CrowdStrike Falcon Cloud Security Connector
The CrowdStrike Falcon Cloud Security Connector ingests cloud asset and vulnerability data from CrowdStrike Falcon Cloud Security (CWP) into Qualys Enterprise TruRisk Management (ETM). This enables centralized visibility of cloud workloads and security risks within the ETM platform for improved risk analysis and prioritization.
The CrowdStrike Falcon Cloud Security Connector can be activated only after Unified Asset Inventory (UAI) is enabled for your subscription. Contact your Technical Account Manager (TAM) or Qualys Support to activate UAI and the CrowdStrike Falcon Cloud Security connector.
Connector Details
Here is a comprehensive overview of what the CrowdStrike Falcon Cloud Security Connector supports.
| Vendor | CrowdStrike |
| Product Name | CrowdStrike Falcon Cloud Security |
| Connector Category | CNAPP |
| Asset Types Supported |
|
| Finding Types Supported | Vulnerabilities |
| Supported Cloud Providers | AWS, Azure, GCP |
| Version | 1.0.0 |
| Supported Version & Type | SaaS (Latest) |
| Integration Method | API Integration (REST / GraphQL) |
| Direction | Unidirectional (CrowdStrike to Qualys) |
| Incremental Sync (Delta) | Not Supported |
| Import of Installed Software | Not Supported |
| Import of Source Tags | Not Supported |
| Filters / Filter Query | Not Supported |
Connection Settings
User Roles and Permissions
To configure the connector, you must generate API credentials in the CrowdStrike Falcon console with the required permissions.
Required API permissions:
- read: Vulnerabilities
- read: Hosts
- read: Assets
- read: Host Groups
- read: Cloud Security API Assets
- read: Cloud Security API Detection
- read: Falcon Container Image
Authentication Details
Provide the following credentials in the connector configuration screen.
| Name | Key | Type | Description |
|---|---|---|---|
| Auth URL | auth_url |
String | CrowdStrike authentication endpoint |
| Client ID | client_id |
String | API client identifier |
| Client Secret | client_secret |
Encrypted | API client secret |
| API Token | api_token |
String | CrowdStrike API token |
| Domain | domain |
String | Example: https://api.<domain>.crowdstrike.com |
Creating an API Client
- Log in to the CrowdStrike Falcon console.
- Navigate to Support > API Clients and Keys.
- Select Add new API client.
- Provide a client name.
- Assign the required API scopes and permissions.
- Generate and save the API token.
Save the generated API token securely. The token cannot be retrieved again after creation.
Connector Configuration
Basic Details
- Log in to Qualys ETM.
- Navigate to Connectors > Integration.
- Locate CrowdStrike Falcon Cloud Security CWP.
- Click Manage.
- Provide a Name and Description.
- Enter the required authentication details.
Schedule
Schedules control the execution and scope of the connector.
Configure the following options:
- Execution schedule
- Supported asset types
- Findings to ingest
Mapping Details
Data Model
The CrowdStrike Falcon Cloud Security connector provides default transformation mappings that convert CrowdStrike asset and vulnerability data into the Qualys ETM data model.
Transform Maps
Default transform maps are automatically applied during connector execution. You may clone or modify these maps in ETM if customization is required.
Profiles
Profiles control how the connector executes.
- Click + to create a new profile.
- Provide a Name and Description.
- Select the required Transform Map.
- Set Status (Active or Inactive).
- Configure a schedule (single run or recurring).
Scoring
Use the scoring screen to map vendor severity values to the Qualys Detection Score (QDS) scale from 0 to 100.
Identification Rules
Identification Rules determine how findings are associated with assets in ETM. Qualys CSAM provides default precedence rules for matching imported data.
These rules currently apply to Compute asset types. You may proceed without modifying them.
How Does a Connection Work?
When the connector runs (scheduled or on-demand), it authenticates with the CrowdStrike API and retrieves selected asset classes and vulnerability findings. The data is then transformed using the default ETM mappings and imported into the ETM inventory.
In the Connector screen, your newly configured connector will appear with the state Processed once execution completes.
Connector States
- Registered – Connector created successfully.
- Scheduled – Connector scheduled for execution.
- Processing – Data is currently being fetched.
- Processed – Data ingestion completed.
The entire import process may take several hours depending on the data volume.
