config.yml b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-common-config.yml
new file mode 100644
index 00000000000..be41bb0d476
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/_dev/test/pipeline/test-common-config.yml
@@ -0,0 +1,4 @@
+fields:
+ tags:
+ - preserve_original_event
+ - preserve_duplicate_custom_fields
diff --git a/packages/qualys_gav/data_stream/asset/_dev/test/system/test-default-config.yml b/packages/qualys_gav/data_stream/asset/_dev/test/system/test-default-config.yml
new file mode 100644
index 00000000000..8433fab565b
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/_dev/test/system/test-default-config.yml
@@ -0,0 +1,13 @@
+input: cel
+service: qualys_gav
+vars:
+ url: http://{{Hostname}}:{{Port}}
+ username: xxxx
+ password: xxxx
+data_stream:
+ vars:
+ preserve_original_event: true
+ preserve_duplicate_custom_fields: true
+ batch_size: 2
+assert:
+ hit_count: 5
diff --git a/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs b/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs
new file mode 100644
index 00000000000..fdfda4d6917
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs
@@ -0,0 +1,131 @@
+config_version: 2
+interval: {{interval}}
+resource.tracer:
+ enabled: {{enable_request_tracer}}
+ filename: "../../logs/cel/http-request-trace-*.ndjson"
+ maxbackups: 5
+{{#if proxy_url}}
+resource.proxy_url: {{proxy_url}}
+{{/if}}
+{{#if ssl}}
+resource.ssl: {{ssl}}
+{{/if}}
+{{#if http_client_timeout}}
+resource.timeout: {{http_client_timeout}}
+{{/if}}
+resource.url: {{url}}
+
+state:
+ batch_size: {{batch_size}}
+ username: {{username}}
+ password: {{password}}
+ asset_id: 0
+redact:
+ fields:
+ - password
+program: |
+ state.url.trim_right("/").as(base_url, state.with(
+ (has(state.expiry) && timestamp(state.expiry) > now ?
+ {
+ "access_token": state.access_token,
+ "expiry": state.expiry
+ }
+ :
+ post_request(
+ base_url + "/auth",
+ "application/x-www-form-urlencoded",
+ {"username":[state.username],"password":[state.password]}.format_query()
+ ).do_request().as(resp, resp.StatusCode == 201 ?
+ {
+ "access_token": string(resp.Body),
+ // Include 30s grace period to manage session expiry.
+ "expiry": (now() + duration("4h") - duration("30s")).format(time_layout.RFC3339),
+ }
+ :
+ {
+ "events": {
+ "error": {
+ "code": string(resp.StatusCode),
+ "id": string(resp.Status),
+ "message": "POST: "+ base_url + "/auth" + (
+ size(resp.Body) != 0 ?
+ string(resp.Body)
+ :
+ string(resp.Status) + ' (' + string(resp.StatusCode) + ')'
+ ),
+ },
+ },
+ "want_more": false,
+ }
+ )
+ ).as(token,
+ has(token.events) ? token : // Exit early due to failure.
+ request(
+ "POST",
+ base_url + "/rest/2.0/search/am/asset?" + {
+ "pageSize": [string(state.batch_size)],
+ "lastSeenAssetId": [string(int(state.asset_id))]
+ }.format_query()
+ ).with({
+ "Header":{
+ "Authorization": ["Bearer " + token.access_token],
+ }
+ }).do_request().as(resp, resp.StatusCode == 200 ?
+ resp.Body.decode_json().as(body, {
+ "events": body.assetListData.asset.map(e,{
+ "message": e.encode_json(),
+ }),
+ "want_more": body.hasMore != 0,
+ "access_token": token.access_token,
+ "expiry": token.expiry,
+ "asset_id": body.hasMore != 0 ? body.assetListData.asset.map(e, e.assetId).max() : 0,
+ })
+ :
+ (resp.StatusCode == 204) ?
+ // 204 No Content - Terminate Pagination and Publish Empty Event.
+ {
+ "events": [],
+ "want_more": false,
+ "access_token": token.access_token,
+ "expiry": token.expiry,
+ "asset_id": 0,
+ }
+ :
+ {
+ "events": {
+ "error": {
+ "code": string(resp.StatusCode),
+ "id": string(resp.Status),
+ "message": "POST: "+ base_url + "/rest/2.0/search/am/asset" + (
+ size(resp.Body) != 0 ?
+ string(resp.Body)
+ :
+ string(resp.Status) + ' (' + string(resp.StatusCode) + ')'
+ ),
+ },
+ },
+ "want_more": false,
+ }
+ )
+ )
+ ))
+tags:
+{{#if preserve_original_event}}
+ - preserve_original_event
+{{/if}}
+{{#if preserve_duplicate_custom_fields}}
+ - preserve_duplicate_custom_fields
+{{/if}}
+{{#if hide_sensitive}}
+ - hide_sensitive
+{{/if}}
+{{#each tags as |tag|}}
+ - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+{{#if processors}}
+processors:
+{{processors}}
+{{/if}}
diff --git a/packages/qualys_gav/data_stream/asset/elasticsearch/ilm/default_policy.json b/packages/qualys_gav/data_stream/asset/elasticsearch/ilm/default_policy.json
new file mode 100644
index 00000000000..24bbfc79405
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/elasticsearch/ilm/default_policy.json
@@ -0,0 +1,20 @@
+{
+ "policy": {
+ "phases": {
+ "hot": {
+ "actions": {
+ "rollover": {
+ "max_age": "30d",
+ "max_primary_shard_size": "50gb"
+ }
+ }
+ },
+ "delete": {
+ "min_age": "30d",
+ "actions": {
+ "delete": {}
+ }
+ }
+ }
+ }
+}
diff --git a/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 00000000000..80a649d58d9
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,1783 @@
+---
+description: Pipeline for processing asset logs.
+processors:
+ - set:
+ field: ecs.version
+ tag: set_ecs_version
+ value: 8.17.0
+ - terminate:
+ tag: data_collection_error
+ if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
+ description: error message set and no data to process.
+
+ # remove agentless metadata
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
+
+ # parse the event JSON
+ - rename:
+ field: message
+ tag: rename_message_to_event_original
+ target_field: event.original
+ ignore_missing: true
+ description: Renames the original `message` field to `event.original` to store a copy of the original message. The `event.original` field is not touched if the document already has one; it may happen when Logstash sends the document.
+ if: ctx.event?.original == null
+ - remove:
+ field: message
+ tag: remove_message
+ ignore_missing: true
+ description: The `message` field is no longer required if the document has an `event.original` field.
+ if: ctx.event?.original != null
+ - json:
+ field: event.original
+ tag: json_event_original
+ target_field: json
+
+ # rename to snake case
+ - script:
+ tag: script_convert_camelcase_to_snake_case
+ lang: painless
+ description: Convert camelCase to snake_case
+ source: |
+ // Helper function to convert camelCase to snake_case
+ String camelToSnake(String str) {
+ def result = "";
+ for (int i = 0; i < str.length(); i++) {
+ char c = str.charAt(i);
+ if (Character.isUpperCase(c)) {
+ if (i > 0 && Character.isLowerCase(str.charAt(i - 1))) {
+ result += "_";
+ }
+ result += Character.toLowerCase(c);
+ } else {
+ result += c;
+ }
+ }
+ return result;
+ }
+ // Recursive function to handle nested fields
+ def convertToSnakeCase(def obj) {
+ if (obj instanceof Map) {
+ // Convert each key in the map
+ def newObj = [:];
+ for (entry in obj.entrySet()) {
+ String newKey = camelToSnake(entry.getKey());
+ newObj[newKey] = convertToSnakeCase(entry.getValue());
+ }
+ return newObj;
+ } else if (obj instanceof List) {
+ // If it's a list, process each item recursively
+ def newList = [];
+ for (item in obj) {
+ newList.add(convertToSnakeCase(item));
+ }
+ return newList;
+ } else {
+ return obj;
+ }
+ }
+ // Apply the conversion
+ ctx.qualys_gav = ctx.qualys_gav ?: [:];
+ if (ctx.json != null) {
+ ctx.qualys_gav.asset = convertToSnakeCase(ctx.json);
+ }
+ // Remove json field
+ ctx.remove('json');
+
+ # Set observer.* and event.* fields
+ - set:
+ field: observer.vendor
+ tag: set_observer_vendor
+ value: Qualys
+ - set:
+ field: observer.product
+ tag: set_observer_product
+ value: Global AssetView
+ - set:
+ field: event.kind
+ tag: set_event_kind
+ value: event
+ - append:
+ field: event.category
+ tag: append_host_into_event_category
+ value: host
+ - append:
+ field: event.type
+ tag: append_info_into_event_type
+ value: info
+
+ # Convert values into appropriate type and do ECS mapping
+ - convert:
+ field: qualys_gav.asset.address
+ tag: convert_address_to_ip
+ type: ip
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.address != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.address
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - append:
+ field: host.ip
+ tag: append_qualys_gav_asset_address_into_host_ip
+ value: '{{{qualys_gav.asset.address}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.address != null
+ - append:
+ field: related.ip
+ tag: append_asset_address_into_related_ip
+ value: '{{{qualys_gav.asset.address}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.address != null
+ - convert:
+ field: qualys_gav.asset.agent.connected_from
+ tag: convert_agent_connected_from_to_ip
+ type: ip
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.agent?.connected_from != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.connected_from
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - append:
+ field: related.ip
+ tag: append_asset_agent_connected_from_into_related_ip
+ value: '{{{qualys_gav.asset.agent.connected_from}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.agent?.connected_from != null
+ - date:
+ field: qualys_gav.asset.agent.last_activity
+ target_field: qualys_gav.asset.agent.last_activity
+ tag: date_agent_last_activity
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.agent?.last_activity != null && ctx.qualys_gav.asset.agent.last_activity != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.last_activity
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.agent.last_checked_in
+ target_field: qualys_gav.asset.agent.last_checked_in
+ tag: date_agent_last_checked_in
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.agent?.last_checked_in != null && ctx.qualys_gav.asset.agent.last_checked_in != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.last_checked_in
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.agent.last_inventory
+ target_field: qualys_gav.asset.agent.last_inventory
+ tag: date_agent_last_inventory
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.agent?.last_inventory != null && ctx.qualys_gav.asset.agent.last_inventory != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.last_inventory
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.agent.udc_manifest_assigned
+ tag: convert_agent_udc_manifest_assigned_to_boolean
+ type: boolean
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.agent?.udc_manifest_assigned != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.udc_manifest_assigned
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.agent.error_status
+ tag: convert_agent_error_status_to_boolean
+ type: boolean
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.agent?.error_status != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.agent.error_status
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ # Remove fields having 0 value
+ - script:
+ tag: script_to_drop_zero_values
+ lang: painless
+ description: This script processor iterates over the sensor object to remove fields with zero values.
+ if: ctx.qualys_gav?.asset?.sensor instanceof Map
+ source: |
+ ctx.qualys_gav.asset.sensor.values().removeIf(v -> { return v == 0 });
+ - date:
+ field: qualys_gav.asset.sensor.last_vmscan
+ target_field: qualys_gav.asset.sensor.last_vmscan
+ tag: date_agent_last_vm_scan
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_vmscan != null && ctx.qualys_gav.asset.sensor.last_vmscan != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_vmscan
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_compliance_scan
+ target_field: qualys_gav.asset.sensor.last_compliance_scan
+ tag: date_agent_last_compliance_scan
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_compliance_scan != null && ctx.qualys_gav.asset.sensor.last_compliance_scan != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_compliance_scan
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_full_scan
+ target_field: qualys_gav.asset.sensor.last_full_scan
+ tag: date_agent_last_full_scan
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_full_scan != null && ctx.qualys_gav.asset.sensor.last_full_scan != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_full_scan
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_vm_scan_date_scanner
+ target_field: qualys_gav.asset.sensor.last_vm_scan_date_scanner
+ tag: date_agent_last_vm_scan_date_scanner
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_vm_scan_date_scanner != null && ctx.qualys_gav.asset.sensor.last_vm_scan_date_scanner != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_vm_scan_date_scanner
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.first_easm_scan_date
+ target_field: qualys_gav.asset.sensor.first_easm_scan_date
+ tag: date_agent_first_easm_scan_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.first_easm_scan_date != null && ctx.qualys_gav.asset.sensor.first_easm_scan_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.first_easm_scan_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_vm_scan_date_agent
+ target_field: qualys_gav.asset.sensor.last_vm_scan_date_agent
+ tag: date_agent_last_vm_scan_date_agent
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_vm_scan_date_agent != null && ctx.qualys_gav.asset.sensor.last_vm_scan_date_agent != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_vm_scan_date_agent
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_pc_scan_date_scanner
+ target_field: qualys_gav.asset.sensor.last_pc_scan_date_scanner
+ tag: date_agent_last_pc_scan_date_scanner
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_pc_scan_date_scanner != null && ctx.qualys_gav.asset.sensor.last_pc_scan_date_scanner != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_pc_scan_date_scanner
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_pc_scan_date_agent
+ target_field: qualys_gav.asset.sensor.last_pc_scan_date_agent
+ tag: date_agent_last_pc_scan_date_agent
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_pc_scan_date_agent != null && ctx.qualys_gav.asset.sensor.last_pc_scan_date_agent != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_pc_scan_date_agent
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.sensor.last_easm_scan_date
+ target_field: qualys_gav.asset.sensor.last_easm_scan_date
+ tag: date_agent_last_easm_scan_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor?.last_easm_scan_date != null && ctx.qualys_gav.asset.sensor.last_easm_scan_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor.last_easm_scan_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.asset_id
+ tag: convert_asset_id_to_string
+ type: string
+ ignore_missing: true
+ - set:
+ field: host.id
+ tag: set_host_id_from_asset_asset_id
+ copy_from: qualys_gav.asset.asset_id
+ ignore_empty_value: true
+ - append:
+ field: related.hosts
+ tag: append_asset_asset_id_into_related_hosts
+ value: '{{{qualys_gav.asset.asset_id}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.asset_id != null
+ - set:
+ field: host.name
+ tag: set_host_name_from_asset_asset_name
+ copy_from: qualys_gav.asset.asset_name
+ ignore_empty_value: true
+ - lowercase:
+ field: host.name
+ tag: lowercase_host_name
+ ignore_missing: true
+ - append:
+ field: related.hosts
+ tag: append_asset_asset_name_into_related_hosts
+ value: '{{{qualys_gav.asset.asset_name}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.asset_name != null
+ - set:
+ field: host.type
+ tag: set_host_type_from_asset_asset_type
+ copy_from: qualys_gav.asset.asset_type
+ ignore_empty_value: true
+ - append:
+ field: related.hosts
+ tag: append_asset_asset_uuid_into_related_hosts
+ value: '{{{qualys_gav.asset.asset_uuid}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.asset_uuid != null
+ - convert:
+ field: qualys_gav.asset.container.has_sensor
+ tag: convert_container_has_sensor_to_string
+ type: string
+ ignore_missing: true
+ - convert:
+ field: qualys_gav.asset.container.no_of_containers
+ tag: convert_container_no_of_containers_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.container?.no_of_containers != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.container.no_of_containers
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.container.no_of_images
+ tag: convert_container_no_of_images_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.container?.no_of_images != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.container.no_of_images
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.cpu_count
+ tag: convert_cpu_count_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.cpu_count != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.cpu_count
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.created_date
+ target_field: qualys_gav.asset.created_date
+ tag: date_created_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.created_date != null && ctx.qualys_gav.asset.created_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.created_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: event.created
+ tag: set_event_created_from_asset_created_date
+ copy_from: qualys_gav.asset.created_date
+ ignore_empty_value: true
+ - convert:
+ field: qualys_gav.asset.criticality.is_default
+ tag: convert_criticality_is_default_to_boolean
+ type: boolean
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.criticality?.is_default != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.criticality.is_default
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.criticality.last_updated
+ target_field: qualys_gav.asset.criticality.last_updated
+ tag: date_criticality_last_updated
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.criticality?.last_updated != null && ctx.qualys_gav.asset.criticality.last_updated != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.criticality.last_updated
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.criticality.score
+ tag: convert_criticality_score_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.criticality?.score != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.criticality.score
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: host.hostname
+ tag: set_host_hostname_from_asset_dns_name
+ copy_from: qualys_gav.asset.dns_name
+ ignore_empty_value: true
+ - append:
+ field: related.hosts
+ tag: append_asset_dns_name_into_related_hosts
+ value: '{{{qualys_gav.asset.dns_name}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.dns_name != null
+ - foreach:
+ field: qualys_gav.asset.domain
+ tag: foreach_asset_domain_to_set_host_domain
+ if: ctx.qualys_gav?.asset?.domain instanceof List
+ processor:
+ append:
+ field: host.domain
+ tag: append_asset_domain_into_host_domain
+ value: '{{{_ingest._value}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.domain
+ tag: foreach_asset_domain_to_set_related_hosts
+ if: ctx.qualys_gav?.asset?.domain instanceof List
+ processor:
+ append:
+ field: related.hosts
+ tag: append_asset_domain_into_related_hosts
+ value: '{{{_ingest._value}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.subdomain
+ tag: foreach_asset_subdomain
+ if: ctx.qualys_gav?.asset?.subdomain instanceof List
+ processor:
+ append:
+ field: related.hosts
+ tag: append_asset_subdomain_into_related_hosts
+ value: '{{{_ingest._value}}}'
+ allow_duplicates: false
+ - date:
+ field: qualys_gav.asset.hardware.lifecycle.eos_date
+ target_field: qualys_gav.asset.hardware.lifecycle.eos_date
+ tag: date_qualys_gav_asset_hardware_lifecycle_eos_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.hardware?.lifecycle?.eos_date != null && ctx.qualys_gav.asset.hardware.lifecycle.eos_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.hardware.lifecycle.eos_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.hardware.lifecycle.ga_date
+ target_field: qualys_gav.asset.hardware.lifecycle.ga_date
+ tag: date_qualys_gav_asset_hardware_lifecycle_ga_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.hardware?.lifecycle?.ga_date != null && ctx.qualys_gav.asset.hardware.lifecycle.ga_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.hardware.lifecycle.ga_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.hardware.lifecycle.intro_date
+ target_field: qualys_gav.asset.hardware.lifecycle.intro_date
+ tag: date_qualys_gav_asset_hardware_lifecycle_intro_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.hardware?.lifecycle?.intro_date != null && ctx.qualys_gav.asset.hardware.lifecycle.intro_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.hardware.lifecycle.intro_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.hardware.lifecycle.obsolete_date
+ target_field: qualys_gav.asset.hardware.lifecycle.obsolete_date
+ tag: date_qualys_gav_asset_hardware_lifecycle_obsolete_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.hardware?.lifecycle?.obsolete_date != null && ctx.qualys_gav.asset.hardware.lifecycle.obsolete_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.hardware.lifecycle.obsolete_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: device.manufacturer
+ tag: set_device_manufacturer_from_asset_hardware_manufacturer
+ copy_from: qualys_gav.asset.hardware.manufacturer
+ ignore_empty_value: true
+ - set:
+ field: device.model.name
+ tag: set_device_model_name_from_asset_hardware_model
+ copy_from: qualys_gav.asset.hardware.model
+ ignore_empty_value: true
+ - convert:
+ field: qualys_gav.asset.hardware.taxonomy.id
+ tag: convert_qualys_gav_asset_hardware_taxonomy_id_to_string
+ type: string
+ ignore_missing: true
+ - convert:
+ field: qualys_gav.asset.host_id
+ tag: convert_host_id_to_string
+ type: string
+ ignore_missing: true
+ - append:
+ field: related.hosts
+ tag: append_asset_host_id_into_related_hosts
+ value: '{{{qualys_gav.asset.host_id}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.host_id != null
+ - date:
+ field: qualys_gav.asset.inventory.created
+ target_field: qualys_gav.asset.inventory.created
+ tag: date_qualys_gav_asset_inventory_created
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.inventory?.created != null && ctx.qualys_gav.asset.inventory.created != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.inventory.created
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.inventory.last_updated
+ target_field: qualys_gav.asset.inventory.last_updated
+ tag: date_qualys_gav_asset_inventory_last_updated
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.inventory?.last_updated != null && ctx.qualys_gav.asset.inventory.last_updated != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.inventory.last_updated
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.activity.last_scanned_date
+ target_field: qualys_gav.asset.activity.last_scanned_date
+ tag: date_qualys_gav_asset_activity_last_scanned_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.activity?.last_scanned_date != null && ctx.qualys_gav.asset.activity.last_scanned_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.activity.last_scanned_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.is_container_host
+ tag: convert_is_container_host_to_boolean
+ type: boolean
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.is_container_host != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.is_container_host
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.last_boot
+ tag: date_last_boot
+ target_field: qualys_gav.asset.last_boot
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.last_boot != null && ctx.qualys_gav.asset.last_boot != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.last_boot
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: host.geo.city_name
+ tag: set_host_geo_city_name_from_asset_last_location_city
+ copy_from: qualys_gav.asset.last_location.city
+ ignore_empty_value: true
+ - set:
+ field: host.geo.continent_name
+ tag: set_host_geo_continent_name_from_asset_last_location_continent
+ copy_from: qualys_gav.asset.last_location.continent
+ ignore_empty_value: true
+ - set:
+ field: host.geo.country_name
+ tag: set_host_geo_country_name_from_asset_last_location_name
+ copy_from: qualys_gav.asset.last_location.name
+ ignore_empty_value: true
+ - set:
+ field: host.geo.postal_code
+ tag: set_host_geo_postal_code_from_asset_last_location_postal
+ copy_from: qualys_gav.asset.last_location.postal
+ ignore_empty_value: true
+ - set:
+ field: user.name
+ tag: set_user_name_from_asset_last_logged_on_user
+ copy_from: qualys_gav.asset.last_logged_on_user
+ ignore_empty_value: true
+ - append:
+ field: related.user
+ tag: append_asset_last_logged_on_user_into_related_user
+ value: '{{{qualys_gav.asset.last_logged_on_user}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.last_logged_on_user != null
+ - append:
+ field: related.hosts
+ tag: append_asset_netbios_name_into_related_hosts
+ value: '{{{qualys_gav.asset.netbios_name}}}'
+ allow_duplicates: false
+ if: ctx.qualys_gav?.asset?.netbios_name != null
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_asset_network_interface_list_data_network_interface_to_convert_address_ip_v4
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ convert:
+ field: _ingest._value.address_ip_v4
+ tag: convert_asset_network_interface_list_data_network_interface_address_ip_v4
+ type: ip
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.address_ip_v4
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_network_interface_list_data_network_interface_to_set_related_ip_from_address_ip_v4
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ append:
+ field: related.ip
+ tag: append_network_interface_list_data_network_interface_address_ip_v4_into_related_ip
+ value: '{{{_ingest._value.address_ip_v4}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_network_interface_list_data_network_interface_to_gsub_mac_address
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ gsub:
+ field: _ingest._value.mac_address
+ tag: gsub_network_interface_list_data_network_interface_mac_address
+ pattern: ':'
+ replacement: '-'
+ ignore_missing: true
+ on_failure:
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_network_interface_list_data_network_interface_to_uppercase_mac_address
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ uppercase:
+ field: _ingest._value.mac_address
+ tag: uppercase_network_interface_list_data_network_interface_mac_address
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_network_interface_list_data_network_interface_to_append_hostname
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ append:
+ field: related.hosts
+ tag: append_network_interface_list_data_network_interface_hostname_into_related_hosts
+ value: '{{{_ingest._value.hostname}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_network_interface_list_data_network_interface_to_split_address_ip_v6
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ split:
+ field: _ingest._value.address_ip_v6
+ separator: ', '
+ tag: split_asset_network_interface_list_data_network_interface_address_ip_v6
+ ignore_missing: true
+ on_failure:
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_asset_network_interface_list_data_network_interface_to_convert_address_ip_v6
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ foreach:
+ field: _ingest._value.address_ip_v6
+ tag: foreach_asset_network_interface_list_data_network_interface_address_ip_v6
+ ignore_failure: true
+ processor:
+ convert:
+ field: _ingest._value
+ tag: convert_asset_network_interface_list_data_network_interface_address_ip_v6
+ type: ip
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_asset_network_interface_list_data_network_interface_to_set_related_ip_from_address_ip_v6
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ foreach:
+ field: _ingest._value.address_ip_v6
+ tag: foreach_asset_network_interface_list_data_network_interface_address_ip_v6
+ ignore_failure: true
+ processor:
+ append:
+ field: related.ip
+ tag: append_asset_network_interface_list_data_network_interface_address_ip_v6_into_related_ip
+ value: '{{{_ingest._value}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.network_interface_list_data.network_interface
+ tag: foreach_asset_network_interface_list_data_network_interface_to_date_mac_vendor_intro_date
+ if: ctx.qualys_gav?.asset?.network_interface_list_data?.network_interface instanceof List
+ processor:
+ date:
+ field: _ingest._value.mac_vendor_intro_date
+ target_field: _ingest._value.mac_vendor_intro_date
+ tag: date_asset_network_interface_list_data_network_interface_mac_vendor_intro_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.mac_vendor_intro_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.open_port_list_data.open_port
+ tag: foreach_qualys_gav_asset_open_port_list_data_open_port_to_convert_port_to_long
+ if: ctx.qualys_gav?.asset?.open_port_list_data?.open_port instanceof List
+ processor:
+ convert:
+ field: _ingest._value.port
+ tag: convert_qualys_gav_asset_open_port_list_data_open_port_to_long
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.port
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.open_port_list_data.open_port
+ tag: foreach_qualys_gav_asset_open_port_list_data_open_port_to_convert_detection_score_to_long
+ if: ctx.qualys_gav?.asset?.open_port_list_data?.open_port instanceof List
+ processor:
+ convert:
+ field: _ingest._value.detection_score
+ tag: convert_qualys_gav_asset_open_port_list_data_open_port_detection_score_to_long
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.detection_score
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.open_port_list_data.open_port
+ tag: foreach_qualys_gav_asset_open_port_list_data_open_port_to_date_first_found
+ if: ctx.qualys_gav?.asset?.open_port_list_data?.open_port instanceof List
+ processor:
+ date:
+ field: _ingest._value.first_found
+ target_field: _ingest._value.first_found
+ tag: date_open_port_list_data_open_port_first_found
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.first_found
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.open_port_list_data.open_port
+ tag: foreach_qualys_gav_asset_open_port_list_data_open_port_to_date_last_updated
+ if: ctx.qualys_gav?.asset?.open_port_list_data?.open_port instanceof List
+ processor:
+ date:
+ field: _ingest._value.last_updated
+ target_field: _ingest._value.last_updated
+ tag: date_open_port_list_data_open_port_last_updated
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.last_updated
+ ignore_missing: true
+ - set:
+ field: host.architecture
+ tag: set_host_architecture_from_asset_operating_system_architecture
+ copy_from: qualys_gav.asset.operating_system.architecture
+ ignore_empty_value: true
+ - script:
+ description: Dynamically set host.os.type values.
