Skip to content

Commit 4bab472

Browse files
navnit-elasticnavnit-elastic
committed
rapid7_insightvm: use terminate function to stop pagination in HTTPJSON templates
1 parent 0c09abe commit 4bab472

File tree

7 files changed

+63
-46
lines changed

7 files changed

+63
-46
lines changed

packages/rapid7_insightvm/changelog.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
# newer versions go on top
2+
- version: "2.3.0"
3+
changes:
4+
- description: |
5+
Use terminate function to stop pagination rather than relying on template failure in HTTPJSON templates.
6+
This will prevent updating fleet health status to degraded.
7+
type: enhancement
8+
link: https://github.com/elastic/integrations/pull/1
29
- version: "2.2.0"
310
changes:
411
- description: Avoid updating fleet health status to degraded when HTTPJSON template value evaluation is empty.

packages/rapid7_insightvm/data_stream/asset/agent/stream/httpjson.yml.hbs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,12 @@ response.pagination:
3939
do_not_log_failure: true
4040
- set:
4141
target: url.params.cursor
42-
value: '[[if index .last_response.body.metadata "cursor"]][[.last_response.body.metadata.cursor]][[end]]'
42+
value: >-
43+
[[- if index .last_response.body.metadata "cursor" -]]
44+
[[.last_response.body.metadata.cursor]]
45+
[[- else -]]
46+
[[- terminate "stop pagination" -]]
47+
[[end]]
4348
fail_on_template_error: true
4449
do_not_log_failure: true
4550
response.split:

packages/rapid7_insightvm/data_stream/asset/sample_event.json

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,33 @@
11
{
2-
"@timestamp": "2025-07-30T12:27:26.931Z",
2+
"@timestamp": "2025-08-29T06:17:27.788Z",
33
"agent": {
4-
"ephemeral_id": "08d06867-8f75-4d09-a992-ee92a24ee1a3",
5-
"id": "0f0ccca8-57b9-43f3-9186-3c016c331f87",
6-
"name": "elastic-agent-58717",
4+
"ephemeral_id": "d1438cdc-5cea-4c48-8db1-9c16203ad48c",
5+
"id": "e498bfac-b790-4ade-8524-a791b38bacee",
6+
"name": "elastic-agent-30248",
77
"type": "filebeat",
8-
"version": "8.19.0"
8+
"version": "8.19.3"
99
},
1010
"data_stream": {
1111
"dataset": "rapid7_insightvm.asset",
12-
"namespace": "17989",
12+
"namespace": "87881",
1313
"type": "logs"
1414
},
1515
"ecs": {
1616
"version": "8.11.0"
1717
},
1818
"elastic_agent": {
19-
"id": "0f0ccca8-57b9-43f3-9186-3c016c331f87",
20-
"snapshot": true,
21-
"version": "8.19.0"
19+
"id": "e498bfac-b790-4ade-8524-a791b38bacee",
20+
"snapshot": false,
21+
"version": "8.19.3"
2222
},
2323
"event": {
2424
"agent_id_status": "verified",
2525
"category": [
2626
"host"
2727
],
28-
"created": "2025-07-30T12:27:26.931Z",
28+
"created": "2025-08-29T06:17:27.788Z",
2929
"dataset": "rapid7_insightvm.asset",
30-
"ingested": "2025-07-30T12:27:29Z",
30+
"ingested": "2025-08-29T06:17:29Z",
3131
"kind": "state",
3232
"original": "{\"assessed_for_policies\":false,\"assessed_for_vulnerabilities\":true,\"critical_vulnerabilities\":0,\"exploits\":0,\"id\":\"452534235-25a7-40a3-9321-28ce0b5cc90e-default-asset-199\",\"ip\":\"10.1.0.128\",\"last_assessed_for_vulnerabilities\":\"2020-03-20T19:19:42.611Z\",\"last_scan_end\":\"2020-03-20T19:19:42.611Z\",\"last_scan_start\":\"2020-03-20T19:18:13.611Z\",\"malware_kits\":0,\"moderate_vulnerabilities\":2,\"new\":[],\"os_architecture\":\"x86_64\",\"os_description\":\"CentOS Linux 2.6.18\",\"os_family\":\"Linux\",\"os_name\":\"Linux\",\"os_system_name\":\"CentOS Linux\",\"os_type\":\"General\",\"os_vendor\":\"CentOS\",\"os_version\":\"2.6.18\",\"remediated\":[],\"risk_score\":0,\"severe_vulnerabilities\":0,\"tags\":[{\"name\":\"lab\",\"type\":\"SITE\"}],\"total_vulnerabilities\":2}",
3333
"type": [

