Discussed in #1100
Originally posted by ammerzon April 11, 2022
The finding documentation states that the identified_at attribute will often not be present. This information would be quite useful, and I wonder why it is not present more?
I assume this depends on the scanner, and there is no easy way to get to that information. Wouldn't it be helpful to get an attribute started_at for the scan so you have a duration with the already existing parsed_at attribute?
Easiest thing to do would probably be to just add this under the proposed scan_created_at attribute, but we might want to add some more structure to it and have a scan attribute which bundles more metadata related info about the scan?
Like:
{
"name": "http",
"description": "Port 3000 is open using tcp protocol.",
...
"severity": "INFORMATIONAL",
// new field
"scan": {
"created_at": "2021-06-22T12:26:54.378Z",
"name": "foobar",
"namespace": "default",
"scan_type": "nmap"
},
"attributes": {
"port": 3000,
...
}
}
Discussed in #1100
Originally posted by ammerzon April 11, 2022
The finding documentation states that the
identified_atattribute will often not be present. This information would be quite useful, and I wonder why it is not present more?I assume this depends on the scanner, and there is no easy way to get to that information. Wouldn't it be helpful to get an attribute
started_atfor the scan so you have a duration with the already existingparsed_atattribute?Easiest thing to do would probably be to just add this under the proposed
scan_created_atattribute, but we might want to add some more structure to it and have ascanattribute which bundles more metadata related info about the scan?Like: