Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/qualys_vmdr/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "6.19.1"
changes:
- description: Record missing KB entries in `knowledge_base.status` instead of `error.message`, so they no longer mark documents as `pipeline_error`.
type: bugfix
link: https://github.com/elastic/integrations/pull/20052
- version: "6.19.0"
changes:
- description: Use new `release` field for agentless deployment mode to establish as beta.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@
"interval_id": "86fae5c8-3209-4b86-ac48-4b5ba6e7adb5",
"interval_start": "2025-05-20T22:57:42.484Z",
"message": "{\"DETECTION_LIST\":{\"FIRST_FOUND_DATETIME\":\"2019-11-06T09:41:57Z\",\"IS_DISABLED\":\"0\",\"IS_IGNORED\":\"0\",\"LAST_FOUND_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_PROCESSED_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_TEST_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_UPDATE_DATETIME\":\"2019-11-12T15:00:26Z\",\"QID\":\"256716\",\"RESULTS\":\"Package\\tInstalled Version\\tRequired Version;;rsync\\t3.1.2-12.el7_9.tuxcare.els1.x86_64\\t3.1.2-12.el7_9.tuxcare.els2;;CentOS Linux release 7.9 (Final, ELS by Cloudlinux)\",\"SEVERITY\":\"4\",\"SSL\":\"0\",\"STATUS\":\"Active\",\"TIMES_FOUND\":\"10\",\"TYPE\":\"Confirmed\",\"UNIQUE_VULN_ID\":\"2029338482\"},\"DNS\":\"user-staging.example.net\",\"DNS_DATA\":{\"DOMAIN\":\"example.net\",\"FQDN\":\"user-staging.example.net\",\"HOSTNAME\":\"user-staging\"},\"ID\":\"117163093\",\"IP\":\"81.2.69.192\",\"KNOWLEDGE_BASE\":{\"CATEGORY\":\"CentOS\",\"CODE_MODIFIED_DATETIME\":\"2019-11-04T10:48:40Z\",\"CONSEQUENCE\":\"This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.\",\"CORRELATION\":{\"EXPLOITS\":{\"EXPLT_SRC\":[{\"EXPLT_LIST\":{\"EXPLT\":[{\"DESC\":\"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.\",\"LINK\":\"https://www.openwall.com/lists/oss-security/2019/09/17/1\",\"REF\":\"CVE-2019-14835\"}]},\"SRC_NAME\":\"nist-nvd2\"},{\"EXPLT_LIST\":{\"EXPLT\":[{\"DESC\":\"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.\",\"LINK\":\"https://www.openwall.com/lists/oss-security/2019/09/17/1\",\"REF\":\"CVE-2019-14835\"}]},\"SRC_NAME\":\"nvd\"}]}},\"CVE_LIST\":[\"CVE-2019-14835\"],\"CVSS\":{\"BASE\":\"7.2\",\"TEMPORAL\":\"5.6\",\"VECTOR_STRING\":\"CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C\"},\"CVSS_V3\":{\"BASE\":\"7.8\",\"CVSS3_VERSION\":\"3.1\",\"TEMPORAL\":\"7.0\",\"VECTOR_STRING\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"},\"DIAGNOSIS\":\"CentOS has released security update for kernel to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7\",\"DISCOVERY\":{\"ADDITIONAL_INFO\":\"Patch Available, Exploit Available\",\"AUTH_TYPE_LIST\":{\"AUTH_TYPE\":[\"Unix\"]},\"REMOTE\":\"0\"},\"LAST_SERVICE_MODIFICATION_DATETIME\":\"2024-03-01T00:00:02Z\",\"PATCHABLE\":\"1\",\"PCI_FLAG\":\"1\",\"PUBLISHED_DATETIME\":\"2019-11-04T10:48:40Z\",\"QID\":\"256716\",\"SEVERITY_LEVEL\":\"4\",\"SOFTWARE_LIST\":{\"SOFTWARE\":[{\"PRODUCT\":\"kernel\",\"VENDOR\":\"centos\"}]},\"SOLUTION\":\"To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=\\\"https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html\\\" TARGET=\\\"_blank\\\">centos 7</A> for updates and patch information.