Refactor date processing for asset inventory list to use foreach processor (#15849)

* Refactor date processing for asset inventory list to use foreach processor

* Bump version to 0.4.1 and update changelog for date processing refactor

* Remove previous processors

Author: clement-fouque

packages/qualys_gav/_dev/deploy/docker/files/config.yml

@@ -326,6 +326,15 @@ rules:
                               "created": 1752070872000,
                               "lastUpdated": 1752243670000
                           },
+                          "inventory_list_data": {
+                              "inventory": [
+                                  {
+                                      "last_updated": "2025-11-04T08:08:04.000Z",
+                                      "created": "2024-01-12T03:40:12.000Z",
+                                      "source": "EASM"
+                                  }
+                              ]
+                          },
                           "activity": {
                               "source": "EASM",
                               "lastScannedDate": 1752243670000
@@ -1535,6 +1544,15 @@ rules:
                               "source": "QAGENT",
                               "created": 1751889561000,
                               "lastUpdated": 1752520814000
+                          },
+                           "inventory_list_data": {
+                              "inventory": [
+                                  {
+                                      "last_updated": "2025-11-04T00:09:15.000Z",
+                                      "created": "2024-01-11T16:24:15.000Z",
+                                      "source": "Cloud Agent"
+                                  }
+                              ]
                           },
                           "activity": {
                               "source": "QAGENT",

packages/qualys_gav/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.4.1"
+  changes:
+    - description: Refactor date processing for asset inventory list to use foreach processor.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/15849
 - version: "0.4.0"
   changes:
     - description: Map Qualys cloud fields to cloud ECS fields.

packages/qualys_gav/data_stream/asset/elasticsearch/ingest_pipeline/default.yml

@@ -673,34 +673,38 @@ processors:
         - append:
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
-  - date:
-      field: qualys_gav.asset.inventory_list_data.inventory.created
-      target_field: qualys_gav.asset.inventory_list_data.inventory.created
-      tag: date_qualys_gav_asset_inventory_list_data_inventory_created
-      formats:
-        - UNIX_MS
-        - ISO8601
-      if: ctx.qualys_gav?.asset?.inventory_list_data?.inventory?.created != null && ctx.qualys_gav.asset.inventory_list_data.inventory.created != ''
-      on_failure:
-        - remove:
-            field: qualys_gav.asset.inventory.created
-        - append:
-            field: error.message
-            value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
-  - date:
-      field: qualys_gav.asset.inventory_list_data.inventory.last_updated
-      target_field: qualys_gav.asset.inventory_list_data.inventory.last_updated
-      tag: date_qualys_gav_asset_inventory_last_updated
-      formats:
-        - UNIX_MS
-        - ISO8601
-      if: ctx.qualys_gav?.asset?.inventory_list_data?.inventory?.last_updated != null && ctx.qualys_gav.asset.inventory_list_data.inventory.last_updated != ''
-      on_failure:
-        - remove:
-            field: qualys_gav.asset.inventory_list_data.inventory.last_updated
-        - append:
-            field: error.message
-            value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+  - foreach:
+      field: qualys_gav.asset.inventory_list_data.inventory
+      tag: foreach_asset_inventory_list_data_inventory_to_date_created
+      if: ctx.qualys_gav?.asset?.inventory_list_data?.inventory instanceof List
+      processor:
+        date:
+          field: _ingest._value.created
+          target_field: _ingest._value.created
+          tag: date_asset_inventory_list_data_inventory_created
+          formats:
+            - UNIX_MS
+            - ISO8601
+          on_failure:
+            - remove:
+                field: _ingest._value.created
+                ignore_missing: true
+  - foreach:
+      field: qualys_gav.asset.inventory_list_data.inventory
+      tag: foreach_asset_inventory_list_data_inventory_to_date_last_updated
+      if: ctx.qualys_gav?.asset?.inventory_list_data?.inventory instanceof List
+      processor:
+        date:
+          field: _ingest._value.last_updated
+          target_field: _ingest._value.last_updated
+          tag: date_asset_inventory_list_data_inventory_last_updated
+          formats:
+            - UNIX_MS
+            - ISO8601
+          on_failure:
+            - remove:
+                field: _ingest._value.last_updated
+                ignore_missing: true
   - date:
       field: qualys_gav.asset.activity.last_scanned_date
       target_field: qualys_gav.asset.activity.last_scanned_date