# Author: Austin Taylor and Justin Henderson
# Email: email@austintaylor.io
# Last Update: 12/20/2017
# Version 0.3
# Description: Take in nessus reports from vulnWhisperer and pumps into logstash


input {
  file {
    path => "/opt/VulnWhisperer/data/nessus/**/*.json"
    mode => "read"
    start_position => "beginning"
    file_completed_action => "delete"
    tags => "nessus"
    codec => json
  }
  file {
    path => "/opt/VulnWhisperer/data/tenable/*.json"
    mode => "read"
    start_position => "beginning"
    file_completed_action => "delete"
    tags => "tenable"
    codec => json
  }
}

filter {
  if "nessus" in [tags] or "tenable" in [tags] {

    date {
      match => [ "scan_time", "UNIX" ]
      target => "@timestamp"
      remove_field => ["scan_time"]
    }

    mutate {
      convert => { "cvss" => "float"}
      convert => { "cvss_base" => "float"}
      convert => { "cvss_temporal" => "float"}
      convert => { "cvss3" => "float"}
      convert => { "cvss3_base" => "float"}
      convert => { "cvss3_temporal" => "float"}
      convert => { "risk_number" => "integer"}
      convert => { "total_times_detected" => "integer"}
    }
  }
}

output {
  if "nessus" in [tags] or "tenable" in [tags]{
    elasticsearch {
      hosts => [ "elasticsearch:9200" ]
      index => "logstash-vulnwhisperer-%{+YYYY.MM}"
    }
  }
}