packages/rapid7_insightvm/data_stream/vulnerability/agent/stream/httpjson.yml.hbs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,12 @@ request.transforms:
3232
response.pagination:
3333
- set:
3434
target: url.params.cursor
35-
value: '[[if index .last_response.body.metadata "cursor"]][[.last_response.body.metadata.cursor]][[end]]'
35+
value: >-
36+
[[- if index .last_response.body.metadata "cursor" -]]
37+
[[.last_response.body.metadata.cursor]]
38+
[[- else -]]
39+
[[- terminate "stop pagination" -]]
40+
[[end]]
3641
fail_on_template_error: true
3742
do_not_log_failure: true
3843
response.split:

packages/rapid7_insightvm/data_stream/vulnerability/sample_event.json

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,34 @@
11
{
22
"@timestamp": "2018-06-08T00:00:00.000Z",
33
"agent": {
4-
"ephemeral_id": "488e5224-2624-4d2d-8117-39d02f6fe12d",
5-
"id": "d5820362-a217-44f6-aab2-d444704e9be3",
6-
"name": "elastic-agent-58088",
4+
"ephemeral_id": "1148c9c5-440a-474f-9f77-0b6cec861eb6",
5+
"id": "bae09b0f-a617-4c0b-b255-bf46a3405ddf",
6+
"name": "elastic-agent-19358",
77
"type": "filebeat",
8-
"version": "8.19.0"
8+
"version": "8.19.3"
99
},
1010
"data_stream": {
1111
"dataset": "rapid7_insightvm.vulnerability",
12-
"namespace": "55539",
12+
"namespace": "31723",
1313
"type": "logs"
1414
},
1515
"ecs": {
1616
"version": "8.11.0"
1717
},
1818
"elastic_agent": {
19-
"id": "d5820362-a217-44f6-aab2-d444704e9be3",
20-
"snapshot": true,
21-
"version": "8.19.0"
19+
"id": "bae09b0f-a617-4c0b-b255-bf46a3405ddf",
20+
"snapshot": false,
21+
"version": "8.19.3"
2222
},
2323
"event": {
2424
"agent_id_status": "verified",
2525
"category": [
2626
"vulnerability"
2727
],
28-
"created": "2025-07-30T12:28:12.994Z",
28+
"created": "2025-08-29T06:09:49.692Z",
2929
"dataset": "rapid7_insightvm.vulnerability",
3030
"id": "7-zip-cve-2008-6536",
31-
"ingested": "2025-07-30T12:28:15Z",
31+
"ingested": "2025-08-29T06:09:51Z",
3232
"kind": "event",
3333
"original": "{\"added\":\"2018-05-16T00:00:00Z\",\"categories\":\"7-Zip\",\"cves\":\"CVE-2008-6536\",\"cvss_v2_access_complexity\":\"low\",\"cvss_v2_access_vector\":\"network\",\"cvss_v2_authentication\":\"none\",\"cvss_v2_availability_impact\":\"complete\",\"cvss_v2_confidentiality_impact\":\"complete\",\"cvss_v2_exploit_score\":9.996799,\"cvss_v2_impact_score\":10.000845,\"cvss_v2_integrity_impact\":\"complete\",\"cvss_v2_score\":10,\"cvss_v2_vector\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"cvss_v3_attack_complexity\":null,\"cvss_v3_attack_vector\":null,\"cvss_v3_availability_impact\":null,\"cvss_v3_confidentiality_impact\":null,\"cvss_v3_exploit_score\":0,\"cvss_v3_impact_score\":0,\"cvss_v3_integrity_impact\":null,\"cvss_v3_privileges_required\":null,\"cvss_v3_scope\":null,\"cvss_v3_score\":0,\"cvss_v3_user_interaction\":null,\"cvss_v3_vector\":null,\"denial_of_service\":false,\"description\":\"Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).\",\"exploits\":[],\"id\":\"7-zip-cve-2008-6536\",\"links\":[{\"href\":\"http://www.securityfocus.com/bid/28285\",\"id\":\"28285\",\"rel\":\"advisory\",\"source\":\"bid\"},{\"href\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"id\":\"41247\",\"rel\":\"advisory\",\"source\":\"xf\"},{\"href\":\"http://nvd.nist.gov/vuln/detail/CVE-2008-6536\",\"id\":\"CVE-2008-6536\",\"rel\":\"advisory\",\"source\":\"cve\"},{\"href\":\"http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\",\"id\":\"http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\",\"id\":\"http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.securityfocus.com/bid/28285\",\"id\":\"http://www.securityfocus.com/bid/28285\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.vupen.com/english/advisories/2008/0914/references\",\"id\":\"http://www.vupen.com/english/advisories/2008/0914/references\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"id\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"id\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"rel\":\"advisory\",\"source\":\"url\"}],\"malware_kits\":[],\"modified\":\"2018-06-08T00:00:00Z\",\"pci_cvss_score\":10,\"pci_fail\":true,\"pci_severity_score\":5,\"pci_special_notes\":\"\",\"pci_status\":\"fail\",\"published\":\"2009-03-29T00:00:00Z\",\"references\":\"bid:28285,xf:41247,cve:CVE-2008-6536,url:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html,url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/,url:http://www.securityfocus.com/bid/28285,url:http://www.vupen.com/english/advisories/2008/0914/references,url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf,url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"risk_score\":885.16,\"severity\":\"critical\",\"severity_score\":10,\"title\":\"7-Zip: CVE-2008-6536: Unspecified vulnerability in 7-zip before 4.5.7\"}",
3434
"risk_score": 885.16,

