elastic · moxarth-rathod · Jan 7, 2026 · Jan 2, 2026 · Jan 2, 2026
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.8.0"
+  changes:
+    - description: Add support for new ratings object in asset data stream and vulnerability scoring metrics in vulnerability data stream.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/16751
 - version: "4.7.0"
   changes:
     - description: Added scan details to the scan data stream from the WAS v2 scan details API.

@@ -7,3 +7,4 @@
 {"id":"95c2725c-7298-4a44-8a1d-63131ca3f015","has_agent":false,"has_plugin_results":true,"created_at":"2017-12-31T20:40:44.535Z","terminated_at":"2017-12-31T20:40:44.535Z","terminated_by":"user","updated_at":"2018-12-31T22:27:58.599Z","deleted_at":"2017-12-31T20:40:44.535Z","deleted_by":"user","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z","first_scan_time":"2017-12-31T20:40:23.447Z","last_scan_time":"2018-03-31T22:27:52.869Z","last_authenticated_scan_date":"2017-12-31T20:40:44.535Z","last_licensed_scan_date":"2018-12-31T22:27:52.869Z","last_scan_id":"00283024-afee-44ea-b467-db5a6ed9fd50ab8f7ecb158c480e","last_schedule_id":"72284901-7c68-42b2-a0c4-c1e75568849df60557ee0e264228","azure_vm_id":"12","azure_resource_id":"12","gcp_project_id":"12","gcp_zone":"12","gcp_instance_id":"12","aws_ec2_instance_ami_id":"12","aws_ec2_instance_id":"12","agent_uuid":"22","bios_uuid":"33","aws_owner_id":"44","aws_availability_zone":null,"aws_region":null,"aws_vpc_id":null,"aws_ec2_instance_group_name":null,"aws_ec2_instance_state_name":null,"aws_ec2_instance_type":null,"aws_subnet_id":null,"aws_ec2_product_code":null,"aws_ec2_name":null,"mcafee_epo_guid":null,"mcafee_epo_agent_guid":null,"servicenow_sysid":null,"bigfix_asset_id":null,"agent_names":[],"installed_software":["cpe:/a:test:xyz:12.8","cpe:/a:test:abc:7.7.3","cpe:/a:test:pqr:6.9","cpe:/a:test:xyz"],"ipv4s":["89.160.20.112"],"ipv6s":[],"fqdns":["example.com"],"mac_addresses":[],"netbios_names":[],"operating_systems":[],"system_types":[],"hostnames":[],"ssh_fingerprints":[],"qualys_asset_ids":[],"qualys_host_ids":[],"manufacturer_tpm_ids":[],"symantec_ep_hardware_keys":[],"serial_number":"ABCD1234","sources":[{"name":"TEST_SCAN","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z"}],"tags":[{"uuid":"47e7f5f6-1013-4401-a705-479bfadc7826","key":"Geographic Area","value":"APAC","added_by":"ac2e7ef6-fac9-47bf-9170-617331322885","added_at":"2018-12-31T14:53:13.817Z"}],"network_interfaces":[{"name":"test.0.1234","mac_addresses":["00-00-5E-00-53-00","00-00-5E-00-53-FF"],"ipv4s":["89.160.20.112","81.2.69.144"],"ipv6s":["2a02:cf40::"],"fqdns":["example.com"]}],"acr_score": 3.0,"exposure_score":"721"}
 {"id":"95c2725c-7298-4a44-8a1d-63131ca3f016","has_agent":false,"has_plugin_results":true,"created_at":"2017-12-31T20:40:44.535Z","terminated_at":"2017-12-31T20:40:44.535Z","terminated_by":"user","updated_at":"2018-12-31T22:27:58.599Z","deleted_at":"2017-12-31T20:40:44.535Z","deleted_by":"user","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z","first_scan_time":"2017-12-31T20:40:23.447Z","last_scan_time":"2018-03-31T22:27:52.869Z","last_authenticated_scan_date":"2017-12-31T20:40:44.535Z","last_licensed_scan_date":"2018-12-31T22:27:52.869Z","last_scan_id":"00283024-afee-44ea-b467-db5