we configured the nessus TA via the web interface to extract data from Security Center.
[xxx]
batch_size = 10000
data = sc_vulnerability
index = xxx
i see vulnerability scans and SCAP scans, all under sourcetype=tenable:sc:vuln. what is the best way to differentiate between these 2 types of scan results? My best guess right now is pluginName=SCAP* to identify SCAP scan results but I am not sure this is correct.