nexpose 7.0.1 → 7.3.0

data/lib/eso/integration_options_manager.rb

@@ -0,0 +1,178 @@
+require 'nexpose'
+
+module Eso
+  ##
+  # This class is a manager for the integration options api. Integration options match epo/dxl/etc steps
+  # (ie discover-epo-assets) to nexpose steps (ie import-external-assets).
+
+  class IntegrationOptionsManager
+
+    ##
+    # Constructor for IntegrationOptionsManager.
+    #
+    # @param [Nexpose::Connection] nsc A logged-in Nexpose::Connection object with a valid session used to authenticate.
+    # @return [Eso::IntegrationOptionsManager] The newly created IntegrationOptionManager object
+    #
+    def initialize(nsc)
+      @nexpose_console = nsc
+      @url = "https://#{nsc.host}:#{nsc.port}/eso/integration-manager-service/api/integration-options/"
+    end
+
+    ##
+    # Create a new or Update existing integration option.
+    #
+    # @param [String] payload The JSON representation of an integration option.
+    # @return [String] The integrationOptionID (a UUID) of the newly created configuration. Raises error on failure.
+    #
+    def create(payload)
+      # TODO retry if the post fails on timeout
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}", payload, ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(response_body)['data']['id']
+    end
+    alias_method :update, :create
+
+    # Deleting and stopping are the same thing
+    def delete(integration_option_id)
+      ::Nexpose::AJAX.delete(@nexpose_console, "#{@url}#{integration_option_id}/state")
+    end
+    alias_method :stop, :delete
+
+    ##
+    # Get an existing integration option.
+    #
+    # @param [String] integration_option_id The integration_option_id of the integration option.
+    # @return IntegrationOption for that id, or nil
+    #
+    def get(integration_option_id)
+      # Gets all integration options
+      response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      response = JSON.parse(response_body, symbolize_names: true)
+
+      # Find the desired one
+      raw_integration_option = response.find{|raw| raw[:id] == integration_option_id}
+      raise "No IntegrationOption with ID #{integration_option_id}" if raw_integration_option.nil?
+
+      # Load it to an object
+      IntegrationOption.load(raw_integration_option)
+    end
+
+    ##
+    # Get the status of an integration option.
+    #
+    # @param [String] integration_option_id The integration_option_id of the integration option.
+    # @return the state (READY, STOPPED, etc)
+    #
+    def status(integration_option_id)
+      response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}#{integration_option_id}/status", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      response = JSON.parse(response_body)
+      response['state']
+    end
+
+    def start(integration_option_id)
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}#{integration_option_id}/state", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(response_body)
+    end
+
+    # TODO: These build_* methods must die.
+    def self.build_import_epo_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::DISCOVER_EPO)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_import_ad_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::ACTIVE_DIRECTORY, type_name: StepNames::DISCOVER_ACTIVE_DIRECTORY)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_aws_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_verify_aws_targets_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VERIFY_EXTERNAL_TARGETS,
+                       previous_type_name: step1.type_name)
+      step3 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS,
+                       previous_type_name: step2.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+
+      IntegrationOption.new(name: name, steps: [step1, step2, step3])
+    end
+
+    def self.build_sync_azure_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_aws_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, tags: '')
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+                  .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
+                  .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, "")
+                  .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, tags)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_azure_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, only_tags: '', exclude_tags: '')
+      step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+                  .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
+                  .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, exclude_tags)
+                  .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, only_tags)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_export_risk_scores_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::RISK_SCORE_UPDATED)
+      step2 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::PUSH_RISK_SCORE, previous_type_name: step1.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_find_vuln_details_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VULN_DETAILS, previous_type_name: step1.type_name)
+      step3 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST, previous_type_name: step2.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2, step3])
+    end
+
+    def self.build_publish_vulnerabilities_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::NEW_ASSET_VULN)
+      step2 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::PUBLISH_VULN_INT_TYPE, previous_type_name: step1.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+  end
+end