a6ed9fd50ab8f7ecb158c480e","last_schedule_id":"72284901-7c68-42b2-a0c4-c1e75568849df60557ee0e264228","azure_vm_id":"12","azure_resource_id":"12","gcp_project_id":"12","gcp_zone":"12","gcp_instance_id":"12","aws_ec2_instance_ami_id":"12","aws_ec2_instance_id":"12","agent_uuid":"22","bios_uuid":"33","aws_owner_id":"44","aws_availability_zone":null,"aws_region":null,"aws_vpc_id":null,"aws_ec2_instance_group_name":null,"aws_ec2_instance_state_name":null,"aws_ec2_instance_type":null,"aws_subnet_id":null,"aws_ec2_product_code":null,"aws_ec2_name":null,"mcafee_epo_guid":null,"mcafee_epo_agent_guid":null,"servicenow_sysid":null,"bigfix_asset_id":null,"agent_names":[],"installed_software":["cpe:/a:test:xyz:12.8","cpe:/a:test:abc:7.7.3","cpe:/a:test:pqr:6.9","cpe:/a:test:xyz"],"ipv4s":["89.160.20.112"],"ipv6s":[],"fqdns":["example.com"],"mac_addresses":[],"netbios_names":[],"operating_systems":[],"system_types":[],"hostnames":[],"ssh_fingerprints":[],"qualys_asset_ids":[],"qualys_host_ids":[],"manufacturer_tpm_ids":[],"symantec_ep_hardware_keys":[],"serial_number":"ABCD1234","sources":[{"name":"TEST_SCAN","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z"}],"tags":[{"uuid":"47e7f5f6-1013-4401-a705-479bfadc7826","key":"Geographic Area","value":"APAC","added_by":"ac2e7ef6-fac9-47bf-9170-617331322885","added_at":"2018-12-31T14:53:13.817Z"}],"network_interfaces":[{"name":"test.0.1234","mac_addresses":["00-00-5E-00-53-00","00-00-5E-00-53-FF"],"ipv4s":["89.160.20.112","81.2.69.144"],"ipv6s":["2a02:cf40::"],"fqdns":["example.com"]}],"acr_score": "","exposure_score":""}
 {"id":"95c2725c-7298-4a44-8a1d-63131ca3f017","has_agent":false,"has_plugin_results":true,"created_at":"2017-12-31T20:40:44.535Z","terminated_at":"2017-12-31T20:40:44.535Z","terminated_by":"user","updated_at":"2018-12-31T22:27:58.599Z","deleted_at":"2017-12-31T20:40:44.535Z","deleted_by":"user","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z","first_scan_time":"2017-12-31T20:40:23.447Z","last_scan_time":"2018-03-31T22:27:52.869Z","last_authenticated_scan_date":"2017-12-31T20:40:44.535Z","last_licensed_scan_date":"2018-12-31T22:27:52.869Z","last_scan_id":"00283024-afee-44ea-b467-db5a6ed9fd50ab8f7ecb158c480e","last_schedule_id":"72284901-7c68-42b2-a0c4-c1e75568849df60557ee0e264228","azure_vm_id":"12","azure_resource_id":"12","gcp_project_id":"12","gcp_zone":"12","gcp_instance_id":"12","aws_ec2_instance_ami_id":"12","aws_ec2_instance_id":"12","agent_uuid":"22","bios_uuid":"33","aws_owner_id":"44","aws_availability_zone":null,"aws_region":null,"aws_vpc_id":null,"aws_ec2_instance_group_name":null,"aws_ec2_instance_state_name":null,"aws_ec2_instance_type":null,"aws_subnet_id":null,"aws_ec2_product_code":null,"aws_ec2_name":null,"mcafee_epo_guid":null,"mcafee_epo_agent_guid":null,"servicenow_sysid":null,"bigfix_asset_id":null,"agent_names":[],"installed_software":["cpe:/a:test:xyz:12.8","cpe:/a:test:abc:7.7.3","cpe:/a:test:pqr:6.9","cpe:/a:test:xyz"],"ipv4s":["89.160.20.112"],"ipv6s":[],"fqdns":["example.com"],"mac_addresses":[],"netbios_names":[],"operating_systems":[],"system_types":[],"hostnames":[],"ssh_fingerprints":[],"qualys_asset_ids":[],"qualys_host_ids":[],"manufacturer_tpm_ids":[],"symantec_ep_hardware_keys":[],"serial_number":"ABCD1234","sources":[{"name":"TEST_SCAN","first_seen":"2017-12-31T20:40:23.447Z","last_seen":"2018-12-31T22:27:52.869Z"}],"tags":[{"uuid":"47e7f5f6-1013-4401-a705-479bfadc7826","key":"Geographic Area","value":"APAC","added_by":"ac2e7ef6-fac9-47bf-9170-617331322885","added_at":"2018-12-31T14:53:13.817Z"}],"network_interfaces":[{"name":"test.0.1234","mac_addresses":["00-00-5E-00-53-00","00-00-5E-00-53-FF"],"ipv4s":["89.160.20.112","81.2.69.144"],"ipv6s":["2a02:cf40::"],"fqdns":["example.com"]}]}