+ tag: script_map_host_os_type
+ lang: painless
+ if: ctx.qualys_gav?.asset?.operating_system?.category1 != null
+ params:
+ macos : macos
+ linux : linux
+ unix : unix
+ windows : windows
+ ios : ios
+ android : android
+ source: |
+ def os_type = ctx.qualys_gav.asset.operating_system.category1.toLowerCase();
+
+ ctx.host = ctx.host ?: [:];
+ ctx.host.os = ctx.host.os ?: [:];
+
+ if (os_type.contains('centos') || os_type.contains('ubuntu')) {
+ ctx.host.os.put('type', 'linux');
+ } else {
+ ctx.host.os.put('type', params.get(os_type));
+ }
+ - convert:
+ field: qualys_gav.asset.operating_system.cpe_id
+ tag: convert_qualys_gav_asset_operating_system_cpe_id_to_string
+ type: string
+ ignore_missing: true
+ - set:
+ field: host.os.full
+ tag: set_host_os_full_from_asset_operating_system_full_name
+ copy_from: qualys_gav.asset.operating_system.full_name
+ ignore_empty_value: true
+ - date:
+ field: qualys_gav.asset.operating_system.install_date
+ target_field: qualys_gav.asset.operating_system.install_date
+ tag: date_qualys_gav_asset_operating_system_install_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.operating_system?.install_date != null && ctx.qualys_gav.asset.operating_system.install_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.operating_system.install_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.operating_system.lifecycle.eol_date
+ target_field: qualys_gav.asset.operating_system.lifecycle.eol_date
+ tag: date_qualys_gav_asset_operating_system_lifecycle_eol_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.operating_system?.lifecycle?.eol_date != null && ctx.qualys_gav.asset.operating_system.lifecycle.eol_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.operating_system.lifecycle.eol_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.operating_system.lifecycle.eos_date
+ target_field: qualys_gav.asset.operating_system.lifecycle.eos_date
+ tag: date_qualys_gav_asset_operating_system_lifecycle_eos_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.operating_system?.lifecycle?.eos_date != null && ctx.qualys_gav.asset.operating_system.lifecycle.eos_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.operating_system.lifecycle.eos_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - date:
+ field: qualys_gav.asset.operating_system.lifecycle.ga_date
+ target_field: qualys_gav.asset.operating_system.lifecycle.ga_date
+ tag: date_qualys_gav_asset_operating_system_lifecycle_ga_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.operating_system?.lifecycle?.ga_date != null && ctx.qualys_gav.asset.operating_system.lifecycle.ga_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.operating_system.lifecycle.ga_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.operating_system.lifecycle.detection_score
+ tag: convert_qualys_gav_asset_operating_system_lifecycle_detection_score_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.operating_system?.lifecycle?.detection_score != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.operating_system.lifecycle.detection_score
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: host.os.name
+ tag: set_host_os_name_from_asset_operating_system_os_name
+ copy_from: qualys_gav.asset.operating_system.os_name
+ ignore_empty_value: true
+ - set:
+ field: host.os.family
+ tag: set_host_os_family_from_asset_operating_system_product_family
+ copy_from: qualys_gav.asset.operating_system.product_family
+ ignore_empty_value: true
+ - set:
+ field: host.os.platform
+ tag: set_host_os_platform_from_asset_operating_system_product_name
+ copy_from: qualys_gav.asset.operating_system.product_name
+ ignore_empty_value: true
+ - convert:
+ field: qualys_gav.asset.operating_system.taxonomy.id
+ tag: convert_qualys_gav_asset_operating_system_taxonomy_id_to_string
+ type: string
+ ignore_missing: true
+ - set:
+ field: host.os.version
+ tag: set_host_os_version_from_asset_operating_system_version
+ copy_from: qualys_gav.asset.operating_system.version
+ ignore_empty_value: true
+ - set:
+ field: cloud.provider
+ tag: set_cloud_provider_from_asset_provider
+ copy_from: qualys_gav.asset.cloud_provider
+ ignore_empty_value: true
+ - convert:
+ field: qualys_gav.asset.risk_score
+ tag: convert_qualys_gav_asset_risk_score_to_float
+ type: float
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.risk_score != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.risk_score
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: event.risk_score
+ tag: set_event_risk_score_from_asset_risk_score
+ copy_from: qualys_gav.asset.risk_score
+ ignore_empty_value: true
+ - foreach:
+ field: qualys_gav.asset.business_app_list_data.business_app
+ tag: foreach_business_app_list_data_software
+ if: ctx.qualys_gav?.asset?.business_app_list_data?.business_app != null && ctx.qualys_gav.asset.business_app_list_data.business_app != ''
+ processor:
+ convert:
+ field: _ingest._value.id
+ tag: convert_sofware_list_data_software_id_to_string
+ type: string
+ ignore_missing: true
+ - date:
+ field: qualys_gav.asset.sensor_last_updated_date
+ tag: date_sensor_last_updated_date
+ target_field: qualys_gav.asset.sensor_last_updated_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.sensor_last_updated_date != null && ctx.qualys_gav.asset.sensor_last_updated_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.sensor_last_updated_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_id_to_string
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.id
+ tag: convert_sofware_list_data_software_id
+ target_field: _ingest._value.id
+ type: string
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_name_from_full_name
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.name
+ tag: append_sofware_list_data_software_name_into_package_name
+ value: '{{{_ingest._value.full_name}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_name_from_software_type
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.type
+ tag: append_sofware_list_data_software_name_into_package_name
+ value: '{{{_ingest._value.software_type}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_is_ignored
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.is_ignored
+ tag: convert_sofware_list_data_software_is_ignored
+ type: boolean
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.is_ignored
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_version_from_version
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.version
+ tag: append_software_list_data_software_version_into_package_version
+ value: '{{{_ingest._value.version}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_architecture_from_architecture
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.architecture
+ tag: append_software_list_data_software_architecture_into_package_architecture
+ value: '{{{_ingest._value.architecture}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_date_installed_date
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.install_date
+ target_field: _ingest._value.install_date
+ tag: date_software_list_data_software_installDate
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.install_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_installed_from_install_date
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.installed
+ tag: append_software_list_data_software_installDate_into_package_installed
+ value: '{{{_ingest._value.install_date}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_path_from_install_path
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.path
+ tag: append_software_list_data_software_install_path_into_package_path
+ value: '{{{_ingest._value.install_path}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_date_last_updated
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.last_updated
+ target_field: _ingest._value.last_updated
+ tag: date_software_list_data_software_last_updated
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.last_updated
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_date_last_use
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.last_use_date
+ target_field: _ingest._value.last_use_date
+ tag: date_software_list_data_software_last_use_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.last_use_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_is_package
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.is_package
+ tag: convert_sofware_list_data_software_is_package
+ type: boolean
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.is_package
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_is_package_component
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.is_package_component
+ tag: convert_sofware_list_data_software_is_package_component
+ type: boolean
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.is_package_component
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_path_from_product_url
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.reference
+ tag: append_software_list_data_software_product_url_into_package_path
+ value: '{{{_ingest._value.product_url}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_ga_date
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.lifecycle.ga_date
+ target_field: _ingest._value.lifecycle.ga_date
+ tag: date_software_list_data_software_ga_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.lifecycle.ga_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_date_lifecycle_eol_date
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.lifecycle.eol_date
+ target_field: _ingest._value.lifecycle.eol_date
+ tag: date_software_list_data_software_lifecycle_eol_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.lifecycle.eol_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_date_lifecycle_eos_date
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ date:
+ field: _ingest._value.lifecycle.eos_date
+ target_field: _ingest._value.lifecycle.eos_date
+ tag: date_software_list_data_software_lifecycle_eos_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.lifecycle.eos_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_lifecycle_detection_score
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.lifecycle.detection_score
+ tag: convert_software_list_data_software_lifecycle_detection_score
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.lifecycle.detection_score
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_description_from_support_stage_desc
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.description
+ tag: append_software_list_data_software_support_stage_desc
+ value: '{{{_ingest._value.support_stage_desc}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_append_package_license_from_support_stage_desc
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ append:
+ field: package.license
+ tag: append_software_list_data_software_support_stage_desc
+ value: '{{{_ingest._value.license.category}}}'
+ allow_duplicates: false
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_convert_authorization_detection_score
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ convert:
+ field: _ingest._value.authorization_detection_score
+ tag: convert_software_list_data_software_authorization_detection_score
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.authorization_detection_score
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_date_software_instances_first_seen
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ foreach:
+ field: _ingest._value.software_instances
+ tag: foreach_software_list_data_software_software_instances_first_seen
+ ignore_failure: true
+ processor:
+ date:
+ field: _ingest._value.first_seen
+ target_field: _ingest._value.first_seen
+ tag: date_software_list_data_software_software_instances_firstSeen
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.first_seen
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_sofware_list_data_software_to_date_software_instances_last_seen
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List
+ processor:
+ foreach:
+ field: _ingest._value.software_instances
+ tag: foreach_software_list_data_software_software_instances_last_seen
+ ignore_failure: true
+ processor:
+ date:
+ field: _ingest._value.last_seen
+ target_field: _ingest._value.last_seen
+ tag: date_software_list_data_software_software_instances_last_seen
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.last_seen
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.tag_list.tag
+ tag: foreach_tagList_tag_to_convert_criticality_score
+ if: ctx.qualys_gav?.asset?.tag_list?.tag instanceof List
+ processor:
+ convert:
+ field: _ingest._value.criticality_score
+ tag: convert_tagList_tag_criticality_score
+ type: double
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.criticality_score
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.tag_list.tag
+ tag: foreach_tagList_tag_to_convert_tag_id
+ if: ctx.qualys_gav?.asset?.tag_list?.tag instanceof List
+ processor:
+ convert:
+ field: _ingest._value.tag_id
+ tag: convert_tagList_tag_tag_id_to_string
+ type: string
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.tag_list.tag
+ tag: foreach_tagList_tag_to_convert_background_color
+ if: ctx.qualys_gav?.asset?.tag_list?.tag instanceof List
+ processor:
+ convert:
+ field: _ingest._value.background_color
+ tag: convert_tagList_tag_background_color_to_string
+ type: string
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.tag_list.tag
+ tag: foreach_tagList_tag_to_convert_foreground_color
+ if: ctx.qualys_gav?.asset?.tag_list?.tag instanceof List
+ processor:
+ convert:
+ field: _ingest._value.foreground_color
+ tag: convert_tagList_tag_foreground_color_to_string
+ type: string
+ ignore_missing: true
+ - convert:
+ field: qualys_gav.asset.threads_per_core
+ tag: convert_threads_per_core
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.threads_per_core != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.threads_per_core
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - set:
+ field: event.timezone
+ tag: set_event_timezone_from_asset_time_zone
+ copy_from: qualys_gav.asset.time_zone
+ ignore_empty_value: true
+ - convert:
+ field: qualys_gav.asset.total_memory
+ tag: convert_total_memory_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.total_memory != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.total_memory
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.volume_list_data.volume
+ tag: foreach_volume_list_data_volume_to_convert_free
+ if: ctx.qualys_gav?.asset?.volume_list_data?.volume instanceof List
+ processor:
+ convert:
+ field: _ingest._value.free
+ tag: convert_volume_list_data_volume_free_to_long
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.free
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.volume_list_data.volume
+ tag: foreach_volume_list_data_volume_to_convert_size
+ if: ctx.qualys_gav?.asset?.volume_list_data?.volume instanceof List
+ processor:
+ convert:
+ field: _ingest._value.size
+ tag: convert_volume_list_data_volume_size_to_long
+ type: long
+ ignore_missing: true
+ on_failure:
+ - remove:
+ field: _ingest._value.size
+ ignore_missing: true
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - foreach:
+ field: qualys_gav.asset.whois
+ tag: foreach_whois_to_date_created_date
+ if: ctx.qualys_gav?.asset?.whois instanceof List
+ processor:
+ date:
+ field: _ingest._value.created_date
+ tag: date_whois_created_date
+ target_field: _ingest._value.created_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.created_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.whois
+ tag: foreach_whois_to_date_expiration_date
+ if: ctx.qualys_gav?.asset?.whois instanceof List
+ processor:
+ date:
+ field: _ingest._value.expiration_date
+ tag: date_whois_expiration_date
+ target_field: _ingest._value.expiration_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.expiration_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.whois
+ tag: foreach_whois_to_date_updated_date
+ if: ctx.qualys_gav?.asset?.whois instanceof List
+ processor:
+ date:
+ field: _ingest._value.updated_date
+ tag: date_whois_updated_date
+ target_field: _ingest._value.updated_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ on_failure:
+ - remove:
+ field: _ingest._value.updated_date
+ ignore_missing: true
+ - foreach:
+ field: qualys_gav.asset.whois
+ tag: foreach_whois_to_append_domain_into_related_hosts
+ if: ctx.qualys_gav?.asset?.whois instanceof List
+ processor:
+ append:
+ field: related.hosts
+ tag: append_whois_domain_into_related_hosts
+ value: '{{{_ingest._value.domain}}}'
+ allow_duplicates: false
+ - date:
+ field: qualys_gav.asset.last_modified_date
+ target_field: qualys_gav.asset.last_modified_date
+ tag: date_last_modified_date
+ formats:
+ - UNIX_MS
+ - ISO8601
+ if: ctx.qualys_gav?.asset?.last_modified_date != null && ctx.qualys_gav.asset.last_modified_date != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.last_modified_date
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.processor.speed
+ tag: convert_processor_speed_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.processor?.speed != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.processor.speed
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.processor.num_cpus
+ tag: convert_container_num_cpus_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.processor?.num_cpus != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.processor.num_cpus
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.processor.no_of_socket
+ tag: convert_container_no_of_socket_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.processor?.no_of_socket != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.processor.no_of_socket
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.processor.threads_per_core
+ tag: convert_container_threads_per_core_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.processor?.threads_per_core != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.processor.threads_per_core
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.processor.cores_per_socket
+ tag: convert_container_cores_per_socket_to_long
+ type: long
+ ignore_missing: true
+ if: ctx.qualys_gav?.asset?.processor?.cores_per_socket != ''
+ on_failure:
+ - remove:
+ field: qualys_gav.asset.processor.cores_per_socket
+ - append:
+ field: error.message
+ value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+ - convert:
+ field: qualys_gav.asset.lpar_id
+ tag: convert_lpar_id_to_string
+ type: string
+ ignore_missing: true
+
+ # Mask Sensitive Data
+ - foreach:
+ field: qualys_gav.asset.whois
+ tag: foreach_whois_to_mask_registrant_contact
+ if: ctx.qualys_gav?.asset?.whois instanceof List && ctx.tags != null && ctx.tags.contains('hide_sensitive')
+ processor:
+ set:
+ field: _ingest._value.registrant_contact
+ tag: set_whois_registrant_contact
+ value: 'REDACTED'
+
+ # Remove Duplicate Custom Field if preserve_duplicate_custom_fields are not enabled
+ - foreach:
+ field: qualys_gav.asset.software_list_data.software
+ tag: foreach_software_list_data_software_to_remove_duplicate_custom_fields
+ if: ctx.qualys_gav?.asset?.software_list_data?.software instanceof List && (ctx.tags == null || !ctx.tags.contains('preserve_duplicate_custom_fields'))
+ processor:
+ remove:
+ field:
+ - _ingest._value.architecture
+ - _ingest._value.install_date
+ - _ingest._value.full_name
+ - _ingest._value.license.category
+ - _ingest._value.install_path
+ - _ingest._value.software_type
+ - _ingest._value.product_url
+ - _ingest._value.version
+ - _ingest._value.support_stage_desc
+ tag: preserve_duplicate_custom_fields
+ ignore_missing: true
+ - remove:
+ field:
+ - qualys_gav.asset.address
+ - qualys_gav.asset.asset_id
+ - qualys_gav.asset.asset_name
+ - qualys_gav.asset.operating_system.category1
+ - qualys_gav.asset.asset_type
+ - qualys_gav.asset.created_date
+ - qualys_gav.asset.dns_name
+ - qualys_gav.asset.domain
+ - qualys_gav.asset.hardware.manufacturer
+ - qualys_gav.asset.hardware.model
+ - qualys_gav.asset.last_location.city
+ - qualys_gav.asset.last_location.continent
+ - qualys_gav.asset.last_location.name
+ - qualys_gav.asset.operating_system.full_name
+ - qualys_gav.asset.last_location.postal
+ - qualys_gav.asset.last_logged_on_user
+ - qualys_gav.asset.operating_system.architecture
+ - qualys_gav.asset.operating_system.os_name
+ - qualys_gav.asset.operating_system.product_family
+ - qualys_gav.asset.operating_system.product_name
+ - qualys_gav.asset.operating_system.version
+ - qualys_gav.asset.cloud_provider
+ - qualys_gav.asset.risk_score
+ - qualys_gav.asset.time_zone
+ tag: remove_custom_duplicate_fields
+ ignore_missing: true
+ if: ctx.tags == null || !ctx.tags.contains('preserve_duplicate_custom_fields')
+
+ # Cleanup
+ - script:
+ tag: script_to_drop_null_values
+ lang: painless
+ description: This script processor iterates over the whole document to remove fields with null values.
+ source: |-
+ void handleMap(Map map) {
+ map.values().removeIf(v -> {
+ if (v instanceof Map) {
+ handleMap(v);
+ } else if (v instanceof List) {
+ handleList(v);
+ }
+ return v == null || (v instanceof String && ((String) v).trim() == '')|| (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0)
+ });
+ }
+ void handleList(List list) {
+ list.removeIf(v -> {
+ if (v instanceof Map) {
+ handleMap(v);
+ } else if (v instanceof List) {
+ handleList(v);
+ }
+ return v == null || (v instanceof String && ((String) v).trim() == '')|| (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0)
+ });
+ }
+ handleMap(ctx);
+ - set:
+ field: event.kind
+ tag: set_pipeline_error_into_event_kind
+ value: pipeline_error
+ if: ctx.error?.message != null
+ - append:
+ field: tags
+ value: preserve_original_event
+ allow_duplicates: false
+ if: ctx.error?.message != null
+on_failure:
+ - append:
+ field: error.message
+ value: |-
+ Processor '{{{ _ingest.on_failure_processor_type }}}'
+ {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+ {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}'
+ - set:
+ field: event.kind
+ tag: set_pipeline_error_to_event_kind
+ value: pipeline_error
+ - append:
+ field: tags
+ value: preserve_original_event
+ allow_duplicates: false
diff --git a/packages/qualys_gav/data_stream/asset/fields/base-fields.yml b/packages/qualys_gav/data_stream/asset/fields/base-fields.yml
new file mode 100644
index 00000000000..05c91a0d0b7
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/fields/base-fields.yml
@@ -0,0 +1,16 @@
+- name: data_stream.type
+ external: ecs
+- name: data_stream.dataset
+ external: ecs
+- name: data_stream.namespace
+ external: ecs
+- name: "@timestamp"
+ external: ecs
+- name: event.module
+ type: constant_keyword
+ external: ecs
+ value: qualys_gav
+- name: event.dataset
+ type: constant_keyword
+ external: ecs
+ value: qualys_gav.asset
diff --git a/packages/qualys_gav/data_stream/asset/fields/beats.yml b/packages/qualys_gav/data_stream/asset/fields/beats.yml
new file mode 100644
index 00000000000..d5fd38748ba
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/fields/beats.yml
@@ -0,0 +1,6 @@
+- name: input.type
+ type: keyword
+ description: Type of Filebeat input.