packages/rapid7_insightvm/docs/README.md

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -69,35 +69,35 @@ An example event for `asset` looks as following:
6969

7070
```json
7171
{
72-
"@timestamp": "2025-07-30T12:27:26.931Z",
72+
"@timestamp": "2025-08-29T06:17:27.788Z",
7373
"agent": {
74-
"ephemeral_id": "08d06867-8f75-4d09-a992-ee92a24ee1a3",
75-
"id": "0f0ccca8-57b9-43f3-9186-3c016c331f87",
76-
"name": "elastic-agent-58717",
74+
"ephemeral_id": "d1438cdc-5cea-4c48-8db1-9c16203ad48c",
75+
"id": "e498bfac-b790-4ade-8524-a791b38bacee",
76+
"name": "elastic-agent-30248",
7777
"type": "filebeat",
78-
"version": "8.19.0"
78+
"version": "8.19.3"
7979
},
8080
"data_stream": {
8181
"dataset": "rapid7_insightvm.asset",
82-
"namespace": "17989",
82+
"namespace": "87881",
8383
"type": "logs"
8484
},
8585
"ecs": {
8686
"version": "8.11.0"
8787
},
8888
"elastic_agent": {
89-
"id": "0f0ccca8-57b9-43f3-9186-3c016c331f87",
90-
"snapshot": true,
91-
"version": "8.19.0"
89+
"id": "e498bfac-b790-4ade-8524-a791b38bacee",
90+
"snapshot": false,
91+
"version": "8.19.3"
9292
},
9393
"event": {
9494
"agent_id_status": "verified",
9595
"category": [
9696
"host"
9797
],
98-
"created": "2025-07-30T12:27:26.931Z",
98+
"created": "2025-08-29T06:17:27.788Z",
9999
"dataset": "rapid7_insightvm.asset",
100-
"ingested": "2025-07-30T12:27:29Z",
100+
"ingested": "2025-08-29T06:17:29Z",
101101
"kind": "state",
102102
"original": "{\"assessed_for_policies\":false,\"assessed_for_vulnerabilities\":true,\"critical_vulnerabilities\":0,\"exploits\":0,\"id\":\"452534235-25a7-40a3-9321-28ce0b5cc90e-default-asset-199\",\"ip\":\"10.1.0.128\",\"last_assessed_for_vulnerabilities\":\"2020-03-20T19:19:42.611Z\",\"last_scan_end\":\"2020-03-20T19:19:42.611Z\",\"last_scan_start\":\"2020-03-20T19:18:13.611Z\",\"malware_kits\":0,\"moderate_vulnerabilities\":2,\"new\":[],\"os_architecture\":\"x86_64\",\"os_description\":\"CentOS Linux 2.6.18\",\"os_family\":\"Linux\",\"os_name\":\"Linux\",\"os_system_name\":\"CentOS Linux\",\"os_type\":\"General\",\"os_vendor\":\"CentOS\",\"os_version\":\"2.6.18\",\"remediated\":[],\"risk_score\":0,\"severe_vulnerabilities\":0,\"tags\":[{\"name\":\"lab\",\"type\":\"SITE\"}],\"total_vulnerabilities\":2}",
103103
"type": [
@@ -611,34 +611,34 @@ An example event for `vulnerability` looks as following:
611611
{
612612
"@timestamp": "2018-06-08T00:00:00.000Z",
613613
"agent": {
614-
"ephemeral_id": "488e5224-2624-4d2d-8117-39d02f6fe12d",
615-
"id": "d5820362-a217-44f6-aab2-d444704e9be3",
616-
"name": "elastic-agent-58088",
614+
"ephemeral_id": "1148c9c5-440a-474f-9f77-0b6cec861eb6",
615+
"id": "bae09b0f-a617-4c0b-b255-bf46a3405ddf",
616+
"name": "elastic-agent-19358",
617617
"type": "filebeat",
618-
"version": "8.19.0"
618+
"version": "8.19.3"
619619
},
620620
"data_stream": {
621621
"dataset": "rapid7_insightvm.vulnerability",
622-
"namespace": "55539",
622+
"namespace": "31723",
623623
"type": "logs"
624624
},
625625
"ecs": {
626626
"version": "8.11.0"
627627
},
628628
"elastic_agent": {
629-
"id": "d5820362-a217-44f6-aab2-d444704e9be3",
630-
"snapshot": true,
631-
"version": "8.19.0"
629+
"id": "bae09b0f-a617-4c0b-b255-bf46a3405ddf",
630+
"snapshot": false,
631+
"version": "8.19.3"
632632
},
633633
"event": {
634634
"agent_id_status": "verified",
635635
"category": [
636636
"vulnerability"
637637
],
638-
"created": "2025-07-30T12:28:12.994Z",
638+
"created": "2025-08-29T06:09:49.692Z",
639639
"dataset": "rapid7_insightvm.vulnerability",
640640
"id": "7-zip-cve-2008-6536",
641-
"ingested": "2025-07-30T12:28:15Z",
641+
