nmap
editnmap
editThis codec is used to parse nmap output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. For more information on nmap, see https://nmap.org/.
Note: This codec can only be used for decoding data.
Event types are listed below
nmap_scan_metadata
: An object containing top level information about the scan, including how many hosts were up, and how many were down. Useful for the case where you need to check if a DNS based hostname does not resolve, where both those numbers will be zero.
nmap_host
: One event is created per host. The full data covering an individual host, including open ports and traceroute information as a nested structure.
nmap_port
: One event is created per host/port. This duplicates data already in nmap_host
: This was put in for the case where you want to model ports as separate documents in Elasticsearch (which Kibana prefers).
nmap_traceroute_link
: One of these is output per traceroute connection, with a from
and a to
object describing each hop. Note that traceroute hop data is not always correct due to the fact that each tracing ICMP packet may take a different route. Also very useful for Kibana visualizations.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
nmap { }
Available configuration options:
Setting | Input type | Required | Default value |
---|---|---|---|
No |
|
||
No |
|
||
No |
|
||
No |
|