nmapedit
This codec is used to parse nmap output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. For more information on nmap, see https://nmap.org/.
Note: This codec can only be used for decoding data.
Event types are listed below
nmap_scan_metadata: An object containing top level information about the scan, including how many hosts were up, and how many were down. Useful for the case where you need to check if a DNS based hostname does not resolve, where both those numbers will be zero.
nmap_host: One event is created per host. The full data covering an individual host, including open ports and traceroute information as a nested structure.
nmap_port: One event is created per host/port. This duplicates data already in nmap_host: This was put in for the case where you want to model ports as separate documents in Elasticsearch (which Kibana prefers).
nmap_traceroute_link: One of these is output per traceroute connection, with a from and a to object describing each hop. Note that traceroute hop data is not always correct due to the fact that each tracing ICMP packet may take a different route. Also very useful for Kibana visualizations.
Synopsisedit
This plugin supports the following configuration options:
Required configuration options:
nmap {
}
Available configuration options:
| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|
||
No |
|
||
No |
|
||
No |
|