Views:

Below are the changes:

Transfer/file format change

  • Original format: JSON array of Container Vulnerabilities logs

    Example: [{"scanID": …}, {"scanID": …}, … ]

  • New format: line separated of Container Vulnerabilities logs

    Example:
    {"scanID": …}
    ...
    {"scanID": …}

Schema change

  • Original schema:
    scanID string
    scantime string
    clusterID string
    clusterName string
    imageID string
    registry string
    repository string
    imageDigest string
    vulnerabilityname string
    description string
    softwarelist Array of objects
    cverecord:
    • id
    • publishedDateTime
    • exploitAttemptCount (Optional)
    • globalExploitActivityLevel (Optional)
    • cvssScore
    • refs (Optional)
    • protectionRules (Optional)
    		 Object
  • New schema
    scanID string
    scantime string
    clusterID string
    clusterName string
    imageID string
    registry string
    repository string
    imageDigest string
    vulnerabilityname string
    description string
    softwarelist Array of objects
    cveLink string
    cverecord:
    • id
    • publishedDateTime
    • exploitAttemptCount (Optional)
    • globalExploitActivityLevel (Optional)
    • cvssScore
    • protectionRules (Optional)
    		 Object

Trend Micro advises customers to pay attention to the possible impact of the log changes to their configured Splunk HEC and AWS S3 connectors.

Keywords: schema, schema and format, schema and format changes, container vulnerabilities, schema and format changes for