Viewing Assets and Findings in ETM
After ingestion, view imported data in ETM.
- Assets
Enterprise TruRisk Management > Inventory > Assets > All Assets
Filter using:inventory.source:"CrowdStrike Falcon Cloud Security" - Findings
Enterprise TruRisk Management > Risk Management > Findings > Vulnerability
Filter using:finding.vendorProductName:"CrowdStrike Falcon Cloud Security"
Additional Resources
Additional Information related to the Crowdstrike Connector.
API Reference
Here are the APIs executed for the Crowdstrike connection.
|
Name |
Filters |
Endpoint |
|---|---|---|
|
Auth API |
N/A | https://api.<domain>.crowdstrike.com/oauth2/token |
|
Fetch Vulnerabilities API |
Finding Type: Vulnerabilities |
/spotlight/queries/vulnerabilities/v1 /spotlight/entities/vulnerabilities/v2 /container-security/combined/images/detail/v1 |
| Fetch Devices associated with Vulnerabilities | /devices/queries/devices/v1 | |
| Fetch Assets/Resources API | Asset type: Hosts |
/cloud-security-assets/queries/resources/v1 /cloud-security-assets/entities/resources/v1 |
| Fetch Containers | Asset type: Containers |
/container-security/combined/containers/v1 |
| Asset type: Container Images | /image-assessment/entities/reports/v2 |
Crowdstrike CWP Falcon Cloud Security
The default transformation map for different asset classes, configured for the Orca Cloud Security connector is fetched from the database and utilized during the execution of the connector profile to perform data transformation.
Compute
AWS EC2 instanceAWS EC2 instanceAzure VM InstanceAzure VM Instance
| Source Field | Target Field |
|---|---|
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| id | asset.assetHeader.vendorAssetId |
| creation_time | asset.assetDetail.sourceCreatedAt |
| account_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| resource_type_name | asset.assetDetail.computeAssetClass.services[].name |
| resource_name | asset.assetDetail.name |
| resource_id | asset.assetDetail.hostIdentity.hostname |
| resource_url | asset.assetDetail.cloudInfo.providerUrl |
| resource_id | asset.assetHeader.externalAssetId |
| region | asset.assetDetail.cloudInfo.region |
| zone | asset.assetDetail.cloudInfo.availabilityZone |
| cloud_context.host.state | asset.assetDetail.computeAssetClass.cloudInstance.state |
| externalTags | asset.assetDetail.externalTags |
| configuration.architecture | asset.assetDetail.computeAssetClass.gpu[].architecture |
| configuration.vpcId | asset.assetDetail.computeAssetClass.cloudInstance.vpcId |
| configuration.privateDnsName | asset.assetDetail.network[0].privateDnsName |
| configuration.privateDnsName | asset.assetDetail.network[0].publicDnsName |
| configuration.privateIpAddress | asset.assetDetail.network[0].ipv4Addresses[0] |
| configuration.networkInterfaces[0].macAddress | asset.assetDetail.computeAssetClass.cloudInstance.macAddress |
| configuration.networkInterfaces[].macAddress | asset.assetDetail.network[].macAddress |
| configuration.instanceType | asset.assetDetail.computeAssetClass.cloudInstance.type |
| cloud_context.instance_id | asset.assetDetail.computeAssetClass.cloudInstance.id |
| configuration.subnetId | asset.assetDetail.computeAssetClass.cloudInstance.subnetId |
| configuration.imageId | asset.assetDetail.computeAssetClass.cloudInstance.imageId |
| configuration.blockDeviceMappings[0].ebs.volumeId | asset.assetDetail.typedAttributes.& |
| arn | asset.assetDetail.typedAttributes.& |
| cloud_context.host.platform_name | asset.assetDetail.operatingSystem.name |
| configuration.networkInterfaces[0].networkInterfaceId | asset.assetDetail.computeAssetClass.cloudInstance.networkInterfaceId |
| cloud_context.instance_state | asset.assetHeader.status |
Type your dropdown text here
| Source Field | Target Field |
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| id | asset.assetHeader.vendorAssetId |