+{"id":"13fbc572-b19a-40f6-9e47-b046e2481e5d","has_agent":false,"has_plugin_results":null,"created_at":"2024-09-24T15:01:25.000Z","terminated_at":null,"terminated_by":null,"updated_at":"2024-12-16T09:45:50.000Z","deleted_at":null,"deleted_by":null,"first_seen":"2024-09-24T15:01:25.000Z","last_seen":"2024-12-16T09:45:50.000Z","first_scan_time":"2024-09-24T15:01:25.000Z","last_scan_time":"2024-12-16T09:45:50.000Z","last_authenticated_scan_date":null,"last_licensed_scan_date":null,"last_scan_id":null,"last_schedule_id":null,"azure_vm_id":null,"azure_resource_id":null,"gcp_project_id":null,"gcp_zone":null,"gcp_instance_id":null,"aws_ec2_instance_ami_id":"ami-1ebad951bbafe70b5","aws_ec2_instance_id":"i-47b52febd53722cc3","agent_uuid":null,"bios_uuid":null,"network_id":"00000000-0000-0000-0000-000000000000","network_name":"Default","aws_owner_id":"000000000000","aws_availability_zone":"us-east-1d","aws_region":"us-east-1","aws_vpc_id":"vpc-0000000000000000","aws_ec2_instance_group_name":"launch-wizard-80","aws_ec2_instance_state_name":"running","aws_ec2_instance_type":"t2.micro","aws_subnet_id":"subnet-158cae60ba562fa09","aws_ec2_product_code":null,"aws_ec2_name":"example-fa-linux","mcafee_epo_guid":null,"mcafee_epo_agent_guid":null,"servicenow_sysid":null,"bigfix_asset_id":null,"agent_names":[],"installed_software":[],"ipv4s":["1.128.0.0","216.160.83.56"],"ipv6s":[],"fqdns":["ec4-192-0-2-96.compute-2.amazonaws.com","ip-216-160-83-56.ec2.internal"],"mac_addresses":["01:2b:07:03:79:3a"],"netbios_names":[],"operating_systems":["Linux"],"system_types":["aws-ec2-instance"],"hostnames":["ec2-216-160-83-56.compute-1.amazonaws.com"],"ssh_fingerprints":[],"qualys_asset_ids":[],"qualys_host_ids":[],"manufacturer_tpm_ids":[],"symantec_ep_hardware_keys":[],"sources":[{"name":"CloudDiscoveryConnector","first_seen":"2024-09-24T15:01:25.000Z","last_seen":"2024-12-16T09:45:50.000Z"}],"tags":[{"uuid":"b2a6467b-254d-4685-b8af-f6342d79e5c4","key":"example1","value":"assets","added_by":"521ae8ad-5945-4c8c-af2c-923cc67ff216","added_at":"2024-12-11T07:21:12.591Z"}],"network_interfaces":[{"name":"UNKNOWN","virtual":null,"aliased":null,"fqdns":["ec2-216-160-83-56.compute-1.amazonaws.com","ip-216-160-83-56.ec2.internal"],"mac_addresses":["0b:1a:0c:16:79:1a"],"ipv4s":["216.160.83.56","81.2.69.142"],"ipv6s":[]}],"open_ports":[],"acr_score":"9.0","exposure_score":"744.0","ratings":{"acr":{"score":9},"aes":{"score":744}},"resource_tags":[{"key":"example-name","value":"cust1-fa-linux"},{"key":"ExpirationTime","value":"1731485476823"}]}
@@ -1264,6 +1264,167 @@
                     "updated_at": "2018-12-31T22:27:58.599Z"
                 }
             }
+        },
+        {
+            "@timestamp": "2024-12-16T09:45:50.000Z",
+            "cloud": {
