Add vulnerability.scanner.reference field to VD and alerts indexes

wazuh · Feb 17, 2025 · 47e4d6d · 47e4d6d
1 parent a7cc235
commit 47e4d6d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/ecs/vulnerability-detector/event-generator/event_generator.py b/ecs/vulnerability-detector/event-generator/event_generator.py
@@ -151,7 +151,8 @@ def generate_random_vulnerability():
         'scanner': {
             'vendor': f'vendor-{random.randint(0, 9)}',
             'source': random.choice(['NVD', 'OpenCVE', 'OpenVAS', 'Tenable']),
-            'condition': random.choice(['is', 'is not'])
+            'condition': random.choice(['is', 'is not']),
+            'reference': f'https://cti.wazuh.com/vulnerabilities/cves/CVE-{id}'
         },
         'score': {
             'base': round(random.uniform(0, 10), 1),

diff --git a/ecs/vulnerability-detector/fields/custom/vulnerability.yml b/ecs/vulnerability-detector/fields/custom/vulnerability.yml
@@ -32,3 +32,8 @@
       level: custom
       description: >
         The condition matched by the package that led the scanner to consider it vulnerable.
+    - name: scanner.reference
+      type: keyword
+      level: custom
+      description: >
+        Scanner's resource that provides additional information, context, and mitigations for the identified vulnerability.