hi, i'm using some python to query shodan.io, it returns a reasonably complex json that i'd like to push into Elasticsearch. i've got most mapped out and its work, but there is one field i just cant to map correctly.
the rough format:
{
... #bunch of fields i have mapped
'vulns': {
'CVE-2022-01-02' : {
'verified' : false,
'references': [ <<bunch of web links>>],
'summary': <<text>>
},
'CVE-2021-02-12' : {
'verified' : false,
'references': [ <<bunch of web links>>],
'summary': <<text>>
}
'CVE-2019-04-11' : {
'verified' : false,
'references': [ <<bunch of web links>>],
'summary': <<text>>
}
}
...
}
the CVE field name changes.. so that should be a dynamic field? is this the right approach?
how do i fit the verified, references, and summary fields in this?
[
{
"cve-objects": {
"mapping": {
"include_in_parent": true,
"type": "nested"
},
"match_mapping_type": "object",
"match": "CVE-*"
}
}
]