+                "availability_zone": "us-east-1d",
+                "instance": {
+                    "id": "i-47b52febd53722cc3"
+                },
+                "machine": {
+                    "type": "t2.micro"
+                },
+                "region": "us-east-1"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "host"
+                ],
+                "kind": "state",
+                "original": "{\"id\":\"13fbc572-b19a-40f6-9e47-b046e2481e5d\",\"has_agent\":false,\"has_plugin_results\":null,\"created_at\":\"2024-09-24T15:01:25.000Z\",\"terminated_at\":null,\"terminated_by\":null,\"updated_at\":\"2024-12-16T09:45:50.000Z\",\"deleted_at\":null,\"deleted_by\":null,\"first_seen\":\"2024-09-24T15:01:25.000Z\",\"last_seen\":\"2024-12-16T09:45:50.000Z\",\"first_scan_time\":\"2024-09-24T15:01:25.000Z\",\"last_scan_time\":\"2024-12-16T09:45:50.000Z\",\"last_authenticated_scan_date\":null,\"last_licensed_scan_date\":null,\"last_scan_id\":null,\"last_schedule_id\":null,\"azure_vm_id\":null,\"azure_resource_id\":null,\"gcp_project_id\":null,\"gcp_zone\":null,\"gcp_instance_id\":null,\"aws_ec2_instance_ami_id\":\"ami-1ebad951bbafe70b5\",\"aws_ec2_instance_id\":\"i-47b52febd53722cc3\",\"agent_uuid\":null,\"bios_uuid\":null,\"network_id\":\"00000000-0000-0000-0000-000000000000\",\"network_name\":\"Default\",\"aws_owner_id\":\"000000000000\",\"aws_availability_zone\":\"us-east-1d\",\"aws_region\":\"us-east-1\",\"aws_vpc_id\":\"vpc-0000000000000000\",\"aws_ec2_instance_group_name\":\"launch-wizard-80\",\"aws_ec2_instance_state_name\":\"running\",\"aws_ec2_instance_type\":\"t2.micro\",\"aws_subnet_id\":\"subnet-158cae60ba562fa09\",\"aws_ec2_product_code\":null,\"aws_ec2_name\":\"example-fa-linux\",\"mcafee_epo_guid\":null,\"mcafee_epo_agent_guid\":null,\"servicenow_sysid\":null,\"bigfix_asset_id\":null,\"agent_names\":[],\"installed_software\":[],\"ipv4s\":[\"1.128.0.0\",\"216.160.83.56\"],\"ipv6s\":[],\"fqdns\":[\"ec4-192-0-2-96.compute-2.amazonaws.com\",\"ip-216-160-83-56.ec2.internal\"],\"mac_addresses\":[\"01:2b:07:03:79:3a\"],\"netbios_names\":[],\"operating_systems\":[\"Linux\"],\"system_types\":[\"aws-ec2-instance\"],\"hostnames\":[\"ec2-216-160-83-56.compute-1.amazonaws.com\"],\"ssh_fingerprints\":[],\"qualys_asset_ids\":[],\"qualys_host_ids\":[],\"manufacturer_tpm_ids\":[],\"symantec_ep_hardware_keys\":[],\"sources\":[{\"name\":\"CloudDiscoveryConnector\",\"first_seen\":\"2024-09-24T15:01:25.000Z\",\"last_seen\":\"2024-12-16T09:45:50.000Z\"}],\"tags\":[{\"uuid\":\"b2a6467b-254d-4685-b8af-f6342d79e5c4\",\"key\":\"example1\",\"value\":\"assets\",\"added_by\":\"521ae8ad-5945-4c8c-af2c-923cc67ff216\",\"added_at\":\"2024-12-11T07:21:12.591Z\"}],\"network_interfaces\":[{\"name\":\"UNKNOWN\",\"virtual\":null,\"aliased\":null,\"fqdns\":[\"ec2-216-160-83-56.compute-1.amazonaws.com\",\"ip-216-160-83-56.ec2.internal\"],\"mac_addresses\":[\"0b:1a:0c:16:79:1a\"],\"ipv4s\":[\"216.160.83.56\",\"81.2.69.142\"],\"ipv6s\":[]}],\"open_ports\":[],\"acr_score\":\"9.0\",\"exposure_score\":\"744.0\",\"ratings\":{\"acr\":{\"score\":9},\"aes\":{\"score\":744}},\"resource_tags\":[{\"key\":\"example-name\",\"value\":\"cust1-fa-linux\"},{\"key\":\"ExpirationTime\",\"value\":\"1731485476823\"}]}",
+                "type": [
