├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── Invoke-NessusTo-Elastic.ps1 ├── LICENSE ├── README.md ├── dashboards ├── 1_primary_nessus_dashboard_saved_objects.ndjson └── 2_cisa_2022_dashboard.ndjson ├── pipelines └── logs-nessus.vulnerability.json └── templates ├── logs-nessus.vulnerability-api-key.json └── logs-nessus.vulnerability.json /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | **Describe the bug** 2 | 3 | A clear and concise description of what the bug is. 4 | 5 | **Expected behavior** 6 | 7 | A clear and concise description of what you expected to happen. 8 | 9 | **Screenshots** 10 | 11 | If applicable, add screenshots to help explain your problem. 12 | 13 | **Additional context** 14 | 15 | Add any other context about the problem here. 16 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | **Is your feature request related to a problem? Please describe.** 2 | 3 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 4 | 5 | **Describe the solution you'd like** 6 | 7 | A clear and concise description of what you want to happen. 8 | 9 | **Describe alternatives you've considered** 10 | 11 | A clear and concise description of any alternative solutions or features you've considered. 12 | 13 | **Additional context** 14 | 15 | Add any other context or screenshots about the feature request here. 16 | -------------------------------------------------------------------------------- /Invoke-NessusTo-Elastic.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | This script is a combination of extracting, importing, and automating Nessus scan data into the Elastic stack. 4 | 5 | *Invoke-Exract_From_Nessus* 6 | Downloads scans from the My Scans folder (or custom folder) and move them to a different folder of your choosing for archival purposes. 7 | 8 | *Invoke-Import_Nessus_To_Elasticsearch* 9 | Parses a single Nessus XML report and imports it into Elasticsearch using the _bulk API. 10 | 11 | *Invoke-Automate_Nessus_File_Imports* 12 | Automatically checks for any unprocessed .nessus files and ingest them into Elastic. 13 | 14 | *Setup-Elastic-Stack* 15 | Use this script to configure an Elastic stack to properly ingest and visualize the Nessus scan data before ingestion. 16 | 17 | .DESCRIPTION 18 | This script is useful for automating the downloads of Nessus scan files and importing them into the Elastic stack. The script will be able to allow for some customizations 19 | such as the Nessus scanner host, the location of the downloads, and the Nessus scan folder for which you wish to move the scans 20 | after they have been downloaded (if you so choose). This tool was inspired from the Posh-Nessus script. Due to lack of updates on the Posh-Nessus 21 | project, it seemed easier to call the raw API to perform the bare minimum functions necessary to export 22 | scans out automatically. I appreciate Tenable leaving these core API functions (export scan and scan status) in their product. 23 | 24 | Tested for Nessus 8.9.0+, Latest Tested 10.7.0. 25 | 26 | Variable Options 27 | -Nessus_URL "https://127.0.0.1:8834" 28 | -Nessus_File_Download_Location "C:\Nessus" 29 | -Nessus_Access_Key "redacted" 30 | -Nessus_Secret_Key "redacted" 31 | -Nessus_Source_Folder_Name "My Scans" 32 | -Nessus_Archive_Folder_Name "Archive-Ingested" 33 | -Export_Scans_From_Today "false" 34 | -Export_Day "01/11/2021" 35 | -Export_Custom_Extended_File_Name_Attribute "_scanner1" 36 | -Elasticsearch_URL "http://127.0.0.1:9200" 37 | -Elasticsearch_Index_Name "logs-nessus.vulnerability" 38 | -Elasticsearch_Api_Key "redacted" 39 | 40 | .EXAMPLE 41 | .\Invoke-NessusTo-Elastic.ps1 -Nessus_URL "https://127.0.0.1:8834" -Nessus_File_Download_Location "C:\Nessus" -Nessus_Access_Key "redacted" -Nessus_Secret_Key "redacted" -Nessus_Source_Folder_Name "My Scans" -Nessus_Archive_Folder_Name "Archive-Ingested" -Export_Scans_From_Today "false" -Export_Day "01/11/2021" -Export_Custom_Extended_File_Name_Attribute "_scanner1" -Elasticsearch_URL "http://127.0.0.1:9200" -Elasticsearch_Index_Name "logs-nessus.vulnerability" -Elasticsearch_Api_Key "redacted" 42 | #> 43 | 44 | Param ( 45 | # Nessus URL. (default - https://127.0.0.1:8834) 46 | [Parameter(Mandatory=$false)] 47 | $Nessus_URL = "https://127.0.0.1:8834", 48 | # The location where you wish to save the extracted Nessus files from the scanner (default - Nessus_Exports) 49 | [Parameter(Mandatory=$false)] 50 | $Nessus_File_Download_Location = "Nessus_Exports", 51 | # The location of a specifc Nessus file for processing. 52 | [Parameter(Mandatory=$false)] 53 | $Nessus_XML_File, 54 | # Nessus Access Key 55 | [Parameter(Mandatory=$false)] 56 | $Nessus_Access_Key = $null, 57 | # Nessus Secret Key 58 | [Parameter(Mandatory=$false)] 59 | $Nessus_Secret_Key = $null, 60 | # The source folder for where the Nessus scans live in the UI. (default - "My Scans") 61 | [Parameter(Mandatory=$false)] 62 | $Nessus_Source_Folder_Name = "My Scans", 63 | # The destination folder in Nessus UI for where you wish to move your scans for archive. (default - none - scans won't move) 64 | [Parameter(Mandatory=$false)] 65 | $Nessus_Archive_Folder_Name = $null, 66 | # The scan name you want to delete the older scan from (default - none - scans won't get deleted) 67 | [Parameter(Mandatory=$false)] 68 | $Nessus_Scan_Name_To_Delete_Oldest_Scan = $null, 69 | # Use this setting if you wish to only export the scans on the day the scan occurred. (default - false) 70 | [Parameter(Mandatory=$false)] 71 | $Export_Scans_From_Today = $null, 72 | # Use this setting if you want to export scans for the specific day that the scan or scans occurred. (example - 11/07/2023) 73 | [Parameter(Mandatory=$false)] 74 | $Export_Day = $null, 75 | # Added atrribute for the end of the file name for uniqueness when using with multiple scanners. (example - _scanner1) 76 | [Parameter(Mandatory=$false)] 77 | $Export_Custom_Extended_File_Name_Attribute = $null, 78 | # Add Elasticsearch URL to automate Nessus import (default - https://127.0.0.1:9200) 79 | [Parameter(Mandatory=$false)] 80 | $Elasticsearch_URL = "https://127.0.0.1:9200", 81 | # Add Elasticsearch index name to automate Nessus import (default - logs-nessus.vulnerability) 82 | [Parameter(Mandatory=$false)] 83 | $Elasticsearch_Index_Name = "logs-nessus.vulnerability", 84 | # Add Elasticsearch API key to automate Nessus import 85 | [Parameter(Mandatory=$false)] 86 | $Elasticsearch_Api_Key = $null, 87 | # Selected option for automation 88 | [Parameter(Mandatory=$false)] 89 | $Option_Selected 90 | ) 91 | 92 | Begin{ 93 | if ($PSVersionTable.PSVersion.Major -ge 7) { 94 | Write-Host "PowerShell version $($PSVersionTable.PSVersion.Major) detected, great!" 95 | } else { 96 | Write-Host "Old version of PowerShell detected $($PSVersionTable.PSVersion.Major). Please install PowerShell 7+. Exiting."Write-Host "No scans found." -ForegroundColor Red 97 | Exit 98 | } 99 | 100 | $option0 = "0. Setup Elasticsearch and Kibana." 101 | $option1 = "1. Export Nessus files." 102 | $option2 = "2. Ingest a single Nessus file into Elasticsearch." 103 | $option3 = "3. Ingest all Nessus files from a specified directory into Elasticsearch." 104 | $option4 = "4. Export and Ingest Nessus files into Elasticsearch." 105 | $option5 = "5. Purge processed hashes list (remove list of what files have already been processed)." 106 | #$option10 = "10. Delete oldest scan from scan history (Future / Only works with Nessus Manager license)" 107 | $quit = "Q. Quit" 108 | $version = "`nVersion 0.8.1" 109 | 110 | function Show-Menu { 111 | Write-Host "Welcome to the PowerShell script that can export and ingest Nessus scan files into an Elastic stack!" -ForegroundColor Blue 112 | Write-Host "What would you like to do?" -ForegroundColor Yellow 113 | Write-Host $option0 114 | Write-Host $option1 115 | Write-Host $option2 116 | Write-Host $option3 117 | Write-Host $option4 118 | Write-Host $option5 119 | Write-Host $option10 120 | Write-Host $quit 121 | Write-Host $version 122 | } 123 | 124 | # Miscellenous Functions 125 | # Get FolderID from Folder name 126 | function getFolderIdFromName { 127 | param ($folderNames) 128 | 129 | $folders = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/folders" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 130 | Write-Host "Folders Found: " 131 | $folders.folders.Name | ForEach-Object { 132 | Write-Host "$_" -ForegroundColor Green 133 | } 134 | $global:sourceFolderId = $($folders.folders | Where-Object {$_.Name -eq $folderNames[0]}).id 135 | $global:archiveFolderId = $($folders.folders | Where-Object {$_.Name -eq $folderNames[1]}).id 136 | } 137 | 138 | # Update Scan status 139 | function updateStatus { 140 | #Store the current Nessus Scans and their completing/running status to currentNessusScanData 141 | $global:currentNessusScanDataRaw = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/scans?folder_id=$($global:sourceFolderId)" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 142 | $global:listOfScans = $global:currentNessusScanDataRaw.scans | Select-Object -Property Name,Status,creation_date,id 143 | if ($global:listOfScans) { 144 | Write-Host "Scans found!" -ForegroundColor Green 145 | $global:listOfScans 146 | } else { 147 | Write-Host "No scans found." -ForegroundColor Red 148 | } 149 | } 150 | 151 | # Simple epoch to ISO8601 Timestamp converter 152 | function convertToISO { 153 | Param($epochTime) 154 | [datetime]$epoch = '1970-01-01 00:00:00' 155 | [datetime]$result = $epoch.AddSeconds($epochTime) 156 | $newTime = Get-Date $result -Format "o" 157 | return $newTime 158 | } 159 | 160 | # Core Functions 161 | function Invoke-Exract_From_Nessus { 162 | Param ( 163 | # Nessus URL. (default - https://127.0.0.1:8834) 164 | [Parameter(Mandatory=$false)] 165 | $Nessus_URL, 166 | # The location where you wish to save the extracted Nessus files from the scanner. (default - Nessus_Exports) 167 | [Parameter(Mandatory=$false)] 168 | $Nessus_File_Download_Location, 169 | # Nessus Access Key 170 | [Parameter(Mandatory=$true)] 171 | $Nessus_Access_Key, 172 | # Nessus Secret Key 173 | [Parameter(Mandatory=$true)] 174 | $Nessus_Secret_Key, 175 | # The source folder for where the Nessus scans live in the UI. (default - "My Scans") 176 | [Parameter(Mandatory=$false)] 177 | $Nessus_Source_Folder_Name, 178 | # The destination folder in Nessus UI for where you wish to move your scans for archive. (default - none - scans won't move) 179 | [Parameter(Mandatory=$false)] 180 | $Nessus_Archive_Folder_Name, 181 | # Use this setting if you wish to only export the scans on the day the scan occurred. (default - false) 182 | [Parameter(Mandatory=$false)] 183 | $Export_Scans_From_Today, 184 | # Use this setting if you want to export scans for the specific day that the scan or scans occurred. (example - 11/07/2023) 185 | [Parameter(Mandatory=$false)] 186 | $Export_Day, 187 | # Added atrribute for the end of the file name for uniqueness when using with multiple scanners. (example - _scanner1) 188 | [Parameter(Mandatory=$false)] 189 | $Export_Custom_Extended_File_Name_Attribute 190 | ) 191 | #> 192 | $headers = @{'X-ApiKeys' = "accessKey=$Nessus_Access_Key; secretKey=$Nessus_Secret_Key"} 193 | #Don't parse the file downloads because we care about speed! 194 | $ProgressPreference = 'SilentlyContinue' 195 | 196 | #Check to see if export scan directory exists, if not, create it! 197 | if ($(Test-Path -Path $Nessus_File_Download_Location) -eq $false) { 198 | Write-Host "Could not find $Nessus_File_Download_Location so creating that directory now." 199 | New-Item $Nessus_File_Download_Location -ItemType Directory 200 | } 201 | 202 | #Get FolderID from Folder name 203 | function getFolderIdFromName { 204 | param ($folderNames) 205 | 206 | $folders = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/folders" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 207 | Write-Host "Folders Found: " 208 | $folders.folders.Name | ForEach-Object { 209 | Write-Host "$_" -ForegroundColor Green 210 | } 211 | $global:sourceFolderId = $($folders.folders | Where-Object {$_.Name -eq $folderNames[0]}).id 212 | $global:archiveFolderId = $($folders.folders | Where-Object {$_.Name -eq $folderNames[1]}).id 213 | } 214 | getFolderIdFromName $Nessus_Source_Folder_Name, $Nessus_Archive_Folder_Name 215 | 216 | #Simple epoch to ISO8601 Timestamp converter 217 | function convertToISO { 218 | Param($epochTime) 219 | [datetime]$epoch = '1970-01-01 00:00:00' 220 | [datetime]$result = $epoch.AddSeconds($epochTime) 221 | $newTime = Get-Date $result -Format "o" 222 | return $newTime 223 | } 224 | 225 | #Sleep if scans are not finished 226 | function sleep5Minutes { 227 | $sleeps = "Scans not finished, going to sleep for 5 minutes. " + $(Get-Date) 228 | Write-Host $sleeps 229 | Start-Sleep -s 300 230 | } 231 | 232 | #Update Scan status 233 | function updateStatus { 234 | #Store the current Nessus Scans and their completing/running status to currentNessusScanData 235 | $global:currentNessusScanDataRaw = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/scans?folder_id=$($global:sourceFolderId)" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 236 | $global:listOfScans = $global:currentNessusScanDataRaw.scans | Select-Object -Property Name,Status,creation_date,id 237 | if ($global:listOfScans) { 238 | Write-Host "Scans found!" -ForegroundColor Green 239 | $global:listOfScans 240 | } else { 241 | Write-Host "No scans found." -ForegroundColor Red 242 | } 243 | } 244 | 245 | function getScanIdsAndExport{ 246 | updateStatus 247 | if ($Export_Scans_From_Today -eq "true") { 248 | #Gets current day 249 | $getDate = Get-Date -Format "dddd-d" 250 | $global:listOfScans | ForEach-Object { 251 | if ($(convertToISO($_.creation_date) | Get-Date -format "dddd-d") -eq $getDate) { 252 | Write-Host "Going to export $_" 253 | export -scanId $($_.id) -scanName $($_.name) 254 | Write-Host "Finished export of $_, going to update status..." 