My setup is consists Fleet Management together with Tenable Integration.
The issue with this is Tenable's Integration comes with multiple data streams.
The two that I'm focusing on are asset and vulnerability.
I want to create a dashboard that shows both asset information and vulnerability details. Is there a way to merge / join / transform my data in a way such that the vulnerability data will also consists of all its relevant asset information.
I have tried using enrich, but it requires me to execute the enrich policy everytime my asset index gets updated.
Join-fields dont work because asset and vulnerabilities dont belong in the same index.
I have been trying to use transform, however the data seems to be too summarized. I am not able to see a one to many mapping (one asset -> many vulnerabilities)
Is logstash my final option for doing these types of data pre-processing?