From 133dc4d22ae0df2f3f7a4be0e4e2d536e8970ea5 Mon Sep 17 00:00:00 2001
From: Brian Grabau <brian_grabau@cargill.com>
Date: Wed, 25 Sep 2024 12:44:17 -0500
Subject: [PATCH 1/2] added vuln id split to teanable_sc

---
 config/processors/vuln_tenable_sc.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/processors/vuln_tenable_sc.conf b/config/processors/vuln_tenable_sc.conf
index d92d8c3f..770451bf 100644
--- a/config/processors/vuln_tenable_sc.conf
+++ b/config/processors/vuln_tenable_sc.conf
@@ -10,6 +10,9 @@ filter {
     source => "message"
     target => "tmp"
   }
+  mutate {
+    split => { "[tmp][cve]" => "," }
+  }
   mutate{
     add_field => { "[log][source][hostname]" => "%{[tmp][netbiosName]}" }
   }
@@ -117,6 +120,9 @@ filter {
   mutate {
     remove_field => [ "tmp" ]
   }
+  split {
+    field => "[vulnerability][id]"
+  }
 }
 output {
   pipeline { send_to => [enrichments] }

From 73461dcc7a013013dbdeff8b561eb6fc17b762fc Mon Sep 17 00:00:00 2001
From: Brian Grabau <brian_grabau@cargill.com>
Date: Wed, 25 Sep 2024 13:24:05 -0500
Subject: [PATCH 2/2] split tenable.asm on cve

---
 config/processors/vuln_tenable_asm.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/processors/vuln_tenable_asm.conf b/config/processors/vuln_tenable_asm.conf
index 7e7dc65f..6325606a 100644
--- a/config/processors/vuln_tenable_asm.conf
+++ b/config/processors/vuln_tenable_asm.conf
@@ -171,6 +171,9 @@ filter {
   mutate {
     remove_field => [ "tmp" ]
   }
+  split {
+    field => "[vulnerability][id]"
+  }
 }
 output {
   pipeline { send_to => [enrichments] }