"ingested": "2025-08-29T06:09:51Z",
642642
"kind": "event",
643643
"original": "{\"added\":\"2018-05-16T00:00:00Z\",\"categories\":\"7-Zip\",\"cves\":\"CVE-2008-6536\",\"cvss_v2_access_complexity\":\"low\",\"cvss_v2_access_vector\":\"network\",\"cvss_v2_authentication\":\"none\",\"cvss_v2_availability_impact\":\"complete\",\"cvss_v2_confidentiality_impact\":\"complete\",\"cvss_v2_exploit_score\":9.996799,\"cvss_v2_impact_score\":10.000845,\"cvss_v2_integrity_impact\":\"complete\",\"cvss_v2_score\":10,\"cvss_v2_vector\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"cvss_v3_attack_complexity\":null,\"cvss_v3_attack_vector\":null,\"cvss_v3_availability_impact\":null,\"cvss_v3_confidentiality_impact\":null,\"cvss_v3_exploit_score\":0,\"cvss_v3_impact_score\":0,\"cvss_v3_integrity_impact\":null,\"cvss_v3_privileges_required\":null,\"cvss_v3_scope\":null,\"cvss_v3_score\":0,\"cvss_v3_user_interaction\":null,\"cvss_v3_vector\":null,\"denial_of_service\":false,\"description\":\"Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).\",\"exploits\":[],\"id\":\"7-zip-cve-2008-6536\",\"links\":[{\"href\":\"http://www.securityfocus.com/bid/28285\",\"id\":\"28285\",\"rel\":\"advisory\",\"source\":\"bid\"},{\"href\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"id\":\"41247\",\"rel\":\"advisory\",\"source\":\"xf\"},{\"href\":\"http://nvd.nist.gov/vuln/detail/CVE-2008-6536\",\"id\":\"CVE-2008-6536\",\"rel\":\"advisory\",\"source\":\"cve\"},{\"href\":\"http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\",\"id\":\"http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\",\"id\":\"http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.securityfocus.com/bid/28285\",\"id\":\"http://www.securityfocus.com/bid/28285\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.vupen.com/english/advisories/2008/0914/references\",\"id\":\"http://www.vupen.com/english/advisories/2008/0914/references\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"id\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"rel\":\"advisory\",\"source\":\"url\"},{\"href\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"id\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"rel\":\"advisory\",\"source\":\"url\"}],\"malware_kits\":[],\"modified\":\"2018-06-08T00:00:00Z\",\"pci_cvss_score\":10,\"pci_fail\":true,\"pci_severity_score\":5,\"pci_special_notes\":\"\",\"pci_status\":\"fail\",\"published\":\"2009-03-29T00:00:00Z\",\"references\":\"bid:28285,xf:41247,cve:CVE-2008-6536,url:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html,url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/,url:http://www.securityfocus.com/bid/28285,url:http://www.vupen.com/english/advisories/2008/0914/references,url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf,url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41247\",\"risk_score\":885.16,\"severity\":\"critical\",\"severity_score\":10,\"title\":\"7-Zip: CVE-2008-6536: Unspecified vulnerability in 7-zip before 4.5.7\"}",
644644
"risk_score": 885.16,

packages/rapid7_insightvm/manifest.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
format_version: "3.4.0"
22
name: rapid7_insightvm
33
title: Rapid7 InsightVM
4-
version: "2.2.0"
4+
version: "2.3.0"
55
source:
66
license: "Elastic-2.0"
77
description: Collect logs from Rapid7 InsightVM with Elastic Agent.
@@ -11,7 +11,7 @@ categories:
1111
- vulnerability_management
1212
conditions:
1313
kibana:
14-
version: "^8.19.0 || ^9.1.0"
14+
version: "^8.19.3 || ^9.1.3"
1515
elastic:
1616
subscription: "basic"
1717
screenshots:

0 commit comments

Comments
 (0)