Move to a common normalisation function

resources/elk6/pipeline/3000_openvas.conf

@@ -94,48 +94,44 @@ filter {
     }
 
     mutate {
-      add_field => { "risk_score" => "%{cvss}" }
-    }
-
-    mutate {
+      convert => { "cvss" => "float"}
       convert => { "cvss_base" => "float"}
       convert => { "cvss_temporal" => "float"}
-      convert => { "cvss" => "float"}
+      convert => { "cvss3" => "float"}
       convert => { "cvss3_base" => "float"}
       convert => { "cvss3_temporal" => "float"}
-      convert => { "cvss3" => "float"}
       convert => { "id" => "integer"}
       convert => { "plugin_id" => "integer"}
       convert => { "risk_number" => "integer"}
-      convert => { "risk_score" => "float"}
       convert => { "total_times_detected" => "integer"}
     }
 
-    if [risk_score] == 0 {
+    if [cvss] == 0 {
       mutate {
-        add_field => { "risk_score_name" => "info" }
+        add_field => { "cvss_severity" => "info" }
       }
     }
-    if [risk_score] > 0 and [risk_score] < 3 {
+    if [cvss] > 0 and [cvss] < 3 {
       mutate {
-        add_field => { "risk_score_name" => "low" }
+        add_field => { "cvss_severity" => "low" }
       }
     }
-    if [risk_score] >= 3 and [risk_score] < 6 {
+    if [cvss] >= 3 and [cvss] < 6 {
       mutate {
-        add_field => { "risk_score_name" => "medium" }
+        add_field => { "cvss_severity" => "medium" }
       }
     }
-    if [risk_score] >=6 and [risk_score] < 9 {
+    if [cvss] >=6 and [cvss] < 9 {
       mutate {
-        add_field => { "risk_score_name" => "high" }
+        add_field => { "cvss_severity" => "high" }
       }
     }
-    if [risk_score] >= 9 {
+    if [cvss] >= 9 {
       mutate {
-        add_field => { "risk_score_name" => "critical" }
+        add_field => { "cvss_severity" => "critical" }
       }
     }
+
     # Add your critical assets by subnet or by hostname. Comment this field out if you don't want to tag any, but the asset panel will break.
     if [asset] =~ "^10\.0\.100\." {
       mutate {