255 | } 256 | } 257 | } elseif ($null -ne $Export_Day) { 258 | #Gets day entered from arguments 259 | $getDate = $Export_Day | Get-Date -Format "dddd-d" 260 | $global:listOfScans | ForEach-Object { 261 | $currentId = $_.id 262 | $scanName = $_.name 263 | $scanHistory = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/scans/$($currentId)?limit=2500" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 264 | $scanHistory.history | ForEach-Object { 265 | if ($(convertToISO($_.creation_date) | Get-Date -format "dddd-d") -eq $getDate) { 266 | #Write-Host "Going to export $_" 267 | Write-Host "Scan History ID Found $($_.history_id)" 268 | $currentConvertedTime = convertToISO($_.creation_date) 269 | export -scanId $currentId -historyId $_.history_id -currentConvertedTime $currentConvertedTime -scanName $scanName 270 | Write-Host "Finished export of $currentId, going to update status..." 271 | } else { 272 | #Write-Host "Nothing found" #$_ 273 | #convertToISO($_.creation_date) 274 | } 275 | } 276 | } 277 | } else { 278 | $global:listOfScans | ForEach-Object { 279 | Write-Host "Going to export $($_.name)" 280 | export -scanId $($_.id) -scanName $($_.name) 281 | Write-Host "Finished export of $($_.name), going to update status..." 282 | } 283 | } 284 | } 285 | 286 | function Move-ScanToArchive{ 287 | $body = [PSCustomObject]@{ 288 | folder_id = $archiveFolderId 289 | } | ConvertTo-Json 290 | 291 | $ScanDetails = Invoke-RestMethod -Method Put -Uri "$Nessus_URL/scans/$($scanId)/folder" -Body $body -ContentType "application/json" -Headers $headers -SkipCertificateCheck 292 | Write-Host $ScanDetails -ForegroundColor Yellow 293 | Write-Host "Scan Moved to Archive - Export Complete." -ForegroundColor Green 294 | } 295 | 296 | function export ($scanId, $historyId, $currentConvertedTime, $scanName){ 297 | Write-Host "Scan: $scanName exporting..." 298 | do { 299 | if($null -eq $currentConvertedTime){ 300 | $convertedTime = convertToISO($($global:currentNessusScanDataRaw.scans | Where-Object {$_.id -eq $scanId}).creation_date) 301 | }else{ 302 | $convertedTime = $currentConvertedTime 303 | } 304 | $exportFileName = Join-Path $Nessus_File_Download_Location $($($convertedTime | Get-Date -Format yyyy_MM_dd).ToString()+"-$($scanName)"+"-$scanId$($Export_Custom_Extended_File_Name_Attribute).nessus") 305 | $exportComplete = 0 306 | $currentScanIdStatus = $($global:currentNessusScanDataRaw.scans | Where-Object {$_.id -eq $scanId}).status 307 | #Check to see if scan is not running or is an empty scan, if true then lets export! 308 | if ($currentScanIdStatus -ne 'running' -and $currentScanIdStatus -ne 'empty' -or $historyId) { 309 | $scanExportOptions = [PSCustomObject]@{ 310 | "format" = "nessus" 311 | } | ConvertTo-Json 312 | #Start the export process to Nessus has the file prepared for download 313 | if($historyId){$historyIdFound = "?history_id=$historyId"}else {$historyId = $null} 314 | $exportInfo = Invoke-RestMethod -Method Post "$Nessus_URL/scans/$($scanId)/export$($historyIdFound)" -Body $scanExportOptions -ContentType "application/json" -Headers $headers -SkipCertificateCheck 315 | $exportStatus = '' 316 | while ($exportStatus.status -ne 'ready') { 317 | try { 318 | $exportStatus = Invoke-RestMethod -Method Get "$Nessus_URL/scans/$($ScanId)/export/$($exportInfo.file)/status" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 319 | Write-Host "Export status: $($exportStatus.status)" 320 | } 321 | catch { 322 | Write-Host "An error has occurred while trying to export the scan" 323 | break 324 | } 325 | Start-Sleep -Seconds 1 326 | } 327 | #Time to download the Nessus scan! 328 | Invoke-RestMethod -Method Get -Uri "$Nessus_URL/scans/$($scanId)/export/$($exportInfo.file)/download" -ContentType "application/json" -Headers $headers -OutFile $exportFileName -SkipCertificateCheck 329 | $exportComplete = 1 330 | Write-Host "Export succeeded!" -ForegroundColor Green 331 | if ($null -ne $Nessus_Archive_Folder_Name) { 332 | #Move scan to archive if folder is configured! 333 | Write-Host "Archive scan folder configured so going to move the scan in the Nessus web UI to $Nessus_Archive_Folder_Name" -Foreground Yellow 334 | Move-ScanToArchive 335 | } else { 336 | Write-Host "Archive folder not configured so not moving scan in the Nessus web UI." -Foreground Yellow 337 | } 338 | 339 | } 340 | #If a scan is empty because it hasn't been started skip the export and move on. 341 | if ($currentScanIdStatus -eq 'empty') { 342 | Write-Host "Scan has not been started, therefore skipping this scan." 343 | $exportComplete = 2 344 | } 345 | if ($exportComplete -eq 0 ){ 346 | sleep5Minutes 347 | updateStatus 348 | } 349 | } While ($exportComplete -eq 0) 350 | 351 | } 352 | 353 | $x = 3 354 | do { 355 | getScanIdsAndExport 356 | #Stop Nessus to get a fresh start 357 | if ($global:currentNessusScanData.Status -notcontains 'running') { 358 | } else { 359 | Write-Host 'Nessus has issues, investigate now!' 360 | } 361 | $x = 1 362 | } while ($x -gt 2) 363 | 364 | Write-Host "Finished Exporting!" -ForegroundColor White 365 | } 366 | 367 | function Invoke-Import_Nessus_To_Elasticsearch { 368 | Param ( 369 | # Nessus XML file path 370 | [Parameter(Mandatory=$true)] 371 | $Nessus_XML_File, 372 | # Add Elasticsearch URL to automate Nessus import (default - https://127.0.0.1:9200) 373 | [Parameter(Mandatory=$true)] 374 | $Elasticsearch_URL, 375 | # Add Elasticsearch index name to automate Nessus import (default - logs-nessus.vulnerability) 376 | [Parameter(Mandatory=$true)] 377 | $Elasticsearch_Index_Name, 378 | # Elasticsearch API Key 379 | [Parameter(Mandatory=$true)] 380 | $Elasticsearch_API_Key 381 | ) 382 | 383 | $ErrorActionPreference = 'Stop' 384 | $nessus = [xml]'' 385 | $nessus.Load($Nessus_XML_File) 386 | 387 | #Elastic Instance (Hard code values here) 388 | #$Elasticsearch_IP = '127.0.0.1' 389 | #$Elasticsearch_Port = '9200' 390 | 391 | if ($Elasticsearch_URL -ne "https://127.0.0.1:9200") { 392 | Write-Host "Using the URL you provided for Elastic: $Elasticsearch_URL" -ForegroundColor Green 393 | } else { 394 | Write-Host "Running script with default localhost Elasticsearch URL ($Elasticsearch_URL)." -ForegroundColor Yellow 395 | } 396 | #Nessus User Authenitcation Variables for Elastic 397 | if ($Elasticsearch_API_Key) { 398 | Write-Host "Using the Api Key you provided." -ForegroundColor Green 399 | } else { 400 | Write-Host "Elasticsearch API Key Required! Go here if you don't know how to obtain one - https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html" -ForegroundColor "Red" 401 | break 402 | } 403 | $global:AuthenticationHeaders = @{Authorization = "ApiKey $Elasticsearch_API_Key"} 404 | 405 | #Create index name 406 | if ($Elasticsearch_Index_Name -ne "logs-nessus.vulnerability" ) { 407 | Write-Host "Using the Index you provided: $Elasticsearch_Index_Name" -ForegroundColor Green 408 | } else { 409 | $Elasticsearch_Index_Name = "logs-nessus.vulnerability"; Write-Host "No Index was entered, using the default value of $Elasticsearch_Index_Name" -ForegroundColor Yellow 410 | } 411 | 412 | function convertEpochSecondsToISO { 413 | Param($epochTime) 414 | $dateTime = [System.DateTimeOffset]::FromUnixTimeMilliseconds($epochTime).DateTime 415 | $newTime = Get-Date $dateTime -Format "o" 416 | return $newTime 417 | } 418 | 419 | #Now let the magic happen! 420 | Write-Host " 421 | Starting ingest of $Nessus_XML_File. 422 | 423 | The time it takes to parse and ingest will vary on the file size. 424 | 425 | Note: Files larger than 1GB could take over 35 minutes. 426 | 427 | You can check if data is getting ingested by visiting Kibana and look under Index Management for this index: $Elasticsearch_Index_Name 428 | 429 | For debugging uncomment: 430 | #`$data.items | ConvertTo-Json -Depth 5 431 | " 432 | $fileProcessed = (Get-ChildItem $Nessus_XML_File).name 433 | $reportName = $nessus.NessusClientData_v2.Report.name 434 | foreach ($n in $nessus.NessusClientData_v2.Report.ReportHost) { 435 | foreach ($r in $n.ReportItem) { 436 | foreach ($nHPTN_Item in $n.HostProperties.tag) { 437 | #Get useful tag information from the report 438 | switch -Regex ($nHPTN_Item.name) 439 | { 440 | "host-ip" {$ip = $nHPTN_Item."#text"} 441 | "host-fqdn" {$fqdn = $nHPTN_Item."#text"} 442 | "host-rdns" {$rdns = $nHPTN_Item."#text"} 443 | "operating-system-unsupported" {$osu = $nHPTN_Item."#text"} 444 | "system-type" {$systype = $nHPTN_Item."#text"} 445 | "^os$" {$os = $nHPTN_Item."#text"} 446 | "operating-system$" {$opersys = $nHPTN_Item."#text"} 447 | "operating-system-conf" {$operSysConfidence = $nHPTN_Item."#text"} 448 | "operating-system-method" {$operSysMethod = $nHPTN_Item."#text"} 449 | "^Credentialed_Scan" {$credscan = $nHPTN_Item."#text"} 450 | "mac-address" {$macAddr = $nHPTN_Item."#text"} 451 | "HOST_START_TIMESTAMP$" {$hostStart = $nHPTN_Item."#text"} 452 | "HOST_END_TIMESTAMP$" {$hostEnd = $nHPTN_Item."#text"} 453 | } 454 | } 455 | #Convert seconds to milliseconds 456 | $hostStart = $([int]$hostStart*1000) 457 | $hostEnd = $([int]$hostEnd*1000) 458 | #Create duration and convert milliseconds to nano seconds 459 | $duration = $(($hostEnd - $hostStart)*1000000) 460 | 461 | #Convert start and end dates to ISO 462 | $hostStart = convertEpochSecondsToISO $hostStart 463 | $hostEnd = convertEpochSecondsToISO $hostEnd 464 | 465 | $obj = [PSCustomObject]@{ 466 | "@timestamp" = $hostStart #Remove later for at ingest enrichment 467 | "destination" = [PSCustomObject]@{ 468 | "port" = $r.port 469 | } 470 | "event" = [PSCustomObject]@{ 471 | "category" = "host" #Remove later for at ingest enrichment 472 | "kind" = "state" #Remove later for at ingest enrichment 473 | "duration" = $duration 474 | "start" = $hostStart 475 | "end" = $hostEnd 476 | "risk_score" = $r.severity 477 | "dataset" = "vulnerability" #Remove later for at ingest enrichment 478 | "provider" = "Nessus" #Remove later for at ingest enrichment 479 | "message" = $n.name + ' - ' + $r.synopsis #Remove later for at ingest enrichment 480 | "module" = "ImportTo-Elasticsearch-Nessus" 481 | "severity" = $r.severity #Remove later for at ingest enrichment 482 | "url" = (@(if($r.cve){($r.cve | ForEach-Object {"https://cve.mitre.org/cgi-bin/cvename.cgi?name=$_"})}else{$null})) #Remove later for at ingest enrichment 483 | } 484 | "host" = [PSCustomObject]@{ 485 | "ip" = $ip 486 | "mac" = (@(if($macAddr){($macAddr.Split([Environment]::NewLine))}else{$null})) 487 | "hostname" = if($fqdn -notmatch "sources" -and ($fqbn)){($fqdn).ToLower()}elseif($rdns){($rdns).ToLower()}else{$null} #Remove later for at ingest enrichment #Also, added a check for an extra "sources" sub field added to the fqbn field 488 | "name" = if($fqdn -notmatch "sources" -and ($fqbn)){($fqdn).ToLower()}elseif($rdns){($rdns).ToLower()}else{$null} #Remove later for at ingest enrichment #Also, added a check for an extra "sources" sub field added to the fqbn field 489 | "os" = [PSCustomObject]@{ 490 | "family" = $os 491 | "full" = @(if($opersys){$opersys.Split("`n`r")}else{$null}) 492 | "name" = @(if($opersys){$opersys.Split("`n`r")}else{$null}) 493 | "platform" = $os 494 | } 495 | } 496 | "log" = [PSCustomObject]@{ 497 | "origin" = [PSCustomObject]@{ 498 | "file" = [PSCustomObject]@{ 499 | "name" = $fileProcessed 500 | } 501 | } 502 | } 503 | "nessus" = [PSCustomObject]@{ 504 | "cve" = (@(if($r.cve){($r.cve).ToLower()}else{$null})) 505 | "in_the_news" = if($r.in_the_news){$r.in_the_news}else{$null} 506 | "solution" = $r.solution 507 | "synopsis" = $r.synopsis 508 | "unsupported_os" = if($osu){$osu}else{$null} 509 | "system_type" = $systype 510 | "credentialed_scan" = $credscan 511 | "exploit_available" = $r.exploit_available 512 | "edb-id" = $r."edb-id" 513 | "unsupported_by_vendor" = $r.unsupported_by_vendor 514 | "os_confidence" = $operSysConfidence 515 | "os_identification_method" = $operSysMethod 516 | "rdns" = $rdns 517 | "name_of_host" = $n.name.ToLower() 518 | "cvss" = [PSCustomObject]@{ 519 | "vector" = if($r.cvss_vector){$r.cvss_vector}else{$null} 520 | "base_score" = if($r.cvss_base_score){$r.cvss_base_score}else{$null} 521 | "impact_score" = if($r.cvss_impactScore){$r.cvss_impactScore}else{$null} 522 | "temporal_score" = if($r.cvss_temporal_score){$r.cvss_temporal_score}else{$null} 523 | } 524 | "cvss3" = [PSCustomObject]@{ 525 | "vector" = if($r.cvss3_vector){$r.cvss3_vector}else{$null} 526 | "base_score" = if($r.cvss3_base_score){$r.cvss3_base_score}else{$null} 527 | "impact_score" = if($r.cvssV3_impactScore){$r.cvssV3_impactScore}else{$null} 528 | "temporal_score" = if($r.cvss3_temporal_score){$r.cvss3_temporal_score}else{$null} 529 | } 530 | "plugin" = [PSCustomObject]@{ 531 | "id" = $r.pluginID 532 | "name" = $r.pluginName 533 | "publication_date" = $r.plugin_publication_date 534 | "type" = $r.plugin_type 535 | "output" = $r.plugin_output 536 | "filename" = $r.fname 537 | "modification_date" = if($r.plugin_modification_date){$r.plugin_modification_date}else{$null} 538 | } 539 | "vpr_score" = if($r.vpr_score){$r.vpr_score}else{$null} 540 | "exploit_code_maturity" = if($r.exploit_code_maturity){$r.exploit_code_maturity}else{$null} 541 | "exploitability_ease" = if($r.exploitability_ease){$r.exploitability_ease}else{$null} 542 | "age_of_vuln" = if($r.age_of_vuln){$r.age_of_vuln}else{$null} 543 | "patch_publication_date" = if($r.patch_publication_date){$r.patch_publication_date}else{$null} 544 | "stig_severity" = if($r.stig_severity){$r.stig_severity}else{$null} 545 | "threat" = [PSCustomObject]@{ 546 | "intensity_last_28" = if($r.threat_intensity_last_28){$r.threat_intensity_last_28}else{$null} 547 | "recency" = if($r.threat_recency){$r.threat_recency}else{$null} 548 | "sources_last_28" = if($r.threat_sources_last_28){$r.threat_sources_last_28}else{$null} 549 | } 550 | "vuln_publication_date" = if($r.vuln_publication_date){$r.vuln_publication_date}else{$null} 551 | "product_coverage" = if($r.product_coverage){$r.product_coverage}else{$null} 552 | } 553 | "network" = [PSCustomObject]@{ 554 | "transport" = $r.protocol 555 | "application" = $r.svc_name 556 | } 557 | "vulnerability" = [PSCustomObject]@{ 558 | "id" = (@(if($r.cve){($r.cve)}else{$null})) 559 | "category" = $r.pluginFamily 560 | "description" = $r.description 561 | "severity" = $r.risk_factor 562 | "reference" = (@(if($r.see_also){($r.see_also.Split("`n"))}else{$null})) 563 | "report_id" = $reportName 564 | "module" = $r.pluginName 565 | "classification" = (@(if($r.cve){("CVE")}else{$null})) 566 | "score" = [PSCustomObject]@{ 567 | "base" = $r.cvss_base_score 568 | "temporal" = $r.cvss_temporal_score 