id: 3cc071bd-caeb-40fd-87b9-cdde61d872cb
Function:
  Title: Parser for InsightVMVulnerabilities
  Version: '2.0.0'
  LastUpdated: '2026-02-11'
Category: Microsoft Sentinel Parser
FunctionName: InsightVMVulnerabilities
FunctionAlias: InsightVMVulnerabilities
FunctionQuery: |
    let Insight_VM_vulnerabilities_view  = view () { 
        NexposeInsightVMCloud_vulnerabilities_CL
    | extend packed = pack(
                         "AssetId", asset_id_s,
                         "DvcHostname", host_name_s,
                         "DvcIpAddr", ip_s,
                         "VulnDetailsAdded", vuln_details_added_t,
                         "VulnDetailsCategories", vuln_details_categories_s,
                         "VulnDetailsCves", vuln_details_cves_s,
                         "VulnDetailsCvssV2AccessComplexity", vuln_details_cvss_v2_access_complexity_s,
                         "VulnDetailsCvssV2AccessVector", vuln_details_cvss_v2_access_vector_s,
                         "VulnDetailsCvssV2Authentication", vuln_details_cvss_v2_authentication_s,
                         "VulnDetailsCvssV2AvailabilityImpact", vuln_details_cvss_v2_availability_impact_s,
                         "VulnDetailsCvssV2ConfidentialityImpact", vuln_details_cvss_v2_confidentiality_impact_s,
                         "VulnDetailsCvssV2ExploitScore", vuln_details_cvss_v2_exploit_score_d,
                         "VulnDetailsCvssV2ImpactScore", vuln_details_cvss_v2_impact_score_d,
                         "VulnDetailsCvssV2IntegrityImpact", vuln_details_cvss_v2_integrity_impact_s,
                         "VulnDetailsCvssV2Score", vuln_details_cvss_v2_score_d,
                         "VulnDetailsCvssV2Vector", vuln_details_cvss_v2_vector_s,
                         "VulnDetailsCvssV2AttackComplexity", vuln_details_cvss_v3_attack_complexity_s,
                         "VulnDetailsCvssV3AttackVector", vuln_details_cvss_v3_attack_vector_s,
                         "VulnDetailsCvssV3AvailabilityImpact", vuln_details_cvss_v3_availability_impact_s,
                         "VulnDetailsCvssV3ConfidentialityImpact", vuln_details_cvss_v3_confidentiality_impact_s,
                         "VulnDetailsCvssV3ExploitScore", vuln_details_cvss_v3_exploit_score_d,
                         "VulnDetailsCvssV3ImpactScore", vuln_details_cvss_v3_impact_score_d,
                         "VulnDetailsCvssV3IntegrityImpact", vuln_details_cvss_v3_integrity_impact_s,
                         "VulnDetailsCvssV3PrivilegesRequired", vuln_details_cvss_v3_privileges_required_s,
                         "VulnDetailsCvssV3Scope", vuln_details_cvss_v3_scope_s,
                         "VulnDetailsCvssV3Score", vuln_details_cvss_v3_score_d,
                         "VulnDetailsCvssV3UserInteraction", vuln_details_cvss_v3_user_interaction_s,
                         "VulnDetailsCvssV3Vector", vuln_details_cvss_v3_vector_s,
                         "VulnDetailsDenialOfService", vuln_details_denial_of_service_b,
                         "VulnDetailsDescription", vuln_details_description_s,
                         "VulnDetailsExploits", vuln_details_exploits_s,
                         "VulnDetailsId", vuln_details_id_s,
                         "VulnDetailsLinks", vuln_details_links_s,
                         "VulnDetailsMalwareKits", vuln_details_malware_kits_s,
                         "VulnDetailsModified", vuln_details_modified_t,
                         "VulnDetailsPciCvssScore", vuln_details_pci_cvss_score_d,
                         "VulnDetailsPciFail", vuln_details_pci_fail_b,
                         "VulnDetailsPciSeverityScore", vuln_details_pci_severity_score_d,
                         "VulnDetailsPciSpecialNotes", vuln_details_pci_special_notes_s,
                         "VulnDetailsPciStatus", vuln_details_pci_status_s,
                         "VulnDetailsPublished", vuln_details_published_t,
                         "VulnDetailsReferences", vuln_details_references_s,
                         "VulnDetailsRiskScore", vuln_details_risk_score_d,
                         "VulnDetailsSeverity", vuln_details_severity_s,
                         "VulnDetailsSeverityScore", vuln_details_severity_score_d,
                         "VulnDetailsTitle", vuln_details_title_s
                     )
    | project todatetime(TimeGenerated), packed
    | evaluate bag_unpack(packed)
    | extend       
             EventVendor="Rapid7",
             EventProduct="Insight VM",
