Rapid7 InsightVM [rapid7_insightvm]: Unknown (array) fields #17038
Description
Integration Name
Rapid7 InsightVM [rapid7_insightvm]
Dataset Name
rapid7_insightvm.asset
Integration Version
2.4.1
Agent Version
8.19.4
Agent Output Type
elasticsearch
Elasticsearch Version
8.19.4
OS Version and Architecture
Red Hat
Software/API Version
No response
Error Message
Unkown mappings for:
rapid7.insightvm.asset.credential_assessment
rapid7.insightvm.asset.tags
rapid7.insightvm.asset.unique_identifiers
Event Original
{
"_index": ".ds-logs-rapid7_insightvm.asset-default-2025.11.07-000037",
"_id": "SCkKoZoBFiTSMazSiq-O",
"_version": 1,
"_source": {
"agent": {
"name": "ingestserver",
"id": "2a3401db-6fa7-4036-9999-123922703fe9",
"type": "filebeat",
"ephemeral_id": "c41d4bb2-30a3-2231-bd22-44ec61c1e8a7",
"version": "8.19.4"
},
"elastic_agent": {
"id": "2a3401db-6fa7-4036-9999-123922703fe9",
"version": "8.19.4",
"snapshot": false
},
"rapid7": {
"insightvm": {
"asset": {
"credential_assessments": [
{
"protocol": "TCP",
"port": 2111,
"status": "SUPPLIED_SUCCESS"
},
{
"protocol": "TCP",
"port": 445,
"status": "NO_CREDS_SUPPLIED"
}
],
"unique_identifiers": [
{
"id": "2e127829a907b9b1a36eb6effc50775b",
"source": "R7 Agent"
},
{
"id": "4C4C4544-0031-3110-804E-B2C04F485333",
"source": "CSPRODUCT"
},
{
"id": "2e127829a907b9b1a36eb6effc50775b",
"source": "Endpoint Agent"
}
],
"os": {
"vendor": "Microsoft",
"system_name": "Microsoft Windows",
"name": "Windows 11",
"description": "Microsoft Windows 11 24H2",
"family": "Windows",
"type": "Workstation",
"version": "24H2",
"architecture": "x86_64"
},
"risk_score": 4279,
"ip": "192.168.1.2",
"critical_vulnerabilities": 0,
"type": "unknown",
"assessed_for_policies": false,
"mac": "E4-AA-E1-2D-EE-31",
"assessed_for_vulnerabilities": true,
"exploits": 0,
"tags": [
{
"name": "Rapid7 Insight Agents",
"type": "SITE"
}
],
"malware_kits": 0,
"severe_vulnerabilities": 1,
"same": [
{
"vulnerability_id": "google-chrome-cve-2025-13223",
"last_found": "2025-11-20T08:28:37.356Z",
"first_found": "2025-11-19T07:49:24.000Z",
"solution": {
"summary": "Upgrade to the latest version of Google Chrome",
"fix": "\n\n Install latest version of Google Chrome from the Google Chrome page.\n \n",
"id": "google-chrome-upgrade-latest",
"type": "workaround"
},
"proof": "\n\nVulnerable OS: Microsoft Windows 11 24H2\n\n\n\nVulnerable software installed: Google Chrome 142.0.7444.163 (HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13373029-4312-3C3A-A6DA-86A6C6E057E5})\n\n",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13373029-4312-3C3A-A6DA-86A6C6E057E5}",
"status": "VULNERABLE_VERS"
}
],
"last_assessed_for_vulnerabilities": "2025-11-20T08:28:37.356Z",
"id": "39336da7-f033-44ee-bbb4-c41c2d2bdc04-default-asset-4580",
"moderate_vulnerabilities": 1,
"total_vulnerabilities": 9,
"host_name": "myhost.internaldomain.domain.tld"
}
}
},
"vulnerability": {
"id": [
"google-chrome-cve-2025-13223",