| creation_time | asset.assetDetail.sourceCreatedAt |
| account_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| tenant_id | asset.assetDetail.cloudInfo.tenantId |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| resource_type_name | asset.assetDetail.computeAssetClass.services[].name |
| resource_name | asset.assetDetail.name |
| resource_url | asset.assetDetail.cloudInfo.providerUrl |
| resource_id | asset.assetHeader.externalAssetId |
| region | asset.assetDetail.cloudInfo.region |
| resource_group | asset.assetDetail.computeAssetClass.cloudInstance.resourceGroupName |
| cloud_context.host.state | asset.assetDetail.computeAssetClass.cloudInstance.state |
| externalTags | asset.assetDetail.externalTags |
| configuration.properties.networkProfile.networkInterfaces[0].id | asset.assetDetail.computeAssetClass.cloudInstance.networkInterfaceId |
| configuration.properties.osProfile.computerName | asset.assetDetail.computeAssetClass.cloudInstance.hostName |
| configuration.properties.extended.instanceView.osName | asset.assetDetail.operatingSystem.name |
| configuration.properties.extended.instanceView.osVersion | asset.assetDetail.operatingSystem.version |
| configuration.properties.osProfile.computerName | asset.assetDetail.hostIdentity.hostname |
| configuration.properties.vmId | asset.assetDetail.computeAssetClass.cloudInstance.id |
| configuration.properties.storageProfile.osDisk.managedDisk.storageAccountType | asset.assetDetail.computeAssetClass.storage[0].type |
| configuration.properties.storageProfile.osDisk.managedDisk.id | asset.assetDetail.computeAssetClass.cloudInstance.imageId |
| cloud_context.insights.details.publicIpAddress.context.interfaces[0].public_ip | asset.assetDetail.network[0].publicIpv4Addresses[0] |
| cloud_context.instance_state | asset.assetHeader.status |
Compute GCP VM:
| Source Field | Target Field |
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| id | asset.assetHeader.vendorAssetId |
| creation_time | asset.assetDetail.sourceCreatedAt |
| project_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| resource_type_name | asset.assetDetail.computeAssetClass.services[].name |
| configuration.name | asset.assetDetail.name |
| resource_url | asset.assetDetail.cloudInfo.providerUrl |
| resource_id | asset.assetHeader.externalAssetId |
| resource_id | asset.assetDetail.hostIdentity.hostname |
| cloud_context.legacy_resource_id | asset.assetDetail.computeAssetClass.cloudInstance.id |
| region | asset.assetDetail.cloudInfo.region |
| cloud_context.host.state | asset.assetDetail.computeAssetClass.cloudInstance.state |
| externalTags | asset.assetDetail.externalTags |
| configuration.networkInterfaces[0].subnetwork | asset.assetDetail.computeAssetClass.cloudInstance.networkInterfaceId |
| configuration.networkInterfaces[0].networkIP | asset.assetDetail.network[0].ipv4Addresses[0] |
| cloud_context.instance_state | asset.assetHeader.status |
Container Image:
| # | SourceField | TargetField |
| 1 | name | asset.assetDetail.name |
| 2 | id | asset.assetHeader.vendorAssetId |
| 3 | type | asset.assetHeader.assetTypeName |
| 4 | asset_unique_id | asset.assetDetail.typedAttributes.& |
| 5 | data.ImageName.value | asset.assetDetail.containerImageAssetClass.name |
| 6 | data.CloudAccount.id | asset.assetDetail.cloudInfo.accountId |
| 7 | data.CloudAccount.name | asset.assetDetail.cloudInfo.accountName |
| 8 | data.ImageName.value | asset.assetDetail.containerImageAssetClass.imageTagReferences[].name |
| 9 | data.RepositoryName.value | asset.assetDetail.containerImageAssetClass.repository |
| 10 | data.RepositoryName.value | asset.assetDetail.containerImageAssetClass.imageTagReferences[].repository |
| 11 | data.ImageDigest.value | asset.assetDetail.containerImageAssetClass.digest |
| 12 | data.ImageSize.value | asset.assetDetail.containerImageAssetClass.sizeInBytes |