+- name: log.offset
+ type: long
+ description: Log offset.
diff --git a/packages/qualys_gav/data_stream/asset/fields/fields.yml b/packages/qualys_gav/data_stream/asset/fields/fields.yml
new file mode 100644
index 00000000000..6187d757f3b
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/fields/fields.yml
@@ -0,0 +1,639 @@
+- name: qualys_gav
+ type: group
+ fields:
+ - name: asset
+ type: group
+ fields:
+ - name: activity
+ type: group
+ fields:
+ - name: last_scanned_date
+ type: date
+ - name: source
+ type: keyword
+ - name: address
+ type: ip
+ - name: agent
+ type: group
+ fields:
+ - name: activations
+ type: group
+ fields:
+ - name: key
+ type: keyword
+ - name: status
+ type: keyword
+ - name: configuration_profile
+ type: keyword
+ - name: connected_from
+ type: ip
+ - name: error_status
+ type: boolean
+ - name: last_activity
+ type: date
+ - name: last_checked_in
+ type: date
+ - name: last_inventory
+ type: date
+ - name: udc_manifest_assigned
+ type: boolean
+ - name: version
+ type: keyword
+ - name: agent_id
+ type: keyword
+ - name: asn
+ type: keyword
+ - name: asset_id
+ type: keyword
+ - name: asset_name
+ type: keyword
+ - name: asset_type
+ type: keyword
+ - name: asset_uuid
+ type: keyword
+ - name: assigned_location
+ type: group
+ fields:
+ - name: city
+ type: keyword
+ - name: country
+ type: keyword
+ - name: name
+ type: keyword
+ - name: state
+ type: keyword
+ - name: bios_asset_tag
+ type: keyword
+ - name: bios_description
+ type: keyword
+ - name: bios_serial_number
+ type: keyword
+ - name: business_app_list_data
+ type: group
+ fields:
+ - name: business_app
+ type: group
+ fields:
+ - name: business_criticality
+ type: keyword
+ - name: environment
+ type: keyword
+ - name: id
+ type: keyword
+ - name: managed_by
+ type: keyword
+ - name: name
+ type: keyword
+ - name: operational_status
+ type: keyword
+ - name: owned_by
+ type: keyword
+ - name: status
+ type: keyword
+ - name: support_group
+ type: keyword
+ - name: supported_by
+ type: keyword
+ - name: used_for
+ type: keyword
+ - name: business_information
+ type: group
+ fields:
+ - name: company
+ type: keyword
+ - name: department
+ type: keyword
+ - name: environment
+ type: keyword
+ - name: managed_by
+ type: keyword
+ - name: operational_status
+ type: keyword
+ - name: owned_by
+ type: keyword
+ - name: support_group
+ type: keyword
+ - name: supported_by
+ type: keyword
+ - name: cloud_provider
+ type: keyword
+ - name: container
+ type: group
+ fields:
+ - name: has_sensor
+ type: keyword
+ - name: no_of_containers
+ type: long
+ - name: no_of_images
+ type: long
+ - name: product
+ type: keyword
+ - name: version
+ type: keyword
+ - name: cpu_count
+ type: long
+ - name: created_date
+ type: date
+ - name: criticality
+ type: group
+ fields:
+ - name: is_default
+ type: boolean
+ - name: last_updated
+ type: date
+ - name: score
+ type: long
+ - name: custom_attributes
+ type: group
+ fields:
+ - name: connector_name
+ type: keyword
+ - name: key
+ type: keyword
+ - name: value
+ type: keyword
+ - name: dns_name
+ type: keyword
+ - name: domain
+ type: keyword
+ - name: domain_role
+ type: keyword
+ - name: easm_tags
+ type: keyword
+ - name: hardware
+ type: group
+ fields:
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: lifecycle
+ type: group
+ fields:
+ - name: eos_date
+ type: date
+ - name: ga_date
+ type: date
+ - name: intro_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: obsolete_date
+ type: date
+ - name: stage
+ type: keyword
+ - name: manufacturer
+ type: keyword
+ - name: model
+ type: keyword
+ - name: product_family
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: taxonomy
+ type: group
+ fields:
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: id
+ type: keyword
+ - name: name
+ type: keyword
+ - name: host_id
+ type: keyword
+ - name: hosting_category1
+ type: keyword
+ - name: hw_uuid
+ type: keyword
+ - name: inventory
+ type: group
+ fields:
+ - name: created
+ type: date
+ - name: last_updated
+ type: date
+ - name: source
+ type: keyword
+ - name: is_container_host
+ type: boolean
+ - name: isp
+ type: keyword
+ - name: last_boot
+ type: date
+ - name: last_location
+ type: group
+ fields:
+ - name: city
+ type: keyword
+ - name: continent
+ type: keyword
+ - name: country
+ type: keyword
+ - name: name
+ type: keyword
+ - name: postal
+ type: keyword
+ - name: state
+ type: keyword
+ - name: last_logged_on_user
+ type: keyword
+ - name: last_modified_date
+ type: date
+ - name: lpar_id
+ type: keyword
+ - name: missing_software
+ type: keyword
+ - name: netbios_name
+ type: keyword
+ - name: network_interface_list_data
+ type: group
+ fields:
+ - name: network_interface
+ type: group
+ fields:
+ - name: address_ip_v4
+ type: ip
+ - name: address_ip_v6
+ type: ip
+ - name: addresses
+ type: keyword
+ - name: dns_address
+ type: keyword
+ - name: gateway_address
+ type: keyword
+ - name: hostname
+ type: keyword
+ - name: interface_name
+ type: keyword
+ - name: mac_address
+ type: keyword
+ - name: mac_vendor_intro_date
+ type: date
+ - name: manufacturer
+ type: keyword
+ - name: netmask
+ type: keyword
+ - name: open_port_list_data
+ type: group
+ fields:
+ - name: open_port
+ type: group
+ fields:
+ - name: authorization
+ type: keyword
+ - name: description
+ type: keyword
+ - name: detected_service
+ type: keyword
+ - name: detection_score
+ type: long
+ - name: discovery_sources
+ type: keyword
+ - name: first_found
+ type: date
+ - name: last_updated
+ type: date
+ - name: port
+ type: long
+ - name: protocol
+ type: keyword
+ - name: operating_system
+ type: group
+ fields:
+ - name: architecture
+ type: keyword
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: cpe
+ type: keyword
+ - name: cpe_id
+ type: keyword
+ - name: cpe_type
+ type: keyword
+ - name: edition
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: install_date
+ type: date
+ - name: lifecycle
+ type: group
+ fields:
+ - name: detection_score
+ type: long
+ - name: eol_date
+ type: date
+ - name: eol_support_stage
+ type: keyword
+ - name: eos_date
+ type: date
+ - name: eos_support_stage
+ type: keyword
+ - name: ga_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: stage
+ type: keyword
+ - name: market_version
+ type: keyword
+ - name: os_name
+ type: keyword
+ - name: product_family
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: publisher
+ type: keyword
+ - name: release
+ type: keyword
+ - name: taxonomy
+ type: group
+ fields:
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: id
+ type: keyword
+ - name: name
+ type: keyword
+ - name: update
+ type: keyword
+ - name: version
+ type: keyword
+ - name: organization_name
+ type: keyword
+ - name: processor
+ type: group
+ fields:
+ - name: cores_per_socket
+ type: long
+ - name: description
+ type: keyword
+ - name: multithreading_status
+ type: keyword
+ - name: no_of_socket
+ type: long
+ - name: num_cpus
+ type: long
+ - name: speed
+ type: long
+ - name: threads_per_core
+ type: long
+ - name: provider
+ type: keyword
+ - name: risk_score
+ type: float
+ - name: sensor
+ type: group
+ fields:
+ - name: activated_for_modules
+ type: keyword
+ - name: first_easm_scan_date
+ type: date
+ - name: last_compliance_scan
+ type: date
+ - name: last_easm_scan_date
+ type: date
+ - name: last_full_scan
+ type: date
+ - name: last_pc_scan_date_agent
+ type: date
+ - name: last_pc_scan_date_scanner
+ type: date
+ - name: last_vm_scan_date_agent
+ type: date
+ - name: last_vm_scan_date_scanner
+ type: date
+ - name: last_vmscan
+ type: date
+ - name: pending_activation_for_modules
+ type: keyword
+ - name: software_component
+ type: keyword
+ - name: sensor_last_updated_date
+ type: date
+ - name: service_list
+ type: group
+ fields:
+ - name: service
+ type: group
+ fields:
+ - name: description
+ type: keyword
+ - name: name
+ type: keyword
+ - name: status
+ type: keyword
+ - name: software_component
+ type: keyword
+ - name: software_list_data
+ type: group
+ fields:
+ - name: software
+ type: group
+ fields:
+ - name: architecture
+ type: keyword
+ - name: authorization
+ type: keyword
+ - name: authorization_detection_score
+ type: long
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: component
+ type: keyword
+ - name: cpe
+ type: keyword
+ - name: cpe_id
+ type: keyword
+ - name: cpe_type
+ type: keyword
+ - name: discovered_name
+ type: keyword
+ - name: discovered_publisher
+ type: keyword
+ - name: discovered_version
+ type: keyword
+ - name: discovery_sources
+ type: keyword
+ - name: edition
+ type: keyword
+ - name: formerly_known_as
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: id
+ type: keyword
+ - name: ignored_reason
+ type: keyword
+ - name: install_date
+ type: date
+ - name: install_path
+ type: keyword
+ - name: is_ignored
+ type: boolean
+ - name: is_package
+ type: boolean
+ - name: is_package_component
+ type: boolean
+ - name: language
+ type: keyword
+ - name: last_updated
+ type: date
+ - name: last_use_date
+ type: date
+ - name: license
+ type: group
+ fields:
+ - name: category
+ type: keyword
+ - name: subcategory
+ type: keyword
+ - name: lifecycle
+ type: group
+ fields:
+ - name: detection_score
+ type: long
+ - name: eol_date
+ type: date
+ - name: eol_support_stage
+ type: keyword
+ - name: eos_date
+ type: date
+ - name: eos_support_stage
+ type: keyword
+ - name: ga_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: stage
+ type: keyword
+ - name: market_version
+ type: keyword
+ - name: package_name
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: publisher
+ type: keyword
+ - name: software_instances
+ type: group
+ fields:
+ - name: bin_path
+ type: keyword
+ - name: conf_path
+ type: keyword
+ - name: first_seen
+ type: date
+ - name: instance_name
+ type: keyword
+ - name: last_seen
+ type: date
+ - name: proc
+ type: keyword
+ - name: product
+ type: keyword
+ - name: technology
+ type: keyword
+ - name: version
+ type: keyword
+ - name: software_type
+ type: keyword
+ - name: support_stage_desc
+ type: keyword
+ - name: update
+ type: keyword
+ - name: version
+ type: keyword
+ - name: subdomain
+ type: keyword
+ - name: tag_list
+ type: group
+ fields:
+ - name: tag
+ type: group
+ fields:
+ - name: background_color
+ type: keyword
+ - name: business_impact
+ type: keyword
+ - name: criticality_score
+ type: double
+ - name: foreground_color
+ type: keyword
+ - name: tag_id
+ type: keyword
+ - name: tag_name
+ type: keyword
+ - name: time_zone
+ type: keyword
+ - name: total_memory
+ type: long
+ - name: user_account_list_data
+ type: group
+ fields:
+ - name: user_account
+ type: flattened
+ - name: volume_list_data
+ type: group
+ fields:
+ - name: volume
+ type: group
+ fields:
+ - name: free
+ type: long
+ - name: name
+ type: keyword
+ - name: size
+ type: long
+ - name: whois
+ type: group
+ fields:
+ - name: created_date
+ type: date
+ - name: dnssec
+ type: keyword
+ - name: domain
+ type: keyword
+ - name: domain_status
+ type: keyword
+ - name: expiration_date
+ type: date
+ - name: organization_name
+ type: keyword
+ - name: registrant_contact
+ type: keyword
+ - name: registrant_country
+ type: keyword
+ - name: registrant_email
+ type: keyword
+ - name: registrant_name
+ type: keyword
+ - name: registrant_organization
+ type: keyword
+ - name: registrar
+ type: keyword
+ - name: updated_date
+ type: date
diff --git a/packages/qualys_gav/data_stream/asset/fields/is-transform-source-true.yml b/packages/qualys_gav/data_stream/asset/fields/is-transform-source-true.yml
new file mode 100644
index 00000000000..fd4766eacd5
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/fields/is-transform-source-true.yml
@@ -0,0 +1,4 @@
+- name: labels.is_transform_source
+ type: constant_keyword
+ description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering.
+ value: "true"
diff --git a/packages/qualys_gav/data_stream/asset/lifecycle.yml b/packages/qualys_gav/data_stream/asset/lifecycle.yml
new file mode 100644
index 00000000000..b56a81e81d7
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/lifecycle.yml
@@ -0,0 +1 @@
+data_retention: "30d"
diff --git a/packages/qualys_gav/data_stream/asset/manifest.yml b/packages/qualys_gav/data_stream/asset/manifest.yml
new file mode 100644
index 00000000000..ee071d2db25
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/manifest.yml
@@ -0,0 +1,88 @@
+title: Collect Assets from Qualys Global AssetView.
+type: logs
+ilm_policy: logs-qualys_gav.asset-default_policy
+streams:
+ - input: cel
+ title: Qualys Global AssetView Assets
+ description: Collect Qualys Global AssetView Assets.
+ template_path: cel.yml.hbs
+ vars:
+ - name: interval
+ type: text
+ title: Interval
+ description: Duration between requests to the Qualys Global AssetView API. Supported units for this parameter are h/m/s.
+ multi: false
+ required: true
+ show_user: true
+ default: 1h
+ - name: batch_size
+ type: integer
+ title: Batch Size
+ description: Page size for the response of the Qualys Global AssetView API. Maximum allowed value is 100.
+ multi: false
+ required: true
+ show_user: false
+ default: 100
+ - name: enable_request_tracer
+ type: bool
+ title: Enable request tracing
+ multi: false
+ default: false
+ required: false
+ show_user: false
+ description: >-
+ The request tracer logs requests and responses to the agent's local file-system for debugging configurations.
+ Enabling this request tracing compromises security and should only be used for debugging. Disabling the request
+ tracer will delete any stored traces.
+ See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable)
+ for details.
+ - name: preserve_original_event
+ type: bool
+ title: Preserve original event
+ description: Preserves a raw copy of the original event, added to the field event.original.
+ multi: false
+ required: false
+ show_user: true
+ default: false
+ - name: tags
+ type: text
+ title: Tags
+ description: Tags for the data-stream.
+ multi: true
+ required: true
+ show_user: false
+ default:
+ - forwarded
+ - qualys_gav-asset
+ - name: http_client_timeout
+ type: text
+ title: HTTP Client Timeout
+ description: Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.
+ multi: false
+ required: true
+ show_user: false
+ default: 30s
+ - name: preserve_duplicate_custom_fields
+ required: false
+ title: Preserve duplicate custom fields
+ description: Preserve qualys_gav.asset fields that were copied to Elastic Common Schema (ECS) fields.
+ type: bool
+ multi: false
+ show_user: false
+ default: false
+ - name: hide_sensitive
+ type: bool
+ title: Hide Sensitive Details
+ description: Hide sensitive user details such as phone number, street address etc.
+ multi: false
+ required: false
+ show_user: false
+ default: true
+ - name: processors
+ type: yaml
+ title: Processors
+ multi: false
+ required: false
+ show_user: false
+ description: >-
+ Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.