+                    "info"
+                ]
+            },
+            "host": {
+                "domain": [
+                    "ec4-192-0-2-96.compute-2.amazonaws.com",
+                    "ip-216-160-83-56.ec2.internal"
+                ],
+                "hostname": [
+                    "ec2-216-160-83-56.compute-1.amazonaws.com"
+                ],
+                "id": "13fbc572-b19a-40f6-9e47-b046e2481e5d",
+                "ip": [
+                    "1.128.0.0",
+                    "216.160.83.56"
+                ],
+                "mac": [
+                    "01-2B-07-03-79-3A",
+                    "0B-1A-0C-16-79-1A"
+                ],
+                "os": {
+                    "name": [
+                        "Linux"
+                    ]
+                }
+            },
+            "network": {
+                "name": "Default"
+            },
+            "related": {
+                "hosts": [
+                    "ec2-216-160-83-56.compute-1.amazonaws.com",
+                    "ip-216-160-83-56.ec2.internal",
+                    "ec4-192-0-2-96.compute-2.amazonaws.com"
+                ],
+                "ip": [
+                    "216.160.83.56",
+                    "81.2.69.142",
+                    "1.128.0.0"
+                ]
+            },
+            "tags": [
+                "preserve_original_event",
+                "preserve_duplicate_custom_fields"
+            ],
+            "tenable_io": {
+                "asset": {
+                    "acr_score": 9,
+                    "aws": {
+                        "availability_zone": "us-east-1d",
+                        "ec2_instance": {
+                            "ami_id": "ami-1ebad951bbafe70b5",
+                            "group_name": "launch-wizard-80",
+                            "id": "i-47b52febd53722cc3",
+                            "state_name": "running",
+                            "type": "t2.micro"
+                        },
+                        "ec2_name": "example-fa-linux",
+                        "owner_id": "000000000000",
+                        "region": "us-east-1",
+                        "subnet_id": "subnet-158cae60ba562fa09",
+                        "vpc_id": "vpc-0000000000000000"
+                    },
+                    "created_at": "2024-09-24T15:01:25.000Z",
+                    "exposure_score": 744,
+                    "first_scan_time": "2024-09-24T15:01:25.000Z",
+                    "first_seen": "2024-09-24T15:01:25.000Z",
+                    "fqdns": [
+                        "ec4-192-0-2-96.compute-2.amazonaws.com",
+                        "ip-216-160-83-56.ec2.internal"
+                    ],
+                    "has_agent": false,
+                    "hostnames": [
+                        "ec2-216-160-83-56.compute-1.amazonaws.com"
+                    ],
+                    "id": "13fbc572-b19a-40f6-9e47-b046e2481e5d",
+                    "ipv4s": [
+                        "1.128.0.0",
+                        "216.160.83.56"
+                    ],
+                    "last_scan_time": "2024-12-16T09:45:50.000Z",
+                    "last_seen": "2024-12-16T09:45:50.000Z",
+                    "mac_addresses": [