             EventType="Vulnerabilities"
    };
    let Rapid7InsightVMCloudVulnerabilities_view = view(){
    Rapid7InsightVMCloudVulnerabilities
    | extend
        VulnDetailsAdded = todatetime(Added),
        VulnDetailsCategories = tostring(Categories),
        VulnDetailsCves = tostring(Cves),
        VulnDetailsCvssV2AccessComplexity = tostring(CvssV2AccessComplexity),
        VulnDetailsCvssV2AccessVector = tostring(CvssV2AccessVector),
        VulnDetailsCvssV2Authentication = tostring(CvssV2Authentication),
        VulnDetailsCvssV2AvailabilityImpact = tostring(CvssV2AvailabilityImpact),
        VulnDetailsCvssV2ConfidentialityImpact = tostring(CvssV2ConfidentialityImpact),
        VulnDetailsCvssV2ExploitScore = toreal(CvssV2ExploitScore),
        VulnDetailsCvssV2ImpactScore = toreal(CvssV2ImpactScore),
        VulnDetailsCvssV2IntegrityImpact = tostring(CvssV2IntegrityImpact),
        VulnDetailsCvssV2Score = toreal(CvssV2Score),
        VulnDetailsCvssV2Vector = tostring(CvssV2Vector),
        VulnDetailsCvssV2AttackComplexity = tostring(CvssV3AttackComplexity),
        VulnDetailsCvssV3AttackVector = tostring(CvssV3AttackVector),
        VulnDetailsCvssV3AvailabilityImpact = tostring(CvssV3AvailabilityImpact),
        VulnDetailsCvssV3ConfidentialityImpact = tostring(CvssV3ConfidentialityImpact),
        VulnDetailsCvssV3ExploitScore = toreal(CvssV3ExploitScore),
        VulnDetailsCvssV3ImpactScore = toreal(CvssV3ImpactScore),
        VulnDetailsCvssV3IntegrityImpact = tostring(CvssV3IntegrityImpact),
        VulnDetailsCvssV3PrivilegesRequired = tostring(CvssV3PrivilegesRequired),
        VulnDetailsCvssV3Scope = tostring(CvssV3Scope),
        VulnDetailsCvssV3Score = toreal(CvssV3Score),
        VulnDetailsCvssV3UserInteraction = tostring(CvssV3UserInteraction),
        VulnDetailsCvssV3Vector = tostring(CvssV3Vector),
        VulnDetailsDenialOfService = tobool(DenialOfService),
        VulnDetailsDescription = tostring(Description),
        VulnDetailsExploits = tostring(Exploits),
        VulnDetailsId = tostring(Id),
        VulnDetailsLinks = tostring(Links),
        VulnDetailsMalwareKits = tostring(MalwareKits),
        VulnDetailsModified = todatetime(Modified),
        VulnDetailsPciCvssScore = toreal(PciCvssScore),
        VulnDetailsPciFail = tobool(PciFail),
        VulnDetailsPciSeverityScore = toreal(PciSeverityScore),
        VulnDetailsPciSpecialNotes = tostring(PciSpecialNotes),
        VulnDetailsPciStatus = tostring(PciStatus),
        VulnDetailsPublished = todatetime(Published),
        VulnDetailsReferences = tostring(References),
        VulnDetailsRiskScore = toreal(RiskScore),
        VulnDetailsSeverity = tostring(Severity),
        VulnDetailsSeverityScore = toreal(SeverityScore),
        VulnDetailsTitle = tostring(VulnerabilityTitle)
    };
    union isfuzzy=true
    (Insight_VM_vulnerabilities_view),
    (Rapid7InsightVMCloudVulnerabilities_view)
    | project
        TimeGenerated,
        VulnDetailsAdded,
        VulnDetailsCategories,
        VulnDetailsCves,
        VulnDetailsCvssV2AccessComplexity,
        VulnDetailsCvssV2AccessVector,
        VulnDetailsCvssV2Authentication,
        VulnDetailsCvssV2AvailabilityImpact,
        VulnDetailsCvssV2ConfidentialityImpact,
        VulnDetailsCvssV2ExploitScore,
        VulnDetailsCvssV2ImpactScore,
        VulnDetailsCvssV2IntegrityImpact,
        VulnDetailsCvssV2Score,
        VulnDetailsCvssV2Vector,
        VulnDetailsCvssV2AttackComplexity,
        VulnDetailsCvssV3AttackVector,
        VulnDetailsCvssV3AvailabilityImpact,
        VulnDetailsCvssV3ConfidentialityImpact,
        VulnDetailsCvssV3ExploitScore,
        VulnDetailsCvssV3ImpactScore,
        VulnDetailsCvssV3IntegrityImpact,
        VulnDetailsCvssV3PrivilegesRequired,
        VulnDetailsCvssV3Scope,
        VulnDetailsCvssV3Score,
        VulnDetailsCvssV3UserInteraction,
        VulnDetailsCvssV3Vector,
        VulnDetailsDenialOfService,
        VulnDetailsDescription,
        VulnDetailsExploits,
        VulnDetailsId,
        VulnDetailsLinks,
        VulnDetailsMalwareKits,
        VulnDetailsModified,
        VulnDetailsPciCvssScore,
        VulnDetailsPciFail,
        VulnDetailsPciSeverityScore,
        VulnDetailsPciSpecialNotes,
        VulnDetailsPciStatus,
        VulnDetailsPublished,
        VulnDetailsReferences,
        VulnDetailsRiskScore,
        VulnDetailsSeverity,
        VulnDetailsSeverityScore,
        VulnDetailsTitle