diff --git a/packages/qualys_gav/data_stream/asset/sample_event.json b/packages/qualys_gav/data_stream/asset/sample_event.json
new file mode 100644
index 00000000000..4bf95bed561
--- /dev/null
+++ b/packages/qualys_gav/data_stream/asset/sample_event.json
@@ -0,0 +1,528 @@
+{
+ "@timestamp": "2025-08-04T11:07:30.158Z",
+ "agent": {
+ "ephemeral_id": "477a4666-bf1a-43a2-82ac-01f123a98616",
+ "id": "e54ee166-80db-4169-8fe4-6d3f8ab4dace",
+ "name": "elastic-agent-60090",
+ "type": "filebeat",
+ "version": "8.18.0"
+ },
+ "cloud": {
+ "provider": "Amazon Web Services"
+ },
+ "data_stream": {
+ "dataset": "qualys_gav.asset",
+ "namespace": "29826",
+ "type": "logs"
+ },
+ "device": {
+ "manufacturer": "Mock manufacturer",
+ "model": {
+ "name": "Mock model"
+ }
+ },
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "elastic_agent": {
+ "id": "e54ee166-80db-4169-8fe4-6d3f8ab4dace",
+ "snapshot": false,
+ "version": "8.18.0"
+ },
+ "event": {
+ "agent_id_status": "verified",
+ "category": [
+ "host"
+ ],
+ "created": "2025-07-09T14:21:12.000Z",
+ "dataset": "qualys_gav.asset",
+ "ingested": "2025-08-04T11:07:33Z",
+ "kind": "event",
+ "original": "{\"activity\":{\"lastScannedDate\":1752243670000,\"source\":\"EASM\"},\"address\":\"216.160.83.56\",\"agent\":{\"activations\":[{\"key\":\"httpd\",\"status\":\"ACTIVE\"}],\"configurationProfile\":\"Apache HTTP Server\",\"connectedFrom\":\"216.160.83.56\",\"errorStatus\":false,\"lastActivity\":1752520814000,\"lastCheckedIn\":1752520814000,\"lastInventory\":1752520816000,\"udcManifestAssigned\":false,\"version\":\"2.4.7\"},\"agentId\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"asn\":\"AS53831\",\"assetId\":67533741,\"assetName\":\"test_asset\",\"assetType\":\"HOST\",\"assetUUID\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"assignedLocation\":{\"city\":\"Pune\",\"country\":\"IN\",\"name\":\"4492 Camino De La Plaza, Pune,IN\",\"state\":\"MH\"},\"biosAssetTag\":\"Test asset tag\",\"biosDescription\":\"Test\",\"biosSerialNumber\":\"Test serial number\",\"businessAppListData\":{\"businessApp\":[{\"businessCriticality\":\"2 - Less Critical\",\"environment\":\"Production\",\"id\":\"BARCODE283904\",\"managedBy\":\"user\",\"name\":\"Quoting App\",\"operationalStatus\":\"Mended\",\"ownedBy\":\"ownerr\",\"status\":\"Installed\",\"supportGroup\":\"SME Operations\",\"supportedBy\":\"sopporter\",\"usedFor\":\"Production\"}]},\"businessInformation\":{\"company\":\"Qualys\",\"department\":\"Engineering\",\"environment\":\"QA\",\"managedBy\":\"Amit\",\"operationalStatus\":\"Blocked\",\"ownedBy\":\"Paul\",\"supportGroup\":\"ABC_01\",\"supportedBy\":\"Nick\"},\"cloudProvider\":\"Amazon Web Services\",\"container\":{\"hasSensor\":\"temp_value\",\"noOfContainers\":5,\"noOfImages\":3,\"product\":\"mock_product\",\"version\":\"mock_version\"},\"cpuCount\":0,\"createdDate\":\"2025-07-09T14:21:12.000Z\",\"criticality\":{\"isDefault\":false,\"lastUpdated\":\"2025-07-09T14:21:11.000Z\",\"score\":3},\"customAttributes\":[{\"connectorName\":\"Qualys\",\"key\":\"Media State4\",\"value\":\"Media disconnected\"}],\"dnsName\":\"test_dns\",\"domain\":[\"domain1\",\"domain2\"],\"domainRole\":\"Member Workstation\",\"easmTags\":[\"cloud\",\"cdn\"],\"hardware\":{\"category\":\"Mock category 1 / Mock category 2\",\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\",\"fullName\":\"Mock hardware\",\"lifecycle\":{\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"introDate\":\"2025-07-09T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"obsoleteDate\":\"2025-07-09T14:21:12.000Z\",\"stage\":\"Not Applicable\"},\"manufacturer\":\"Mock manufacturer\",\"model\":\"Mock model\",\"productFamily\":\"Mock product family\",\"productName\":\"Mock product name\",\"productUrl\":\"https://mock_product_url.com\",\"taxonomy\":{\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\",\"id\":\"mock_hardware_taxonomy_id\",\"name\":\"Mock hardware taxonomy name\"}},\"hostId\":1437386,\"hostingCategory1\":\"CDN\",\"hwUUID\":\"422a2b16-4c8b-588a-a20c-c1851ad7e376\",\"inventory\":{\"created\":1752070872000,\"lastUpdated\":1752243670000,\"source\":\"EASM\"},\"isContainerHost\":false,\"isp\":\"test, Inc.\",\"lastBoot\":\"2025-07-09T14:21:12.000Z\",\"lastLocation\":{\"city\":\"New York\",\"continent\":\"North America\",\"country\":\"United States\",\"name\":\"United States\",\"postal\":\"94040\",\"state\":\"California\"},\"lastLoggedOnUser\":\"test_user\",\"lastModifiedDate\":\"2025-07-11T14:21:10.000Z\",\"lparId\":\"mock_lpar_id\",\"missingSoftware\":[\"test1\",\"test2\",\"test3\"],\"netbiosName\":\"test_bios\",\"networkInterfaceListData\":{\"networkInterface\":[{\"addressIpV4\":\"81.2.69.142\",\"addressIpV6\":\"::ffff:5102:458e\",\"addresses\":\"mock_Address\",\"dnsAddress\":\"mock_dns_address\",\"gatewayAddress\":\"mock_geteaway_address\",\"hostname\":\"mock_hostname\",\"interfaceName\":\"mock_interface_name\",\"macAddress\":\"00:0c:29:15:6a:72\",\"macVendorIntroDate\":946944000000,\"manufacturer\":\"Mock manufacturer\",\"netmask\":\"mock_net_mask\"}]},\"openPortListData\":{\"openPort\":[{\"authorization\":\"Mock authorization\",\"description\":\"http protocol over TLS/SSL\",\"detectedService\":\"HTTPs\",\"detectionScore\":100,\"discoverySources\":\"EASM\",\"firstFound\":\"2025-07-09T14:21:12.000Z\",\"lastUpdated\":\"2025-07-09T14:21:12.000Z\",\"port\":443,\"protocol\":\"TCP\"}]},\"operatingSystem\":{\"architecture\":\"x86\",\"category\":\"Operating System / Windows\",\"category1\":\"Windows\",\"category2\":\"Windows\",\"cpe\":\"mock_cpe\",\"cpeId\":\"mock_cpe_id\",\"cpeType\":\"Mock cpe type\",\"edition\":\"Enterprise\",\"fullName\":\"Microsoft Windows 10 Enterprise\",\"installDate\":\"2025-07-09T14:21:12.000Z\",\"lifecycle\":{\"detectionScore\":100,\"eolDate\":\"2025-07-09T14:21:12.000Z\",\"eolSupportStage\":\"End-of-life\",\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"eosSupportStage\":\"End-of-life\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"stage\":\"End-of-life\"},\"marketVersion\":\"10.0.19042.1052\",\"osName\":\"Windows 10\",\"productFamily\":\"Mock product family\",\"productName\":\"Microsoft Windows 10 Enterprise\",\"productUrl\":\"https://mock_product_url.com\",\"publisher\":\"test\",\"release\":\"Mock release\",\"taxonomy\":{\"category1\":\"Mock category1\",\"category2\":\"Mock category2\",\"id\":\"mock_taxonomy_id\",\"name\":\"Mock taxonomy name\"},\"update\":\"22.04 LTS 22.04.5 LTS\",\"version\":\"10.0.19042.1052\"},\"organizationName\":[\"mock\"],\"processor\":{\"coresPerSocket\":2,\"description\":\"Intel(R) Xeon(R) Gold 6430\",\"multithreadingStatus\":\"test\",\"noOfSocket\":2,\"numCPUs\":4,\"speed\":3200,\"threadsPerCore\":2},\"provider\":\"Apache\",\"riskScore\":0,\"sensor\":{\"activatedForModules\":[\"mock_activated_module\"],\"firstEasmScanDate\":1752243670000,\"lastComplianceScan\":0,\"lastEasmScanDate\":1752243670000,\"lastFullScan\":0,\"lastPcScanDateAgent\":0,\"lastPcScanDateScanner\":0,\"lastVMScan\":0,\"lastVmScanDateAgent\":0,\"lastVmScanDateScanner\":0,\"pendingActivationForModules\":[\"mock_pending_module\"]},\"sensorLastUpdatedDate\":\"2025-07-11T14:21:10.000Z\",\"serviceList\":{\"service\":[{\"description\":\"temp_Decp\",\"name\":\"systemd-networkd.service\",\"status\":\"loaded/active/running\"}]},\"softwareComponent\":\"Apache HTTP Server\",\"softwareListData\":{\"software\":[{\"architecture\":\"x86_64\",\"authorization\":\"Mock authorization\",\"authorizationDetectionScore\":5,\"category\":\"Network Application / Web Servers\",\"category1\":\"Network Application\",\"category2\":\"Web Servers\",\"component\":\"Server\",\"cpe\":\"mock_cpe\",\"cpeId\":\"mock_cpe_id\",\"cpeType\":\"Mock cpe type\",\"discoveredName\":\"Mock discovered name\",\"discoveredPublisher\":\"Mock discovered publisher\",\"discoveredVersion\":\"mock_version\",\"discoverySources\":\"EASM\",\"edition\":\"Unknown\",\"formerlyKnownAs\":\"httpd\",\"fullName\":\"Apache HTTP Server\",\"id\":8464359598295418000,\"ignoredReason\":\"Insufficient Information\",\"installDate\":\"2021-10-25T14:21:12.000Z\",\"installPath\":\"/usr/local/apache2\",\"isIgnored\":false,\"isPackage\":false,\"isPackageComponent\":false,\"language\":\"C\",\"lastUpdated\":\"2021-10-25T14:21:12.000Z\",\"lastUseDate\":\"2021-10-25T14:21:12.000Z\",\"license\":{\"category\":\"Mock license category\",\"subcategory\":\"Mock license subcategory\"},\"lifecycle\":{\"detectionScore\":0,\"eolDate\":\"2021-10-25T14:21:12.000Z\",\"eolSupportStage\":\"Mock eol support stage\",\"eosDate\":\"2021-10-25T14:21:12.000Z\",\"eosSupportStage\":\"Mock eos support stage\",\"gaDate\":\"2021-10-25T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"stage\":\"Not Applicable\"},\"marketVersion\":\"Unknown\",\"packageName\":null,\"productName\":\"Apache HTTP Server\",\"productUrl\":\"https://en.wikipedia.org/wiki/Apache_HTTP_Server,,\",\"publisher\":\"Apache\",\"softwareInstances\":[{\"BIN_PATH\":\"/usr/bin/docker -H unix:///var/run/docker.sock\",\"CONF_PATH\":\"/etc/docker/daemon.json\",\"InstanceName\":\"DOCKER\",\"PROC\":\" 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\",\"PRODUCT\":\"Docker\",\"TECHNOLOGY\":\"Docker CE_EE\",\"VERSION\":\"24.0.7\",\"firstSeen\":\"2025-07-08T01:15:52.000Z\",\"lastSeen\":\"2025-07-14T19:20:15.000Z\"}],\"softwareType\":\"Application\",\"supportStageDesc\":\"Mock support stage desc\",\"update\":\"2021-10-25\",\"version\":\"2.4.7\"}]},\"subdomain\":[\"subdomain1\",\"subdomain2\"],\"tagList\":{\"tag\":[{\"backgroundColor\":0,\"businessImpact\":\"mock_business_impact\",\"criticalityScore\":3,\"foregroundColor\":0,\"tagId\":25971788,\"tagName\":\"Shodan\"}]},\"timeZone\":\"+05:30\",\"totalMemory\":10,\"userAccountListData\":{\"userAccount\":[{\"name\":\"root\"},{\"name\":\"serviceuser\"},{\"name\":\"devuser\"}]},\"volumeListData\":{\"volume\":[{\"free\":34645118976,\"name\":\"/\",\"size\":48202350592}]},\"whois\":[{\"createdDate\":\"2024-02-23T00:00:00.000Z\",\"dnssec\":\"test\",\"domain\":\"test_domainr\",\"domainStatus\":\"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited\",\"expirationDate\":\"2026-02-23T00:00:00.000Z\",\"registrantContact\":\"temp\",\"registrantCountry\":\"UNITED STATES\",\"registrantEmail\":\"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com\",\"registrantName\":\"1API GmbH\",\"registrantOrganization\":\"Domains By Proxy, LLC\",\"registrar\":\"1API GmbH\",\"updatedDate\":\"2025-07-13T00:00:00.000Z\"}]}",
+ "risk_score": 0,
+ "timezone": "+05:30",
+ "type": [
+ "info"
+ ]
+ },
+ "host": {
+ "architecture": "x86",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "geo": {
+ "city_name": "New York",
+ "continent_name": "North America",
+ "country_name": "United States",
+ "postal_code": "94040"
+ },
+ "hostname": "test_dns",
+ "id": "67533741",
+ "ip": [
+ "216.160.83.56"
+ ],
+ "name": "test_asset",
+ "os": {
+ "family": "Mock product family",
+ "full": "Microsoft Windows 10 Enterprise",
+ "name": "Windows 10",
+ "platform": "Microsoft Windows 10 Enterprise",
+ "type": "windows",
+ "version": "10.0.19042.1052"
+ },
+ "type": "HOST"
+ },
+ "input": {
+ "type": "cel"
+ },
+ "observer": {
+ "product": "Global AssetView",
+ "vendor": "Qualys"
+ },
+ "package": {
+ "architecture": [
+ "x86_64"
+ ],
+ "description": [
+ "Mock support stage desc"
+ ],
+ "installed": [
+ "2021-10-25T14:21:12.000Z"
+ ],
+ "license": [
+ "Mock license category"
+ ],
+ "name": [
+ "Apache HTTP Server"
+ ],
+ "path": [
+ "/usr/local/apache2"
+ ],
+ "reference": [
+ "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,"
+ ],
+ "type": [
+ "Application"
+ ],
+ "version": [
+ "2.4.7"
+ ]
+ },
+ "qualys_gav": {
+ "asset": {
+ "activity": {
+ "last_scanned_date": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "address": "216.160.83.56",
+ "agent": {
+ "activations": [
+ {
+ "key": "httpd",
+ "status": "ACTIVE"
+ }
+ ],
+ "configuration_profile": "Apache HTTP Server",
+ "connected_from": "216.160.83.56",
+ "error_status": false,
+ "last_activity": "2025-07-14T19:20:14.000Z",
+ "last_checked_in": "2025-07-14T19:20:14.000Z",
+ "last_inventory": "2025-07-14T19:20:16.000Z",
+ "udc_manifest_assigned": false,
+ "version": "2.4.7"
+ },
+ "agent_id": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "asn": "AS53831",
+ "asset_id": "67533741",
+ "asset_name": "test_asset",
+ "asset_type": "HOST",
+ "asset_uuid": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "assigned_location": {
+ "city": "Pune",
+ "country": "IN",
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "state": "MH"
+ },
+ "bios_asset_tag": "Test asset tag",
+ "bios_description": "Test",
+ "bios_serial_number": "Test serial number",
+ "business_app_list_data": {
+ "business_app": [
+ {
+ "business_criticality": "2 - Less Critical",
+ "environment": "Production",
+ "id": "BARCODE283904",
+ "managed_by": "user",
+ "name": "Quoting App",
+ "operational_status": "Mended",
+ "owned_by": "ownerr",
+ "status": "Installed",
+ "support_group": "SME Operations",
+ "supported_by": "sopporter",
+ "used_for": "Production"
+ }
+ ]
+ },
+ "business_information": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "environment": "QA",
+ "managed_by": "Amit",
+ "operational_status": "Blocked",
+ "owned_by": "Paul",
+ "support_group": "ABC_01",
+ "supported_by": "Nick"
+ },
+ "cloud_provider": "Amazon Web Services",
+ "container": {
+ "has_sensor": "temp_value",
+ "no_of_containers": 5,
+ "no_of_images": 3,
+ "product": "mock_product",
+ "version": "mock_version"
+ },
+ "cpu_count": 0,
+ "created_date": "2025-07-09T14:21:12.000Z",
+ "criticality": {
+ "is_default": false,
+ "last_updated": "2025-07-09T14:21:11.000Z",
+ "score": 3
+ },
+ "custom_attributes": [
+ {
+ "connector_name": "Qualys",
+ "key": "Media State4",
+ "value": "Media disconnected"
+ }
+ ],
+ "dns_name": "test_dns",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "domain_role": "Member Workstation",
+ "easm_tags": [
+ "cloud",
+ "cdn"
+ ],
+ "hardware": {
+ "category": "Mock category 1 / Mock category 2",
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "full_name": "Mock hardware",
+ "lifecycle": {
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "intro_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "obsolete_date": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable"
+ },
+ "manufacturer": "Mock manufacturer",
+ "model": "Mock model",
+ "product_family": "Mock product family",
+ "product_name": "Mock product name",
+ "product_url": "https://mock_product_url.com",
+ "taxonomy": {
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock hardware taxonomy name"
+ }
+ },
+ "host_id": "1437386",
+ "hosting_category1": "CDN",
+ "hw_uuid": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "inventory": {
+ "created": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "is_container_host": false,
+ "isp": "test, Inc.",
+ "last_boot": "2025-07-09T14:21:12.000Z",
+ "last_location": {
+ "city": "New York",
+ "continent": "North America",
+ "country": "United States",
+ "name": "United States",
+ "postal": "94040",
+ "state": "California"
+ },
+ "last_logged_on_user": "test_user",
+ "last_modified_date": "2025-07-11T14:21:10.000Z",
+ "lpar_id": "mock_lpar_id",
+ "missing_software": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "netbios_name": "test_bios",
+ "network_interface_list_data": {
+ "network_interface": [
+ {
+ "address_ip_v4": "81.2.69.142",
+ "address_ip_v6": [
+ "::ffff:5102:458e"
+ ],
+ "addresses": "mock_Address",
+ "dns_address": "mock_dns_address",
+ "gateway_address": "mock_geteaway_address",
+ "hostname": "mock_hostname",
+ "interface_name": "mock_interface_name",
+ "mac_address": "00-0C-29-15-6A-72",
+ "mac_vendor_intro_date": "2000-01-04T00:00:00.000Z",
+ "manufacturer": "Mock manufacturer",
+ "netmask": "mock_net_mask"
+ }
+ ]
+ },
+ "open_port_list_data": {
+ "open_port": [
+ {
+ "authorization": "Mock authorization",
+ "description": "http protocol over TLS/SSL",
+ "detected_service": "HTTPs",
+ "detection_score": 100,
+ "discovery_sources": "EASM",
+ "first_found": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-09T14:21:12.000Z",
+ "port": 443,
+ "protocol": "TCP"
+ }
+ ]
+ },
+ "operating_system": {
+ "architecture": "x86",
+ "category": "Operating System / Windows",
+ "category1": "Windows",
+ "category2": "Windows",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "edition": "Enterprise",
+ "full_name": "Microsoft Windows 10 Enterprise",
+ "install_date": "2025-07-09T14:21:12.000Z",
+ "lifecycle": {
+ "detection_score": 100,
+ "eol_date": "2025-07-09T14:21:12.000Z",
+ "eol_support_stage": "End-of-life",
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "eos_support_stage": "End-of-life",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "End-of-life"
+ },
+ "market_version": "10.0.19042.1052",
+ "os_name": "Windows 10",
+ "product_family": "Mock product family",
+ "product_name": "Microsoft Windows 10 Enterprise",
+ "product_url": "https://mock_product_url.com",
+ "publisher": "test",
+ "release": "Mock release",
+ "taxonomy": {
+ "category1": "Mock category1",
+ "category2": "Mock category2",
+ "id": "mock_taxonomy_id",
+ "name": "Mock taxonomy name"
+ },
+ "update": "22.04 LTS 22.04.5 LTS",
+ "version": "10.0.19042.1052"
+ },
+ "organization_name": [
+ "mock"
+ ],
+ "processor": {
+ "cores_per_socket": 2,
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "multithreading_status": "test",
+ "no_of_socket": 2,
+ "num_cpus": 4,
+ "speed": 3200,
+ "threads_per_core": 2
+ },
+ "provider": "Apache",
+ "risk_score": 0,
+ "sensor": {
+ "activated_for_modules": [
+ "mock_activated_module"
+ ],
+ "first_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "last_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "pending_activation_for_modules": [
+ "mock_pending_module"
+ ]
+ },
+ "sensor_last_updated_date": "2025-07-11T14:21:10.000Z",
+ "service_list": {
+ "service": [
+ {
+ "description": "temp_Decp",
+ "name": "systemd-networkd.service",
+ "status": "loaded/active/running"
+ }
+ ]
+ },
+ "software_component": "Apache HTTP Server",
+ "software_list_data": {
+ "software": [
+ {
+ "architecture": "x86_64",
+ "authorization": "Mock authorization",
+ "authorization_detection_score": 5,
+ "category": "Network Application / Web Servers",
+ "category1": "Network Application",
+ "category2": "Web Servers",
+ "component": "Server",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "discovered_name": "Mock discovered name",
+ "discovered_publisher": "Mock discovered publisher",
+ "discovered_version": "mock_version",
+ "discovery_sources": "EASM",
+ "edition": "Unknown",
+ "formerly_known_as": "httpd",
+ "full_name": "Apache HTTP Server",
+ "id": "8464359598295418000",
+ "ignored_reason": "Insufficient Information",
+ "install_date": "2021-10-25T14:21:12.000Z",
+ "install_path": "/usr/local/apache2",
+ "is_ignored": false,
+ "is_package": false,
+ "is_package_component": false,
+ "language": "C",
+ "last_updated": "2021-10-25T14:21:12.000Z",
+ "last_use_date": "2021-10-25T14:21:12.000Z",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "lifecycle": {
+ "detection_score": 0,
+ "eol_date": "2021-10-25T14:21:12.000Z",
+ "eol_support_stage": "Mock eol support stage",
+ "eos_date": "2021-10-25T14:21:12.000Z",
+ "eos_support_stage": "Mock eos support stage",
+ "ga_date": "2021-10-25T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "Not Applicable"
+ },
+ "market_version": "Unknown",
+ "product_name": "Apache HTTP Server",
+ "product_url": "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,",
+ "publisher": "Apache",
+ "software_instances": [
+ {
+ "bin_path": "/usr/bin/docker -H unix:///var/run/docker.sock",
+ "conf_path": "/etc/docker/daemon.json",
+ "first_seen": "2025-07-08T01:15:52.000Z",
+ "instance_name": "DOCKER",
+ "last_seen": "2025-07-14T19:20:15.000Z",
+ "proc": " 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock",
+ "product": "Docker",
+ "technology": "Docker CE_EE",
+ "version": "24.0.7"
+ }
+ ],
+ "software_type": "Application",
+ "support_stage_desc": "Mock support stage desc",
+ "update": "2021-10-25",
+ "version": "2.4.7"
+ }
+ ]
+ },
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "tag_list": {
+ "tag": [
+ {
+ "background_color": "0",
+ "business_impact": "mock_business_impact",
+ "criticality_score": 3,
+ "foreground_color": "0",
+ "tag_id": "25971788",
+ "tag_name": "Shodan"
+ }
+ ]
+ },
+ "time_zone": "+05:30",
+ "total_memory": 10,
+ "user_account_list_data": {
+ "user_account": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "volume_list_data": {
+ "volume": [
+ {
+ "free": 34645118976,
+ "name": "/",
+ "size": 48202350592
+ }
+ ]
+ },
+ "whois": [
+ {
+ "created_date": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domain": "test_domainr",
+ "domain_status": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "expiration_date": "2026-02-23T00:00:00.000Z",
+ "registrant_contact": "REDACTED",
+ "registrant_country": "UNITED STATES",
+ "registrant_email": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrant_name": "1API GmbH",
+ "registrant_organization": "Domains By Proxy, LLC",
+ "registrar": "1API GmbH",
+ "updated_date": "2025-07-13T00:00:00.000Z"
+ }
+ ]
+ }
+ },
+ "related": {
+ "hosts": [
+ "67533741",
+ "test_asset",
+ "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "test_dns",
+ "domain1",
+ "domain2",
+ "subdomain1",
+ "subdomain2",
+ "1437386",
+ "test_bios",
+ "mock_hostname",
+ "test_domainr"
+ ],
+ "ip": [
+ "216.160.83.56",
+ "81.2.69.142",
+ "::ffff:5102:458e"
+ ],
+ "user": [
+ "test_user"
+ ]
+ },
+ "tags": [
+ "preserve_original_event",
+ "preserve_duplicate_custom_fields",
+ "hide_sensitive",
+ "forwarded",
+ "qualys_gav-asset"
+ ],
+ "user": {
+ "name": "test_user"
+ }
+}
diff --git a/packages/qualys_gav/docs/README.md b/packages/qualys_gav/docs/README.md
new file mode 100644
index 00000000000..502b06822ef
--- /dev/null
+++ b/packages/qualys_gav/docs/README.md
@@ -0,0 +1,862 @@
+# Qualys Global AssetView (GAV)
+
+## Overview
+
+[Qualys GAV](https://docs.qualys.com/en/gav/latest/) helps you to accurately assess complex IT infrastructure and quickly identify and remediate risk. Using a combination of Qualys sensors — Cloud Agents, scanners and passive network sensors — GAV collects and analyzes data about assets across hybrid environments, and delivers up-to-date, comprehensive and continuous information about those assets as well as their security and compliance posture.
+
+The Qualys GAV integration collect assets via REST API.
+
+## Data streams
+
+The Qualys GAV integration collects logs of the following type:
+
+1. **Asset:** This data stream will collect details of all assets.
+
+>**Note**: For the **Asset** Dashboard, ensure that the time range is aligned with the configured interval parameter to display accurate and consistent data.
+
+## Requirements
+
+### Agentless-enabled integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent-based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host.
+
+## Compatibility
+
+For Rest API, this module has been tested against the **2.0** API version.
+
+## Setup
+
+### Collect data from the Qualys GAV API:
+
+- The base URL corresponds to the API Gateway URL of the respective Qualys GAV instance. For reference, see: [Qualys Platform Identification](https://www.qualys.com/platform-identification/#:~:text=apps.qualysksa.com-,API%20URLs,-Use%20API%20Gateway).
+- The same username and password used for logging into the Qualys instance are required for authentication when fetching logs through the integration.
+
+### Enable the integration in Elastic
+
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search top bar, type **Qualys GAV**.
+3. Select the **Qualys GAV** integration and add it.
+4. Add all the required integration configuration parameters: URL, Username and Password.
+5. Save the integration.
+
+## Logs reference
+
+### Asset
+
+This is the `Asset` dataset.