+                        "01-2B-07-03-79-3A"
+                    ],
+                    "network": {
+                        "id": "00000000-0000-0000-0000-000000000000",
+                        "name": "Default"
+                    },
+                    "network_interfaces": [
+                        {
+                            "fqdns": [
+                                "ec2-216-160-83-56.compute-1.amazonaws.com",
+                                "ip-216-160-83-56.ec2.internal"
+                            ],
+                            "ipv4s": [
+                                "216.160.83.56",
+                                "81.2.69.142"
+                            ],
+                            "mac_addresses": [
+                                "0B-1A-0C-16-79-1A"
+                            ],
+                            "name": "UNKNOWN"
+                        }
+                    ],
+                    "operating_systems": [
+                        "Linux"
+                    ],
+                    "ratings": {
+                        "acr": {
+                            "score": 9
+                        },
+                        "aes": {
+                            "score": 744
+                        }
+                    },
+                    "sources": [
+                        {
+                            "first_seen": "2024-09-24T15:01:25.000Z",
+                            "last_seen": "2024-12-16T09:45:50.000Z",
+                            "name": "CloudDiscoveryConnector"
+                        }
+                    ],
+                    "system_types": [
+                        "aws-ec2-instance"
+                    ],
+                    "tags": [
+                        {
+                            "added_at": "2024-12-11T07:21:12.591Z",
+                            "added_by": "521ae8ad-5945-4c8c-af2c-923cc67ff216",
+                            "key": "example1",
+                            "uuid": "b2a6467b-254d-4685-b8af-f6342d79e5c4",
+                            "value": "assets"
+                        }
+                    ],
+                    "updated_at": "2024-12-16T09:45:50.000Z"
+                }
+            }
         }
     ]
 }
@@ -348,6 +348,28 @@ processors:
       field: host.os.name
       copy_from: tenable_io.asset.operating_systems
       ignore_empty_value: true
+  - convert:
+      field: json.ratings.acr.score
+      tag: convert_acr_score_to_long
+      type: long
+      target_field: tenable_io.asset.ratings.acr.score
+      ignore_missing: true
+      if: ctx.json?.ratings?.acr?.score != ''
+      on_failure:
+        - append:
+            field: error.message
+            value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+  - convert:
+      field: json.ratings.aes.score
+      tag: convert_aes_score_to_long
+      type: long
+      target_field: tenable_io.asset.ratings.aes.score
+      ignore_missing: true
+      if: ctx.json?.ratings?.aes?.score != ''
+      on_failure:
+        - append:
+            field: error.message
+            value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - rename:
       field: json.system_types
       target_field: tenable_io.asset.system_types