\\n<P>Patch:<BR>\\nFollowing are links for downloading patches to fix the vulnerabilities:\\n<P> <A HREF=\\\"https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html\\\" TARGET=\\\"_blank\\\">CESA-2019:2829:centos 7</A>\",\"THREAT_INTELLIGENCE\":{\"THREAT_INTEL\":[{\"#text\":\"Exploit_Public\",\"id\":\"2\"},{\"#text\":\"High_Lateral_Movement\",\"id\":\"4\"},{\"#text\":\"Easy_Exploit\",\"id\":\"5\"},{\"#text\":\"High_Data_Loss\",\"id\":\"6\"},{\"#text\":\"Denial_of_Service\",\"id\":\"7\"}]},\"TITLE\":\"CentOS Security Update for kernel (CESA-2019:2829)\",\"VENDOR_REFERENCE_LIST\":{\"VENDOR_REFERENCE\":[{\"ID\":\"CESA-2019:2829 centos 7\",\"URL\":\"https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html\"}]},\"VULN_TYPE\":\"Vulnerability\"},\"LAST_PC_SCANNED_DATE\":\"2019-11-11T22:25:02Z\",\"LAST_SCAN_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_VM_AUTH_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"LAST_VM_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"NETWORK_ID\":\"0\",\"OS\":\"CentOS Linux 7.4.1708\",\"QG_HOSTID\":\"19260abb-8547-467e-928d-73c13f13ea3c\",\"TRACKING_METHOD\":\"AGENT\"}"
},
{
"@timestamp": "2025-12-01T10:15:00.000Z",
"interval_id": "9d69b1dc-8e86-4946-809e-577433b1d999",
"interval_start": "2025-12-01T10:15:00Z",
"message": "{\"DETECTION_LIST\":{\"FIRST_FOUND_DATETIME\":\"2019-11-06T09:41:57Z\",\"IS_DISABLED\":\"0\",\"IS_IGNORED\":\"0\",\"LAST_FOUND_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_PROCESSED_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_TEST_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_UPDATE_DATETIME\":\"2019-11-12T15:00:26Z\",\"QID\":\"256716\",\"SEVERITY\":\"4\",\"SSL\":\"0\",\"STATUS\":\"Active\",\"TIMES_FOUND\":\"10\",\"TYPE\":\"Confirmed\",\"UNIQUE_VULN_ID\":\"2029338483\"},\"DNS\":\"user-noKB.example.net\",\"DNS_DATA\":{\"DOMAIN\":\"example.net\",\"FQDN\":\"user-noKB.example.net\",\"HOSTNAME\":\"user-noKB\"},\"ID\":\"117163099\",\"IP\":\"81.2.69.193\",\"LAST_PC_SCANNED_DATE\":\"2019-11-11T22:25:02Z\",\"LAST_SCAN_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_VM_AUTH_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"LAST_VM_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"NETWORK_ID\":\"0\",\"OS\":\"CentOS Linux 7.4.1708\",\"QG_HOSTID\":\"19260abb-8547-467e-928d-73c13f13ea3d\",\"TRACKING_METHOD\":\"AGENT\"}"
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@
"solution": {
"value": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html\" TARGET=\"_blank\">centos 7</A> for updates and patch information.\n<P>Patch:<BR>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2019-October/023457.html\" TARGET=\"_blank\">CESA-2019:2829:centos 7</A>"
},
"status": "found",
"threat_intelligence": {
"intel": [
{
Expand Down Expand Up @@ -261,6 +262,110 @@
"severity": "High",
"title": "CentOS Security Update for kernel (CESA-2019:2829)"