+
+#### Example
+
+An example event for `asset` looks as following:
+
+```json
+{
+ "@timestamp": "2025-08-04T11:07:30.158Z",
+ "agent": {
+ "ephemeral_id": "477a4666-bf1a-43a2-82ac-01f123a98616",
+ "id": "e54ee166-80db-4169-8fe4-6d3f8ab4dace",
+ "name": "elastic-agent-60090",
+ "type": "filebeat",
+ "version": "8.18.0"
+ },
+ "cloud": {
+ "provider": "Amazon Web Services"
+ },
+ "data_stream": {
+ "dataset": "qualys_gav.asset",
+ "namespace": "29826",
+ "type": "logs"
+ },
+ "device": {
+ "manufacturer": "Mock manufacturer",
+ "model": {
+ "name": "Mock model"
+ }
+ },
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "elastic_agent": {
+ "id": "e54ee166-80db-4169-8fe4-6d3f8ab4dace",
+ "snapshot": false,
+ "version": "8.18.0"
+ },
+ "event": {
+ "agent_id_status": "verified",
+ "category": [
+ "host"
+ ],
+ "created": "2025-07-09T14:21:12.000Z",
+ "dataset": "qualys_gav.asset",
+ "ingested": "2025-08-04T11:07:33Z",
+ "kind": "event",
+ "original": "{\"activity\":{\"lastScannedDate\":1752243670000,\"source\":\"EASM\"},\"address\":\"216.160.83.56\",\"agent\":{\"activations\":[{\"key\":\"httpd\",\"status\":\"ACTIVE\"}],\"configurationProfile\":\"Apache HTTP Server\",\"connectedFrom\":\"216.160.83.56\",\"errorStatus\":false,\"lastActivity\":1752520814000,\"lastCheckedIn\":1752520814000,\"lastInventory\":1752520816000,\"udcManifestAssigned\":false,\"version\":\"2.4.7\"},\"agentId\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"asn\":\"AS53831\",\"assetId\":67533741,\"assetName\":\"test_asset\",\"assetType\":\"HOST\",\"assetUUID\":\"bda51f1d-13cf-49ad-a3a0-9f83debbe5a9\",\"assignedLocation\":{\"city\":\"Pune\",\"country\":\"IN\",\"name\":\"4492 Camino De La Plaza, Pune,IN\",\"state\":\"MH\"},\"biosAssetTag\":\"Test asset tag\",\"biosDescription\":\"Test\",\"biosSerialNumber\":\"Test serial number\",\"businessAppListData\":{\"businessApp\":[{\"businessCriticality\":\"2 - Less Critical\",\"environment\":\"Production\",\"id\":\"BARCODE283904\",\"managedBy\":\"user\",\"name\":\"Quoting App\",\"operationalStatus\":\"Mended\",\"ownedBy\":\"ownerr\",\"status\":\"Installed\",\"supportGroup\":\"SME Operations\",\"supportedBy\":\"sopporter\",\"usedFor\":\"Production\"}]},\"businessInformation\":{\"company\":\"Qualys\",\"department\":\"Engineering\",\"environment\":\"QA\",\"managedBy\":\"Amit\",\"operationalStatus\":\"Blocked\",\"ownedBy\":\"Paul\",\"supportGroup\":\"ABC_01\",\"supportedBy\":\"Nick\"},\"cloudProvider\":\"Amazon Web Services\",\"container\":{\"hasSensor\":\"temp_value\",\"noOfContainers\":5,\"noOfImages\":3,\"product\":\"mock_product\",\"version\":\"mock_version\"},\"cpuCount\":0,\"createdDate\":\"2025-07-09T14:21:12.000Z\",\"criticality\":{\"isDefault\":false,\"lastUpdated\":\"2025-07-09T14:21:11.000Z\",\"score\":3},\"customAttributes\":[{\"connectorName\":\"Qualys\",\"key\":\"Media State4\",\"value\":\"Media disconnected\"}],\"dnsName\":\"test_dns\",\"domain\":[\"domain1\",\"domain2\"],\"domainRole\":\"Member Workstation\",\"easmTags\":[\"cloud\",\"cdn\"],\"hardware\":{\"category\":\"Mock category 1 / Mock category 2\",\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\",\"fullName\":\"Mock hardware\",\"lifecycle\":{\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"introDate\":\"2025-07-09T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"obsoleteDate\":\"2025-07-09T14:21:12.000Z\",\"stage\":\"Not Applicable\"},\"manufacturer\":\"Mock manufacturer\",\"model\":\"Mock model\",\"productFamily\":\"Mock product family\",\"productName\":\"Mock product name\",\"productUrl\":\"https://mock_product_url.com\",\"taxonomy\":{\"category1\":\"Mock category 1\",\"category2\":\"Mock category 2\",\"id\":\"mock_hardware_taxonomy_id\",\"name\":\"Mock hardware taxonomy name\"}},\"hostId\":1437386,\"hostingCategory1\":\"CDN\",\"hwUUID\":\"422a2b16-4c8b-588a-a20c-c1851ad7e376\",\"inventory\":{\"created\":1752070872000,\"lastUpdated\":1752243670000,\"source\":\"EASM\"},\"isContainerHost\":false,\"isp\":\"test, Inc.\",\"lastBoot\":\"2025-07-09T14:21:12.000Z\",\"lastLocation\":{\"city\":\"New York\",\"continent\":\"North America\",\"country\":\"United States\",\"name\":\"United States\",\"postal\":\"94040\",\"state\":\"California\"},\"lastLoggedOnUser\":\"test_user\",\"lastModifiedDate\":\"2025-07-11T14:21:10.000Z\",\"lparId\":\"mock_lpar_id\",\"missingSoftware\":[\"test1\",\"test2\",\"test3\"],\"netbiosName\":\"test_bios\",\"networkInterfaceListData\":{\"networkInterface\":[{\"addressIpV4\":\"81.2.69.142\",\"addressIpV6\":\"::ffff:5102:458e\",\"addresses\":\"mock_Address\",\"dnsAddress\":\"mock_dns_address\",\"gatewayAddress\":\"mock_geteaway_address\",\"hostname\":\"mock_hostname\",\"interfaceName\":\"mock_interface_name\",\"macAddress\":\"00:0c:29:15:6a:72\",\"macVendorIntroDate\":946944000000,\"manufacturer\":\"Mock manufacturer\",\"netmask\":\"mock_net_mask\"}]},\"openPortListData\":{\"openPort\":[{\"authorization\":\"Mock authorization\",\"description\":\"http protocol over TLS/SSL\",\"detectedService\":\"HTTPs\",\"detectionScore\":100,\"discoverySources\":\"EASM\",\"firstFound\":\"2025-07-09T14:21:12.000Z\",\"lastUpdated\":\"2025-07-09T14:21:12.000Z\",\"port\":443,\"protocol\":\"TCP\"}]},\"operatingSystem\":{\"architecture\":\"x86\",\"category\":\"Operating System / Windows\",\"category1\":\"Windows\",\"category2\":\"Windows\",\"cpe\":\"mock_cpe\",\"cpeId\":\"mock_cpe_id\",\"cpeType\":\"Mock cpe type\",\"edition\":\"Enterprise\",\"fullName\":\"Microsoft Windows 10 Enterprise\",\"installDate\":\"2025-07-09T14:21:12.000Z\",\"lifecycle\":{\"detectionScore\":100,\"eolDate\":\"2025-07-09T14:21:12.000Z\",\"eolSupportStage\":\"End-of-life\",\"eosDate\":\"2025-07-09T14:21:12.000Z\",\"eosSupportStage\":\"End-of-life\",\"gaDate\":\"2025-07-09T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"stage\":\"End-of-life\"},\"marketVersion\":\"10.0.19042.1052\",\"osName\":\"Windows 10\",\"productFamily\":\"Mock product family\",\"productName\":\"Microsoft Windows 10 Enterprise\",\"productUrl\":\"https://mock_product_url.com\",\"publisher\":\"test\",\"release\":\"Mock release\",\"taxonomy\":{\"category1\":\"Mock category1\",\"category2\":\"Mock category2\",\"id\":\"mock_taxonomy_id\",\"name\":\"Mock taxonomy name\"},\"update\":\"22.04 LTS 22.04.5 LTS\",\"version\":\"10.0.19042.1052\"},\"organizationName\":[\"mock\"],\"processor\":{\"coresPerSocket\":2,\"description\":\"Intel(R) Xeon(R) Gold 6430\",\"multithreadingStatus\":\"test\",\"noOfSocket\":2,\"numCPUs\":4,\"speed\":3200,\"threadsPerCore\":2},\"provider\":\"Apache\",\"riskScore\":0,\"sensor\":{\"activatedForModules\":[\"mock_activated_module\"],\"firstEasmScanDate\":1752243670000,\"lastComplianceScan\":0,\"lastEasmScanDate\":1752243670000,\"lastFullScan\":0,\"lastPcScanDateAgent\":0,\"lastPcScanDateScanner\":0,\"lastVMScan\":0,\"lastVmScanDateAgent\":0,\"lastVmScanDateScanner\":0,\"pendingActivationForModules\":[\"mock_pending_module\"]},\"sensorLastUpdatedDate\":\"2025-07-11T14:21:10.000Z\",\"serviceList\":{\"service\":[{\"description\":\"temp_Decp\",\"name\":\"systemd-networkd.service\",\"status\":\"loaded/active/running\"}]},\"softwareComponent\":\"Apache HTTP Server\",\"softwareListData\":{\"software\":[{\"architecture\":\"x86_64\",\"authorization\":\"Mock authorization\",\"authorizationDetectionScore\":5,\"category\":\"Network Application / Web Servers\",\"category1\":\"Network Application\",\"category2\":\"Web Servers\",\"component\":\"Server\",\"cpe\":\"mock_cpe\",\"cpeId\":\"mock_cpe_id\",\"cpeType\":\"Mock cpe type\",\"discoveredName\":\"Mock discovered name\",\"discoveredPublisher\":\"Mock discovered publisher\",\"discoveredVersion\":\"mock_version\",\"discoverySources\":\"EASM\",\"edition\":\"Unknown\",\"formerlyKnownAs\":\"httpd\",\"fullName\":\"Apache HTTP Server\",\"id\":8464359598295418000,\"ignoredReason\":\"Insufficient Information\",\"installDate\":\"2021-10-25T14:21:12.000Z\",\"installPath\":\"/usr/local/apache2\",\"isIgnored\":false,\"isPackage\":false,\"isPackageComponent\":false,\"language\":\"C\",\"lastUpdated\":\"2021-10-25T14:21:12.000Z\",\"lastUseDate\":\"2021-10-25T14:21:12.000Z\",\"license\":{\"category\":\"Mock license category\",\"subcategory\":\"Mock license subcategory\"},\"lifecycle\":{\"detectionScore\":0,\"eolDate\":\"2021-10-25T14:21:12.000Z\",\"eolSupportStage\":\"Mock eol support stage\",\"eosDate\":\"2021-10-25T14:21:12.000Z\",\"eosSupportStage\":\"Mock eos support stage\",\"gaDate\":\"2021-10-25T14:21:12.000Z\",\"lifeCycleConfidence\":\"Exact\",\"stage\":\"Not Applicable\"},\"marketVersion\":\"Unknown\",\"packageName\":null,\"productName\":\"Apache HTTP Server\",\"productUrl\":\"https://en.wikipedia.org/wiki/Apache_HTTP_Server,,\",\"publisher\":\"Apache\",\"softwareInstances\":[{\"BIN_PATH\":\"/usr/bin/docker -H unix:///var/run/docker.sock\",\"CONF_PATH\":\"/etc/docker/daemon.json\",\"InstanceName\":\"DOCKER\",\"PROC\":\" 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\",\"PRODUCT\":\"Docker\",\"TECHNOLOGY\":\"Docker CE_EE\",\"VERSION\":\"24.0.7\",\"firstSeen\":\"2025-07-08T01:15:52.000Z\",\"lastSeen\":\"2025-07-14T19:20:15.000Z\"}],\"softwareType\":\"Application\",\"supportStageDesc\":\"Mock support stage desc\",\"update\":\"2021-10-25\",\"version\":\"2.4.7\"}]},\"subdomain\":[\"subdomain1\",\"subdomain2\"],\"tagList\":{\"tag\":[{\"backgroundColor\":0,\"businessImpact\":\"mock_business_impact\",\"criticalityScore\":3,\"foregroundColor\":0,\"tagId\":25971788,\"tagName\":\"Shodan\"}]},\"timeZone\":\"+05:30\",\"totalMemory\":10,\"userAccountListData\":{\"userAccount\":[{\"name\":\"root\"},{\"name\":\"serviceuser\"},{\"name\":\"devuser\"}]},\"volumeListData\":{\"volume\":[{\"free\":34645118976,\"name\":\"/\",\"size\":48202350592}]},\"whois\":[{\"createdDate\":\"2024-02-23T00:00:00.000Z\",\"dnssec\":\"test\",\"domain\":\"test_domainr\",\"domainStatus\":\"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited\",\"expirationDate\":\"2026-02-23T00:00:00.000Z\",\"registrantContact\":\"temp\",\"registrantCountry\":\"UNITED STATES\",\"registrantEmail\":\"594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com\",\"registrantName\":\"1API GmbH\",\"registrantOrganization\":\"Domains By Proxy, LLC\",\"registrar\":\"1API GmbH\",\"updatedDate\":\"2025-07-13T00:00:00.000Z\"}]}",
+ "risk_score": 0,
+ "timezone": "+05:30",
+ "type": [
+ "info"
+ ]
+ },
+ "host": {
+ "architecture": "x86",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "geo": {
+ "city_name": "New York",
+ "continent_name": "North America",
+ "country_name": "United States",
+ "postal_code": "94040"
+ },
+ "hostname": "test_dns",
+ "id": "67533741",
+ "ip": [
+ "216.160.83.56"
+ ],
+ "name": "test_asset",
+ "os": {
+ "family": "Mock product family",
+ "full": "Microsoft Windows 10 Enterprise",
+ "name": "Windows 10",
+ "platform": "Microsoft Windows 10 Enterprise",
+ "type": "windows",
+ "version": "10.0.19042.1052"
+ },
+ "type": "HOST"
+ },
+ "input": {
+ "type": "cel"
+ },
+ "observer": {
+ "product": "Global AssetView",
+ "vendor": "Qualys"
+ },
+ "package": {
+ "architecture": [
+ "x86_64"
+ ],
+ "description": [
+ "Mock support stage desc"
+ ],
+ "installed": [
+ "2021-10-25T14:21:12.000Z"
+ ],
+ "license": [
+ "Mock license category"
+ ],
+ "name": [
+ "Apache HTTP Server"
+ ],
+ "path": [
+ "/usr/local/apache2"
+ ],
+ "reference": [
+ "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,"
+ ],
+ "type": [
+ "Application"
+ ],
+ "version": [
+ "2.4.7"
+ ]
+ },
+ "qualys_gav": {
+ "asset": {
+ "activity": {
+ "last_scanned_date": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "address": "216.160.83.56",
+ "agent": {
+ "activations": [
+ {
+ "key": "httpd",
+ "status": "ACTIVE"
+ }
+ ],
+ "configuration_profile": "Apache HTTP Server",
+ "connected_from": "216.160.83.56",
+ "error_status": false,
+ "last_activity": "2025-07-14T19:20:14.000Z",
+ "last_checked_in": "2025-07-14T19:20:14.000Z",
+ "last_inventory": "2025-07-14T19:20:16.000Z",
+ "udc_manifest_assigned": false,
+ "version": "2.4.7"
+ },
+ "agent_id": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "asn": "AS53831",
+ "asset_id": "67533741",
+ "asset_name": "test_asset",
+ "asset_type": "HOST",
+ "asset_uuid": "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "assigned_location": {
+ "city": "Pune",
+ "country": "IN",
+ "name": "4492 Camino De La Plaza, Pune,IN",
+ "state": "MH"
+ },
+ "bios_asset_tag": "Test asset tag",
+ "bios_description": "Test",
+ "bios_serial_number": "Test serial number",
+ "business_app_list_data": {
+ "business_app": [
+ {
+ "business_criticality": "2 - Less Critical",
+ "environment": "Production",
+ "id": "BARCODE283904",
+ "managed_by": "user",
+ "name": "Quoting App",
+ "operational_status": "Mended",
+ "owned_by": "ownerr",
+ "status": "Installed",
+ "support_group": "SME Operations",
+ "supported_by": "sopporter",
+ "used_for": "Production"
+ }
+ ]
+ },
+ "business_information": {
+ "company": "Qualys",
+ "department": "Engineering",
+ "environment": "QA",
+ "managed_by": "Amit",
+ "operational_status": "Blocked",
+ "owned_by": "Paul",
+ "support_group": "ABC_01",
+ "supported_by": "Nick"
+ },
+ "cloud_provider": "Amazon Web Services",
+ "container": {
+ "has_sensor": "temp_value",
+ "no_of_containers": 5,
+ "no_of_images": 3,
+ "product": "mock_product",
+ "version": "mock_version"
+ },
+ "cpu_count": 0,
+ "created_date": "2025-07-09T14:21:12.000Z",
+ "criticality": {
+ "is_default": false,
+ "last_updated": "2025-07-09T14:21:11.000Z",
+ "score": 3
+ },
+ "custom_attributes": [
+ {
+ "connector_name": "Qualys",
+ "key": "Media State4",
+ "value": "Media disconnected"
+ }
+ ],
+ "dns_name": "test_dns",
+ "domain": [
+ "domain1",
+ "domain2"
+ ],
+ "domain_role": "Member Workstation",
+ "easm_tags": [
+ "cloud",
+ "cdn"
+ ],
+ "hardware": {
+ "category": "Mock category 1 / Mock category 2",
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "full_name": "Mock hardware",
+ "lifecycle": {
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "intro_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "obsolete_date": "2025-07-09T14:21:12.000Z",
+ "stage": "Not Applicable"
+ },
+ "manufacturer": "Mock manufacturer",
+ "model": "Mock model",
+ "product_family": "Mock product family",
+ "product_name": "Mock product name",
+ "product_url": "https://mock_product_url.com",
+ "taxonomy": {
+ "category1": "Mock category 1",
+ "category2": "Mock category 2",
+ "id": "mock_hardware_taxonomy_id",
+ "name": "Mock hardware taxonomy name"
+ }
+ },
+ "host_id": "1437386",
+ "hosting_category1": "CDN",
+ "hw_uuid": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
+ "inventory": {
+ "created": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-11T14:21:10.000Z",
+ "source": "EASM"
+ },
+ "is_container_host": false,
+ "isp": "test, Inc.",
+ "last_boot": "2025-07-09T14:21:12.000Z",
+ "last_location": {
+ "city": "New York",
+ "continent": "North America",
+ "country": "United States",
+ "name": "United States",
+ "postal": "94040",
+ "state": "California"
+ },
+ "last_logged_on_user": "test_user",
+ "last_modified_date": "2025-07-11T14:21:10.000Z",
+ "lpar_id": "mock_lpar_id",
+ "missing_software": [
+ "test1",
+ "test2",
+ "test3"
+ ],
+ "netbios_name": "test_bios",
+ "network_interface_list_data": {
+ "network_interface": [
+ {
+ "address_ip_v4": "81.2.69.142",
+ "address_ip_v6": [
+ "::ffff:5102:458e"
+ ],
+ "addresses": "mock_Address",
+ "dns_address": "mock_dns_address",
+ "gateway_address": "mock_geteaway_address",
+ "hostname": "mock_hostname",
+ "interface_name": "mock_interface_name",
+ "mac_address": "00-0C-29-15-6A-72",
+ "mac_vendor_intro_date": "2000-01-04T00:00:00.000Z",
+ "manufacturer": "Mock manufacturer",
+ "netmask": "mock_net_mask"
+ }
+ ]
+ },
+ "open_port_list_data": {
+ "open_port": [
+ {
+ "authorization": "Mock authorization",
+ "description": "http protocol over TLS/SSL",
+ "detected_service": "HTTPs",
+ "detection_score": 100,
+ "discovery_sources": "EASM",
+ "first_found": "2025-07-09T14:21:12.000Z",
+ "last_updated": "2025-07-09T14:21:12.000Z",
+ "port": 443,
+ "protocol": "TCP"
+ }
+ ]
+ },
+ "operating_system": {
+ "architecture": "x86",
+ "category": "Operating System / Windows",
+ "category1": "Windows",
+ "category2": "Windows",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "edition": "Enterprise",
+ "full_name": "Microsoft Windows 10 Enterprise",
+ "install_date": "2025-07-09T14:21:12.000Z",
+ "lifecycle": {
+ "detection_score": 100,
+ "eol_date": "2025-07-09T14:21:12.000Z",
+ "eol_support_stage": "End-of-life",
+ "eos_date": "2025-07-09T14:21:12.000Z",
+ "eos_support_stage": "End-of-life",
+ "ga_date": "2025-07-09T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "End-of-life"
+ },
+ "market_version": "10.0.19042.1052",
+ "os_name": "Windows 10",
+ "product_family": "Mock product family",
+ "product_name": "Microsoft Windows 10 Enterprise",
+ "product_url": "https://mock_product_url.com",
+ "publisher": "test",
+ "release": "Mock release",
+ "taxonomy": {
+ "category1": "Mock category1",
+ "category2": "Mock category2",
+ "id": "mock_taxonomy_id",
+ "name": "Mock taxonomy name"
+ },
+ "update": "22.04 LTS 22.04.5 LTS",
+ "version": "10.0.19042.1052"
+ },
+ "organization_name": [
+ "mock"
+ ],
+ "processor": {
+ "cores_per_socket": 2,
+ "description": "Intel(R) Xeon(R) Gold 6430",
+ "multithreading_status": "test",
+ "no_of_socket": 2,
+ "num_cpus": 4,
+ "speed": 3200,
+ "threads_per_core": 2
+ },
+ "provider": "Apache",
+ "risk_score": 0,
+ "sensor": {
+ "activated_for_modules": [
+ "mock_activated_module"
+ ],
+ "first_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "last_easm_scan_date": "2025-07-11T14:21:10.000Z",
+ "pending_activation_for_modules": [
+ "mock_pending_module"
+ ]
+ },
+ "sensor_last_updated_date": "2025-07-11T14:21:10.000Z",
+ "service_list": {
+ "service": [
+ {
+ "description": "temp_Decp",
+ "name": "systemd-networkd.service",
+ "status": "loaded/active/running"
+ }
+ ]
+ },
+ "software_component": "Apache HTTP Server",
+ "software_list_data": {
+ "software": [
+ {
+ "architecture": "x86_64",
+ "authorization": "Mock authorization",
+ "authorization_detection_score": 5,
+ "category": "Network Application / Web Servers",
+ "category1": "Network Application",
+ "category2": "Web Servers",
+ "component": "Server",
+ "cpe": "mock_cpe",
+ "cpe_id": "mock_cpe_id",
+ "cpe_type": "Mock cpe type",
+ "discovered_name": "Mock discovered name",
+ "discovered_publisher": "Mock discovered publisher",
+ "discovered_version": "mock_version",
+ "discovery_sources": "EASM",
+ "edition": "Unknown",
+ "formerly_known_as": "httpd",
+ "full_name": "Apache HTTP Server",
+ "id": "8464359598295418000",
+ "ignored_reason": "Insufficient Information",
+ "install_date": "2021-10-25T14:21:12.000Z",
+ "install_path": "/usr/local/apache2",
+ "is_ignored": false,
+ "is_package": false,
+ "is_package_component": false,
+ "language": "C",
+ "last_updated": "2021-10-25T14:21:12.000Z",
+ "last_use_date": "2021-10-25T14:21:12.000Z",
+ "license": {
+ "category": "Mock license category",
+ "subcategory": "Mock license subcategory"
+ },
+ "lifecycle": {
+ "detection_score": 0,
+ "eol_date": "2021-10-25T14:21:12.000Z",
+ "eol_support_stage": "Mock eol support stage",
+ "eos_date": "2021-10-25T14:21:12.000Z",
+ "eos_support_stage": "Mock eos support stage",
+ "ga_date": "2021-10-25T14:21:12.000Z",
+ "life_cycle_confidence": "Exact",
+ "stage": "Not Applicable"
+ },
+ "market_version": "Unknown",
+ "product_name": "Apache HTTP Server",
+ "product_url": "https://en.wikipedia.org/wiki/Apache_HTTP_Server,,",
+ "publisher": "Apache",
+ "software_instances": [
+ {
+ "bin_path": "/usr/bin/docker -H unix:///var/run/docker.sock",
+ "conf_path": "/etc/docker/daemon.json",
+ "first_seen": "2025-07-08T01:15:52.000Z",
+ "instance_name": "DOCKER",
+ "last_seen": "2025-07-14T19:20:15.000Z",