569 | } 570 | } 571 | 572 | } | ConvertTo-Json -Compress -Depth 5 573 | 574 | $hash += "{`"create`":{ } }`r`n$obj`r`n" 575 | #$Clean up variables 576 | $ip = '' 577 | $fqdn = '' 578 | $osu = '' 579 | $systype = '' 580 | $os = '' 581 | $opersys = '' 582 | $credscan = '' 583 | $macAddr = '' 584 | $hostStart = '' 585 | $hostEnd = '' 586 | $rdns = '' 587 | $operSysConfidence = '' 588 | $operSysMethod = '' 589 | 590 | } 591 | #Uncomment below to see the hash 592 | #$hash 593 | $ProgressPreference = 'SilentlyContinue' 594 | $data = Invoke-RestMethod -Uri "$Elasticsearch_URL/$Elasticsearch_Index_Name/_bulk" -Method POST -ContentType "application/x-ndjson; charset=utf-8" -body $hash -Headers $global:AuthenticationHeaders -SkipCertificateCheck 595 | 596 | #Error checking 597 | #$data.items | ConvertTo-Json -Depth 5 598 | 599 | $hash = '' 600 | } 601 | } 602 | 603 | function Invoke-Automate_Nessus_File_Imports { 604 | Param ( 605 | # The location where you wish to save the extracted Nessus files from the scanner (default - Nessus_Exports) 606 | [Parameter(Mandatory=$true)] 607 | $Nessus_File_Download_Location, 608 | # Add Elasticsearch URL to automate Nessus import (default - https://127.0.0.1:9200) 609 | [Parameter(Mandatory=$true)] 610 | $Elasticsearch_URL, 611 | # Add Elasticsearch index name to automate Nessus import (default - logs-nessus.vulnerability) 612 | [Parameter(Mandatory=$true)] 613 | $Elasticsearch_Index_Name, 614 | # Elasticsearch Api Key 615 | [Parameter(Mandatory=$true)] 616 | $Elasticsearch_API_Key 617 | ) 618 | 619 | $ProcessedHashesPath = "ProcessedHashes.txt" 620 | #Check to see if export scan directory exists, if not, create it! 621 | if ($false -eq $(Test-Path -Path $Nessus_File_Download_Location)) { 622 | Write-Host "Could not find $Nessus_File_Download_Location so creating that directory now." 623 | New-Item $Nessus_File_Download_Location -ItemType Directory 624 | } 625 | #Check to see if ProcessedHashses.txt file exists, if not, create it! 626 | if ($false -eq $(Test-Path -Path $processedHashesPath)) { 627 | Write-Host "Could not find $processedHashesPath so creating that file now." 628 | New-Item $processedHashesPath 629 | } 630 | 631 | #Check to see if parsedTime.txt file exists, if not, create it! 632 | if ($false -eq $(Test-Path -Path "parsedTime.txt")) { 633 | Write-Host "Could not find parsedTime.txt so creating that file now." 634 | New-Item "parsedTime.txt" 635 | } 636 | 637 | #Start ingesting 1 by 1! 638 | $allFiles = Get-ChildItem -Path $Nessus_File_Download_Location 639 | $allProcessedHashes = Get-Content $processedHashesPath 640 | $allFiles | ForEach-Object { 641 | #Check if already processed by name and hash 642 | if ($_.Name -like '*.nessus' -and ($allProcessedHashes -notcontains $($_ | Get-FileHash).Hash)) { 643 | $starting = Get-Date 644 | $Nessus_XML_File = Join-Path $Nessus_File_Download_Location -ChildPath $_.Name 645 | $markProcessed = "$($_.Name).processed" 646 | Write-Host "Going to process $_ now." 647 | Invoke-Import_Nessus_To_Elasticsearch -Nessus_XML_File $_ -Elasticsearch_URL $Elasticsearch_URL -Elasticsearch_Index $Elasticsearch_Index_Name -Elasticsearch_API_Key $Elasticsearch_API_Key 648 | $ending = Get-Date 649 | $duration = $ending - $starting 650 | $($Nessus_XML_File+'-PSNFscript-'+$duration | Out-File $(Resolve-Path parsedTime.txt).Path -Append) 651 | $($_ | Get-FileHash).Hash.toString() | Add-Content $processedHashesPath 652 | Write-Host "$Nessus_XML_File processed in $duration" 653 | Rename-Item -Path $_ -NewName $markProcessed 654 | } else { 655 | Write-Host "The file $($_.Name) doesn't end in .nessus or has already been processed in the $ProcessedHashesPath file. This file is used for tracking what files have been ingested to prevent duplicate ingest of data." 656 | Write-Host "If it's already been processed and you want to process it again, remove the hash from the $ProcessedHashesPath file or just remove it entirely for a clean slate." 657 | } 658 | } 659 | 660 | Write-Host "End of automating script!" -ForegroundColor Green 661 | } 662 | 663 | function Invoke-Purge_Processed_Hashes_List { 664 | Remove-Item .\ProcessedHashes.txt -Force 665 | } 666 | 667 | function Invoke-Revert_Nessus_To_Processed_Rename { 668 | Param ( 669 | # The location where you wish to save the extracted Nessus files from the scanner (default - Nessus_Exports) 670 | [Parameter(Mandatory=$true)] 671 | $Nessus_File_Download_Location 672 | ) 673 | # Get all files in the directory with the .nessus.processed extension 674 | $allFiles = Get-ChildItem -Path $Nessus_File_Download_Location -Filter *.processed 675 | 676 | # Rename each file 677 | foreach ($file in $allFiles) { 678 | $newName = $file.FullName -replace '\.processed$', '' 679 | Rename-Item -Path $file.FullName -NewName $newName -Force 680 | } 681 | } 682 | 683 | function Invoke-Purge_Oldest_Scan_From_History { 684 | Param ( 685 | [Parameter(Mandatory=$true)] 686 | $Nessus_Scan_Name_To_Delete_Oldest_Scan 687 | ) 688 | 689 | $headers = @{'X-ApiKeys' = "accessKey=$Nessus_Access_Key; secretKey=$Nessus_Secret_Key"} 690 | 691 | # Don't parse the file downloads because we care about speed! 692 | $ProgressPreference = 'SilentlyContinue' 693 | getFolderIdFromName $Nessus_Source_Folder_Name, $Nessus_Archive_Folder_Name 694 | updateStatus 695 | $global:listOfScans | Where-Object -Property name -eq $Nessus_Scan_Name_To_Delete_Oldest_Scan 696 | $scanId = $($global:listOfScans | Where-Object -Property name -eq $Nessus_Scan_Name_To_Delete_Oldest_Scan).id 697 | if($null -eq $scanId){ 698 | Write-Host "Invalid scan name entered ($Nessus_Scan_Name_To_Delete_Oldest_Scan) - exiting script" -ForegroundColor Yellow 699 | exit 700 | } else { 701 | Write-Host "Valid scan name found ($Nessus_Scan_Name_To_Delete_Oldest_Scan)" -ForegroundColor Green 702 | } 703 | $scanHistory = Invoke-RestMethod -Method Get -Uri "$Nessus_URL/scans/$($scanId)?limit=2500" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 704 | $scanHistorySorted = $scanHistory.history | Select-Object -Property history_id, @{Name='creation_date'; Expression={convertToISO($_.creation_date)|Get-Date -Format 'MM/dd/yyyy HH:mm:ss'}}, status | Sort-Object -Property creation_date 705 | $oldestStartDate = $scanHistorySorted[0].creation_date 706 | $oldestStatus = $scanHistorySorted[0].status 707 | $oldestHistoryId = $scanHistorySorted[0].history_id 708 | $scanHistorySorted 709 | Write-Host "Found $($($scanHistory.history).count) total scans for $($scanHistory.info.name)" 710 | Write-Host "The oldest scan will be deleted. Details below:`nScan Started: $oldestStartDate`nScan Status: $oldestStatus`nScan History Id: $oldestHistoryId" 711 | try{ 712 | # Delete scan 713 | Write-Host "Deleting scan! $Nessus_Scan_Name_To_Delete_Oldest_Scan (Id-$scanId,History Id-$oldestHistoryId)" -ForegroundColor Magenta 714 | $deleteScan = Invoke-RestMethod -Method Delete -Uri "$Nessus_URL/scans/$($scanId)/history/$oldestHistoryId" -ContentType "application/json" -Headers $headers -SkipCertificateCheck 715 | Write-Host "Scan successfully deleted!" 716 | } catch { 717 | Write-Host "Scan could not be deleted. $_" 718 | } 719 | 720 | Write-Host "End of oldest scan deletion script!" -ForegroundColor Green 721 | } 722 | 723 | } 724 | 725 | Process { 726 | 727 | while ($true -ne $finished) { 728 | # Show Menu if script was not provided the choice on execution using the Option_Selected variable 729 | if ($null -eq $Option_Selected) { 730 | Show-Menu 731 | $Option_Selected = Read-Host "Enter your choice" 732 | } 733 | 734 | switch ($Option_Selected) { 735 | '0' { 736 | Write-Host "You selected Option $option0" 737 | 738 | #Check for Elasticserach URL, Kibana Url, and elastic credentials 739 | $Elasticsearch_URL = Read-Host "Elasticsearch URL" 740 | $Kibana_URL = Read-Host "Kibana URL" 741 | $Elasticsearch_Credentials = Get-Credential elastic 742 | $Elasticsearch_Credentials_Base64 = [convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($($Elasticsearch_Credentials.UserName+":"+$($Elasticsearch_Credentials.Password | ConvertFrom-SecureString -AsPlainText)).ToString())) 743 | $Kibana_Credentials = "Basic $Elasticsearch_Credentials_Base64" 744 | 745 | #Import Ingest Pipelines 746 | Write-Host "Setting up customized Nessus Elasticsearch ingest pipeline." -ForegroundColor Blue 747 | $pipelineName = "logs-nessus.vulnerability" 748 | $ingestPipelineJSON = Get-Content $(Join-Path .\pipelines -ChildPath "$pipelineName.json") 749 | $ingestPipelineURL = $Elasticsearch_URL+"/_ingest/pipeline/"+$pipelineName 750 | try { 751 | $createPipeline = Invoke-RestMethod -Method PUT -Uri $ingestPipelineURL -Body $ingestPipelineJSON -ContentType "application/json" -Credential $Elasticsearch_Credentials -AllowUnencryptedAuthentication -SkipCertificateCheck 752 | if ($createPipeline.acknowledged -eq $true) { 753 | Write-Host "The pipeline $pipelineName was successfully created!" -ForegroundColor Green 754 | Write-Host "Check it out here: $Kibana_URL/app/management/ingest/ingest_pipelines/?pipeline=$pipelineName" -ForegroundColor Blue 755 | } else { 756 | Write-Host "Pipeline failed to get created." 757 | } 758 | } catch { 759 | Write-Host "Couldn't add ingest pipeline, likely because it already exists. Check kibana to see if the ingest pipeline $pipelineName exists." -ForegroundColor Yellow 760 | } 761 | 762 | #Import Index Template 763 | Write-Host "Setting up customized Elasticsearch index template." -ForegroundColor Blue 764 | $indexTemplateName = "logs-nessus.vulnerability" 765 | $indexTemplateNameJSON = Get-Content $(Join-Path .\templates -ChildPath "$indexTemplateName.json") 766 | $indexTemplateURL = $Elasticsearch_URL+"/_index_template/"+$indexTemplateName 767 | try { 768 | $createIndexTemplate = Invoke-RestMethod -Method PUT -Uri $indexTemplateURL -Body $indexTemplateNameJSON -ContentType "application/json" -Credential $Elasticsearch_Credentials -AllowUnencryptedAuthentication -SkipCertificateCheck 769 | if ($createIndexTemplate.acknowledged -eq $true) { 770 | Write-Host "The index template $indexTemplateName was successfully created!" -ForegroundColor Green 771 | Write-Host "Check it out here: $Kibana_URL/app/management/data/index_management/templates/$indexTemplateName" -ForegroundColor Blue 772 | } else { 773 | Write-Host "Index template failed to get created." 774 | } 775 | } catch { 776 | Write-Host "Couldn't add index template, likely because it already exists. Check kibana to see if the ingest pipeline $indexTemplateName exists." -ForegroundColor Yellow 777 | } 778 | 779 | #Import Saved Objects 780 | $dashboardsPath = $(Resolve-Path .\dashboards).path 781 | $importSavedObjectsURL = $Kibana_URL+"/api/saved_objects/_import?overwrite=true" 782 | $kibanaHeader = @{"kbn-xsrf" = "true"; "Authorization" = "$Kibana_Credentials"} 783 | $allDashboardFiles = Get-ChildItem $dashboardsPath 784 | $allDashboardFiles | ForEach-Object { 785 | $fileBytes = [System.IO.File]::ReadAllBytes($_.FullName); 786 | $fileEnc = [System.Text.Encoding]::GetEncoding('UTF-8').GetString($fileBytes); 787 | $boundary = [System.Guid]::NewGuid().ToString(); 788 | $LF = "`r`n"; 789 | 790 | $bodyLines = ( 791 | "--$boundary", 792 | "Content-Disposition: form-data; name=`"file`"; filename=`"$($_.name)`"", 793 | "Content-Type: application/octet-stream$LF", 794 | $fileEnc, 795 | "--$boundary--$LF" 796 | ) -join $LF 797 | 798 | $result = Invoke-RestMethod -Method POST -Uri $importSavedObjectsURL -Headers $kibanaHeader -ContentType "multipart/form-data; boundary=`"$boundary`"" -Body $bodyLines -AllowUnencryptedAuthentication -SkipCertificateCheck 799 | if($result.errors -or $null -eq $result){ 800 | Write-Host "There was an error trying to import $filename" 801 | $result.errors 802 | } 803 | $fileBytes = $null 804 | $fileEnc = $null 805 | $boundary = $null 806 | $result = $null 807 | } 808 | 809 | #Create Nessus API Key 810 | Write-Host "Setting up customized Nessus Elasticsearch API Key for writing to logs-nessus.vulnerability data stream." -ForegroundColor Blue 811 | $logsNessusAPIKey = "logs-nessus.vulnerability-api-key" 812 | $logsNessusAPIKeyJSON = Get-Content $(Join-Path .\templates -ChildPath "$logsNessusAPIKey.json") 813 | $createAPIKeyURL = $Elasticsearch_URL+"/_security/api_key" 814 | try { 815 | $createAPIKey = Invoke-RestMethod -Method PUT -Uri $createAPIKeyURL -Body $logsNessusAPIKeyJSON -ContentType "application/json" -Credential $Elasticsearch_Credentials -AllowUnencryptedAuthentication -SkipCertificateCheck 816 | if ($createAPIKey.encoded) { 817 | Write-Host "The Nessus API key was successfully created!" -ForegroundColor Green 818 | Write-Host "Here is your encoded API Key that can be used to ingest your Nessus scan data into the $($createApiKey.name) data stream.