}
},
{
"@timestamp": "2025-12-01T10:15:00.000Z",
"cloud": {
"instance": {
"name": "user-noKB"
}
},
"ecs": {
"version": "8.11.0"
},
"event": {
"category": [
"vulnerability"
],
"id": "2029338483",
"kind": "alert",
"original": "{\"DETECTION_LIST\":{\"FIRST_FOUND_DATETIME\":\"2019-11-06T09:41:57Z\",\"IS_DISABLED\":\"0\",\"IS_IGNORED\":\"0\",\"LAST_FOUND_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_PROCESSED_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_TEST_DATETIME\":\"2019-11-11T23:29:53Z\",\"LAST_UPDATE_DATETIME\":\"2019-11-12T15:00:26Z\",\"QID\":\"256716\",\"SEVERITY\":\"4\",\"SSL\":\"0\",\"STATUS\":\"Active\",\"TIMES_FOUND\":\"10\",\"TYPE\":\"Confirmed\",\"UNIQUE_VULN_ID\":\"2029338483\"},\"DNS\":\"user-noKB.example.net\",\"DNS_DATA\":{\"DOMAIN\":\"example.net\",\"FQDN\":\"user-noKB.example.net\",\"HOSTNAME\":\"user-noKB\"},\"ID\":\"117163099\",\"IP\":\"81.2.69.193\",\"LAST_PC_SCANNED_DATE\":\"2019-11-11T22:25:02Z\",\"LAST_SCAN_DATETIME\":\"2019-11-12T15:00:26Z\",\"LAST_VM_AUTH_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"LAST_VM_SCANNED_DATE\":\"2019-11-11T23:29:53Z\",\"NETWORK_ID\":\"0\",\"OS\":\"CentOS Linux 7.4.1708\",\"QG_HOSTID\":\"19260abb-8547-467e-928d-73c13f13ea3d\",\"TRACKING_METHOD\":\"AGENT\"}",
"type": [
"info"
]
},
"host": {
"hostname": "user-noKB",
"id": "117163099",
"ip": [
"81.2.69.193"
],
"name": "user-noKB.example.net",
"os": {
"full": "CentOS Linux 7.4.1708",
"platform": "linux",
"type": "linux"
}
},
"observer": {
"vendor": "Qualys VMDR"
},
"qualys_vmdr": {
"asset_host_detection": {
"dns": "user-noKB.example.net",
"dns_data": {
"domain": "example.net",
"fqdn": "user-noKB.example.net",
"hostname": "user-noKB"
},
"id": "117163099",
"interval_id": "9d69b1dc-8e86-4946-809e-577433b1d999",
"interval_start": "2025-12-01T10:15:00.000Z",
"ip": "81.2.69.193",
"knowledge_base": {
"status": "not_found"
},
"last_pc_scanned_date": "2019-11-11T22:25:02.000Z",
"last_scan_datetime": "2019-11-12T15:00:26.000Z",
"last_vm_auth_scanned_date": "2019-11-11T23:29:53.000Z",
"last_vm_scanned_date": "2019-11-11T23:29:53.000Z",
"network_id": "0",
"os": "CentOS Linux 7.4.1708",
"qg_hostid": "19260abb-8547-467e-928d-73c13f13ea3d",
"tracking_method": "AGENT",
"vulnerability": {
"first_found_datetime": "2019-11-06T09:41:57.000Z",
"is_disabled": false,
"is_ignored": false,
"last_found_datetime": "2019-11-11T23:29:53.000Z",
"last_processed_datetime": "2019-11-12T15:00:26.000Z",
"last_test_datetime": "2019-11-11T23:29:53.000Z",
"last_update_datetime": "2019-11-12T15:00:26.000Z",
"qid": 256716,
"severity": 4,
"ssl": "0",
"status": "Active",
"times_found": 10,
"type": "Confirmed",
"unique_vuln_id": "2029338483"
}
}
},
"related": {
"hosts": [
"user-noKB",
"user-noKB.example.net",
"117163099",
"19260abb-8547-467e-928d-73c13f13ea3d"
],
"ip": [
"81.2.69.193"
]
},
"resource": {
"id": "117163099",
"name": "user-noKB.example.net"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"provider_cloud_data"
],
"vulnerability": {
"scanner": {
"vendor": "Qualys"
}
}
}
]
}
Loading
Loading