+ "proc": " 1487 1 root /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock",
+ "product": "Docker",
+ "technology": "Docker CE_EE",
+ "version": "24.0.7"
+ }
+ ],
+ "software_type": "Application",
+ "support_stage_desc": "Mock support stage desc",
+ "update": "2021-10-25",
+ "version": "2.4.7"
+ }
+ ]
+ },
+ "subdomain": [
+ "subdomain1",
+ "subdomain2"
+ ],
+ "tag_list": {
+ "tag": [
+ {
+ "background_color": "0",
+ "business_impact": "mock_business_impact",
+ "criticality_score": 3,
+ "foreground_color": "0",
+ "tag_id": "25971788",
+ "tag_name": "Shodan"
+ }
+ ]
+ },
+ "time_zone": "+05:30",
+ "total_memory": 10,
+ "user_account_list_data": {
+ "user_account": [
+ {
+ "name": "root"
+ },
+ {
+ "name": "serviceuser"
+ },
+ {
+ "name": "devuser"
+ }
+ ]
+ },
+ "volume_list_data": {
+ "volume": [
+ {
+ "free": 34645118976,
+ "name": "/",
+ "size": 48202350592
+ }
+ ]
+ },
+ "whois": [
+ {
+ "created_date": "2024-02-23T00:00:00.000Z",
+ "dnssec": "test",
+ "domain": "test_domainr",
+ "domain_status": "clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
+ "expiration_date": "2026-02-23T00:00:00.000Z",
+ "registrant_contact": "REDACTED",
+ "registrant_country": "UNITED STATES",
+ "registrant_email": "594f93785ec9444aa7ebabd79b665059@domainsbyproxy.com",
+ "registrant_name": "1API GmbH",
+ "registrant_organization": "Domains By Proxy, LLC",
+ "registrar": "1API GmbH",
+ "updated_date": "2025-07-13T00:00:00.000Z"
+ }
+ ]
+ }
+ },
+ "related": {
+ "hosts": [
+ "67533741",
+ "test_asset",
+ "bda51f1d-13cf-49ad-a3a0-9f83debbe5a9",
+ "test_dns",
+ "domain1",
+ "domain2",
+ "subdomain1",
+ "subdomain2",
+ "1437386",
+ "test_bios",
+ "mock_hostname",
+ "test_domainr"
+ ],
+ "ip": [
+ "216.160.83.56",
+ "81.2.69.142",
+ "::ffff:5102:458e"
+ ],
+ "user": [
+ "test_user"
+ ]
+ },
+ "tags": [
+ "preserve_original_event",
+ "preserve_duplicate_custom_fields",
+ "hide_sensitive",
+ "forwarded",
+ "qualys_gav-asset"
+ ],
+ "user": {
+ "name": "test_user"
+ }
+}
+```
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date |
+| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword |
+| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword |
+| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword |
+| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword |
+| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword |
+| input.type | Type of Filebeat input. | keyword |
+| labels.is_transform_source | Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. | constant_keyword |
+| log.offset | Log offset. | long |
+| qualys_gav.asset.activity.last_scanned_date | | date |
+| qualys_gav.asset.activity.source | | keyword |
+| qualys_gav.asset.address | | ip |
+| qualys_gav.asset.agent.activations.key | | keyword |
+| qualys_gav.asset.agent.activations.status | | keyword |
+| qualys_gav.asset.agent.configuration_profile | | keyword |
+| qualys_gav.asset.agent.connected_from | | ip |
+| qualys_gav.asset.agent.error_status | | boolean |
+| qualys_gav.asset.agent.last_activity | | date |
+| qualys_gav.asset.agent.last_checked_in | | date |
+| qualys_gav.asset.agent.last_inventory | | date |
+| qualys_gav.asset.agent.udc_manifest_assigned | | boolean |
+| qualys_gav.asset.agent.version | | keyword |
+| qualys_gav.asset.agent_id | | keyword |
+| qualys_gav.asset.asn | | keyword |
+| qualys_gav.asset.asset_id | | keyword |
+| qualys_gav.asset.asset_name | | keyword |
+| qualys_gav.asset.asset_type | | keyword |
+| qualys_gav.asset.asset_uuid | | keyword |
+| qualys_gav.asset.assigned_location.city | | keyword |
+| qualys_gav.asset.assigned_location.country | | keyword |
+| qualys_gav.asset.assigned_location.name | | keyword |
+| qualys_gav.asset.assigned_location.state | | keyword |
+| qualys_gav.asset.bios_asset_tag | | keyword |
+| qualys_gav.asset.bios_description | | keyword |
+| qualys_gav.asset.bios_serial_number | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.business_criticality | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.environment | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.id | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.managed_by | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.name | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.operational_status | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.owned_by | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.status | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.support_group | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.supported_by | | keyword |
+| qualys_gav.asset.business_app_list_data.business_app.used_for | | keyword |
+| qualys_gav.asset.business_information.company | | keyword |
+| qualys_gav.asset.business_information.department | | keyword |
+| qualys_gav.asset.business_information.environment | | keyword |
+| qualys_gav.asset.business_information.managed_by | | keyword |
+| qualys_gav.asset.business_information.operational_status | | keyword |
+| qualys_gav.asset.business_information.owned_by | | keyword |
+| qualys_gav.asset.business_information.support_group | | keyword |
+| qualys_gav.asset.business_information.supported_by | | keyword |
+| qualys_gav.asset.cloud_provider | | keyword |
+| qualys_gav.asset.container.has_sensor | | keyword |
+| qualys_gav.asset.container.no_of_containers | | long |
+| qualys_gav.asset.container.no_of_images | | long |
+| qualys_gav.asset.container.product | | keyword |
+| qualys_gav.asset.container.version | | keyword |
+| qualys_gav.asset.cpu_count | | long |
+| qualys_gav.asset.created_date | | date |
+| qualys_gav.asset.criticality.is_default | | boolean |
+| qualys_gav.asset.criticality.last_updated | | date |
+| qualys_gav.asset.criticality.score | | long |
+| qualys_gav.asset.custom_attributes.connector_name | | keyword |
+| qualys_gav.asset.custom_attributes.key | | keyword |
+| qualys_gav.asset.custom_attributes.value | | keyword |
+| qualys_gav.asset.dns_name | | keyword |
+| qualys_gav.asset.domain | | keyword |
+| qualys_gav.asset.domain_role | | keyword |
+| qualys_gav.asset.easm_tags | | keyword |
+| qualys_gav.asset.hardware.category | | keyword |
+| qualys_gav.asset.hardware.category1 | | keyword |
+| qualys_gav.asset.hardware.category2 | | keyword |
+| qualys_gav.asset.hardware.full_name | | keyword |
+| qualys_gav.asset.hardware.lifecycle.eos_date | | date |
+| qualys_gav.asset.hardware.lifecycle.ga_date | | date |
+| qualys_gav.asset.hardware.lifecycle.intro_date | | date |
+| qualys_gav.asset.hardware.lifecycle.life_cycle_confidence | | keyword |
+| qualys_gav.asset.hardware.lifecycle.obsolete_date | | date |
+| qualys_gav.asset.hardware.lifecycle.stage | | keyword |
+| qualys_gav.asset.hardware.manufacturer | | keyword |
+| qualys_gav.asset.hardware.model | | keyword |
+| qualys_gav.asset.hardware.product_family | | keyword |
+| qualys_gav.asset.hardware.product_name | | keyword |
+| qualys_gav.asset.hardware.product_url | | keyword |
+| qualys_gav.asset.hardware.taxonomy.category1 | | keyword |
+| qualys_gav.asset.hardware.taxonomy.category2 | | keyword |
+| qualys_gav.asset.hardware.taxonomy.id | | keyword |
+| qualys_gav.asset.hardware.taxonomy.name | | keyword |
+| qualys_gav.asset.host_id | | keyword |
+| qualys_gav.asset.hosting_category1 | | keyword |
+| qualys_gav.asset.hw_uuid | | keyword |
+| qualys_gav.asset.inventory.created | | date |
+| qualys_gav.asset.inventory.last_updated | | date |
+| qualys_gav.asset.inventory.source | | keyword |
+| qualys_gav.asset.is_container_host | | boolean |
+| qualys_gav.asset.isp | | keyword |
+| qualys_gav.asset.last_boot | | date |
+| qualys_gav.asset.last_location.city | | keyword |
+| qualys_gav.asset.last_location.continent | | keyword |
+| qualys_gav.asset.last_location.country | | keyword |
+| qualys_gav.asset.last_location.name | | keyword |
+| qualys_gav.asset.last_location.postal | | keyword |
+| qualys_gav.asset.last_location.state | | keyword |
+| qualys_gav.asset.last_logged_on_user | | keyword |
+| qualys_gav.asset.last_modified_date | | date |
+| qualys_gav.asset.lpar_id | | keyword |
+| qualys_gav.asset.missing_software | | keyword |
+| qualys_gav.asset.netbios_name | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.address_ip_v4 | | ip |
+| qualys_gav.asset.network_interface_list_data.network_interface.address_ip_v6 | | ip |
+| qualys_gav.asset.network_interface_list_data.network_interface.addresses | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.dns_address | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.gateway_address | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.hostname | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.interface_name | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.mac_address | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.mac_vendor_intro_date | | date |
+| qualys_gav.asset.network_interface_list_data.network_interface.manufacturer | | keyword |
+| qualys_gav.asset.network_interface_list_data.network_interface.netmask | | keyword |
+| qualys_gav.asset.open_port_list_data.open_port.authorization | | keyword |
+| qualys_gav.asset.open_port_list_data.open_port.description | | keyword |
+| qualys_gav.asset.open_port_list_data.open_port.detected_service | | keyword |
+| qualys_gav.asset.open_port_list_data.open_port.detection_score | | long |
+| qualys_gav.asset.open_port_list_data.open_port.discovery_sources | | keyword |
+| qualys_gav.asset.open_port_list_data.open_port.first_found | | date |
+| qualys_gav.asset.open_port_list_data.open_port.last_updated | | date |
+| qualys_gav.asset.open_port_list_data.open_port.port | | long |
+| qualys_gav.asset.open_port_list_data.open_port.protocol | | keyword |
+| qualys_gav.asset.operating_system.architecture | | keyword |
+| qualys_gav.asset.operating_system.category | | keyword |
+| qualys_gav.asset.operating_system.category1 | | keyword |
+| qualys_gav.asset.operating_system.category2 | | keyword |
+| qualys_gav.asset.operating_system.cpe | | keyword |
+| qualys_gav.asset.operating_system.cpe_id | | keyword |
+| qualys_gav.asset.operating_system.cpe_type | | keyword |
+| qualys_gav.asset.operating_system.edition | | keyword |
+| qualys_gav.asset.operating_system.full_name | | keyword |
+| qualys_gav.asset.operating_system.install_date | | date |
+| qualys_gav.asset.operating_system.lifecycle.detection_score | | long |
+| qualys_gav.asset.operating_system.lifecycle.eol_date | | date |
+| qualys_gav.asset.operating_system.lifecycle.eol_support_stage | | keyword |
+| qualys_gav.asset.operating_system.lifecycle.eos_date | | date |
+| qualys_gav.asset.operating_system.lifecycle.eos_support_stage | | keyword |
+| qualys_gav.asset.operating_system.lifecycle.ga_date | | date |
+| qualys_gav.asset.operating_system.lifecycle.life_cycle_confidence | | keyword |
+| qualys_gav.asset.operating_system.lifecycle.stage | | keyword |
+| qualys_gav.asset.operating_system.market_version | | keyword |
+| qualys_gav.asset.operating_system.os_name | | keyword |
+| qualys_gav.asset.operating_system.product_family | | keyword |
+| qualys_gav.asset.operating_system.product_name | | keyword |
+| qualys_gav.asset.operating_system.product_url | | keyword |
+| qualys_gav.asset.operating_system.publisher | | keyword |
+| qualys_gav.asset.operating_system.release | | keyword |
+| qualys_gav.asset.operating_system.taxonomy.category1 | | keyword |
+| qualys_gav.asset.operating_system.taxonomy.category2 | | keyword |
+| qualys_gav.asset.operating_system.taxonomy.id | | keyword |
+| qualys_gav.asset.operating_system.taxonomy.name | | keyword |
+| qualys_gav.asset.operating_system.update | | keyword |
+| qualys_gav.asset.operating_system.version | | keyword |
+| qualys_gav.asset.organization_name | | keyword |
+| qualys_gav.asset.processor.cores_per_socket | | long |
+| qualys_gav.asset.processor.description | | keyword |
+| qualys_gav.asset.processor.multithreading_status | | keyword |
+| qualys_gav.asset.processor.no_of_socket | | long |
+| qualys_gav.asset.processor.num_cpus | | long |
+| qualys_gav.asset.processor.speed | | long |
+| qualys_gav.asset.processor.threads_per_core | | long |
+| qualys_gav.asset.provider | | keyword |
+| qualys_gav.asset.risk_score | | float |
+| qualys_gav.asset.sensor.activated_for_modules | | keyword |
+| qualys_gav.asset.sensor.first_easm_scan_date | | date |
+| qualys_gav.asset.sensor.last_compliance_scan | | date |
+| qualys_gav.asset.sensor.last_easm_scan_date | | date |
+| qualys_gav.asset.sensor.last_full_scan | | date |
+| qualys_gav.asset.sensor.last_pc_scan_date_agent | | date |
+| qualys_gav.asset.sensor.last_pc_scan_date_scanner | | date |
+| qualys_gav.asset.sensor.last_vm_scan_date_agent | | date |
+| qualys_gav.asset.sensor.last_vm_scan_date_scanner | | date |
+| qualys_gav.asset.sensor.last_vmscan | | date |
+| qualys_gav.asset.sensor.pending_activation_for_modules | | keyword |
+| qualys_gav.asset.sensor.software_component | | keyword |
+| qualys_gav.asset.sensor_last_updated_date | | date |
+| qualys_gav.asset.service_list.service.description | | keyword |
+| qualys_gav.asset.service_list.service.name | | keyword |
+| qualys_gav.asset.service_list.service.status | | keyword |
+| qualys_gav.asset.software_component | | keyword |
+| qualys_gav.asset.software_list_data.software.architecture | | keyword |
+| qualys_gav.asset.software_list_data.software.authorization | | keyword |
+| qualys_gav.asset.software_list_data.software.authorization_detection_score | | long |
+| qualys_gav.asset.software_list_data.software.category | | keyword |
+| qualys_gav.asset.software_list_data.software.category1 | | keyword |
+| qualys_gav.asset.software_list_data.software.category2 | | keyword |
+| qualys_gav.asset.software_list_data.software.component | | keyword |
+| qualys_gav.asset.software_list_data.software.cpe | | keyword |
+| qualys_gav.asset.software_list_data.software.cpe_id | | keyword |
+| qualys_gav.asset.software_list_data.software.cpe_type | | keyword |
+| qualys_gav.asset.software_list_data.software.discovered_name | | keyword |
+| qualys_gav.asset.software_list_data.software.discovered_publisher | | keyword |
+| qualys_gav.asset.software_list_data.software.discovered_version | | keyword |
+| qualys_gav.asset.software_list_data.software.discovery_sources | | keyword |
+| qualys_gav.asset.software_list_data.software.edition | | keyword |
+| qualys_gav.asset.software_list_data.software.formerly_known_as | | keyword |
+| qualys_gav.asset.software_list_data.software.full_name | | keyword |
+| qualys_gav.asset.software_list_data.software.id | | keyword |
+| qualys_gav.asset.software_list_data.software.ignored_reason | | keyword |
+| qualys_gav.asset.software_list_data.software.install_date | | date |
+| qualys_gav.asset.software_list_data.software.install_path | | keyword |
+| qualys_gav.asset.software_list_data.software.is_ignored | | boolean |
+| qualys_gav.asset.software_list_data.software.is_package | | boolean |
+| qualys_gav.asset.software_list_data.software.is_package_component | | boolean |
+| qualys_gav.asset.software_list_data.software.language | | keyword |
+| qualys_gav.asset.software_list_data.software.last_updated | | date |
+| qualys_gav.asset.software_list_data.software.last_use_date | | date |
+| qualys_gav.asset.software_list_data.software.license.category | | keyword |
+| qualys_gav.asset.software_list_data.software.license.subcategory | | keyword |
+| qualys_gav.asset.software_list_data.software.lifecycle.detection_score | | long |
+| qualys_gav.asset.software_list_data.software.lifecycle.eol_date | | date |
+| qualys_gav.asset.software_list_data.software.lifecycle.eol_support_stage | | keyword |
+| qualys_gav.asset.software_list_data.software.lifecycle.eos_date | | date |
+| qualys_gav.asset.software_list_data.software.lifecycle.eos_support_stage | | keyword |
+| qualys_gav.asset.software_list_data.software.lifecycle.ga_date | | date |
+| qualys_gav.asset.software_list_data.software.lifecycle.life_cycle_confidence | | keyword |
+| qualys_gav.asset.software_list_data.software.lifecycle.stage | | keyword |
+| qualys_gav.asset.software_list_data.software.market_version | | keyword |
+| qualys_gav.asset.software_list_data.software.package_name | | keyword |
+| qualys_gav.asset.software_list_data.software.product_name | | keyword |
+| qualys_gav.asset.software_list_data.software.product_url | | keyword |
+| qualys_gav.asset.software_list_data.software.publisher | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.bin_path | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.conf_path | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.first_seen | | date |
+| qualys_gav.asset.software_list_data.software.software_instances.instance_name | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.last_seen | | date |
+| qualys_gav.asset.software_list_data.software.software_instances.proc | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.product | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.technology | | keyword |
+| qualys_gav.asset.software_list_data.software.software_instances.version | | keyword |
+| qualys_gav.asset.software_list_data.software.software_type | | keyword |
+| qualys_gav.asset.software_list_data.software.support_stage_desc | | keyword |
+| qualys_gav.asset.software_list_data.software.update | | keyword |
+| qualys_gav.asset.software_list_data.software.version | | keyword |
+| qualys_gav.asset.subdomain | | keyword |
+| qualys_gav.asset.tag_list.tag.background_color | | keyword |
+| qualys_gav.asset.tag_list.tag.business_impact | | keyword |
+| qualys_gav.asset.tag_list.tag.criticality_score | | double |
+| qualys_gav.asset.tag_list.tag.foreground_color | | keyword |
+| qualys_gav.asset.tag_list.tag.tag_id | | keyword |
+| qualys_gav.asset.tag_list.tag.tag_name | | keyword |
+| qualys_gav.asset.time_zone | | keyword |
+| qualys_gav.asset.total_memory | | long |
+| qualys_gav.asset.user_account_list_data.user_account | | flattened |
+| qualys_gav.asset.volume_list_data.volume.free | | long |
+| qualys_gav.asset.volume_list_data.volume.name | | keyword |
+| qualys_gav.asset.volume_list_data.volume.size | | long |
+| qualys_gav.asset.whois.created_date | | date |
+| qualys_gav.asset.whois.dnssec | | keyword |
+| qualys_gav.asset.whois.domain | | keyword |
+| qualys_gav.asset.whois.domain_status | | keyword |
+| qualys_gav.asset.whois.expiration_date | | date |
+| qualys_gav.asset.whois.organization_name | | keyword |
+| qualys_gav.asset.whois.registrant_contact | | keyword |
+| qualys_gav.asset.whois.registrant_country | | keyword |
+| qualys_gav.asset.whois.registrant_email | | keyword |
+| qualys_gav.asset.whois.registrant_name | | keyword |
+| qualys_gav.asset.whois.registrant_organization | | keyword |
+| qualys_gav.asset.whois.registrar | | keyword |
+| qualys_gav.asset.whois.updated_date | | date |
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/base-fields.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/base-fields.yml
new file mode 100644
index 00000000000..05c91a0d0b7
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/base-fields.yml
@@ -0,0 +1,16 @@
+- name: data_stream.type
+ external: ecs
+- name: data_stream.dataset
+ external: ecs
+- name: data_stream.namespace
+ external: ecs
+- name: "@timestamp"
+ external: ecs
+- name: event.module
+ type: constant_keyword
+ external: ecs
+ value: qualys_gav
+- name: event.dataset
+ type: constant_keyword
+ external: ecs
+ value: qualys_gav.asset
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/beats.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/beats.yml
new file mode 100644
index 00000000000..d5fd38748ba
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/beats.yml
@@ -0,0 +1,6 @@
+- name: input.type
+ type: keyword
+ description: Type of Filebeat input.
+- name: log.offset
+ type: long
+ description: Log offset.
