id: 67ba9c29-ac0c-48c6-9569-ecd554fc4e65
Function:
  Title: Parser for InsightVMAssets
  Version: '2.0.0'
  LastUpdated: '2026-02-11'
Category: Microsoft Sentinel Parser
FunctionName: InsightVMAssets
FunctionAlias: InsightVMAssets
FunctionQuery: |
    let Insight_VM_assets_view  = view () { 
        NexposeInsightVMCloud_assets_CL
    | extend packed = pack(
          "AssessedForPolicies", assessed_for_policies_b,
          "AssessedForVulnerabilities", assessed_for_vulnerabilities_b,
          "CredentialAssessments", credential_assessments_s,
          "CriticalVulnerabilities", critical_vulnerabilities_d,
          "Exploits", exploits_d,
          "DvcHostname", host_name_s,
          "AssetId", id_s,
          "DvcIpAddr", ip_s,
          "LastAssessedForVulnerabilities", last_assessed_for_vulnerabilities_t,
          "LastScanEnd", last_scan_end_t,
          "LastScanStart", last_scan_start_t,
          "MalwareKits", malware_kits_d,
          "ModerateVulnerabilities", moderate_vulnerabilities_d,
          "DvcOsArch", os_architecture_s,
          "DvcOsDesc", os_description_s,
          "DvcOsFamily", os_family_s,
          "DvcOs", os_name_s,
          "DvcOsSysName", os_system_name_s,
          "DvcOsType", os_type_s,
          "DvcOsVendor", os_vendor_s,
          "DvcModelNumber", os_version_s,
          "RiskScore", risk_score_d,
          "SevereVulnerabilitiesCount", severe_vulnerabilities_d,
          "TotalVulnerabilitiesCount", total_vulnerabilities_d,
          "Uid", unique_identifiers_s,
          "VulnerabilitiesSolutions", same_s,
          "DvcMacAddr", mac_s
        )
    | project todatetime(TimeGenerated), packed
    | evaluate bag_unpack(packed)
    | extend       
             EventVendor="Rapid7",
             EventProduct="Insight VM",
             EventType="Assets"
    };
    let Rapid7InsightVMCloudAssets_view = view(){
    Rapid7InsightVMCloudAssets
    | extend 
        "AssessedForPolicies", tobool(AssessedForPolicies),
        "AssessedForVulnerabilities", tobool(AssessedForVulnerabilities),
        "CredentialAssessments", tostring(CredentialAssessments),
        "CriticalVulnerabilities", toreal(CriticalVulnerabilities),
        "Exploits", toreal(Exploits),
        "DvcHostname", tostring(HostName),
        "AssetId", tostring(Id),
        "DvcIpAddr", tostring(Ip),
        "LastAssessedForVulnerabilities", todatetime(LastAssessedForVulnerabilities),
        "LastScanEnd", todatetime(LastScanEnd),
        "LastScanStart", todatetime(LastScanStart),
        "MalwareKits", toreal(MalwareKits),
        "ModerateVulnerabilities", toreal(ModerateVulnerabilities),
        "DvcOsArch", tostring(OsArchitecture),
        "DvcOsDesc", tostring(OsDescription),
        "DvcOsFamily", tostring(OsFamily),
        "DvcOs", tostring(OsName),
        "DvcOsSysName", tostring(OsSystemName),
        "DvcOsType", tostring(OsType),
        "DvcOsVendor", tostring(OsVendor),
        "DvcModelNumber", tostring(OsVersion),
        "RiskScore", toreal(RiskScore),
        "SevereVulnerabilitiesCount", toreal(SevereVulnerabilities),
        "TotalVulnerabilitiesCount", toreal(TotalVulnerabilities),
        "Uid", tostring(UniqueIdentifiers),
        "VulnerabilitiesSolutions", tostring(Same),
        "DvcMacAddr", tostring(Mac)
    };
    union isfuzzy=true
    (Insight_VM_assets_view),
    (Rapid7InsightVMCloudAssets_view)
    | project 
        TimeGenerated,
        AssessedForPolicies,
        AssessedForVulnerabilities,
        CredentialAssessments,
        CriticalVulnerabilities,
        Exploits,
        DvcHostname,
        AssetId,
        DvcIpAddr,
        LastAssessedForVulnerabilities,
        LastScanEnd,
        LastScanStart,
        MalwareKits,
        ModerateVulnerabilities,
        DvcOsArch,
        DvcOsDesc,
        DvcOsFamily,
        DvcOs,
        DvcOsSysName,
        DvcOsType,
        DvcOsVendor,
        DvcModelNumber,
        RiskScore,
        SevereVulnerabilitiesCount,
        TotalVulnerabilitiesCount,
        Uid,
        VulnerabilitiesSolutions,
        DvcMacAddr