`nStore in a safe place: $($createApiKey.encoded)" 819 | } else { 820 | Write-Host "API Key failed to get created." -ForegroundColor Yellow 821 | } 822 | } catch { 823 | Write-Host "API Key failed to get created. $_" -ForegroundColor Yellow 824 | } 825 | 826 | $finished = $true 827 | } 828 | '1' { 829 | Write-Host "You selected Option $option1" 830 | 831 | #Check for Nessus Access and Nessus Secret Key and Prompt if not provided 832 | if($null -eq $Nessus_Access_Key){ 833 | $Nessus_Access_Key = Read-Host "Nessus Access Key" 834 | } 835 | if($null -eq $Nessus_Secret_Key){ 836 | $Nessus_Secret_Key = Read-Host "Nessus Secret Key" 837 | } 838 | 839 | Invoke-Exract_From_Nessus -Nessus_URL $Nessus_URL -Nessus_File_Download_Location $Nessus_File_Download_Location -Nessus_Access_Key $Nessus_Access_Key -Nessus_Secret_Key $Nessus_Secret_Key -Nessus_Source_Folder_Name $Nessus_Source_Folder_Name -Nessus_Archive_Folder_Name $Nessus_Archive_Folder_Name -Export_Scans_From_Today $Export_Scans_From_Today -Export_Day $Export_Day -Export_Custom_Extended_File_Name_Attribute $Export_Custom_Extended_File_Name_Attribute 840 | $finished = $true 841 | } 842 | '2' { 843 | Write-Host "You selected Option $option2" 844 | 845 | #Check for Nessus XML File you wish to process 846 | if($null -eq $Nessus_XML_File){ 847 | $Nessus_XML_File = Read-Host "Nessus XML File (.nessus)" 848 | } 849 | 850 | #Check for Elasticsearch URL and API Keys and prompt if not provided 851 | if($null -eq $Elasticsearch_URL){ 852 | $Elasticsearch_URL = Read-Host "Elasticsearch URL (https://127.0.0.1:9200)" 853 | } 854 | if($null -eq $Elasticsearch_Api_Key){ 855 | $Elasticsearch_Api_Key = Read-Host "Elasticsearch API Key" 856 | } 857 | 858 | Invoke-Import_Nessus_To_Elasticsearch -Nessus_XML_File $Nessus_XML_File -Elasticsearch_URL $Elasticsearch_URL -Elasticsearch_Index_Name $Elasticsearch_Index_Name -Elasticsearch_API_Key $Elasticsearch_Api_Key 859 | $finished = $true 860 | } 861 | '3' { 862 | Write-Host "You selected Option $option3" 863 | 864 | #Check for Elasticsearch URL and API Keys and prompt if not provided 865 | if($null -eq $Elasticsearch_URL){ 866 | $Elasticsearch_URL = Read-Host "Elasticsearch URL (https://127.0.0.1:9200)" 867 | } 868 | if($null -eq $Elasticsearch_Api_Key){ 869 | $Elasticsearch_Api_Key = Read-Host "Elasticsearch API Key" 870 | } 871 | if($null -eq $Nessus_File_Download_Location){ 872 | $Nessus_File_Download_Location = Read-Host "Nessus File Download Location (default - Nessus Exports)" 873 | } 874 | 875 | Invoke-Automate_Nessus_File_Imports -Nessus_File_Download_Location $Nessus_File_Download_Location -Elasticsearch_URL $Elasticsearch_URL -Elasticsearch_Index_Name $Elasticsearch_Index_Name -Elasticsearch_API_Key $Elasticsearch_Api_Key 876 | 877 | $finished = $true 878 | } 879 | '4' { 880 | Write-Host "You selected Option $option4." -ForegroundColor Yellow 881 | 882 | #Check for Nessus Access and Nessus Secret Key and Prompt if not provided 883 | if($null -eq $Nessus_Access_Key){ 884 | $Nessus_Access_Key = Read-Host "Nessus Access Key" 885 | } 886 | if($null -eq $Nessus_Secret_Key){ 887 | $Nessus_Secret_Key = Read-Host "Nessus Secret Key" 888 | } 889 | 890 | #Check for Elasticsearch URL and API Keys and prompt if not provided 891 | if($null -eq $Elasticsearch_URL){ 892 | $Elasticsearch_URL = Read-Host "Elasticsearch URL (https://127.0.0.1:9200)" 893 | } 894 | if($null -eq $Elasticsearch_Api_Key){ 895 | $Elasticsearch_Api_Key = Read-Host "Elasticsearch API Key" 896 | } 897 | 898 | Invoke-Exract_From_Nessus -Nessus_URL $Nessus_URL -Nessus_File_Download_Location $Nessus_File_Download_Location -Nessus_Access_Key $Nessus_Access_Key -Nessus_Secret_Key $Nessus_Secret_Key -Nessus_Source_Folder_Name $Nessus_Source_Folder_Name -Nessus_Archive_Folder_Name $Nessus_Archive_Folder_Name -Export_Scans_From_Today $Export_Scans_From_Today -Export_Day $Export_Day -Export_Custom_Extended_File_Name_Attribute $Export_Custom_Extended_File_Name_Attribute 899 | 900 | Invoke-Automate_Nessus_File_Imports -Nessus_File_Download_Location $Nessus_File_Download_Location -Elasticsearch_URL $Elasticsearch_URL -Elasticsearch_Index_Name $Elasticsearch_Index_Name -Elasticsearch_API_Key $Elasticsearch_Api_Key 901 | 902 | $finished = $true 903 | break 904 | } 905 | '5' { 906 | Write-Host "You selected Option $option5." -ForegroundColor Yellow 907 | Invoke-Purge_Processed_Hashes_List 908 | Invoke-Revert_Nessus_To_Processed_Rename $Nessus_File_Download_Location 909 | $finished = $true 910 | break 911 | } 912 | '10' { 913 | Write-Host "You selected Option $option10." -ForegroundColor Yellow 914 | if($null -eq $Nessus_Scan_Name_To_Delete_Oldest_Scan){ 915 | $Nessus_Scan_Name_To_Delete_Oldest_Scan = Read-Host "Nessus Scan Name to Delete Oldest Scan" 916 | } 917 | Invoke-Purge_Oldest_Scan_From_History $Nessus_Scan_Name_To_Delete_Oldest_Scan 918 | $finished = $true 919 | break 920 | } 921 | 'Q' { 922 | Write-Host "You selected quit, exiting." -ForegroundColor Yellow 923 | $finished = $true 924 | break 925 | } 926 | default { 927 | Write-Host "Invalid choice. Please select a valid option." 928 | } 929 | } 930 | } 931 | 932 | } 933 | 934 | End { 935 | Write-Host "This is the end. Thanks for using this script!" -ForegroundColor Blue 936 | $finished = $null 937 | } 938 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 nicpenning 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nessus-ES (Deprecated) 2 | 3 | The update is here! [Click Here](https://github.com/nicpenning/Power-Nessie) to go to Power-Nessie, the update to this project. 4 | 5 | For the maintained version of this project, please navigate to the link above. This project will be archived and set to read only. Thank you! 6 | 7 | ![👀](https://github.com/nicpenning/Nessus-ES/assets/5582679/1a23deda-9a00-4ec4-9d99-013b7572aa91) 8 | 9 | 10 | Ingest .nessus files from Tenable's Nessus scanner directly into ElasticSearch with most of the ECS mappings. 11 | 12 | ```mermaid 13 | sequenceDiagram 14 | PowerShell->>Nessus: Downloads .Nessus File(s) via Nessus API 15 | Nessus->>PowerShell: .nessus File(s) Saved Locally 16 | PowerShell->>Kibana: Dashboards, Index Templates and other Setup items 17 | PowerShell->>Elasticsearch: Ingest Parsed XML Data via Elasticsearch API 18 | ``` 19 | 20 | With some careful setup of your Elastic stack and a little PowerShell you can turn your .nessus files into this: 21 | ![image](https://github.com/nicpenning/Nessus-ES/assets/5582679/746d143d-ff1a-4077-82c2-03e229f59bbf) 22 | 23 | The Nessus-ES project is a simplified way of taking .nessus files and ingesting them into Elastic using PowerShell on Windows, Mac, or Linux. 24 | 25 | Requirements 26 | * Functioning Elastic Stack (7.0+, 8.12.1 Latest Tested) 27 | * PowerShell 7.0+ (7.4.1 Latest Tested) 28 | * .nessus File(s) Exported (Script included to export these files!) 29 | 30 | Script includes a Menu to help you through how you would like to use this tool: 31 | ![image](https://github.com/nicpenning/Nessus-ES/assets/5582679/989727d5-65ee-49fd-9dd9-8e74724fd75e) 32 | 33 | ## Now 34 | - [X] Index Template (How To) 35 | - [X] Index Pattern, Searches, Visualizations, and Dashboards 36 | - [X] ECS coverage across as many fields as possible 37 | - [X] Documentation ([Wiki](https://github.com/nicpenning/Nessus-ES/wiki/Overview)) 38 | - [X] Automated Nessus File Download Script 39 | - [X] Automated Elasticsearch Ingest 40 | - [X] Setup Script (Template, Objects, API, etc..) 41 | 42 | ## Future 43 | - [ ] Add Detection Rules 44 | - [ ] Compare Scans (New Data Stream) 45 | - [ ] Automate/Implement Latest CISA KEVs ([Feature Request](https://github.com/nicpenning/Nessus-ES/issues/13)) 46 | 47 | ## Automated or Manual Download and Ingest capability - Check the [Wiki](https://github.com/nicpenning/Nessus-ES/wiki/Overview)! 48 | Invoke-NessusTo-Elastic.ps1 49 | 50 | ## Full dashboard preview 51 | https://github.com/nicpenning/Nessus-ES/assets/5582679/448505f5-7991-4554-b199-412dd5351329 52 | 53 | -------------------------------------------------------------------------------- /dashboards/1_primary_nessus_dashboard_saved_objects.ndjson: -------------------------------------------------------------------------------- 1 | {"attributes":{"fieldAttrs":"{\"nessus.plugin.id\":{},\"vulnerability.reference\":{},\"event.duration\":{},\"event.url\":{}}","fieldFormatMap":"{\"nessus.plugin.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://127.0.0.1:5601\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"vulnerability.reference\":{\"id\":\"url\",\"params\":{}},\"event.duration\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://127.0.0.1:5601\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"humanize\",\"outputPrecision\":2,\"includeSpaceWithSuffix\":true}},\"event.url\":{\"id\":\"url\",\"params\":{}}}","fields":"[]","name":"logs-nessus.vulnerability","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-nessus.vulnerability"},"coreMigrationVersion":"8.8.0","created_at":"2023-11-12T01:21:58.177Z","id":"logs-nessus.vulnerability","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2023-11-12T01:21:58.177Z","version":"WzIzNiwxXQ=="} 2 | {"attributes":{"columns":["host.name","host.os.full","nessus.plugin.name","nessus.exploit_code_maturity","nessus.vpr_score","vulnerability.severity","nessus.age_of_vuln","nessus.threat.recency","vulnerability.report_id"],"description":"This search is a quick look into the vulnerabilities if they contain the VPR scoring attributes.","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"nessus.vpr_score\",\"field\":\"nessus.vpr_score\",\"value\":\"exists\",\"type\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"exists\":{\"field\":\"nessus.vpr_score\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"[Vulnerability] VPR Search","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2023-11-12T01:21:58.177Z","id":"1421aba0-768d-11ec-96be-4d7ebfe862ad","managed":false,"references":[{"id":"logs-nessus.vulnerability","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"7.9.3","updated_at":"2023-11-12T01:23:16.266Z","version":"WzI0MiwxXQ=="} 3 | {"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"923f096f-be79-42bc-a8c0-e06f7cf4a845\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"923f096f-be79-42bc-a8c0-e06f7cf4a845\",\"fieldName\":\"vulnerability.severity\",\"title\":\"vulnerability.severity\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"db286806-e7ab-45a1-9dd2-1bddbc2e4570\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"db286806-e7ab-45a1-9dd2-1bddbc2e4570\",\"fieldName\":\"nessus.exploit_available\",\"title\":\"Exploit Available?\",\"grow\":true,\"width\":\"medium\",\"singleSelect\":true,\"enhancements\":{}}},\"09c4f982-4f79-4835-a968-f155fc4d0016\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"09c4f982-4f79-4835-a968-f155fc4d0016\",\"fieldName\":\"nessus.plugin.type.keyword\",\"title\":\"Vulnerability Type\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"a1a15165-ce4e-4e15-8deb-8a9622b75171\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"a1a15165-ce4e-4e15-8deb-8a9622b75171\",\"fieldName\":\"nessus.plugin.type.keyword\",\"title\":\"Plugin Family\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"5a43cbb2-3fb4-4602-a6e9-86f63147c7d2\":{\"type\":\"optionsListControl\",\"order\":6,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"5a43cbb2-3fb4-4602-a6e9-86f63147c7d2\",\"fieldName\":\"host.name\",\"title\":\"Host Name\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"dff7f60c-bc93-4b37-a1c6-4ce75f456c0b\":{\"type\":\"optionsListControl\",\"order\":7,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"dff7f60c-bc93-4b37-a1c6-4ce75f456c0b\",\"fieldName\":\"host.ip\",\"title\":\"Host IP\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"7ecb1e52-e177-4f37-936c-beab1c160379\":{\"type\":\"optionsListControl\",\"order\":8,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"7ecb1e52-e177-4f37-936c-beab1c160379\",\"fieldName\":\"host.mac\",\"title\":\"Host MAC\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"906b55b2-9e94-4dea-9b14-5fa4148bd813\":{\"type\":\"optionsListControl\",\"order\":9,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"906b55b2-9e94-4dea-9b14-5fa4148bd813\",\"fieldName\":\"host.os.full\",\"title\":\"Host OS\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"766685df-61e3-40a4-bf6d-7b18080b6afb\":{\"type\":\"optionsListControl\",\"order\":5,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"766685df-61e3-40a4-bf6d-7b18080b6afb\",\"fieldName\":\"nessus.credentialed_scan\",\"title\":\"Credentialed Scan?\",\"grow\":true,\"width\":\"medium\",\"singleSelect\":true,\"enhancements\":{}}},\"8ece7b27-8c85-482d-aa9b-ee8e96756e5f\":{\"type\":\"optionsListControl\",\"order\":10,\"grow\":false,\"width\":\"small\",\"explicitInput\":{\"id\":\"8ece7b27-8c85-482d-aa9b-ee8e96756e5f\",\"fieldName\":\"nessus.plugin.name.keyword\",\"title\":\"Plugin Name\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"a450a179-8a1f-4a56-9e0b-e51b92a030d0\":{\"type\":\"optionsListControl\",\"order\":4,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"a450a179-8a1f-4a56-9e0b-e51b92a030d0\",\"fieldName\":\"nessus.cve.keyword\",\"title\":\"CVE\",\"grow\":true,\"width\":\"small\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":41,\"w\":32,\"h\":23,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Time Series (converted)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-14f5c16c-b3e9-45b7-935d-ee9bc30d35ea\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":false,\"showSingleSeries\":false,\"position\":\"right\",\"shouldTruncate\":true,\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"fillOpacity\":0.5,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"seriesType\":\"area\",\"layerType\":\"data\",\"layerId\":\"14f5c16c-b3e9-45b7-935d-ee9bc30d35ea\",\"accessors\":[\"14cb9e0b-17d2-4d09-befb-6382de578df9\"],\"yConfig\":[{\"forAccessor\":\"14cb9e0b-17d2-4d09-befb-6382de578df9\",\"color\":\"#68BC00\",\"axisMode\":\"left\"}],\"xAccessor\":\"c5c051af-7ede-4e86-be1f-b10b1598a94a\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"14f5c16c-b3e9-45b7-935d-ee9bc30d35ea\":{\"ignoreGlobalFilters\":false,\"columns\":{\"c5c051af-7ede-4e86-be1f-b10b1598a94a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":true}},\"14cb9e0b-17d2-4d09-befb-6382de578df9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"format\":{\"id\":\"number\"},\"emptyAsNull\":true}}},\"columnOrder\":[\"c5c051af-7ede-4e86-be1f-b10b1598a94a\",\"14cb9e0b-17d2-4d09-befb-6382de578df9\"],\"incompleteColumns\":{},\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{\"tsvb_ad_hoc_nessus-*/@timestamp\":{\"id\":\"tsvb_ad_hoc_nessus-*/@timestamp\",\"title\":\"nessus-*\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"fieldFormats\":{},\"runtimeFieldMap\":{},\"fieldAttrs\":{},\"allowNoIndex\":false,\"name\":\"nessus-*\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Time Series\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":6,\"i\":\"f5d1022c-f264-4216-9377-bf9687bcf77d\"},\"panelIndex\":\"f5d1022c-f264-4216-9377-bf9687bcf77d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Unique Hosts (converted)\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ca23d0fe-6b58-4f9c-9921-b4a85336b739\"}],\"state\":{\"visualization\":{\"layerId\":\"ca23d0fe-6b58-4f9c-9921-b4a85336b739\",\"layerType\":\"data\",\"metricAccessor\":\"544c733f-6a48-4c55-a06b-2b295fcd0e11\",\"color\":\"#6092C0\",\"showBar\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ca23d0fe-6b58-4f9c-9921-b4a85336b739\":{\"columns\":{\"544c733f-6a48-4c55-a06b-2b295fcd0e11\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"544c733f-6a48-4c55-a06b-2b295fcd0e11\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"[Vulnerability] Unique