| 13 | data.ImageSize.value | asset.assetDetail.containerImageAssetClass.layers[].sizeInBytes |
| 14 | data.RepositoryUri.value | asset.assetDetail.containerImageAssetClass.registry |
| 15 | data.ImageTags.value | asset.assetDetail.containerImageAssetClass.tag |
| 16 | data.RepositoryUri.value | asset.assetDetail.containerImageAssetClass.imageTagReferences[].registry |
| 17 | data.ImageTags.value | asset.assetDetail.containerImageAssetClass.imageTagReferences[].tag |
| 18 | data.ImageDigest.value | asset.assetDetail.containerImageAssetClass.layers[].digest |
| 19 | data.AssetUniqueId.value | asset.assetHeader.externalAssetId |
| 20 | data.ConsoleUrlLink.value | asset.assetDetail.cloudInfo.providerUrl |
| 21 | data.FirstSeen.value (DATE_FORMAT) | asset.assetDetail.sourceCreatedAt |
| 22 | data.LastSeen.value (DATE_FORMAT) | asset.assetDetail.sourceUpdatedAt |
| 23 | vulnerabilities[].data.Inventory.name | findingGroup.findings[].asset.assetName |
| 24 | vulnerabilities[].data.Inventory.asset_unique_id | findingGroup.findings[].asset.externalAssetId |
| 25 | vulnerabilities[].data.CVE.data.PublicName.value | findingGroup.findings[].name |
| 26 | vulnerabilities[].data.CVE.data.Id.value | findingGroup.findings[].externalFindingId |
| 27 | vulnerabilities[].data.SourceLink.value | findingGroup.findings[].findingURL |
| 28 | vulnerabilities[].data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].firstFoundOn |
| 29 | vulnerabilities[].data.CVE.data.LastModifiedDate.value (DATE_FORMAT) | findingGroup.findings[].lastFoundOn |
| 30 | vulnerabilities[].data.data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].ingestedOn |
| 31 | vulnerabilities[].data.CveId.value (FUNCTION_PICKER REGEX_MATCH_RETURN) | findingGroup.findings[].findingType.vulnerability.cveId |
| 32 | vulnerabilities[].data.HasExploit.value | findingGroup.findings[].findingType.vulnerability.isExploitAvailable |
| 33 | vulnerabilities[].data.Description.value | findingGroup.findings[].description |
| 34 | vulnerabilities[].data.PatchAvailable.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].findingType.vulnerability.isPatchAvailable |
| 35 | vulnerabilities[].data.CvssVector.value | findingGroup.findings[].cvss.vector |
| 36 | vulnerabilities[].data.CvssSeverity.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].severity |
| 37 | vulnerabilities[].data.CvssScore.value | findingGroup.findings[].riskScore |
| 38 | vulnerabilities[].data.SourceLink.value |
Container Instance:
AWS Container
| # | SourceField | TargetField |
| 1 | name | asset.assetDetail.name |
| 2 | id | asset.assetHeader.vendorAssetId |
| 3 | asset_unique_id | asset.assetDetail.typedAttributes.asset_unique_id |
| 4 | data.RiskLevel.value | asset.assetDetail.typedAttributes.RiskLevel |
| 5 | data.OrcaScore.value | asset.assetDetail.typedAttributes.OrcaScore |
| 6 | data.AssetUniqueId.value | asset.assetHeader.externalAssetId |
| 7 | data.ConsoleUrlLink.value | asset.assetDetail.cloudInfo.providerUrl |
| 8 | data.cloudAccount.id | asset.assetDetail.cloudInfo.accountId |
| 9 | data.CloudAccount.name | asset.assetDetail.cloudInfo.accountName |
| 10 | data.Arn.value | asset.assetDetail.containerInstanceAssetClass.id |
| 11 | data.Status.value | asset.assetDetail.containerInstanceAssetClass.status |
| 12 | data.ImageName.value | asset.assetDetail.containerInstanceAssetClass.Image.name |
| 13 | data.FirstSeen.value (DATE_FORMAT) | asset.assetDetail.sourceCreatedAt |
| 14 | data.LastSeen.value (DATE_FORMAT) | asset.assetDetail.sourceUpdatedAt |
| 15 | vulnerabilities[].data.Inventory.name | findingGroup.findings[].asset.assetName |
| 16 | vulnerabilities[].data.Inventory.asset_unique_id | findingGroup.findings[].asset.externalAssetId |
| 17 | vulnerabilities[].data.CVE.data.PublicName.value | findingGroup.findings[].name |
| 18 | vulnerabilities[].data.CVE.data.Id.value | findingGroup.findings[].externalFindingId |