data/lib/eso/nexpose.rb

@@ -0,0 +1,212 @@
+require 'nexpose'
+
+module Eso
+  module ServiceNames
+    ACTIVE_DIRECTORY = 'active-directory'
+    AWS = 'amazon-web-services'
+    AZURE = 'azure'
+    DXL = 'dxl'
+    EPO = 'epo'
+    NEXPOSE = 'nexpose'
+  end
+
+  module StepNames
+    ADD_TO_SITE = 'add-to-site'
+    ADD_VULN_AND_SCAN = 'add-vulnerabilities-to-site-and-scan'
+    DISCOVER_ACTIVE_DIRECTORY = 'discover-ad-assets'
+    DISCOVER_AWS_ASSETS = 'discover-aws-assets'
+    DISCOVER_AZURE_ASSETS = 'discover-azure-assets'
+    DISCOVER_EPO = 'discover-epo-assets'
+    DISCOVER_KNOWN = 'discover-known-assets'
+    DISCOVER_NEW = 'discover-new-assets'
+    DISCOVERY_CONFIG_METADATA = 'discoveryConfigMetadata'
+    EMPTY = ''
+    FILE_REPUTATION_TRIGGER = 'tie-file-reputation-trigger'
+    IMPORT_EXTERNAL = 'import-external-assets'
+    NEW_ASSET_VULN = 'new-asset-vulnerability'
+    NEW_VULN = 'new-vulnerabilities'
+    PUBLISH_VULN_INT_TYPE = 'publish-vulnerability-integration-type'
+    PUSH_RISK_SCORE = 'push-risk-score'
+    RISK_SCORE_UPDATED = 'risk-score-updated'
+    SCAN = 'scan'
+    SCAN_IN_SITE = 'scan-in-site'
+    SYNC_EXTERNAL = 'sync-external-assets'
+    TAG = 'tag'
+    VERIFY_AWS_ASSETS = 'verify-aws-targets'
+    VERIFY_EXTERNAL_TARGETS = 'verify-external-targets'
+    VULN_DETAILS = 'vulnerability-details'
+    VULN_DETAILS_REQUEST = 'vulnerability-details-request'
+  end
+
+  module Values
+    ARRAY = 'Array'
+    BOOLEAN = 'Boolean'
+    INTEGER = 'Integer'
+    OBJECT = 'Object'
+    STRING = 'String'
+  end
+
+  module StepConfigTypes
+    DISCOVERY_CONFIG = [StepNames::DISCOVER_ACTIVE_DIRECTORY,
+                        StepNames::DISCOVER_AWS_ASSETS,
+                        StepNames::DISCOVER_AZURE_ASSETS,
+                        StepNames::DISCOVER_EPO,
+                        StepNames::DISCOVER_KNOWN,
+                        StepNames::DISCOVER_NEW,
+                        StepNames::FILE_REPUTATION_TRIGGER,
+                        StepNames::PUBLISH_VULN_INT_TYPE,
+                        StepNames::PUSH_RISK_SCORE,
+                        StepNames::VULN_DETAILS_REQUEST]
+    EMPTY = [StepNames::NEW_ASSET_VULN,
+             StepNames::NEW_VULN,
+             StepNames::RISK_SCORE_UPDATED,
+             StepNames::VULN_DETAILS]
+    SITE = [StepNames::ADD_TO_SITE,
+            StepNames::ADD_VULN_AND_SCAN,
+            StepNames::IMPORT_EXTERNAL,
+            StepNames::SCAN,
+            StepNames::SCAN_IN_SITE,
+            StepNames::SYNC_EXTERNAL]
+    TAG = [StepNames::TAG]
+    VERIFY = [StepNames::DISCOVER_AWS_ASSETS]
+  end
+
+  module Filters
+    CVSS_SCORE = 'CVSS_SCORE'
+    DHCP_HOST_NAME = 'DHCP_HOST_NAME'
+    HOURS_SINCE_LAST_SCAN= 'HOURS_SINCE_LAST_SCAN'
+    HOURS_SINCE_LAST_SCAN_ITEM = 'HOURS_SINCE_LAST_SCAN_ITEM'
+    IP_ADDRESS = 'IP_ADDRESS'
+    IP_RANGE = 'IP_RANGE'
+    MAC_ADDRESS = 'MAC_ADDRESS'
+    OPEN_PORT = 'OPEN_PORT'
+    RISK_SCORE = 'RISK_SCORE'
+    SERVICE_NAME = 'SERVICE_NAME'
+  end
+
+  module Nexpose
+    def self.create_discovery_workflow(conductor:, name:, step1_type:, step1_param: nil, step2_type:, step2_param:)
+      step1 = self.send("create_#{step1_type.to_s.gsub(/-/, "_")}_step", id: step1_param)
+      step2 = self.send("create_#{step2_type.to_s.gsub(/-/, "_")}_step", id: step2_param)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_scan_new_vuln_workflow(conductor:, name:, filters:, site_id:)
+      step1 = self.create_new_vuln_step(workflow: nil, filters: filters, previous_type_name: StepNames::EMPTY)
+      step2 = self.create_add_vuln_and_scan_step(id: site_id)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_file_trigger_workflow(conductor:, name:, step1_param:, step2_param:)
+      step1 = self.create_file_reputation_step(workflow: nil, id: step1_param)