Hosts\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":6,\"i\":\"c46dfcd3-3fff-4122-9709-fb8133c2eadf\"},\"panelIndex\":\"c46dfcd3-3fff-4122-9709-fb8133c2eadf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\"}],\"state\":{\"visualization\":{\"layerId\":\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\",\"layerType\":\"data\",\"metricAccessor\":\"06257af4-845c-4414-b8c4-cb15490d0aff\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#ffffff00\",\"stop\":1},{\"color\":\"#9F0500\",\"stop\":2}],\"colorStops\":[{\"color\":\"#ffffff00\",\"stop\":null},{\"color\":\"#9F0500\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}},\"showBar\":false},\"query\":{\"query\":\"vulnerability.severity : \\\"Critical\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\":{\"columns\":{\"06257af4-845c-4414-b8c4-cb15490d0aff\":{\"label\":\"Critical\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"06257af4-845c-4414-b8c4-cb15490d0aff\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":0,\"w\":7,\"h\":6,\"i\":\"c51fd572-0514-4f7f-b066-7c0333505725\"},\"panelIndex\":\"c51fd572-0514-4f7f-b066-7c0333505725\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\"}],\"state\":{\"visualization\":{\"layerId\":\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\",\"layerType\":\"data\",\"metricAccessor\":\"06257af4-845c-4414-b8c4-cb15490d0aff\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#ffffff00\",\"stop\":1},{\"color\":\"#E27300\",\"stop\":2}],\"colorStops\":[{\"color\":\"#ffffff00\",\"stop\":null},{\"color\":\"#E27300\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"vulnerability.severity : \\\"High\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\":{\"columns\":{\"06257af4-845c-4414-b8c4-cb15490d0aff\":{\"label\":\"High\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"06257af4-845c-4414-b8c4-cb15490d0aff\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":0,\"w\":7,\"h\":6,\"i\":\"9d1d8208-5428-4c26-a3ca-135e9cd73e16\"},\"panelIndex\":\"9d1d8208-5428-4c26-a3ca-135e9cd73e16\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\"}],\"state\":{\"visualization\":{\"layerId\":\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\",\"layerType\":\"data\",\"metricAccessor\":\"06257af4-845c-4414-b8c4-cb15490d0aff\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#ffffff00\",\"stop\":1},{\"color\":\"#FCDC00\",\"stop\":18}],\"colorStops\":[{\"color\":\"#ffffff00\",\"stop\":null},{\"color\":\"#FCDC00\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"vulnerability.severity : \\\"Medium\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\":{\"columns\":{\"06257af4-845c-4414-b8c4-cb15490d0aff\":{\"label\":\"Medium\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"06257af4-845c-4414-b8c4-cb15490d0aff\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":29,\"y\":0,\"w\":7,\"h\":6,\"i\":\"949a4417-9deb-401d-bb30-4affd662e798\"},\"panelIndex\":\"949a4417-9deb-401d-bb30-4affd662e798\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\"}],\"state\":{\"visualization\":{\"layerId\":\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\",\"layerType\":\"data\",\"metricAccessor\":\"06257af4-845c-4414-b8c4-cb15490d0aff\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#ffffff00\",\"stop\":1},{\"color\":\"#68BC00\",\"stop\":18}],\"colorStops\":[{\"color\":\"#ffffff00\",\"stop\":null},{\"color\":\"#68BC00\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"vulnerability.severity : \\\"Low\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\":{\"columns\":{\"06257af4-845c-4414-b8c4-cb15490d0aff\":{\"label\":\"Low\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"06257af4-845c-4414-b8c4-cb15490d0aff\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":6,\"i\":\"592501c0-1902-4785-812e-8f32c1936e09\"},\"panelIndex\":\"592501c0-1902-4785-812e-8f32c1936e09\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\"}],\"state\":{\"visualization\":{\"layerId\":\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\",\"layerType\":\"data\",\"metricAccessor\":\"06257af4-845c-4414-b8c4-cb15490d0aff\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#ffffff00\",\"stop\":1},{\"color\":\"#009CE0\",\"stop\":18}],\"colorStops\":[{\"color\":\"#ffffff00\",\"stop\":null},{\"color\":\"#009CE0\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"vulnerability.severity : \\\"Medium\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ea1665cf-b50c-49e3-9da5-ed03aa33b3ca\":{\"columns\":{\"06257af4-845c-4414-b8c4-cb15490d0aff\":{\"label\":\"Informational\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"06257af4-845c-4414-b8c4-cb15490d0aff\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":13,\"i\":\"7ce37858-b83e-4bf2-b5ef-1bcbd9e3dda8\"},\"panelIndex\":\"7ce37858-b83e-4bf2-b5ef-1bcbd9e3dda8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Hosts with All Findings (converted)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-812015f4-b50a-4696-a7ea-a5b8c959a809\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":false,\"position\":\"right\",\"legendSize\":\"auto\",\"shouldTruncate\":true,\"maxLines\":1,\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"curveType\":\"LINEAR\",\"yTitle\":\"Count\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\",\"enforce\":true},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":-90,\"yLeft\":0,\"yRight\":-90},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"812015f4-b50a-4696-a7ea-a5b8c959a809\",\"accessors\":[\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\"],\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"c6162117-b15d-482c-b7b8-9e10356ccff6\",\"simpleView\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"yConfig\":[{\"forAccessor\":\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\",\"axisMode\":\"left\",\"color\":\"#447EBC\"}],\"xScaleType\":\"ordinal\",\"isHistogram\":false,\"splitAccessor\":\"58cb2081-b2b2-4481-82fa-8473914ff5e5\",\"colorMapping\":{\"assignmentMode\":\"manual\",\"assignments\":[{\"rule\":{\"type\":\"matchExactly\",\"values\":[\"Medium\"]},\"color\":{\"type\":\"categorical\",\"paletteId\":\"eui_amsterdam_color_blind\",\"colorIndex\":5},\"touched\":true},{\"rule\":{\"type\":\"matchExactly\",\"values\":[\"Critical\"]},\"color\":{\"type\":\"categorical\",\"paletteId\":\"eui_amsterdam_color_blind\",\"colorIndex\":9},\"touched\":true},{\"rule\":{\"type\":\"matchExactly\",\"values\":[\"High\"]},\"color\":{\"type\":\"categorical\",\"paletteId\":\"eui_amsterdam_color_blind\",\"colorIndex\":7},\"touched\":true},{\"rule\":{\"type\":\"matchExactly\",\"values\":[\"Low\"]},\"color\":{\"type\":\"categorical\",\"paletteId\":\"eui_amsterdam_color_blind\",\"colorIndex\":0},\"touched\":false}],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"categorical\",\"paletteId\":\"eui_amsterdam_color_blind\",\"colorIndex\":0},\"touched\":true}],\"paletteId\":\"eui_amsterdam_color_blind\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"vulnerability.severity\",\"params\":[\"Critical\",\"High\",\"Medium\",\"Low\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"index\":\"b01f8998-2f96-4a74-825a-fe3ff392aff7\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"vulnerability.severity\":\"Critical\"}},{\"match_phrase\":{\"vulnerability.severity\":\"High\"}},{\"match_phrase\":{\"vulnerability.severity\":\"Medium\"}},{\"match_phrase\":{\"vulnerability.severity\":\"Low\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"812015f4-b50a-4696-a7ea-a5b8c959a809\":{\"ignoreGlobalFilters\":false,\"columns\":{\"c6162117-b15d-482c-b7b8-9e10356ccff6\":{\"label\":\"Host Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"accuracyMode\":false},\"customLabel\":true},\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"58cb2081-b2b2-4481-82fa-8473914ff5e5\":{\"label\":\"Top 5 values of vulnerability.severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"c6162117-b15d-482c-b7b8-9e10356ccff6\",\"58cb2081-b2b2-4481-82fa-8473914ff5e5\",\"493a1fb9-6d8d-47a5-a400-3990c8b51e0e\"],\"incompleteColumns\":{},\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Hosts with All Findings\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":6,\"w\":22,\"h\":22,\"i\":\"2a934e66-066b-48c0-8ec8-e705bc489ef5\"},\"panelIndex\":\"2a934e66-066b-48c0-8ec8-e705bc489ef5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Findings (converted)\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-1b3513f8-f5a0-443a-a9aa-15a7a14c2005\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"1b3513f8-f5a0-443a-a9aa-15a7a14c2005\",\"layerType\":\"data\",\"primaryGroups\":[\"fd2c2e8e-e490-4267-8f38-03fef325479e\"],\"secondaryGroups\":[],\"metrics\":[\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"legendPosition\":\"bottom\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":2,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"vulnerability.severity\",\"value\":[\"Critical\",\"High\",\"Medium\",\"Low\"],\"params\":[\"Critical\",\"High\",\"Medium\",\"Low\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"index\":\"94a4debd-8484-45a6-8da1-428882b957b2\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"vulnerability.severity\":\"Critical\"}},{\"match_phrase\":{\"vulnerability.severity\":\"High\"}},{\"match_phrase\":{\"vulnerability.severity\":\"Medium\"}},{\"match_phrase\":{\"vulnerability.severity\":\"Low\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b3513f8-f5a0-443a-a9aa-15a7a14c2005\":{\"ignoreGlobalFilters\":false,\"columns\":{\"fd2c2e8e-e490-4267-8f38-03fef325479e\":{\"label\":\"nessus.plugin.name.keyword: Descending\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\":{\"label\":\"Host Name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"fd2c2e8e-e490-4267-8f38-03fef325479e\",\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Findings\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":6,\"w\":26,\"h\":22,\"i\":\"c42addfd-44a3-4a79-98c1-5ff20379e85c\"},\"panelIndex\":\"c42addfd-44a3-4a79-98c1-5ff20379e85c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Findings (converted)\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-1b3513f8-f5a0-443a-a9aa-15a7a14c2005\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"layers\":[{\"layerId\":\"1b3513f8-f5a0-443a-a9aa-15a7a14c2005\",\"layerType\":\"data\",\"primaryGroups\":[\"64ecbd77-4cb3-414f-9059-b4fe9c037a79\",\"fd2c2e8e-e490-4267-8f38-03fef325479e\"],\"secondaryGroups\":[],\"metrics\":[\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"legendPosition\":\"bottom\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":1,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"truncateLegend\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b3513f8-f5a0-443a-a9aa-15a7a14c2005\":{\"ignoreGlobalFilters\":false,\"columns\":{\"fd2c2e8e-e490-4267-8f38-03fef325479e\":{\"label\":\"nessus.plugin.name.keyword: Descending\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\":{\"label\":\"Host Name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"64ecbd77-4cb3-414f-9059-b4fe9c037a79\":{\"label\":\"Top 10 values of nessus.vpr_score\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.vpr_score\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"64ecbd77-4cb3-414f-9059-b4fe9c037a79\",\"fd2c2e8e-e490-4267-8f38-03fef325479e\",\"e5a06fa9-3490-458f-b9ec-3ea10e992b5d\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Findings by VPR Score\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":41,\"w\":16,\"h\":23,\"i\":\"2e42a00f-0767-4f30-b2d8-404c091cd97a\"},\"panelIndex\":\"2e42a00f-0767-4f30-b2d8-404c091cd97a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Hosts with Critical Findings (converted)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-6a75cd15-b2dc-4902-9745-4a9e91321467\"},{\"type\":\"index-pattern\",\"name\":\"6ce4ad5e-9db4-48a0-909e-7d75a1e59e2e\",\"id\":\"logs-nessus.vulnerability\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":false,\"position\":\"right\",\"legendSize\":\"auto\",\"shouldTruncate\":true,\"maxLines\":1,\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"curveType\":\"LINEAR\",\"yTitle\":\"Count\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\",\"enforce\":true},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":-90,\"yLeft\":0,\"yRight\":-90},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6a75cd15-b2dc-4902-9745-4a9e91321467\",\"accessors\":[\"448c48c4-2334-4b81-ac36-cf04658e0ba9\"],\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"325fb1e7-873e-4688-bee5-6e8864309289\",\"simpleView\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"yConfig\":[{\"forAccessor\":\"448c48c4-2334-4b81-ac36-cf04658e0ba9\",\"axisMode\":\"left\",\"color\":\"#BF1B00\"}],\"xScaleType\":\"ordinal\",\"isHistogram\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"vulnerability.severity\",\"negate\":false,\"params\":{\"query\":\"Critical\"},\"type\":\"phrase\",\"index\":\"6ce4ad5e-9db4-48a0-909e-7d75a1e59e2e\"},\"query\":{\"match_phrase\":{\"vulnerability.severity\":\"Critical\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a75cd15-b2dc-4902-9745-4a9e91321467\":{\"ignoreGlobalFilters\":false,\"columns\":{\"325fb1e7-873e-4688-bee5-6e8864309289\":{\"label\":\"Host Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"448c48c4-2334-4b81-ac36-cf04658e0ba9\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"448c48c4-2334-4b81-ac36-cf04658e0ba9\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"325fb1e7-873e-4688-bee5-6e8864309289\",\"448c48c4-2334-4b81-ac36-cf04658e0ba9\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Hosts with Critical Findings\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":64,\"w\":48,\"h\":21,\"i\":\"1d43c2fd-724b-4dfc-851f-1256b328664b\"},\"panelIndex\":\"1d43c2fd-724b-4dfc-851f-1256b328664b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d43c2fd-724b-4dfc-851f-1256b328664b\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":85,\"w\":37,\"h\":12,\"i\":\"7f860857-757d-466b-b251-9231c444e2c0\"},\"panelIndex\":\"7f860857-757d-466b-b251-9231c444e2c0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Plugin Output (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-112799c8-b89d-482c-b966-8ae136c41903\"}],\"state\":{\"visualization\":{\"layerId\":\"112799c8-b89d-482c-b966-8ae136c41903\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a1a061aa-723c-4ade-82a1-a88286080515\",\"alignment\":\"left\"},{\"columnId\":\"2e82df44-cf38-4bfb-9b9f-f24a687e9d97\",\"alignment\":\"left\",\"width\":995}],\"paging\":{\"enabled\":false,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"112799c8-b89d-482c-b966-8ae136c41903\":{\"ignoreGlobalFilters\":false,\"columns\":{\"2e82df44-cf38-4bfb-9b9f-f24a687e9d97\":{\"label\":\"Plugin Output\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.output.