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/ecs.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/ecs.yml
new file mode 100644
index 00000000000..5467d6b0470
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/ecs.yml
@@ -0,0 +1,98 @@
+- external: ecs
+ name: agent.ephemeral_id
+- external: ecs
+ name: agent.id
+- external: ecs
+ name: agent.name
+- external: ecs
+ name: agent.type
+- external: ecs
+ name: agent.version
+- external: ecs
+ name: cloud.provider
+- external: ecs
+ name: device.manufacturer
+- external: ecs
+ name: device.model.name
+- external: ecs
+ name: ecs.version
+- external: ecs
+ name: error.message
+- external: ecs
+ name: event.category
+- external: ecs
+ name: event.created
+- external: ecs
+ name: event.ingested
+- external: ecs
+ name: event.kind
+- external: ecs
+ name: event.risk_score
+- external: ecs
+ name: event.timezone
+- external: ecs
+ name: event.type
+- external: ecs
+ name: host.architecture
+- external: ecs
+ name: host.domain
+- external: ecs
+ name: host.geo.city_name
+- external: ecs
+ name: host.geo.continent_name
+- external: ecs
+ name: host.geo.country_name
+- external: ecs
+ name: host.geo.postal_code
+- external: ecs
+ name: host.hostname
+- external: ecs
+ name: host.id
+- external: ecs
+ name: host.ip
+- external: ecs
+ name: host.name
+- external: ecs
+ name: host.os.family
+- external: ecs
+ name: host.os.full
+- external: ecs
+ name: host.os.name
+- external: ecs
+ name: host.os.platform
+- external: ecs
+ name: host.os.type
+- external: ecs
+ name: host.os.version
+- external: ecs
+ name: host.type
+- external: ecs
+ name: observer.product
+- external: ecs
+ name: observer.vendor
+- external: ecs
+ name: package.architecture
+- external: ecs
+ name: package.description
+- external: ecs
+ name: package.installed
+- external: ecs
+ name: package.license
+- external: ecs
+ name: package.name
+- external: ecs
+ name: package.path
+- external: ecs
+ name: package.reference
+- external: ecs
+ name: package.type
+- external: ecs
+ name: package.version
+- external: ecs
+ name: related.hosts
+- external: ecs
+ name: related.ip
+- external: ecs
+ name: related.user
+- external: ecs
+ name: user.name
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/fields.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/fields.yml
new file mode 100644
index 00000000000..6187d757f3b
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/fields.yml
@@ -0,0 +1,639 @@
+- name: qualys_gav
+ type: group
+ fields:
+ - name: asset
+ type: group
+ fields:
+ - name: activity
+ type: group
+ fields:
+ - name: last_scanned_date
+ type: date
+ - name: source
+ type: keyword
+ - name: address
+ type: ip
+ - name: agent
+ type: group
+ fields:
+ - name: activations
+ type: group
+ fields:
+ - name: key
+ type: keyword
+ - name: status
+ type: keyword
+ - name: configuration_profile
+ type: keyword
+ - name: connected_from
+ type: ip
+ - name: error_status
+ type: boolean
+ - name: last_activity
+ type: date
+ - name: last_checked_in
+ type: date
+ - name: last_inventory
+ type: date
+ - name: udc_manifest_assigned
+ type: boolean
+ - name: version
+ type: keyword
+ - name: agent_id
+ type: keyword
+ - name: asn
+ type: keyword
+ - name: asset_id
+ type: keyword
+ - name: asset_name
+ type: keyword
+ - name: asset_type
+ type: keyword
+ - name: asset_uuid
+ type: keyword
+ - name: assigned_location
+ type: group
+ fields:
+ - name: city
+ type: keyword
+ - name: country
+ type: keyword
+ - name: name
+ type: keyword
+ - name: state
+ type: keyword
+ - name: bios_asset_tag
+ type: keyword
+ - name: bios_description
+ type: keyword
+ - name: bios_serial_number
+ type: keyword
+ - name: business_app_list_data
+ type: group
+ fields:
+ - name: business_app
+ type: group
+ fields:
+ - name: business_criticality
+ type: keyword
+ - name: environment
+ type: keyword
+ - name: id
+ type: keyword
+ - name: managed_by
+ type: keyword
+ - name: name
+ type: keyword
+ - name: operational_status
+ type: keyword
+ - name: owned_by
+ type: keyword
+ - name: status
+ type: keyword
+ - name: support_group
+ type: keyword
+ - name: supported_by
+ type: keyword
+ - name: used_for
+ type: keyword
+ - name: business_information
+ type: group
+ fields:
+ - name: company
+ type: keyword
+ - name: department
+ type: keyword
+ - name: environment
+ type: keyword
+ - name: managed_by
+ type: keyword
+ - name: operational_status
+ type: keyword
+ - name: owned_by
+ type: keyword
+ - name: support_group
+ type: keyword
+ - name: supported_by
+ type: keyword
+ - name: cloud_provider
+ type: keyword
+ - name: container
+ type: group
+ fields:
+ - name: has_sensor
+ type: keyword
+ - name: no_of_containers
+ type: long
+ - name: no_of_images
+ type: long
+ - name: product
+ type: keyword
+ - name: version
+ type: keyword
+ - name: cpu_count
+ type: long
+ - name: created_date
+ type: date
+ - name: criticality
+ type: group
+ fields:
+ - name: is_default
+ type: boolean
+ - name: last_updated
+ type: date
+ - name: score
+ type: long
+ - name: custom_attributes
+ type: group
+ fields:
+ - name: connector_name
+ type: keyword
+ - name: key
+ type: keyword
+ - name: value
+ type: keyword
+ - name: dns_name
+ type: keyword
+ - name: domain
+ type: keyword
+ - name: domain_role
+ type: keyword
+ - name: easm_tags
+ type: keyword
+ - name: hardware
+ type: group
+ fields:
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: lifecycle
+ type: group
+ fields:
+ - name: eos_date
+ type: date
+ - name: ga_date
+ type: date
+ - name: intro_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: obsolete_date
+ type: date
+ - name: stage
+ type: keyword
+ - name: manufacturer
+ type: keyword
+ - name: model
+ type: keyword
+ - name: product_family
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: taxonomy
+ type: group
+ fields:
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: id
+ type: keyword
+ - name: name
+ type: keyword
+ - name: host_id
+ type: keyword
+ - name: hosting_category1
+ type: keyword
+ - name: hw_uuid
+ type: keyword
+ - name: inventory
+ type: group
+ fields:
+ - name: created
+ type: date
+ - name: last_updated
+ type: date
+ - name: source
+ type: keyword
+ - name: is_container_host
+ type: boolean
+ - name: isp
+ type: keyword
+ - name: last_boot
+ type: date
+ - name: last_location
+ type: group
+ fields:
+ - name: city
+ type: keyword
+ - name: continent
+ type: keyword
+ - name: country
+ type: keyword
+ - name: name
+ type: keyword
+ - name: postal
+ type: keyword
+ - name: state
+ type: keyword
+ - name: last_logged_on_user
+ type: keyword
+ - name: last_modified_date
+ type: date
+ - name: lpar_id
+ type: keyword
+ - name: missing_software
+ type: keyword
+ - name: netbios_name
+ type: keyword
+ - name: network_interface_list_data
+ type: group
+ fields:
+ - name: network_interface
+ type: group
+ fields:
+ - name: address_ip_v4
+ type: ip
+ - name: address_ip_v6
+ type: ip
+ - name: addresses
+ type: keyword
+ - name: dns_address
+ type: keyword
+ - name: gateway_address
+ type: keyword
+ - name: hostname
+ type: keyword
+ - name: interface_name
+ type: keyword
+ - name: mac_address
+ type: keyword
+ - name: mac_vendor_intro_date
+ type: date
+ - name: manufacturer
+ type: keyword
+ - name: netmask
+ type: keyword
+ - name: open_port_list_data
+ type: group
+ fields:
+ - name: open_port
+ type: group
+ fields:
+ - name: authorization
+ type: keyword
+ - name: description
+ type: keyword
+ - name: detected_service
+ type: keyword
+ - name: detection_score
+ type: long
+ - name: discovery_sources
+ type: keyword
+ - name: first_found
+ type: date
+ - name: last_updated
+ type: date
+ - name: port
+ type: long
+ - name: protocol
+ type: keyword
+ - name: operating_system
+ type: group
+ fields:
+ - name: architecture
+ type: keyword
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: cpe
+ type: keyword
+ - name: cpe_id
+ type: keyword
+ - name: cpe_type
+ type: keyword
+ - name: edition
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: install_date
+ type: date
+ - name: lifecycle
+ type: group
+ fields:
+ - name: detection_score
+ type: long
+ - name: eol_date
+ type: date
+ - name: eol_support_stage
+ type: keyword
+ - name: eos_date
+ type: date
+ - name: eos_support_stage
+ type: keyword
+ - name: ga_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: stage
+ type: keyword
+ - name: market_version
+ type: keyword
+ - name: os_name
+ type: keyword
+ - name: product_family
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: publisher
+ type: keyword
+ - name: release
+ type: keyword
+ - name: taxonomy
+ type: group
+ fields:
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: id
+ type: keyword
+ - name: name
+ type: keyword
+ - name: update
+ type: keyword
+ - name: version
+ type: keyword
+ - name: organization_name
+ type: keyword
+ - name: processor
+ type: group
+ fields:
+ - name: cores_per_socket
+ type: long
+ - name: description
+ type: keyword
+ - name: multithreading_status
+ type: keyword
+ - name: no_of_socket
+ type: long
+ - name: num_cpus
+ type: long
+ - name: speed
+ type: long
+ - name: threads_per_core
+ type: long
+ - name: provider
+ type: keyword
+ - name: risk_score
+ type: float
+ - name: sensor
+ type: group
+ fields:
+ - name: activated_for_modules
+ type: keyword
+ - name: first_easm_scan_date
+ type: date
+ - name: last_compliance_scan
+ type: date
+ - name: last_easm_scan_date
+ type: date
+ - name: last_full_scan
+ type: date
+ - name: last_pc_scan_date_agent
+ type: date
+ - name: last_pc_scan_date_scanner
+ type: date
+ - name: last_vm_scan_date_agent
+ type: date
+ - name: last_vm_scan_date_scanner
+ type: date
+ - name: last_vmscan
+ type: date
+ - name: pending_activation_for_modules
+ type: keyword
+ - name: software_component
+ type: keyword
+ - name: sensor_last_updated_date
+ type: date
+ - name: service_list
+ type: group
+ fields:
+ - name: service
+ type: group
+ fields:
+ - name: description
+ type: keyword
+ - name: name
+ type: keyword
+ - name: status
+ type: keyword
+ - name: software_component
+ type: keyword
+ - name: software_list_data
+ type: group
+ fields:
+ - name: software
+ type: group
+ fields:
+ - name: architecture
+ type: keyword
+ - name: authorization
+ type: keyword
+ - name: authorization_detection_score
+ type: long
+ - name: category
+ type: keyword
+ - name: category1
+ type: keyword
+ - name: category2
+ type: keyword
+ - name: component
+ type: keyword
+ - name: cpe
+ type: keyword
+ - name: cpe_id
+ type: keyword
+ - name: cpe_type
+ type: keyword
+ - name: discovered_name
+ type: keyword
+ - name: discovered_publisher
+ type: keyword
+ - name: discovered_version
+ type: keyword
+ - name: discovery_sources
+ type: keyword
+ - name: edition
+ type: keyword
+ - name: formerly_known_as
+ type: keyword
+ - name: full_name
+ type: keyword
+ - name: id
+ type: keyword
+ - name: ignored_reason
+ type: keyword
+ - name: install_date
+ type: date
+ - name: install_path
+ type: keyword
+ - name: is_ignored
+ type: boolean
+ - name: is_package
+ type: boolean
+ - name: is_package_component
+ type: boolean
+ - name: language
+ type: keyword
+ - name: last_updated
+ type: date
+ - name: last_use_date
+ type: date
+ - name: license
+ type: group
+ fields:
+ - name: category
+ type: keyword
+ - name: subcategory
+ type: keyword
+ - name: lifecycle
+ type: group
+ fields:
+ - name: detection_score
+ type: long
+ - name: eol_date
+ type: date
+ - name: eol_support_stage
+ type: keyword
+ - name: eos_date
+ type: date
+ - name: eos_support_stage
+ type: keyword
+ - name: ga_date
+ type: date
+ - name: life_cycle_confidence
+ type: keyword
+ - name: stage
+ type: keyword
+ - name: market_version
+ type: keyword
+ - name: package_name
+ type: keyword
+ - name: product_name
+ type: keyword
+ - name: product_url
+ type: keyword
+ - name: publisher
+ type: keyword
+ - name: software_instances
+ type: group
+ fields:
+ - name: bin_path
+ type: keyword
+ - name: conf_path
+ type: keyword
+ - name: first_seen
+ type: date
+ - name: instance_name
+ type: keyword
+ - name: last_seen
+ type: date
+ - name: proc
+ type: keyword
+ - name: product
+ type: keyword
+ - name: technology
+ type: keyword
+ - name: version
+ type: keyword
+ - name: software_type
+ type: keyword
+ - name: support_stage_desc
+ type: keyword
+ - name: update
+ type: keyword
+ - name: version
+ type: keyword
+ - name: subdomain
+ type: keyword
+ - name: tag_list
+ type: group
+ fields:
+ - name: tag
+ type: group
+ fields:
+ - name: background_color
+ type: keyword
+ - name: business_impact
+ type: keyword
+ - name: criticality_score
+ type: double
+ - name: foreground_color
+ type: keyword
+ - name: tag_id
+ type: keyword
+ - name: tag_name
+ type: keyword
+ - name: time_zone
+ type: keyword
+ - name: total_memory
+ type: long
+ - name: user_account_list_data
+ type: group
+ fields:
+ - name: user_account
+ type: flattened
+ - name: volume_list_data
+ type: group
+ fields:
+ - name: volume
+ type: group
+ fields:
+ - name: free
+ type: long
+ - name: name
+ type: keyword
+ - name: size
+ type: long
+ - name: whois
+ type: group
+ fields:
+ - name: created_date
+ type: date
+ - name: dnssec
+ type: keyword
+ - name: domain
+ type: keyword
+ - name: domain_status
+ type: keyword
+ - name: expiration_date
+ type: date
+ - name: organization_name
+ type: keyword
+ - name: registrant_contact
+ type: keyword
+ - name: registrant_country
+ type: keyword
+ - name: registrant_email
+ type: keyword
+ - name: registrant_name
+ type: keyword
+ - name: registrant_organization
+ type: keyword
+ - name: registrar
+ type: keyword
+ - name: updated_date
+ type: date
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/is-transform-source-false.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/is-transform-source-false.yml
new file mode 100644
index 00000000000..490a079e7a7
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/fields/is-transform-source-false.yml
@@ -0,0 +1,4 @@
+- name: labels.is_transform_source
+ type: constant_keyword
+ description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering.
+ value: "false"
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/manifest.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/manifest.yml
new file mode 100644
index 00000000000..24e9e926793
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/manifest.yml
@@ -0,0 +1,11 @@
+start: true
+destination_index_template:
+ mappings:
+ dynamic: true
+ dynamic_templates:
+ - strings_as_keyword:
+ match_mapping_type: string
+ mapping:
+ ignore_above: 1024
+ type: keyword
+ date_detection: true
diff --git a/packages/qualys_gav/elasticsearch/transform/latest_asset/transform.yml b/packages/qualys_gav/elasticsearch/transform/latest_asset/transform.yml
new file mode 100644
index 00000000000..bd19ae720b2
--- /dev/null
+++ b/packages/qualys_gav/elasticsearch/transform/latest_asset/transform.yml
@@ -0,0 +1,37 @@
+# Use of "*" to use all namespaces defined.
+source:
+ index:
+ - "logs-qualys_gav.asset-*"
+dest:
+ index: "logs-qualys_gav_latest.dest_asset-1"
+ aliases:
+ - alias: "logs-qualys_gav_latest.asset"
+ move_on_creation: true
+latest:
+ unique_key:
+ - event.dataset
+ - host.id
+ sort: "@timestamp"
+description: >-
+ Latest Assets from Qualys Global AssetView. As assets get updated, this transform stores only the latest state of each asset inside the destination index. Thus the transform's destination index contains only the latest state of the asset.
+frequency: 30s
+settings:
+ # This is required to prevent the transform from clobbering the Fleet-managed mappings.
+ deduce_mappings: false
+ unattended: true
+sync:
+ time:
+ field: "event.ingested"
+ # Updated to 120s because of refresh delay in Serverless. With default 60s,
+ # sometimes transform wouldn't process all documents.
+ delay: 120s
+retention_policy:
+ time:
+ field: "event.ingested"
+ max_age: 30d
+_meta:
+ managed: false
+ # Bump this version to delete, reinstall, and restart the transform during
+ # package installation.
+ fleet_transform_version: 0.1.0
+ run_as_kibana_system: false
diff --git a/packages/qualys_gav/img/qualys_gav-asset.png b/packages/qualys_gav/img/qualys_gav-asset.png
new file mode 100644
index 00000000000..28e8e356ce7
Binary files /dev/null and b/packages/qualys_gav/img/qualys_gav-asset.png differ
diff --git a/packages/qualys_gav/img/qualys_gav-logo.svg b/packages/qualys_gav/img/qualys_gav-logo.svg
new file mode 100644
index 00000000000..a5c5d741464
--- /dev/null
+++ b/packages/qualys_gav/img/qualys_gav-logo.svg
@@ -0,0 +1,24 @@
+
diff --git a/packages/qualys_gav/kibana/dashboard/qualys_gav-e7e0529f-6cb1-4b01-b5f8-568cfb07c306.json b/packages/qualys_gav/kibana/dashboard/qualys_gav-e7e0529f-6cb1-4b01-b5f8-568cfb07c306.json
new file mode 100644
index 00000000000..b383a9ddc93
--- /dev/null
+++ b/packages/qualys_gav/kibana/dashboard/qualys_gav-e7e0529f-6cb1-4b01-b5f8-568cfb07c306.json
@@ -0,0 +1,2356 @@
+{
+ "attributes": {
+ "controlGroupInput": {
+ "chainingSystem": "HIERARCHICAL",
+ "controlStyle": "oneLine",
+ "ignoreParentSettingsJSON": {
+ "ignoreFilters": false,
+ "ignoreQuery": false,
+ "ignoreTimerange": false,
+ "ignoreValidations": false
+ },
+ "panelsJSON": {
+ "1b7b9cc5-7f06-4c0a-96bc-7bf583bfebf7": {
+ "explicitInput": {
+ "dataViewId": "logs-*",
+ "exclude": false,
+ "existsSelected": false,
+ "fieldName": "host.type",
+ "searchTechnique": "prefix",
+ "selectedOptions": [],
+ "sort": {
+ "by": "_count",
+ "direction": "desc"
+ },
+ "title": "Asset Type"
+ },
+ "grow": true,
+ "order": 1,
+ "type": "optionsListControl",
+ "width": "medium"
+ },
+ "3dfb0391-14d0-4542-9530-75376a80bdac": {
+ "explicitInput": {
+ "dataViewId": "logs-*",
+ "fieldName": "cloud.provider",
+ "searchTechnique": "prefix",
+ "selectedOptions": [],
+ "sort": {
+ "by": "_count",
+ "direction": "desc"
+ },
+ "title": "Cloud Provider"
+ },
+ "grow": true,
+ "order": 0,
+ "type": "optionsListControl",
+ "width": "medium"
+ }
+ },
+ "showApplySelections": false
+ },
+ "description": "This dashboard shows Asset logs collected by the Qualys GAV Integration.",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "data_stream.dataset",
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "data_stream.dataset",
+ "negate": false,
+ "params": {
+ "query": "qualys_gav.asset"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "data_stream.dataset": "qualys_gav.asset"
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "labels.is_transform_source",
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "labels.is_transform_source",
+ "negate": false,
+ "params": {
+ "query": "false"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "labels.is_transform_source": "false"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-c2ff258f-3ea0-4982-847c-f1230a0eae3d",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "currentIndexPatternId": "logs-*",
+ "layers": {
+ "c2ff258f-3ea0-4982-847c-f1230a0eae3d": {
+ "columnOrder": [
+ "4375d0b1-c1b8-4c66-9042-11b4e9375bb9",
+ "407daa99-d25a-42d5-9f73-e2a2a528c48d"
+ ],
+ "columns": {
+ "407daa99-d25a-42d5-9f73-e2a2a528c48d": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "4375d0b1-c1b8-4c66-9042-11b4e9375bb9": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "OS",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "407daa99-d25a-42d5-9f73-e2a2a528c48d",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 5
+ },
+ "scale": "ordinal",
+ "sourceField": "host.os.type"
+ }
+ },
+ "incompleteColumns": {},
+ "indexPatternId": "logs-*",
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "currentIndexPatternId": "logs-*",
+ "layers": {}
+ },
+ "textBased": {
+ "indexPatternRefs": [
+ {
+ "id": "logs-*",
+ "timeField": "@timestamp",
+ "title": "logs-*"
+ }
+ ],
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "categoryDisplay": "default",
+ "colorMapping": {
+ "assignments": [],
+ "colorMode": {
+ "type": "categorical"
+ },
+ "paletteId": "eui_amsterdam_color_blind",
+ "specialAssignments": [
+ {
+ "color": {
+ "type": "loop"
+ },
+ "rule": {
+ "type": "other"
+ },
+ "touched": false
+ }
+ ]
+ },
+ "layerId": "c2ff258f-3ea0-4982-847c-f1230a0eae3d",
+ "layerType": "data",
+ "legendDisplay": "show",
+ "metrics": [
+ "407daa99-d25a-42d5-9f73-e2a2a528c48d"
+ ],
+ "nestedLegend": false,
+ "numberDisplay": "percent",
+ "primaryGroups": [
+ "4375d0b1-c1b8-4c66-9042-11b4e9375bb9"
+ ],
+ "truncateLegend": false
+ }
+ ],
+ "shape": "pie"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsPie"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "3109c503-51f7-491e-bba8-cb01d1860c8b",
+ "w": 24,
+ "x": 0,
+ "y": 13
+ },
+ "panelIndex": "3109c503-51f7-491e-bba8-cb01d1860c8b",
+ "title": "Assets by OS [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-2e0a4969-3c61-4a53-b550-d5d94624f3b9",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "2e0a4969-3c61-4a53-b550-d5d94624f3b9": {
+ "columnOrder": [
+ "797e3f3b-6131-4c31-9a4d-7fdab7849af6",
+ "4c7dcaf8-ff57-4e94-80f8-3ea25e8c9a89"
+ ],
+ "columns": {
+ "4c7dcaf8-ff57-4e94-80f8-3ea25e8c9a89": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "797e3f3b-6131-4c31-9a4d-7fdab7849af6": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Country",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "4c7dcaf8-ff57-4e94-80f8-3ea25e8c9a89",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 5
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.last_location.country"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "categoryDisplay": "default",
+ "colorMapping": {
+ "assignments": [],
+ "colorMode": {
+ "type": "categorical"
+ },
+ "paletteId": "eui_amsterdam_color_blind",
+ "specialAssignments": [
+ {
+ "color": {
+ "type": "loop"
+ },
+ "rule": {
+ "type": "other"
+ },
+ "touched": false
+ }
+ ]
+ },
+ "layerId": "2e0a4969-3c61-4a53-b550-d5d94624f3b9",
+ "layerType": "data",
+ "legendDisplay": "show",
+ "metrics": [
+ "4c7dcaf8-ff57-4e94-80f8-3ea25e8c9a89"
+ ],
+ "nestedLegend": false,
+ "numberDisplay": "percent",
+ "primaryGroups": [
+ "797e3f3b-6131-4c31-9a4d-7fdab7849af6"
+ ],
+ "truncateLegend": false
+ }
+ ],
+ "shape": "pie"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsPie"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "1408cee8-ac71-4ded-8fdb-f3e9d639b974",
+ "w": 24,
+ "x": 24,
+ "y": 13
+ },
+ "panelIndex": "1408cee8-ac71-4ded-8fdb-f3e9d639b974",
+ "title": "Assets by Country [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-d5ea62cb-a4ff-4cd1-87e2-0125c77c5546",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "d5ea62cb-a4ff-4cd1-87e2-0125c77c5546": {
+ "columnOrder": [
+ "b2153ac8-3cd6-4a73-9b86-30153d9500c9",
+ "7b387296-f01d-483e-aba9-52c317b7dbe5"
+ ],
+ "columns": {
+ "7b387296-f01d-483e-aba9-52c317b7dbe5": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "b2153ac8-3cd6-4a73-9b86-30153d9500c9": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Asset Category",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "7b387296-f01d-483e-aba9-52c317b7dbe5",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.hardware.category1"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "b2153ac8-3cd6-4a73-9b86-30153d9500c9"
+ },
+ {
+ "columnId": "7b387296-f01d-483e-aba9-52c317b7dbe5"
+ }
+ ],
+ "layerId": "d5ea62cb-a4ff-4cd1-87e2-0125c77c5546",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "5e9444ac-ab49-4f8b-bc16-b50987bee491",
+ "w": 24,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "5e9444ac-ab49-4f8b-bc16-b50987bee491",
+ "title": "Top Asset Categories [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-66a1026a-298f-44f3-bf1e-576211045cfe",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "66a1026a-298f-44f3-bf1e-576211045cfe": {
