state and status field updated to use the new field from the Nessus:P…

…ro Add-on.

cyences_app_for_splunk/default/props.conf

@@ -570,7 +570,7 @@ FIELDALIAS-vul_family = "plugin.pluginfamily" as vul_family
 FIELDALIAS-vul_type = "plugin.pluginattributes.plugin_information.plugin_type" AS vul_type
 EVAL-vul_has_patch = if(isnotnull('plugin.pluginattributes.plugin_information.patch_publication_date'), "true", "false")
 # vul_in_the_news - field does not exists
-EVAL-vul_state = "open"
+EVAL-vul_state = if(isnotnull(ta_nessus_pro_vuln_status), ta_nessus_pro_vuln_status, "open")
 # state field does not exist, so we are assuming that the vulnerability is open
 EVAL-vul_cpe = mvjoin(mvappend('plugin.pluginattributes.plugin_information.cpe', 'plugin.pluginattributes.vuln_information.cpe'), " ,")
 EVAL-vul_cve = mvjoin('plugin.pluginattributes.cvss_score_source', " ,")
@@ -584,7 +584,7 @@ FIELDALIAS-vul_solution = "plugin.pluginattributes.solution" AS vul_solution, "p
 # For Cyences Vulnerabilities datamodel
 FIELDALIAS-dest_id = host_id as dest_id
 EVAL-dest_name = coalesce('host-fqdn', 'netbios-name')
-EVAL-status = "open"
+EVAL-status = if(isnotnull(ta_nessus_pro_vuln_status), ta_nessus_pro_vuln_status, "open")
 FIELDALIAS-last_scan_time = "scan.scan_end_timestamp" AS last_scan_time, "scan.scan_end_timestamp" AS last_licensed_scan_date, "scan.scan_end_timestamp" AS last_authenticated_scan_date
 FIELDALIAS-published_time = "plugin.pluginattributes.plugin_information.plugin_publication_date" AS published_time
 FIELDALIAS-last_modified_time = "plugin.pluginattributes.plugin_information.last_modification_time" AS last_modified_time