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1a061aa-723c-4ade-82a1-a88286080515\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a1a061aa-723c-4ade-82a1-a88286080515\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2e82df44-cf38-4bfb-9b9f-f24a687e9d97\",\"a1a061aa-723c-4ade-82a1-a88286080515\"],\"incompleteColumns\":{},\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Plugin Output\"},{\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":85,\"w\":11,\"h\":24,\"i\":\"3853de9e-9f7a-41cf-a52c-02e03f8a25f3\"},\"panelIndex\":\"3853de9e-9f7a-41cf-a52c-02e03f8a25f3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] File Processed (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-bafc0bab-d839-4cd8-aae2-305a6a636c50\"}],\"state\":{\"visualization\":{\"layerId\":\"bafc0bab-d839-4cd8-aae2-305a6a636c50\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"1e60cb74-d596-4bf7-8dcb-28e5f86a4cad\",\"alignment\":\"left\",\"width\":93},{\"columnId\":\"abe6c679-8fd2-4a78-8c1e-daef4faf79a2\",\"alignment\":\"left\",\"width\":223}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"bafc0bab-d839-4cd8-aae2-305a6a636c50\":{\"ignoreGlobalFilters\":false,\"columns\":{\"abe6c679-8fd2-4a78-8c1e-daef4faf79a2\":{\"label\":\"File Processed\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"log.origin.file.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1e60cb74-d596-4bf7-8dcb-28e5f86a4cad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1e60cb74-d596-4bf7-8dcb-28e5f86a4cad\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"abe6c679-8fd2-4a78-8c1e-daef4faf79a2\",\"1e60cb74-d596-4bf7-8dcb-28e5f86a4cad\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] File Processed\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":97,\"w\":37,\"h\":12,\"i\":\"dc22e02e-c87b-402e-bff1-d35f477bf22f\"},\"panelIndex\":\"dc22e02e-c87b-402e-bff1-d35f477bf22f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Solution(s) (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-2c35d74d-bd90-406b-83eb-c3173025e7b1\"}],\"state\":{\"visualization\":{\"layerId\":\"2c35d74d-bd90-406b-83eb-c3173025e7b1\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"b821d952-e35e-43e0-98dd-423a18446692\",\"alignment\":\"left\"},{\"columnId\":\"5b2b027f-d5c7-4f5c-81ed-a54a7ff2104a\",\"alignment\":\"left\",\"width\":1000}],\"paging\":{\"enabled\":false,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2c35d74d-bd90-406b-83eb-c3173025e7b1\":{\"ignoreGlobalFilters\":false,\"columns\":{\"5b2b027f-d5c7-4f5c-81ed-a54a7ff2104a\":{\"label\":\"Solution\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.solution.keyword\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b821d952-e35e-43e0-98dd-423a18446692\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b821d952-e35e-43e0-98dd-423a18446692\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"5b2b027f-d5c7-4f5c-81ed-a54a7ff2104a\",\"b821d952-e35e-43e0-98dd-423a18446692\"],\"incompleteColumns\":{},\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Solution(s)\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":109,\"w\":19,\"h\":21,\"i\":\"6f6a2714-189f-43e3-8bf9-871dd19bc8df\"},\"panelIndex\":\"6f6a2714-189f-43e3-8bf9-871dd19bc8df\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Open Ports (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-9371f069-26f6-466e-b0e7-a7b7ec2869ed\"}],\"state\":{\"visualization\":{\"layerId\":\"9371f069-26f6-466e-b0e7-a7b7ec2869ed\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"702276eb-f83c-42f7-94df-74ec7aa60306\",\"alignment\":\"left\"},{\"columnId\":\"26a048b3-f22d-4216-a619-902d117aebd2\",\"alignment\":\"left\"},{\"columnId\":\"8f4b644f-0564-49d8-89c9-51773824b58e\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9371f069-26f6-466e-b0e7-a7b7ec2869ed\":{\"ignoreGlobalFilters\":false,\"columns\":{\"26a048b3-f22d-4216-a619-902d117aebd2\":{\"label\":\"Destination Port\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"702276eb-f83c-42f7-94df-74ec7aa60306\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8f4b644f-0564-49d8-89c9-51773824b58e\":{\"label\":\"Network Service\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"702276eb-f83c-42f7-94df-74ec7aa60306\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"702276eb-f83c-42f7-94df-74ec7aa60306\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"26a048b3-f22d-4216-a619-902d117aebd2\",\"8f4b644f-0564-49d8-89c9-51773824b58e\",\"702276eb-f83c-42f7-94df-74ec7aa60306\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Open Ports\"},{\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":109,\"w\":29,\"h\":21,\"i\":\"d1416022-e90c-4dcc-bfc7-352e7973abcb\"},\"panelIndex\":\"d1416022-e90c-4dcc-bfc7-352e7973abcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Vulnerability Details (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-3dc8ba14-6061-407c-ad85-4b4ff3ec2cb3\"}],\"state\":{\"visualization\":{\"layerId\":\"3dc8ba14-6061-407c-ad85-4b4ff3ec2cb3\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\",\"alignment\":\"left\",\"width\":79},{\"columnId\":\"7e699b43-45d1-4cab-986e-b83761ee6db3\",\"alignment\":\"left\"},{\"columnId\":\"94a0dac0-99ae-4b93-8712-0e1c4713befb\",\"alignment\":\"left\",\"width\":117.16666666666669},{\"columnId\":\"821b5723-0436-4d50-8632-50a393b0e662\",\"alignment\":\"left\",\"width\":100.66666666666666}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3dc8ba14-6061-407c-ad85-4b4ff3ec2cb3\":{\"ignoreGlobalFilters\":false,\"columns\":{\"7e699b43-45d1-4cab-986e-b83761ee6db3\":{\"label\":\"Plugin/Vulnerability Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"94a0dac0-99ae-4b93-8712-0e1c4713befb\":{\"label\":\"Plugin ID\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.id\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"821b5723-0436-4d50-8632-50a393b0e662\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"7e699b43-45d1-4cab-986e-b83761ee6db3\",\"94a0dac0-99ae-4b93-8712-0e1c4713befb\",\"821b5723-0436-4d50-8632-50a393b0e662\",\"0cf83cd6-b4ed-4ed7-a4db-1a3143886cf6\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Vulnerability Details\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":130,\"w\":36,\"h\":18,\"i\":\"2dded2e1-1d58-4cc3-be00-2d70555cd32b\"},\"panelIndex\":\"2dded2e1-1d58-4cc3-be00-2d70555cd32b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Plugin Details (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-57599f56-249a-4a87-a096-ad5037d966a4\"}],\"state\":{\"visualization\":{\"layerId\":\"57599f56-249a-4a87-a096-ad5037d966a4\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"f103982d-7e79-43a3-8ba8-c0d23323e446\",\"alignment\":\"left\",\"width\":93.33333333333331},{\"columnId\":\"02add25f-d537-403a-acb3-f9ab4a1e0014\",\"alignment\":\"left\"},{\"columnId\":\"17142dc3-c6bc-41f3-9449-30eb2568e91e\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"57599f56-249a-4a87-a096-ad5037d966a4\":{\"ignoreGlobalFilters\":false,\"columns\":{\"02add25f-d537-403a-acb3-f9ab4a1e0014\":{\"label\":\"Plugin/Vulnerability Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f103982d-7e79-43a3-8ba8-c0d23323e446\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"17142dc3-c6bc-41f3-9449-30eb2568e91e\":{\"label\":\"Reference (URL)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.reference\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f103982d-7e79-43a3-8ba8-c0d23323e446\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f103982d-7e79-43a3-8ba8-c0d23323e446\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"02add25f-d537-403a-acb3-f9ab4a1e0014\",\"17142dc3-c6bc-41f3-9449-30eb2568e91e\",\"f103982d-7e79-43a3-8ba8-c0d23323e446\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Plugin Details\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":130,\"w\":12,\"h\":18,\"i\":\"4369aa29-a75a-45dd-a6fa-016b0246f88a\"},\"panelIndex\":\"4369aa29-a75a-45dd-a6fa-016b0246f88a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Top Operating Systems (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-34142c5f-0ac5-41f4-901e-f5ec3ede564d\"}],\"state\":{\"visualization\":{\"layerId\":\"34142c5f-0ac5-41f4-901e-f5ec3ede564d\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"1c712633-a460-4787-9503-48b34cb1dc66\",\"alignment\":\"left\"},{\"columnId\":\"53067b3e-76f9-4a32-8156-2e4ae8619521\",\"alignment\":\"left\"},{\"columnId\":\"0dd4f1da-8c73-47bb-ab55-bf5e894f2d3b\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"34142c5f-0ac5-41f4-901e-f5ec3ede564d\":{\"ignoreGlobalFilters\":false,\"columns\":{\"53067b3e-76f9-4a32-8156-2e4ae8619521\":{\"label\":\"Operating System\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.full\",\"isBucketed\":true,\"params\":{\"size\":250,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1c712633-a460-4787-9503-48b34cb1dc66\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0dd4f1da-8c73-47bb-ab55-bf5e894f2d3b\":{\"label\":\"Confidence Level\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.os_confidence\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1c712633-a460-4787-9503-48b34cb1dc66\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1c712633-a460-4787-9503-48b34cb1dc66\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"53067b3e-76f9-4a32-8156-2e4ae8619521\",\"0dd4f1da-8c73-47bb-ab55-bf5e894f2d3b\",\"1c712633-a460-4787-9503-48b34cb1dc66\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Top Operating Systems\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":148,\"w\":26,\"h\":25,\"i\":\"91d32c39-89c1-4027-9c61-c5caaaa2d9e4\"},\"panelIndex\":\"91d32c39-89c1-4027-9c61-c5caaaa2d9e4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"[Vulnerability] Host Scan Details (converted)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-dd4bf0d5-68d4-42e7-a280-474e00c6860d\"}],\"state\":{\"visualization\":{\"layerId\":\"dd4bf0d5-68d4-42e7-a280-474e00c6860d\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\",\"alignment\":\"left\",\"width\":204.33333333333331},{\"columnId\":\"70b86252-b564-44f9-a427-ce874bcfdc5a\",\"alignment\":\"left\",\"width\":185.33333333333334},{\"columnId\":\"2c09be33-7209-4e81-b62c-01e806af17a1\",\"alignment\":\"left\",\"width\":158},{\"columnId\":\"3aa00545-7f9b-478a-8be3-3728cacdddb3\",\"alignment\":\"left\",\"width\":255.33333333333326}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd4bf0d5-68d4-42e7-a280-474e00c6860d\":{\"ignoreGlobalFilters\":false,\"columns\":{\"70b86252-b564-44f9-a427-ce874bcfdc5a\":{\"label\":\"Host Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2c09be33-7209-4e81-b62c-01e806af17a1\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3aa00545-7f9b-478a-8be3-3728cacdddb3\":{\"label\":\"Scan Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.report_id\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\":{\"label\":\"Scan Duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"70b86252-b564-44f9-a427-ce874bcfdc5a\",\"2c09be33-7209-4e81-b62c-01e806af17a1\",\"3aa00545-7f9b-478a-8be3-3728cacdddb3\",\"b3a44892-5e6a-4e56-bbe7-395f17deb85a\"],\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"[Vulnerability] Host Scan Details\"},{\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":148,\"w\":22,\"h\":25,\"i\":\"a03df14a-8640-49aa-a471-63eb71be28fe\"},\"panelIndex\":\"a03df14a-8640-49aa-a471-63eb71be28fe\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsTagcloud\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-fd6dd21c-9eb3-4210-b3cf-2d0da5df2390\"}],\"state\":{\"visualization\":{\"layerId\":\"fd6dd21c-9eb3-4210-b3cf-2d0da5df2390\",\"tagAccessor\":\"7811bae7-b3b5-4ee8-b935-1cd4167dc316\",\"valueAccessor\":\"6f919025-c82f-4a10-a20d-65093195d10e\",\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"showLabel\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fd6dd21c-9eb3-4210-b3cf-2d0da5df2390\":{\"columns\":{\"7811bae7-b3b5-4ee8-b935-1cd4167dc316\":{\"label\":\"Top 5 values of nessus.cve.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.cve.