Change log for TENABLE_IO
| Date | Changes |
|---|---|
| 2025-10-29 | Enhancement-
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `finding_id` and `plugin.version` raw log field to `event.idm.read_only_udm.security_result.detection_fields`. - event.idm.read_only_udm.additional.fields: Newly mapped `last_fixed`, `plugin.unsupported_by_vendor`, `resurfaced_date` and `time_taken_to_fix` raw log field to `event.idm.read_only_udm.additional.fields`. - Refactored parser logic for `scan.target` and `asset.last_scan_target`: Added logic to parse as an IP and map to `event.idm.read_only_udm.target.ip`, falling back to `event.idm.read_only_udm.target.hostname` if not an IP. |
| 2025-02-18 | Enhancement-
- Added support to parse the unparsed fields. |
| 2025-01-08 | Enhancement-
- Added UDM events support for the parser. |
| 2023-01-02 | Enhancement-
- Mapped the field 'ipv4s' to 'event.idm.entity.entity.asset.ip'. - Mapped the field 'mac_addresses' to 'event.idm.entity.entity.asset.mac'. - Mapped the field 'hostnames' to 'event.idm.entity.entity.asset.hostname'. - Mapped the field 'id' to 'event.idm.entity.entity.asset.product_object_id'. - Mapped the field 'fqdns' to 'event.idm.entity.entity.asset.network_domain'. - Mapped the field 'netbios_names' to 'event.idm.entity.entity.asset.network_domain'. - Mapped the field 'first_scan_time' to 'vulnerabilities.scan_start_time'. - Mapped the field 'last_scan_time' to 'vulnerabilities.scan_end_time'. - Mapped the field 'first_seen' to 'vulnerabilities.first_found'. - Mapped the field 'last_seen' to 'vulnerabilities.last_found'. - Mapped the field 'operating_systems.0' to 'event.idm.entity.entity.asset.platform_software.platform_version'. - Mapped the field 'ssh_fingerprints.0' to 'event.idm.entity.entity.asset.attribute.labels'. - Mapped the field 'system_types.0' to 'event.idm.entity.entity.asset.attribute.labels'. |