| 19 | vulnerabilities[].data.SourceLink.value | findingGroup.findings[].findingURL |
| 20 | vulnerabilities[].data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].firstFoundOn |
| 21 | vulnerabilities[].data.CVE.data.LastModifiedDate.value (DATE_FORMAT) | findingGroup.findings[].lastFoundOn |
| 22 | vulnerabilities[].data.data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].ingestedOn |
| 23 | vulnerabilities[].data.CveId.value (FUNCTION_PICKER REGEX_MATCH_RETURN) | findingGroup.findings[].findingType.vulnerability.cveId |
| 24 | vulnerabilities[].data.HasExploit.value | findingGroup.findings[].findingType.vulnerability.isExploitAvailable |
| 25 | vulnerabilities[].data.Description.value | findingGroup.findings[].description |
| 26 | vulnerabilities[].data.PatchAvailable.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].findingType.vulnerability.isPatchAvailable |
| 27 | vulnerabilities[].data.CvssVector.value | findingGroup.findings[].cvss.vector |
| 28 | vulnerabilities[].data.CvssSeverity.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].severity |
| 29 | vulnerabilities[].data.CvssScore.value | findingGroup.findings[].riskScore |
| 30 | vulnerabilities[].data.SourceLink.value | findingGroup.findings[].findingDetectionURL |
Container Instance:
GCP CloudRun:
| # | SourceField | TargetField |
| 1 | name | asset.assetDetail.name |
| 2 | id | asset.assetHeader.vendorAssetId |
| 3 | asset_unique_id | asset.assetDetail.typedAttributes.asset_unique_id |
| 4 | data.RiskLevel.value | asset.assetDetail.typedAttributes.RiskLevel |
| 5 | data.OrcaScore.value | asset.assetDetail.typedAttributes.OrcaScore |
| 6 | data.AssetUniqueId.value | asset.assetDetail.containerInstanceAssetClass.id |
| 7 | data.CloudAccount.id | asset.assetDetail.cloudInfo.accountId |
| 8 | data.CloudAccount.name | asset.assetDetail.cloudInfo.accountName |
| 9 | data.Status.value | asset.assetDetail.containerInstanceAssetClass.status |
| 10 | data.Name.value | asset.assetDetail.containerInstanceAssetClass.host.name |
| 11 | data.PrivateClusterConfig.value.privateEndpoint | asset.assetDetail.containerInstanceAssetClass.host.ipAddress |
| 12 | data.ImageName.value | asset.assetDetail.containerInstanceAssetClass.Image.name |
| 13 | data.AssetUniqueId.value | asset.assetHeader.externalAssetId |
| 14 | data.ConsoleUrlLink.value | asset.assetDetail.cloudInfo.providerUrl |
| 15 | data.FirstSeen.value (DATE_FORMAT) | asset.assetDetail.sourceCreatedAt |
| 16 | data.LastSeen.value (DATE_FORMAT) | asset.assetDetail.sourceUpdatedAt |
| 17 | vulnerabilities[].data.Inventory.name | findingGroup.findings[].asset.assetName |
| 18 | vulnerabilities[].data.Inventory.asset_unique_id | findingGroup.findings[].asset.externalAssetId |
| 19 | vulnerabilities[].data.CVE.data.PublicName.value | findingGroup.findings[].name |
| 20 | vulnerabilities[].data.CVE.data.Id.value | findingGroup.findings[].externalFindingId |
| 21 | vulnerabilities[].data.SourceLink.value | findingGroup.findings[].findingURL |
| 22 | vulnerabilities[].data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].firstFoundOn |
| 23 | vulnerabilities[].data.CVE.data.LastModifiedDate.value (DATE_FORMAT) | findingGroup.findings[].lastFoundOn |
| 24 | vulnerabilities[].data.data.FirstSeen.value (DATE_FORMAT) | findingGroup.findings[].ingestedOn |
| 25 | vulnerabilities[].data.CveId.value | findingGroup.findings[].findingType.vulnerability.cveId |
| 26 | vulnerabilities[].data.HasExploit.value | findingGroup.findings[].findingType.vulnerability.isExploitAvailable |
| 27 | vulnerabilities[].data.Description.value | findingGroup.findings[].description |
| 28 | vulnerabilities[].data.PatchAvailable.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].findingType.vulnerability.isPatchAvailable |
| 29 | vulnerabilities[].data.CvssVector.value | findingGroup.findings[].cvss.vector |