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f919025-c82f-4a10-a20d-65093195d10e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"6f919025-c82f-4a10-a20d-65093195d10e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"7811bae7-b3b5-4ee8-b935-1cd4167dc316\",\"6f919025-c82f-4a10-a20d-65093195d10e\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CVE Word Cloud\"}]","timeRestore":false,"title":"[Vulnerability] Dashboard","version":1},"coreMigrationVersion":"8.8.0","created_at":"2023-11-12T01:21:58.177Z","id":"a75b5bb0-3fdf-11e9-8152-7b62f13aa294","managed":false,"references":[{"id":"logs-nessus.vulnerability","name":"10:indexpattern-datasource-layer-14f5c16c-b3e9-45b7-935d-ee9bc30d35ea","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"f5d1022c-f264-4216-9377-bf9687bcf77d:indexpattern-datasource-layer-ca23d0fe-6b58-4f9c-9921-b4a85336b739","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"c46dfcd3-3fff-4122-9709-fb8133c2eadf:indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"c51fd572-0514-4f7f-b066-7c0333505725:indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"9d1d8208-5428-4c26-a3ca-135e9cd73e16:indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"949a4417-9deb-401d-bb30-4affd662e798:indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"592501c0-1902-4785-812e-8f32c1936e09:indexpattern-datasource-layer-ea1665cf-b50c-49e3-9da5-ed03aa33b3ca","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"7ce37858-b83e-4bf2-b5ef-1bcbd9e3dda8:indexpattern-datasource-layer-812015f4-b50a-4696-a7ea-a5b8c959a809","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"2a934e66-066b-48c0-8ec8-e705bc489ef5:indexpattern-datasource-layer-1b3513f8-f5a0-443a-a9aa-15a7a14c2005","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"c42addfd-44a3-4a79-98c1-5ff20379e85c:indexpattern-datasource-layer-1b3513f8-f5a0-443a-a9aa-15a7a14c2005","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"2e42a00f-0767-4f30-b2d8-404c091cd97a:indexpattern-datasource-layer-6a75cd15-b2dc-4902-9745-4a9e91321467","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"2e42a00f-0767-4f30-b2d8-404c091cd97a:6ce4ad5e-9db4-48a0-909e-7d75a1e59e2e","type":"index-pattern"},{"id":"1421aba0-768d-11ec-96be-4d7ebfe862ad","name":"1d43c2fd-724b-4dfc-851f-1256b328664b:panel_1d43c2fd-724b-4dfc-851f-1256b328664b","type":"search"},{"id":"logs-nessus.vulnerability","name":"7f860857-757d-466b-b251-9231c444e2c0:indexpattern-datasource-layer-112799c8-b89d-482c-b966-8ae136c41903","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"3853de9e-9f7a-41cf-a52c-02e03f8a25f3:indexpattern-datasource-layer-bafc0bab-d839-4cd8-aae2-305a6a636c50","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"dc22e02e-c87b-402e-bff1-d35f477bf22f:indexpattern-datasource-layer-2c35d74d-bd90-406b-83eb-c3173025e7b1","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"6f6a2714-189f-43e3-8bf9-871dd19bc8df:indexpattern-datasource-layer-9371f069-26f6-466e-b0e7-a7b7ec2869ed","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"d1416022-e90c-4dcc-bfc7-352e7973abcb:indexpattern-datasource-layer-3dc8ba14-6061-407c-ad85-4b4ff3ec2cb3","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"2dded2e1-1d58-4cc3-be00-2d70555cd32b:indexpattern-datasource-layer-57599f56-249a-4a87-a096-ad5037d966a4","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"4369aa29-a75a-45dd-a6fa-016b0246f88a:indexpattern-datasource-layer-34142c5f-0ac5-41f4-901e-f5ec3ede564d","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"91d32c39-89c1-4027-9c61-c5caaaa2d9e4:indexpattern-datasource-layer-dd4bf0d5-68d4-42e7-a280-474e00c6860d","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"a03df14a-8640-49aa-a471-63eb71be28fe:indexpattern-datasource-layer-fd6dd21c-9eb3-4210-b3cf-2d0da5df2390","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_923f096f-be79-42bc-a8c0-e06f7cf4a845:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_db286806-e7ab-45a1-9dd2-1bddbc2e4570:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_09c4f982-4f79-4835-a968-f155fc4d0016:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_a1a15165-ce4e-4e15-8deb-8a9622b75171:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_5a43cbb2-3fb4-4602-a6e9-86f63147c7d2:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_dff7f60c-bc93-4b37-a1c6-4ce75f456c0b:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_7ecb1e52-e177-4f37-936c-beab1c160379:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_906b55b2-9e94-4dea-9b14-5fa4148bd813:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_766685df-61e3-40a4-bf6d-7b18080b6afb:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_8ece7b27-8c85-482d-aa9b-ee8e96756e5f:optionsListDataView","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"controlGroup_a450a179-8a1f-4a56-9e0b-e51b92a030d0:optionsListDataView","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-11-12T01:21:58.177Z","version":"WzIzOSwxXQ=="} 4 | {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":3,"missingRefCount":0,"missingReferences":[]} 5 | -------------------------------------------------------------------------------- /dashboards/2_cisa_2022_dashboard.ndjson: -------------------------------------------------------------------------------- 1 | {"attributes":{"description":"2022 Top Routinely Exploited Vulnerabilities\nAlert Code: AA23-215A\nhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":14,\"i\":\"99e23575-cf58-471c-b980-51d6e35353d6\"},\"panelIndex\":\"99e23575-cf58-471c-b980-51d6e35353d6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-7e417766-c3bf-4b59-9c8b-3b62ca85bea3\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"layers\":[{\"layerId\":\"7e417766-c3bf-4b59-9c8b-3b62ca85bea3\",\"primaryGroups\":[\"fb6e9653-2ae1-4a90-8b00-763f984a74d9\"],\"metrics\":[\"c6c073e8-269c-4df6-bfdf-6fd4fd958601\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"nessus.cve: (\\n \\\"CVE-2017-0199\\\" OR\\n \\\"CVE-2017-11882\\\" OR \\n \\\"CVE-2018-13379\\\" OR\\n \\\"CVE-2019-11510\\\" OR\\n \\\"CVE-2019-0708\\\" OR\\n \\\"CVE-2019-19781\\\" OR\\n \\\"CVE-2020-5902\\\" OR\\n \\\"CVE-2020-1472\\\" OR\\n \\\"CVE-2020-14882\\\" OR\\n \\\"CVE-2020-14883\\\" OR\\n \\\"CVE-2021-20016\\\" OR\\n \\\"CVE-2021-26855\\\" OR\\n \\\"CVE-2021-26857\\\" OR\\n \\\"CVE-2021-26858\\\" OR\\n \\\"CVE-2021-27065\\\" OR\\n \\\"CVE-2021-20021\\\" OR\\n \\\"CVE-2021-31207\\\" OR\\n \\\"CVE-2022-26134\\\" OR\\n \\\"CVE-2021-34473\\\" OR\\n \\\"CVE-2021-34523\\\" OR\\n \\\"CVE-2021-26084\\\" OR\\n \\\"CVE-2021-40539\\\" OR\\n \\\"CVE-2021-40438\\\" OR\\n \\\"CVE-2021-41773\\\" OR\\n \\\"CVE-2021-42013\\\" OR\\n \\\"CVE-2021-20038\\\" OR\\n \\\"CVE-2021-44228\\\" OR\\n \\\"CVE-2021-45046\\\" OR\\n \\\"CVE-2022-42475\\\" OR\\n \\\"CVE-2022-24682\\\" OR\\n \\\"CVE-2022-22536\\\" OR\\n \\\"CVE-2022-22963\\\" OR\\n \\\"CVE-2022-22954\\\" OR\\n \\\"CVE-2022-22960\\\" OR\\n \\\"CVE-2022-29464\\\" OR\\n \\\"CVE-2022-27924\\\" OR\\n \\\"CVE-2022-1388\\\" OR\\n \\\"CVE-2022-30190\\\" OR\\n \\\"CVE-2022-22047\\\" OR\\n \\\"CVE-2022-27593\\\" OR\\n \\\"CVE-2022-41082\\\" OR\\n \\\"CVE-2022-40684\\\")\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e417766-c3bf-4b59-9c8b-3b62ca85bea3\":{\"columns\":{\"fb6e9653-2ae1-4a90-8b00-763f984a74d9\":{\"label\":\"CVE\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.cve.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c6c073e8-269c-4df6-bfdf-6fd4fd958601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c6c073e8-269c-4df6-bfdf-6fd4fd958601\":{\"label\":\"CVE Distribution\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"fb6e9653-2ae1-4a90-8b00-763f984a74d9\",\"c6c073e8-269c-4df6-bfdf-6fd4fd958601\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":23,\"h\":4,\"i\":\"a740ac73-238e-46be-9398-7b748ca120d8\"},\"panelIndex\":\"a740ac73-238e-46be-9398-7b748ca120d8\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"2022 Top Routinely Exploited Vulnerabilities, according to CISA\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":10,\"i\":\"ac7d7678-6207-4c11-a52c-19288e732c7f\"},\"panelIndex\":\"ac7d7678-6207-4c11-a52c-19288e732c7f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-0be6abcf-1f36-4f14-a72c-ba3df4cfb292\"}],\"state\":{\"visualization\":{\"layerId\":\"0be6abcf-1f36-4f14-a72c-ba3df4cfb292\",\"accessor\":\"58193806-3d96-4605-94aa-c043474dea53\",\"layerType\":\"data\",\"colorMode\":\"Background\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":0,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":31},{\"color\":\"#cc5642\",\"stop\":52}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":31}],\"continuity\":\"above\",\"maxSteps\":5}}},\"query\":{\"query\":\"nessus.cve: (\\n \\\"CVE-2017-0199\\\" OR\\n \\\"CVE-2017-11882\\\" OR \\n \\\"CVE-2018-13379\\\" OR\\n \\\"CVE-2019-11510\\\" OR\\n \\\"CVE-2019-0708\\\" OR\\n \\\"CVE-2019-19781\\\" OR\\n \\\"CVE-2020-5902\\\" OR\\n \\\"CVE-2020-1472\\\" OR\\n \\\"CVE-2020-14882\\\" OR\\n \\\"CVE-2020-14883\\\" OR\\n \\\"CVE-2021-20016\\\" OR\\n \\\"CVE-2021-26855\\\" OR\\n \\\"CVE-2021-26857\\\" OR\\n \\\"CVE-2021-26858\\\" OR\\n \\\"CVE-2021-27065\\\" OR\\n \\\"CVE-2021-20021\\\" OR\\n \\\"CVE-2021-31207\\\" OR\\n \\\"CVE-2022-26134\\\" OR\\n \\\"CVE-2021-34473\\\" OR\\n \\\"CVE-2021-34523\\\" OR\\n \\\"CVE-2021-26084\\\" OR\\n \\\"CVE-2021-40539\\\" OR\\n \\\"CVE-2021-40438\\\" OR\\n \\\"CVE-2021-41773\\\" OR\\n \\\"CVE-2021-42013\\\" OR\\n \\\"CVE-2021-20038\\\" OR\\n \\\"CVE-2021-44228\\\" OR\\n \\\"CVE-2021-45046\\\" OR\\n \\\"CVE-2022-42475\\\" OR\\n \\\"CVE-2022-24682\\\" OR\\n \\\"CVE-2022-22536\\\" OR\\n \\\"CVE-2022-22963\\\" OR\\n \\\"CVE-2022-22954\\\" OR\\n \\\"CVE-2022-22960\\\" OR\\n \\\"CVE-2022-29464\\\" OR\\n \\\"CVE-2022-27924\\\" OR\\n \\\"CVE-2022-1388\\\" OR\\n \\\"CVE-2022-30190\\\" OR\\n \\\"CVE-2022-22047\\\" OR\\n \\\"CVE-2022-27593\\\" OR\\n \\\"CVE-2022-41082\\\" OR\\n \\\"CVE-2022-40684\\\")\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0be6abcf-1f36-4f14-a72c-ba3df4cfb292\":{\"columns\":{\"58193806-3d96-4605-94aa-c043474dea53\":{\"label\":\"Total Number of CVE Instances\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"58193806-3d96-4605-94aa-c043474dea53\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"This panel shows all counts, where hosts may have more that one vulnerability.\",\"enhancements\":{}},\"title\":\"Total Routinely Exploited Vulns\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":10,\"i\":\"31f3e8cf-bc16-4896-93b5-259fdb4c036e\"},\"panelIndex\":\"31f3e8cf-bc16-4896-93b5-259fdb4c036e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-57e62b27-2fb9-4f01-aae7-84f4aaf93afe\"}],\"state\":{\"visualization\":{\"layerId\":\"57e62b27-2fb9-4f01-aae7-84f4aaf93afe\",\"accessor\":\"123cfc5a-4159-4e97-b040-668e9aff0d28\",\"layerType\":\"data\",\"colorMode\":\"Background\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":0,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":10},{\"color\":\"#cc5642\",\"stop\":11}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":10}],\"continuity\":\"above\",\"maxSteps\":5}}},\"query\":{\"query\":\"nessus.cve: (\\n \\\"CVE-2017-0199\\\" OR\\n \\\"CVE-2017-11882\\\" OR \\n \\\"CVE-2018-13379\\\" OR\\n \\\"CVE-2019-11510\\\" OR\\n \\\"CVE-2019-0708\\\" OR\\n \\\"CVE-2019-19781\\\" OR\\n \\\"CVE-2020-5902\\\" OR\\n \\\"CVE-2020-1472\\\" OR\\n \\\"CVE-2020-14882\\\" OR\\n \\\"CVE-2020-14883\\\" OR\\n \\\"CVE-2021-20016\\\" OR\\n \\\"CVE-2021-26855\\\" OR\\n \\\"CVE-2021-26857\\\" OR\\n \\\"CVE-2021-26858\\\" OR\\n \\\"CVE-2021-27065\\\" OR\\n \\\"CVE-2021-20021\\\" OR\\n \\\"CVE-2021-31207\\\" OR\\n \\\"CVE-2022-26134\\\" OR\\n \\\"CVE-2021-34473\\\" OR\\n \\\"CVE-2021-34523\\\" OR\\n \\\"CVE-2021-26084\\\" OR\\n \\\"CVE-2021-40539\\\" OR\\n \\\"CVE-2021-40438\\\" OR\\n \\\"CVE-2021-41773\\\" OR\\n \\\"CVE-2021-42013\\\" OR\\n \\\"CVE-2021-20038\\\" OR\\n \\\"CVE-2021-44228\\\" OR\\n \\\"CVE-2021-45046\\\" OR\\n \\\"CVE-2022-42475\\\" OR\\n \\\"CVE-2022-24682\\\" OR\\n \\\"CVE-2022-22536\\\" OR\\n \\\"CVE-2022-22963\\\" OR\\n \\\"CVE-2022-22954\\\" OR\\n \\\"CVE-2022-22960\\\" OR\\n \\\"CVE-2022-29464\\\" OR\\n \\\"CVE-2022-27924\\\" OR\\n \\\"CVE-2022-1388\\\" OR\\n \\\"CVE-2022-30190\\\" OR\\n \\\"CVE-2022-22047\\\" OR\\n \\\"CVE-2022-27593\\\" OR\\n \\\"CVE-2022-41082\\\" OR\\n \\\"CVE-2022-40684\\\")\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"23e44c9a-f7af-46d5-983b-7645d405ddf8\",\"type\":\"exists\",\"key\":\"nessus.cve.keyword\",\"value\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{\"exists\":{\"field\":\"nessus.cve.keyword\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"57e62b27-2fb9-4f01-aae7-84f4aaf93afe\":{\"columns\":{\"123cfc5a-4159-4e97-b040-668e9aff0d28\":{\"label\":\"Unique CVEs Found\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.cve.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"123cfc5a-4159-4e97-b040-668e9aff0d28\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"The number of unique CVE's from the CISA list that are found in the environment.\",\"enhancements\":{}},\"title\":\"Total Routinely Exploited Vulns\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":4,\"w\":7,\"h\":10,\"i\":\"58ebfd4c-ee61-4c99-8d01-9638b98dceec\"},\"panelIndex\":\"58ebfd4c-ee61-4c99-8d01-9638b98dceec\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-a8a92b0e-1015-4557-91f3-e3eefc2b58b8\"}],\"state\":{\"visualization\":{\"layerId\":\"a8a92b0e-1015-4557-91f3-e3eefc2b58b8\",\"accessor\":\"3d8916fe-79ff-4ddd-8a9a-4bd9c674fbe7\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a8a92b0e-1015-4557-91f3-e3eefc2b58b8\":{\"columns\":{\"3d8916fe-79ff-4ddd-8a9a-4bd9c674fbe7\":{\"label\":\"Total Number Of Hosts Checked\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"3d8916fe-79ff-4ddd-8a9a-4bd9c674fbe7\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"The number of unique hosts in the dashboard query window.\",\"enhancements\":{}},\"title\":\"Total Number of Scanned Hosts\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":14,\"w\":24,\"h\":15,\"i\":\"f286a000-e65e-4a5a-affc-51f58179c1b9\"},\"panelIndex\":\"f286a000-e65e-4a5a-affc-51f58179c1b9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-14029b10-5efc-4fca-b7eb-e2cb224855e9\"}],\"state\":{\"visualization\":{\"layerId\":\"14029b10-5efc-4fca-b7eb-e2cb224855e9\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"59b46092-cb36-4b86-9ee2-f06d1b8c5dca\",\"isTransposed\":false,\"width\":516.6666666666667},{\"columnId\":\"10624b96-3482-4089-b4cd-e3b8dc502bb4\",\"isTransposed\":false,\"width\":272.66666666666663},{\"columnId\":\"c9129026-49f2-40e1-99a7-55a5c50abeca\",\"isTransposed\":false}]},\"query\":{\"query\":\"nessus.cve: (\\n \\\"CVE-2017-0199\\\" OR\\n \\\"CVE-2017-11882\\\" OR \\n \\\"CVE-2018-13379\\\" OR\\n \\\"CVE-2019-11510\\\" OR\\n \\\"CVE-2019-0708\\\" OR\\n \\\"CVE-2019-19781\\\" OR\\n \\\"CVE-2020-5902\\\" OR\\n \\\"CVE-2020-1472\\\" OR\\n \\\"CVE-2020-14882\\\" OR\\n \\\"CVE-2020-14883\\\" OR\\n \\\"CVE-2021-20016\\\" OR\\n \\\"CVE-2021-26855\\\" OR\\n \\\"CVE-2021-26857\\\" OR\\n \\\"CVE-2021-26858\\\" OR\\n \\\"CVE-2021-27065\\\" OR\\n \\\"CVE-2021-20021\\\" OR\\n \\\"CVE-2021-31207\\\" OR\\n \\\"CVE-2022-26134\\\" OR\\n \\\"CVE-2021-34473\\\" OR\\n \\\"CVE-2021-34523\\\" OR\\n \\\"CVE-2021-26084\\\" OR\\n \\\"CVE-2021-40539\\\" OR\\n \\\"CVE-2021-40438\\\" OR\\n \\\"CVE-2021-41773\\\" OR\\n \\\"CVE-2021-42013\\\" OR\\n \\\"CVE-2021-20038\\\" OR\\n \\\"CVE-2021-44228\\\" OR\\n \\\"CVE-2021-45046\\\" OR\\n \\\"CVE-2022-42475\\\" OR\\n \\\"CVE-2022-24682\\\" OR\\n \\\"CVE-2022-22536\\\" OR\\n \\\"CVE-2022-22963\\\" OR\\n \\\"CVE-2022-22954\\\" OR\\n \\\"CVE-2022-22960\\\" OR\\n \\\"CVE-2022-29464\\\" OR\\n \\\"CVE-2022-27924\\\" OR\\n \\\"CVE-2022-1388\\\" OR\\n \\\"CVE-2022-30190\\\" OR\\n \\\"CVE-2022-22047\\\" OR\\n \\\"CVE-2022-27593\\\" OR\\n \\\"CVE-2022-41082\\\" OR\\n \\\"CVE-2022-40684\\\")\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"14029b10-5efc-4fca-b7eb-e2cb224855e9\":{\"columns\":{\"59b46092-cb36-4b86-9ee2-f06d1b8c5dca\":{\"label\":\"Exploited Vulnerability\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.plugin.