"microsoft-edge-cve-2025-13223",
"microsoft-edge-cve-2025-13224",
"microsoft-windows-cve-2022-0001",
"palo-alto-networks-globalprotect-app-cve-2025-0120",
"palo-alto-networks-globalprotect-app-cve-2025-0141",
"palo-alto-networks-globalprotect-app-cve-2025-2183",
"palo-alto-networks-globalprotect-app-cve-2025-4227",
"windows-hotfix-ms13-098"
]
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"rapid7_insightvm-asset"
],
"input": {
"type": "httpjson"
},
"@timestamp": "2025-11-20T11:33:23.824Z",
"ecs": {
"version": "8.11.0"
},
"related": {
"hosts": [
"myhost.internaldomain.domain.tld",
"myhost"
],
"ip": [
"192.168.1.2"
]
},
"data_stream": {
"namespace": "default",
"type": "logs",
"dataset": "rapid7_insightvm.asset"
},
"host": {
"hostname": "myhost",
"os": {
"name": "Windows 11",
"family": "Windows",
"version": "24H2",
"full": "Microsoft Windows 11 24H2"
},
"ip": [
"192.168.1.2"
],
"name": "myhost.internaldomain.domain.tld",
"risk": {
"static_score": 4279
},
"id": "39336da7-f033-44ee-bbb4-c41c2d2bdc04-default-asset-4580",
"mac": "E4-AA-E1-2D-EE-31",
"architecture": "x86_64"
}
},
"fields": {
"rapid7.insightvm.asset.last_assessed_for_vulnerabilities": [
"2025-11-20T08:28:37.356Z"
],
"rapid7.insightvm.asset.same.first_found": [
"2025-11-19T07:49:24.000Z",
"2025-11-20T09:49:24.000Z",
"2025-11-20T09:49:24.000Z",
"2025-10-02T07:47:34.000Z",
"2025-06-02T07:03:35.000Z",
"2025-11-04T09:27:25.000Z",
"2025-08-18T07:17:10.000Z",
"2025-06-13T06:27:22.000Z",
"2025-02-07T13:06:49.000Z"
],
"event.ingested": [
"2025-11-20T11:33:33.000Z"
],
"@timestamp": [
"2025-11-20T11:33:23.824Z"
],
"rapid7.insightvm.asset.same.last_found": [
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z",
"2025-11-20T08:28:37.356Z"
],
"event.created": [
"2025-11-20T11:33:23.824Z"
]
}
}
What did you do?
Unkown fields fields, which are actually array's:
rapid7.insightvm.asset.unique_identifiers
rapid7.insightvm.asset.tags
rapid7.insightvm.asset.credential_assessments
rapid7.insightvm.asset.tags:
[
{
"name": "Rapid7 Insight Agents",
"type": "SITE"
},
{
"name": "Test",
"type": "SITE"
}
]
rapid7.insightvm.asset.unique_identifiers:
[
{
"id": "2e123333a907b9b1a31eb6effc511111b",
"source": "R7 Agent"
},
{
"id": "3C1C12444-441-3990-833E-B2C04F485333",
"source": "CSPRODUCT"
},
{
"id": "1z222839a207b1b1a22eb6effc50112b",
"source": "Endpoint Agent"
}
]
rapid7.insightvm.asset.credential_assessments:
[
{
"protocol": "TCP",
"port": 2111,
"status": "SUPPLIED_SUCCESS"
},
{
"protocol": "TCP",
"port": 445,
"status": "NO_CREDS_SUPPLIED"
}
]
What did you see?
refer to the event.original
What did you expect to see?
I would expect something to see in the mappings like:
"rapid7.insightvm.asset.tags": {
"type": "object",
"properties": {
"name": { "type": "keyword" },
"type": { "type": "keyword" }
}
}
or
"rapid7.insightvm.asset.tags": {
"type": "nested",
"properties": {
"name": { "type": "keyword" },
"type": { "type": "keyword" }
}
}
Anything else?
No response