+ "columnOrder": [
+ "934599b4-e315-4e80-b550-61f84d999cad",
+ "eb0dba73-13a6-44a4-9ad5-2c07c986d2cd"
+ ],
+ "columns": {
+ "934599b4-e315-4e80-b550-61f84d999cad": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Category",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "eb0dba73-13a6-44a4-9ad5-2c07c986d2cd",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.hardware.category2"
+ },
+ "eb0dba73-13a6-44a4-9ad5-2c07c986d2cd": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "fittingFunction": "Linear",
+ "gridlinesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "labelsOrientation": {
+ "x": 0,
+ "yLeft": 0,
+ "yRight": 0
+ },
+ "layers": [
+ {
+ "accessors": [
+ "eb0dba73-13a6-44a4-9ad5-2c07c986d2cd"
+ ],
+ "colorMapping": {
+ "assignments": [],
+ "colorMode": {
+ "type": "categorical"
+ },
+ "paletteId": "eui_amsterdam_color_blind",
+ "specialAssignments": [
+ {
+ "color": {
+ "type": "loop"
+ },
+ "rule": {
+ "type": "other"
+ },
+ "touched": false
+ }
+ ]
+ },
+ "layerId": "66a1026a-298f-44f3-bf1e-576211045cfe",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar_horizontal_stacked",
+ "showGridlines": false,
+ "xAccessor": "934599b4-e315-4e80-b550-61f84d999cad"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right",
+ "shouldTruncate": false
+ },
+ "preferredSeriesType": "bar_stacked",
+ "tickLabelsVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "9387ced3-8ba8-44ce-a50d-df91fbc469c7",
+ "w": 24,
+ "x": 24,
+ "y": 28
+ },
+ "panelIndex": "9387ced3-8ba8-44ce-a50d-df91fbc469c7",
+ "title": "Category Breakdown [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-99562931-73e0-4fd9-ad01-8f8c605d09e7",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "185a5876-7108-469d-8062-d2cf47cb33c0",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "99562931-73e0-4fd9-ad01-8f8c605d09e7": {
+ "columnOrder": [
+ "3d03d766-9278-4420-9867-5d7835a2a787",
+ "a2e4157b-0bd3-46c1-b658-1251fcb91d32"
+ ],
+ "columns": {
+ "3d03d766-9278-4420-9867-5d7835a2a787": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Client OS",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "a2e4157b-0bd3-46c1-b658-1251fcb91d32",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "host.os.name"
+ },
+ "a2e4157b-0bd3-46c1-b658-1251fcb91d32": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "185a5876-7108-469d-8062-d2cf47cb33c0",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Client"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Client"
+ }
+ }
+ }
+ ],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "3d03d766-9278-4420-9867-5d7835a2a787"
+ },
+ {
+ "columnId": "a2e4157b-0bd3-46c1-b658-1251fcb91d32"
+ }
+ ],
+ "layerId": "99562931-73e0-4fd9-ad01-8f8c605d09e7",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "logs-*",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Client"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Client"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "a7b5237f-8cf1-4df3-95db-adf70a065a13",
+ "w": 24,
+ "x": 0,
+ "y": 43
+ },
+ "panelIndex": "a7b5237f-8cf1-4df3-95db-adf70a065a13",
+ "title": "Top Client OS [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-db5d75a0-aa60-40fa-a61c-7b2940dd9015",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "550b43d5-8a25-48c0-a10e-5aabe7fa007c",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "db5d75a0-aa60-40fa-a61c-7b2940dd9015": {
+ "columnOrder": [
+ "85d701d4-6a7f-46fc-87e3-ead778e12059",
+ "9bf9d2e0-9052-43e3-9b87-a5c89c52db1d"
+ ],
+ "columns": {
+ "85d701d4-6a7f-46fc-87e3-ead778e12059": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Server OS",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "9bf9d2e0-9052-43e3-9b87-a5c89c52db1d",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "host.os.name"
+ },
+ "9bf9d2e0-9052-43e3-9b87-a5c89c52db1d": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "550b43d5-8a25-48c0-a10e-5aabe7fa007c",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Server"
+ }
+ }
+ }
+ ],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "85d701d4-6a7f-46fc-87e3-ead778e12059"
+ },
+ {
+ "columnId": "9bf9d2e0-9052-43e3-9b87-a5c89c52db1d"
+ }
+ ],
+ "layerId": "db5d75a0-aa60-40fa-a61c-7b2940dd9015",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "logs-*",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Server"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "936dbede-95e3-43d7-a629-3d16cee01d5d",
+ "w": 24,
+ "x": 24,
+ "y": 43
+ },
+ "panelIndex": "936dbede-95e3-43d7-a629-3d16cee01d5d",
+ "title": "Top Server OS [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-08950d2d-e1ee-4bf0-808a-630007063190",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1cf671a8-b7cb-4711-a3bc-955b08ce61ba",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "08950d2d-e1ee-4bf0-808a-630007063190": {
+ "columnOrder": [
+ "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44",
+ "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6"
+ ],
+ "columns": {
+ "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Client Hardware",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.hardware.product_name"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.hardware.category2",
+ "index": "1cf671a8-b7cb-4711-a3bc-955b08ce61ba",
+ "key": "qualys_gav.asset.hardware.category2",
+ "negate": true,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.hardware.category2": "Server"
+ }
+ }
+ }
+ ],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44"
+ },
+ {
+ "columnId": "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6"
+ }
+ ],
+ "layerId": "08950d2d-e1ee-4bf0-808a-630007063190",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.hardware.category2",
+ "index": "logs-*",
+ "key": "qualys_gav.asset.hardware.category2",
+ "negate": true,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.hardware.category2": "Server"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "ae834535-e1ed-4c24-99e9-3a5cd01f2187",
+ "w": 24,
+ "x": 0,
+ "y": 58
+ },
+ "panelIndex": "ae834535-e1ed-4c24-99e9-3a5cd01f2187",
+ "title": "Top Client Hardware [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-08950d2d-e1ee-4bf0-808a-630007063190",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "9e4e3644-dc5e-4768-aa09-4b98bd373960",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "08950d2d-e1ee-4bf0-808a-630007063190": {
+ "columnOrder": [
+ "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44",
+ "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6"
+ ],
+ "columns": {
+ "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Server Hardware",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.hardware.product_name"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.hardware.category2",
+ "index": "9e4e3644-dc5e-4768-aa09-4b98bd373960",
+ "key": "qualys_gav.asset.hardware.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.hardware.category2": "Server"
+ }
+ }
+ }
+ ],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "b5b295d5-0711-4f53-9e5c-a79b6ef0ef44"
+ },
+ {
+ "columnId": "2b10bc68-bb9e-4b90-9c20-0a2d31d16cd6"
+ }
+ ],
+ "layerId": "08950d2d-e1ee-4bf0-808a-630007063190",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.hardware.category2",
+ "index": "logs-*",
+ "key": "qualys_gav.asset.hardware.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.hardware.category2": "Server"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "5ee8e456-0f7d-4f39-8c81-9c20a3e40f40",
+ "w": 24,
+ "x": 24,
+ "y": 58
+ },
+ "panelIndex": "5ee8e456-0f7d-4f39-8c81-9c20a3e40f40",
+ "title": "Top Server Hardware [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-8ee02424-2652-4153-bdb3-ce46e222aa05",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "8ee02424-2652-4153-bdb3-ce46e222aa05": {
+ "columnOrder": [
+ "7bb16966-a59b-4b1e-b578-fc16e94f21e4",
+ "699cfe73-745c-4d07-ad20-3cd614947f31"
+ ],
+ "columns": {
+ "699cfe73-745c-4d07-ad20-3cd614947f31": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "7bb16966-a59b-4b1e-b578-fc16e94f21e4": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Publishers",
+ "operationType": "terms",
+ "params": {
+ "accuracyMode": true,
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "699cfe73-745c-4d07-ad20-3cd614947f31",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.software_list_data.software.publisher"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "fittingFunction": "Linear",
+ "gridlinesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "labelsOrientation": {
+ "x": 0,
+ "yLeft": 0,
+ "yRight": 0
+ },
+ "layers": [
+ {
+ "accessors": [
+ "699cfe73-745c-4d07-ad20-3cd614947f31"
+ ],
+ "colorMapping": {
+ "assignments": [],
+ "colorMode": {
+ "type": "categorical"
+ },
+ "paletteId": "eui_amsterdam_color_blind",
+ "specialAssignments": [
+ {
+ "color": {
+ "type": "loop"
+ },
+ "rule": {
+ "type": "other"
+ },
+ "touched": false
+ }
+ ]
+ },
+ "layerId": "8ee02424-2652-4153-bdb3-ce46e222aa05",
+ "layerType": "data",
+ "seriesType": "bar_horizontal",
+ "xAccessor": "7bb16966-a59b-4b1e-b578-fc16e94f21e4"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right",
+ "shouldTruncate": false
+ },
+ "preferredSeriesType": "bar_percentage_stacked",
+ "tickLabelsVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "fd168ff0-5e96-4e0c-8f56-9ec30d00f1d5",
+ "w": 24,
+ "x": 0,
+ "y": 73
+ },
+ "panelIndex": "fd168ff0-5e96-4e0c-8f56-9ec30d00f1d5",
+ "title": "Top Publishers [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-5fb243fb-da94-40a6-b616-09aaa235bdd2",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "5fb243fb-da94-40a6-b616-09aaa235bdd2": {
+ "columnOrder": [
+ "0c07b31e-774a-4f38-a6d0-93887c45b694",
+ "6ab378bf-2fb8-4827-9a4f-a2418c00869d"
+ ],
+ "columns": {
+ "0c07b31e-774a-4f38-a6d0-93887c45b694": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Software Category",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "6ab378bf-2fb8-4827-9a4f-a2418c00869d",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.software_list_data.software.category1"
+ },
+ "6ab378bf-2fb8-4827-9a4f-a2418c00869d": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "fittingFunction": "Linear",
+ "gridlinesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "labelsOrientation": {
+ "x": 0,
+ "yLeft": 0,
+ "yRight": 0
+ },
+ "layers": [
+ {
+ "accessors": [
+ "6ab378bf-2fb8-4827-9a4f-a2418c00869d"
+ ],
+ "colorMapping": {
+ "assignments": [],
+ "colorMode": {
+ "type": "categorical"
+ },
+ "paletteId": "eui_amsterdam_color_blind",
+ "specialAssignments": [
+ {
+ "color": {
+ "type": "loop"
+ },
+ "rule": {
+ "type": "other"
+ },
+ "touched": false
+ }
+ ]
+ },
+ "layerId": "5fb243fb-da94-40a6-b616-09aaa235bdd2",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar_horizontal_stacked",
+ "showGridlines": false,
+ "xAccessor": "0c07b31e-774a-4f38-a6d0-93887c45b694"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right",
+ "shouldTruncate": false
+ },
+ "preferredSeriesType": "bar_stacked",
+ "tickLabelsVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "5b7eb7ae-d5bc-4494-a842-c630f5d5f74c",
+ "w": 24,
+ "x": 24,
+ "y": 73
+ },
+ "panelIndex": "5b7eb7ae-d5bc-4494-a842-c630f5d5f74c",
+ "title": "Top Software Category [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-0fe8cda4-89c8-4f84-98b3-6bc22905df21",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "0fe8cda4-89c8-4f84-98b3-6bc22905df21": {
+ "columnOrder": [
+ "accf84f1-f91f-433d-9a00-93a7e9ef9c71",
+ "2d3e8a0e-7378-46f3-baea-790883537470"
+ ],
+ "columns": {
+ "2d3e8a0e-7378-46f3-baea-790883537470": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "accf84f1-f91f-433d-9a00-93a7e9ef9c71": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Hardware Category",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "2d3e8a0e-7378-46f3-baea-790883537470",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.hardware.category"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "accf84f1-f91f-433d-9a00-93a7e9ef9c71"
+ },
+ {
+ "columnId": "2d3e8a0e-7378-46f3-baea-790883537470"
+ }
+ ],
+ "layerId": "0fe8cda4-89c8-4f84-98b3-6bc22905df21",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "38ccd17e-92b3-4293-ba5f-55ecfea11f2a",
+ "w": 24,
+ "x": 0,
+ "y": 88
+ },
+ "panelIndex": "38ccd17e-92b3-4293-ba5f-55ecfea11f2a",
+ "title": "Top Applications on Clients [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-df5e2386-28e0-47fc-afe0-95048d6b309c",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "53486c33-7cec-4c1f-bfff-15feadfb6919",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "df5e2386-28e0-47fc-afe0-95048d6b309c": {
+ "columnOrder": [
+ "bf1656c7-d00f-4da8-857d-00c63d7c1e30",
+ "ebf6052a-eaf6-4c31-8d48-5a344f132fe4"
+ ],
+ "columns": {
+ "bf1656c7-d00f-4da8-857d-00c63d7c1e30": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Software Product",
+ "operationType": "terms",
+ "params": {
+ "exclude": [],
+ "excludeIsRegex": false,
+ "include": [],
+ "includeIsRegex": false,
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "ebf6052a-eaf6-4c31-8d48-5a344f132fe4",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "secondaryFields": [],
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "qualys_gav.asset.software_list_data.software.product_name"
+ },
+ "ebf6052a-eaf6-4c31-8d48-5a344f132fe4": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "53486c33-7cec-4c1f-bfff-15feadfb6919",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Server"
+ }
+ }
+ }
+ ],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "bf1656c7-d00f-4da8-857d-00c63d7c1e30"
+ },
+ {
+ "columnId": "ebf6052a-eaf6-4c31-8d48-5a344f132fe4"
+ }
+ ],
+ "layerId": "df5e2386-28e0-47fc-afe0-95048d6b309c",
+ "layerType": "data"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "field": "qualys_gav.asset.operating_system.category2",
+ "index": "logs-*",
+ "key": "qualys_gav.asset.operating_system.category2",
+ "negate": false,
+ "params": {
+ "query": "Server"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "qualys_gav.asset.operating_system.category2": "Server"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "339b1796-5ef5-4f55-8faa-7c44b11a73e8",
+ "w": 24,
+ "x": 24,
+ "y": 88
+ },
+ "panelIndex": "339b1796-5ef5-4f55-8faa-7c44b11a73e8",
+ "title": "Top Applications on Servers [Logs Qualys GAV]",
+ "type": "lens"
+ },
+ {
+ "embeddableConfig": {
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "savedVis": {
+ "data": {
+ "aggs": [],
+ "searchSource": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "description": "",
+ "id": "",
+ "params": {
+ "fontSize": 12,
+ "markdown": "**Qualys Global AssetView**\n\n**Assets**\n\n**Description**\n\nThis dashboard provides comprehensive visibility into the organizational asset landscape using data from Qualys Global AssetView.\n\nIt showcases assets distributed across cloud providers, asset type, operating systems, geographies, and categories. Visualizations include pie charts, tables, and bar charts that highlight asset trends and usage patterns. The dashboard supports analysis of client and server environments by displaying top operating systems, hardware types, software categories, and application distributions. A control panel provides a quick overview of key asset dimensions to support asset inventory, normalization, and risk prioritization.\n\n**[Integration Page](/app/integrations/detail/qualys_gav)**",
+ "openLinksInNewTab": false
+ },
+ "title": "",
+ "type": "markdown",
+ "uiState": {}
+ }
+ },
+ "gridData": {
+ "h": 13,
+ "i": "305c917c-1e2e-4bd2-ad4f-58d6f670aec8",
+ "w": 38,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "305c917c-1e2e-4bd2-ad4f-58d6f670aec8",
+ "type": "visualization"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-a29d717d-3e6b-4382-8a41-59067b179ec5",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "adHocDataViews": {},
+ "datasourceStates": {
+ "formBased": {
+ "layers": {
+ "a29d717d-3e6b-4382-8a41-59067b179ec5": {
+ "columnOrder": [
+ "82cd301d-8808-4ee2-b4da-5d28d650fa8d"
+ ],
+ "columns": {
+ "82cd301d-8808-4ee2-b4da-5d28d650fa8d": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Total Assets",
+ "operationType": "unique_count",
+ "params": {
+ "emptyAsNull": false,
+ "format": {
+ "id": "number",
+ "params": {
+ "decimals": 0
+ }
+ }
+ },
+ "scale": "ratio",
+ "sourceField": "host.id"
+ }
+ },
+ "incompleteColumns": {},
+ "sampling": 1
+ }
+ }
+ },
+ "indexpattern": {
+ "layers": {}
+ },
+ "textBased": {
+ "layers": {}
+ }
+ },
+ "filters": [],
+ "internalReferences": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "color": "#6092C0",
+ "layerId": "a29d717d-3e6b-4382-8a41-59067b179ec5",
+ "layerType": "data",
+ "metricAccessor": "82cd301d-8808-4ee2-b4da-5d28d650fa8d"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsMetric"
+ },
+ "enhancements": {
+ "dynamicActions": {
+ "events": []
+ }
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "syncColors": false,
+ "syncCursor": true,
+ "syncTooltips": false
+ },
+ "gridData": {
+ "h": 13,
+ "i": "274d6590-cacd-4eb5-8683-03f2580166ec",
+ "w": 10,
+ "x": 38,
+ "y": 0
+ },
+ "panelIndex": "274d6590-cacd-4eb5-8683-03f2580166ec",
+ "type": "lens"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs Qualys GAV] Asset",
+ "version": 3
+ },
+ "coreMigrationVersion": "8.8.0",
+ "created_at": "2025-07-22T12:24:34.793Z",
+ "id": "qualys_gav-e7e0529f-6cb1-4b01-b5f8-568cfb07c306",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "3109c503-51f7-491e-bba8-cb01d1860c8b:indexpattern-datasource-layer-c2ff258f-3ea0-4982-847c-f1230a0eae3d",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1408cee8-ac71-4ded-8fdb-f3e9d639b974:indexpattern-datasource-layer-2e0a4969-3c61-4a53-b550-d5d94624f3b9",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5e9444ac-ab49-4f8b-bc16-b50987bee491:indexpattern-datasource-layer-d5ea62cb-a4ff-4cd1-87e2-0125c77c5546",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "9387ced3-8ba8-44ce-a50d-df91fbc469c7:indexpattern-datasource-layer-66a1026a-298f-44f3-bf1e-576211045cfe",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a7b5237f-8cf1-4df3-95db-adf70a065a13:indexpattern-datasource-layer-99562931-73e0-4fd9-ad01-8f8c605d09e7",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a7b5237f-8cf1-4df3-95db-adf70a065a13:185a5876-7108-469d-8062-d2cf47cb33c0",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "936dbede-95e3-43d7-a629-3d16cee01d5d:indexpattern-datasource-layer-db5d75a0-aa60-40fa-a61c-7b2940dd9015",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "936dbede-95e3-43d7-a629-3d16cee01d5d:550b43d5-8a25-48c0-a10e-5aabe7fa007c",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "ae834535-e1ed-4c24-99e9-3a5cd01f2187:indexpattern-datasource-layer-08950d2d-e1ee-4bf0-808a-630007063190",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "ae834535-e1ed-4c24-99e9-3a5cd01f2187:1cf671a8-b7cb-4711-a3bc-955b08ce61ba",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5ee8e456-0f7d-4f39-8c81-9c20a3e40f40:indexpattern-datasource-layer-08950d2d-e1ee-4bf0-808a-630007063190",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5ee8e456-0f7d-4f39-8c81-9c20a3e40f40:9e4e3644-dc5e-4768-aa09-4b98bd373960",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "fd168ff0-5e96-4e0c-8f56-9ec30d00f1d5:indexpattern-datasource-layer-8ee02424-2652-4153-bdb3-ce46e222aa05",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5b7eb7ae-d5bc-4494-a842-c630f5d5f74c:indexpattern-datasource-layer-5fb243fb-da94-40a6-b616-09aaa235bdd2",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "38ccd17e-92b3-4293-ba5f-55ecfea11f2a:indexpattern-datasource-layer-0fe8cda4-89c8-4f84-98b3-6bc22905df21",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "339b1796-5ef5-4f55-8faa-7c44b11a73e8:indexpattern-datasource-layer-df5e2386-28e0-47fc-afe0-95048d6b309c",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "339b1796-5ef5-4f55-8faa-7c44b11a73e8:53486c33-7cec-4c1f-bfff-15feadfb6919",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "274d6590-cacd-4eb5-8683-03f2580166ec:indexpattern-datasource-layer-a29d717d-3e6b-4382-8a41-59067b179ec5",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "controlGroup_3dfb0391-14d0-4542-9530-75376a80bdac:optionsListDataView",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "controlGroup_1b7b9cc5-7f06-4c0a-96bc-7bf583bfebf7:optionsListDataView",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "dashboard",
+ "typeMigrationVersion": "10.2.0",
+ "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
+}
\ No newline at end of file
diff --git a/packages/qualys_gav/manifest.yml b/packages/qualys_gav/manifest.yml
new file mode 100644
index 00000000000..7197d08b52d
--- /dev/null
+++ b/packages/qualys_gav/manifest.yml
@@ -0,0 +1,101 @@
+format_version: 3.4.0
+name: qualys_gav
+title: Qualys Global AssetView
+version: 0.1.0
+description: Collect logs from Qualys Global AssetView with Elastic Agent.
+type: integration
+categories:
+ - security
+conditions:
+ kibana:
+ version: ^8.18.5 || ^8.19.2 || ^9.0.5 || ^9.1.2
+ elastic:
+ subscription: basic
+screenshots:
+ - src: /img/qualys_gav-asset.png
+ title: Asset Dashboard
+ size: 600x600
+ type: image/png
+icons:
+ - src: /img/qualys_gav-logo.svg
+ title: Qualys Global AssetView logo
+ size: 32x32
+ type: image/svg+xml
+policy_templates:
+ - name: qualys_gav
+ title: Qualys Global AssetView
+ description: Collect logs from Qualys Global AssetView.
+ deployment_modes:
+ default:
+ enabled: true
+ agentless:
+ enabled: true
+ organization: security
+ division: engineering
+ team: security-service-integrations
+ inputs:
+ - type: cel
+ title: Collect logs from Qualys Global AssetView API
+ description: Collecting logs via Qualys Global AssetView API.
+ vars:
+ - name: url
+ type: text
+ title: URL
+ description: Base URL of the Qualys Global AssetView API.
+ multi: false
+ required: true
+ show_user: true
+ - name: username
+ type: text
+ title: Username
+ description: Username of the Qualys Global AssetView API.
+ multi: false
+ required: true
+ show_user: true
+ - name: password
+ type: password
+ title: Password
+ secret: true
+ description: Password to authenticate the Qualys Global AssetView API.
+ multi: false
+ required: true
+ show_user: true
+ - name: proxy_url
+ type: text
+ title: Proxy URL
+ description: URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.
+ multi: false
+ required: false
+ show_user: false
+ - name: ssl
+ type: yaml
+ title: SSL Configuration
+ description: SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ #certificate_authorities:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF
+ # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2
+ # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
+ # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n
+ # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl
+ # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t
+ # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP
+ # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41
+ # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O
+ # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux
+ # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D
+ # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw
+ # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA
+ # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu
+ # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0
+ # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk
+ # sxSmbIUfc2SGJGCJD4I=
+ # -----END CERTIFICATE-----
+owner:
+ github: elastic/security-service-integrations
+ type: elastic