| 30 | vulnerabilities[].data.CvssSeverity.value (FUNCTION_PICKER LOOKUP) | findingGroup.findings[].severity |
| 31 | vulnerabilities[].data.CvssScore.value | findingGroup.findings[].riskScore |
| 32 | vulnerabilities[].data.SourceLink.value | findingGroup.findings[].findingDetectionURL |
Serverless:
AWS Lambda function:
| Source Field | Target Field |
| resource_type_name | asset.assetDetail.serverlessAssetClass.serviceName |
| id | asset.assetHeader.vendorAssetId |
| arn | asset.assetDetail.name |
| arn | asset.assetHeader.externalAssetId |
| first_seen | asset.assetDetail.sourceCreatedAt |
| region | asset.assetDetail.cloudInfo.region |
| account_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| resource_url | asset.assetDetail.cloudInfo.providerUrl |
| externalTags | asset.assetDetail.externalTags |
| configuration.functionName | asset.assetDetail.serverlessAssetClass.functionName |
| configuration.runtime | asset.assetDetail.serverlessAssetClass.runtime |
| configuration.state | asset.assetHeader.status |
Serverless:
Azure Function
| Source Field | Target Field |
| resource_type_name | asset.assetDetail.serverlessAssetClass.serviceName |
| id | asset.assetHeader.vendorAssetId |
| resource_name | asset.assetDetail.name |
| resource_id | asset.assetHeader.externalAssetId |
| first_seen | asset.assetDetail.sourceCreatedAt |
| region | asset.assetDetail.cloudInfo.region |
| subscription_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| tenant_id | asset.assetDetail.cloudInfo.tenantId |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| resource_url | asset.assetDetail.cloudInfo.providerUrl |
| externalTags | asset.assetDetail.externalTags |
| configuration.name | asset.assetDetail.serverlessAssetClass.functionName |
| configuration.state | asset.assetHeader.status |
GCP Function:
| Source Field | Target Field |
| resource_type_name | asset.assetDetail.serverlessAssetClass.serviceName |
| id | asset.assetHeader.vendorAssetId |
| resource_id | asset.assetDetail.name |
| resource_id | asset.assetHeader.externalAssetId |
| first_seen | asset.assetDetail.sourceCreatedAt |
| region | asset.assetDetail.cloudInfo.region |
| project_id | asset.assetDetail.cloudInfo.accountId |
| account_name | asset.assetDetail.cloudInfo.accountName |
| updated_at | asset.assetDetail.sourceUpdatedAt |
| cloud_provider | asset.assetDetail.cloudInfo.provider |
| externalTags | asset.assetDetail.externalTags |
| configuration.name | asset.assetDetail.serverlessAssetClass.functionName |
| configuration.status.url | asset.assetDetail.serverlessAssetClass.functionURL |
Vulnerability Compute AWS EC2:
| Source Field | Target Field |
| cve.id | findingGroup.findings[].findingType.vulnerability.cveId |
| vulnerability_id | findingGroup.findings[].name |
| created_timestamp | findingGroup.findings[].firstFoundOn |
| updated_timestamp | findingGroup.findings[].lastFoundOn |
| status | findingGroup.findings[].findingStatus |
| confidence | findingGroup.findings[].typeDetected |
| cve.severity | findingGroup.findings[].severity |
| cve.types[0] | findingGroup.findings[].category |
| cve.cwes[] | findingGroup.findings[].findingType.vulnerability.cweIds[] |
| cve.description | findingGroup.findings[].description |
| cve.references[] | findingGroup.findings[].references[] |
| closed_timestamp | findingGroup.findings[].lastFixedOn |
| apps[].product_name_normalized | findingGroup.findings[].product.name |
| apps[].product_name_version | findingGroup.findings[].product.version |
| apps[].vendor_normalized | findingGroup.findings[].product.vendor |
| host_info.instance_id | asset.assetHeader.externalAssetId |
| id | findingGroup.findings[].externalFindingId |
| id | asset.assetHeader.vendorAssetId |
| resource_name | asset.assetDetail.name |
| resource_id | asset.assetDetail.hostIdentity.hostname |
| id | findingGroup.findings[].id |