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9129026-49f2-40e1-99a7-55a5c50abeca\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"10624b96-3482-4089-b4cd-e3b8dc502bb4\":{\"label\":\"Vulnerability Age\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"nessus.age_of_vuln.keyword\",\"filter\":{\"query\":\"nessus.age_of_vuln.keyword: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"c9129026-49f2-40e1-99a7-55a5c50abeca\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"59b46092-cb36-4b86-9ee2-f06d1b8c5dca\",\"10624b96-3482-4089-b4cd-e3b8dc502bb4\",\"c9129026-49f2-40e1-99a7-55a5c50abeca\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":14,\"w\":23,\"h\":15,\"i\":\"349e94c4-55a0-4c1a-99f1-31561985e96e\"},\"panelIndex\":\"349e94c4-55a0-4c1a-99f1-31561985e96e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-nessus.vulnerability\",\"name\":\"indexpattern-datasource-layer-581dfd98-85fb-4da2-aac6-1ce2144824a6\"}],\"state\":{\"visualization\":{\"layerId\":\"581dfd98-85fb-4da2-aac6-1ce2144824a6\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"89ac03a5-a985-4f1d-b63e-8ad3efce1800\"},{\"columnId\":\"96bc37dd-e63f-40ca-97d9-948fc516974d\",\"isTransposed\":false,\"hidden\":true}]},\"query\":{\"query\":\"nessus.cve: (\\n \\\"CVE-2017-0199\\\" OR\\n \\\"CVE-2017-11882\\\" OR \\n \\\"CVE-2018-13379\\\" OR\\n \\\"CVE-2019-11510\\\" OR\\n \\\"CVE-2019-0708\\\" OR\\n \\\"CVE-2019-19781\\\" OR\\n \\\"CVE-2020-5902\\\" OR\\n \\\"CVE-2020-1472\\\" OR\\n \\\"CVE-2020-14882\\\" OR\\n \\\"CVE-2020-14883\\\" OR\\n \\\"CVE-2021-20016\\\" OR\\n \\\"CVE-2021-26855\\\" OR\\n \\\"CVE-2021-26857\\\" OR\\n \\\"CVE-2021-26858\\\" OR\\n \\\"CVE-2021-27065\\\" OR\\n \\\"CVE-2021-20021\\\" OR\\n \\\"CVE-2021-31207\\\" OR\\n \\\"CVE-2022-26134\\\" OR\\n \\\"CVE-2021-34473\\\" OR\\n \\\"CVE-2021-34523\\\" OR\\n \\\"CVE-2021-26084\\\" OR\\n \\\"CVE-2021-40539\\\" OR\\n \\\"CVE-2021-40438\\\" OR\\n \\\"CVE-2021-41773\\\" OR\\n \\\"CVE-2021-42013\\\" OR\\n \\\"CVE-2021-20038\\\" OR\\n \\\"CVE-2021-44228\\\" OR\\n \\\"CVE-2021-45046\\\" OR\\n \\\"CVE-2022-42475\\\" OR\\n \\\"CVE-2022-24682\\\" OR\\n \\\"CVE-2022-22536\\\" OR\\n \\\"CVE-2022-22963\\\" OR\\n \\\"CVE-2022-22954\\\" OR\\n \\\"CVE-2022-22960\\\" OR\\n \\\"CVE-2022-29464\\\" OR\\n \\\"CVE-2022-27924\\\" OR\\n \\\"CVE-2022-1388\\\" OR\\n \\\"CVE-2022-30190\\\" OR\\n \\\"CVE-2022-22047\\\" OR\\n \\\"CVE-2022-27593\\\" OR\\n \\\"CVE-2022-41082\\\" OR\\n \\\"CVE-2022-40684\\\")\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"581dfd98-85fb-4da2-aac6-1ce2144824a6\":{\"columns\":{\"89ac03a5-a985-4f1d-b63e-8ad3efce1800\":{\"label\":\"Hosts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96bc37dd-e63f-40ca-97d9-948fc516974d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"96bc37dd-e63f-40ca-97d9-948fc516974d\":{\"label\":\"Unique count of nessus.name_of_host.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"nessus.name_of_host.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"89ac03a5-a985-4f1d-b63e-8ad3efce1800\",\"96bc37dd-e63f-40ca-97d9-948fc516974d\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-nessus.vulnerability\"}},\"currentIndexPatternId\":\"logs-nessus.vulnerability\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"List of 50 vulnerable hosts. Count limited for performance reasons.\",\"enhancements\":{}},\"title\":\"Vulnerable Hosts (50)\"}]","timeRestore":false,"title":"[Vulnerability] CISA Top Routinely Exploited","version":1},"coreMigrationVersion":"8.8.0","created_at":"2023-11-03T18:49:20.776Z","id":"d0f1fa50-404e-11ee-a077-99d985d00058","managed":false,"references":[{"id":"logs-nessus.vulnerability","name":"99e23575-cf58-471c-b980-51d6e35353d6:indexpattern-datasource-layer-7e417766-c3bf-4b59-9c8b-3b62ca85bea3","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"ac7d7678-6207-4c11-a52c-19288e732c7f:indexpattern-datasource-layer-0be6abcf-1f36-4f14-a72c-ba3df4cfb292","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"31f3e8cf-bc16-4896-93b5-259fdb4c036e:indexpattern-datasource-layer-57e62b27-2fb9-4f01-aae7-84f4aaf93afe","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"58ebfd4c-ee61-4c99-8d01-9638b98dceec:indexpattern-datasource-layer-a8a92b0e-1015-4557-91f3-e3eefc2b58b8","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"f286a000-e65e-4a5a-affc-51f58179c1b9:indexpattern-datasource-layer-14029b10-5efc-4fca-b7eb-e2cb224855e9","type":"index-pattern"},{"id":"logs-nessus.vulnerability","name":"349e94c4-55a0-4c1a-99f1-31561985e96e:indexpattern-datasource-layer-581dfd98-85fb-4da2-aac6-1ce2144824a6","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-11-03T18:49:20.776Z","version":"WzQ4NSwyXQ=="} 2 | {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]} 3 | -------------------------------------------------------------------------------- /pipelines/logs-nessus.vulnerability.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "This pipeline will enrich vulnerability scan data found from Nessus.", 3 | "processors": [ 4 | { 5 | "append": { 6 | "if": "ctx.tags == null", 7 | "field": "tags", 8 | "value": [ 9 | "vulnerability" 10 | ], 11 | "allow_duplicates": false 12 | } 13 | }, 14 | { 15 | "convert": { 16 | "field": "nessus.cvss3.base_score", 17 | "type": "float", 18 | "ignore_missing": true 19 | } 20 | }, 21 | { 22 | "convert": { 23 | "field": "nessus.cvss.base_score", 24 | "type": "float", 25 | "ignore_missing": true 26 | } 27 | }, 28 | { 29 | "convert": { 30 | "field": "nessus.cvss.impact_score", 31 | "type": "float", 32 | "ignore_missing": true 33 | } 34 | }, 35 | { 36 | "convert": { 37 | "field": "nessus.cvss.temporal_score", 38 | "type": "float", 39 | "ignore_missing": true 40 | } 41 | }, 42 | { 43 | "set": { 44 | "field": "vulnerability.score.base", 45 | "value": "{{nessus.cvss3.base_score}}", 46 | "ignore_empty_value": true, 47 | "if": "ctx.nessus?.cvss3?.base_score != null" 48 | } 49 | }, 50 | { 51 | "script": { 52 | "source": "double score = ctx.nessus.cvss3.base_score;\r\n\r\ndef result;\r\n\r\nif (score >= 9.0) {\r\n result = \"Critical\";\r\n} else if (score >= 7.0 && score < 9.0) {\r\n result = \"High\";\r\n}else if (score > 4.0 && score < 7.0) {\r\n result = \"Medium\";\r\n}else if (score > 0.0 && score < 4) {\r\n result = \"Low\";\r\n}else if (score == 0.0) {\r\n result = \"Info\";\r\n}\r\n\r\nctx.vulnerability.severity = result;", 53 | "if": "ctx.nessus?.cvss3?.base_score != null" 54 | } 55 | }, 56 | { 57 | "fingerprint": { 58 | "fields": [ 59 | "nessus.plugin.id", 60 | "destination.port", 61 | "network.transport", 62 | "vulnerability.id" 63 | ], 64 | "target_field": "nessus.vulnerability.custom_hash", 65 | "ignore_missing": true, 66 | "tag": "Create unique hash for each vulnerability" 67 | } 68 | } 69 | ], 70 | "on_failure": [ 71 | { 72 | "set": { 73 | "field": "error.message", 74 | "value": "Processor \"{{ _ingest.on_failure_processor_type }}\" with tag \"{{ _ingest.on_failure_processor_tag }}\" in pipeline \"{{ _ingest.on_failure_pipeline }}\" failed with message \"{{ _ingest.on_failure_message }}\"" 75 | } 76 | } 77 | ] 78 | } 79 | -------------------------------------------------------------------------------- /templates/logs-nessus.vulnerability-api-key.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "logs-nessus.vulnerability", 3 | "role_descriptors": { 4 | "nessus_import": { 5 | "index": [ 6 | { 7 | "names": [ 8 | "logs-nessus.vulnerability" 9 | ], 10 | "privileges": [ 11 | "write", 12 | "create", 13 | "read", 14 | "index", 15 | "create_index" 16 | ] 17 | } 18 | ] 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /templates/logs-nessus.vulnerability.json: -------------------------------------------------------------------------------- 1 | { 2 | "template": { 3 | "settings": { 4 | "index": { 5 | "default_pipeline": "logs-nessus.vulnerability" 6 | } 7 | }, 8 | "mappings": { 9 | "_routing": { 10 | "required": false 11 | }, 12 | "numeric_detection": false, 13 | "_meta": {}, 14 | "_source": { 15 | "excludes": [], 16 | "includes": [], 17 | "enabled": true 18 | }, 19 | "dynamic": true, 20 | "dynamic_templates": [], 21 | "date_detection": false, 22 | "properties": { 23 | "nessus": { 24 | "type": "object", 25 | "properties": { 26 | "age_of_vuln": { 27 | "type": "text", 28 | "fields": { 29 | "keyword": { 30 | "type": "keyword" 31 | } 32 | } 33 | }, 34 | "credentialed_scan": { 35 | "type": "boolean" 36 | }, 37 | "cve": { 38 | "type": "text", 39 | "fields": { 40 | "keyword": { 41 | "type": "keyword" 42 | } 43 | } 44 | }, 45 | "cvss": { 46 | "type": "object", 47 | "properties": { 48 | "base_score": { 49 | "coerce": true, 50 | "index": true, 51 | "ignore_malformed": false, 52 | "store": false, 53 | "type": "float", 54 | "doc_values": true 55 | }, 56 | "impact_score": { 57 | "coerce": true, 58 | "index": true, 59 | "ignore_malformed": false, 60 | "store": false, 61 | "type": "float", 62 | "doc_values": true 63 | }, 64 | "temporal_score": { 65 | "coerce": true, 66 | "index": true, 67 | "ignore_malformed": false, 68 | "store": false, 69 | "type": "float", 70 | "doc_values": true 71 | }, 72 | "vector": { 73 | "type": "text", 74 | "fields": { 75 | "keyword": { 76 | "ignore_above": 256, 77 | "type": "keyword" 78 | } 79 | } 80 | } 81 | } 82 | }, 83 | "cvss3": { 84 | "type": "object", 85 | "properties": { 86 | "base_score": { 87 | "coerce": true, 88 | "index": true, 89 | "ignore_malformed": false, 90 | "store": false, 91 | "type": "float", 92 | "doc_values": true 93 | }, 94 | "impact_score": { 95 | "coerce": true, 96 | "index": true, 97 | "ignore_malformed": false, 98 | "store": false, 99 | "type": "float", 100 | "doc_values": true 101 | }, 102 | "temporal_score": { 103 | "coerce": true, 104 | "index": true, 105 | "ignore_malformed": false, 106 | "store": false, 107 | "type": "float", 108 | "doc_values": true 109 | }, 110 | "vector": { 111 | "type": "text", 112 | "fields": { 113 | "keyword": { 114 | "ignore_above": 256, 115 | "type": "keyword" 116 | } 117 | } 118 | } 119 | } 120 | }, 121 | "edb-id": { 122 | "type": "text", 123 | "fields": { 124 | "keyword": { 125 | "ignore_above": 256, 126 | "type": "keyword" 127 | } 128 | } 129 | }, 130 | "exploit_available": { 131 | "type": "boolean" 132 | }, 133 | "exploit_code_maturity": { 134 | "type": "keyword" 135 | }, 136 | "exploitability_ease": { 137 | "type": "keyword" 138 | }, 139 | "in_the_news": { 140 | "type": "boolean" 141 | }, 142 | "name_of_host": { 143 | "type": "text", 144 | "fields": { 145 | "keyword": { 146 | "type": "keyword" 147 | } 148 | } 149 | }, 150 | "os_confidence": { 151 | "type": "short" 152 | }, 153 | "os_identification_method": { 154 | "type": "text", 155 | "fields": { 156 | "keyword": { 157 | "type": "keyword" 158 | } 159 | } 160 | }, 161 | "patch_publication_date": { 162 | "format": "strict_date_optional_time||epoch_millis||yyyy/MM/dd", 163 | "type": "date" 164 | }, 165 | "patch_report": { 166 | "type": "object", 167 | "properties": { 168 | "actions": { 169 | "type": "text", 170 | "fields": { 171 | "keyword": { 172 | "type": "keyword" 173 | } 174 | } 175 | }, 176 | "vulnerability_count": { 177 | "type": "integer" 178 | } 179 | } 180 | }, 181 | "plugin": { 182 | "type": "object", 183 | "properties": { 184 | "date": { 185 | "format": "yyyy/MM/dd HH:mm:ss||yyyy/MM/dd||epoch_millis", 186 | "type": "date" 187 | }, 188 | "filename": { 189 | "type": "text" 190 | }, 191 | "id": { 192 | "coerce": true, 193 | "ignore_malformed": false, 194 | "type": "long" 195 | }, 196 | "modification_date": { 197 | "format": "strict_date_optional_time||epoch_millis||yyyy/MM/dd", 198 | "type": "date" 199 | }, 200 | "name": { 201 | "type": "text", 202 | "fields": { 203 | "keyword": { 204 | "ignore_above": 256, 205 | "type": "keyword" 206 | } 207 | } 208 | }, 209 | "output": { 210 | "type": "text", 211 | "fields": { 212 | "keyword": { 213 | "ignore_above": 256, 214 | "type": "keyword" 215 | } 216 | } 217 | }, 218 | "publication_date": { 219 | "format": "strict_date_optional_time||epoch_millis||yyyy/MM/dd", 220 | "type": "date" 221 | }, 222 | "type": { 223 | "type": "text", 224 | "fields": { 225 | "keyword": { 226 | "ignore_above": 256, 227 | "type": "keyword" 228 | } 229 | } 230 | } 231 | } 232 | }, 233 | "product_coverage": { 234 | "type": "text", 235 | "fields": { 236 | "keyword": { 237 | "ignore_above": 256, 238 | "type": "keyword" 239 | } 240 | } 241 | }, 242 | "rdns": { 243 | "type": "text", 244 | "fields": { 245 | "keyword": { 246 | "ignore_above": 256, 247 | "type": "keyword" 248 | } 249 | } 250 | }, 251 | "rnds": { 252 | "type": "text", 253 | "fields": { 254 | "keyword": { 255 | "type": "keyword" 256 | } 257 | } 258 | }, 259 | "solution": { 260 | "type": "text", 261 | "fields": { 262 | "keyword": { 263 | "ignore_above": 256, 264 | "type": "keyword" 265 | } 266 | } 267 | }, 268 | "stig_severity": { 269 | "type": "keyword" 270 | }, 271 | "synopsis": { 272 | "type": "text", 273 | "fields": { 274 | "keyword": { 275 | "ignore_above": 256, 276 | "type": "keyword" 277 | } 278 | } 279 | }, 280 | "system_type": { 281 | "type": "text", 282 | "fields": { 283 | "keyword": { 284 | "ignore_above": 256, 285 | "type": "keyword" 286 | } 287 | } 288 | }, 289 | "threat": { 290 | "type": "object", 291 | "properties": { 292 | "intensity_last_28": { 293 | "type": "keyword" 294 | }, 295 | "recency": { 296 | "type": "text" 297 | }, 298 | "sources_last_28": { 299 | "type": "keyword" 300 | } 301 | } 302 | }, 303 | "unsupported_by_vendor": { 304 | "type": "boolean" 305 | }, 306 | "unsupported_os": { 307 | "type": "boolean" 308 | }, 309 | "vpr_score": { 310 | "type": "float" 311 | }, 312 | "vuln_publication_date": { 313 | "format": "strict_date_optional_time||epoch_millis||yyyy/MM/dd", 314 | "type": "date" 315 | } 316 | } 317 | } 318 | } 319 | } 320 | }, 321 | "index_patterns": [ 322 | "logs-nessus.vulnerability" 323 | ], 324 | "data_stream": { 325 | "hidden": false, 326 | "allow_custom_routing": false 327 | }, 328 | "composed_of": [ 329 | "ecs@dynamic_templates" 330 | ] 331 | } 332 | --------------------------------------------------------------------------------