+      step2 = self.create_tag_step(workflow: nil, id: step2_param)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_scan_in_site_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::SCAN_IN_SITE,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_file_reputation_step(workflow: nil, id:)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::DXL,
+               type_name: StepNames::FILE_REPUTATION_TRIGGER,
+               previous_type_name: nil)
+          .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+    end
+
+    def self.create_discover_new_assets_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::DISCOVER_NEW,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+    end
+
+    def self.create_discover_known_assets_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      step = Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::DISCOVER_KNOWN,
+               previous_type_name: previous_type_name)
+                 .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+      config_params = step.configuration_params
+      config_params[:HOURS_SINCE_LAST_SCAN] = {
+          :valueClass => Values::ARRAY,
+          :items => [
+              {
+                  :valueClass => Values::OBJECT,
+                  :objectType => Filters::HOURS_SINCE_LAST_SCAN_ITEM,
+                  :properties => {
+                      :operator => {
+                          :valueClass => Values::STRING,
+                          :value => ::Nexpose::Search::Operator::GREATER_THAN
+                      },
+                      :operand1 => {
+                          :valueClass  => Values::STRING,
+                          :value => '1'
+                      }
+                  }
+              }
+          ]
+      }
+      step.configuration_params = config_params
+      step
+    end
+
+    def self.create_new_vuln_step(workflow: nil, filters:, previous_type_name: StepNames::EMPTY)
+      # The filter definitions on the server are not standard at this point so that is why it is necessary to hard code this
+      # Opening a defect to fix the consistency on these on the backend so we can use the add_filter function in the automation
+      step = Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::NEW_VULN,
+               previous_type_name: previous_type_name)
+
+      filters.each { |filter| step.add_filter(filter) }
+      step
+    end
+
+    def self.create_add_vuln_and_scan_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::ADD_VULN_AND_SCAN,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_add_to_site_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+       Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::ADD_TO_SITE,
+               previous_type_name: previous_type_name)
+           .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_scan_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+     Step.new(workflow: workflow,
+              service_name: ServiceNames::NEXPOSE,
+              type_name: StepNames::SCAN,
+              previous_type_name: previous_type_name)
+         .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_tag_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+       Step.new(workflow: workflow,
+                service_name: ServiceNames::NEXPOSE,
+                type_name: StepNames::TAG,
+                previous_type_name: previous_type_name)
+           .add_property(StepConfiguration::ConfigParamProperties::TAG_ID, id)
+    end
+
+    def self.get_discover_step(workflow: )
+      workflow.get_step(StepNames::DISCOVER_NEW) || workflow.get_step(StepNames::DISCOVER_KNOWN)
+    end
+  end
+end
+

data/lib/eso/service.rb

@@ -0,0 +1,83 @@
+module Eso
+  class Service
+    attr_accessor :host
+
+    attr_accessor :port
+
+    attr_accessor :url
+
+    CONTENT_TYPE_JSON = 'application/json; charset-utf-8'
+
+    def initialize(host:, port: 3780, nsc:)
+      @host = host
+      @port = port
+      @nexpose_console = nsc
+    end
+
+    def get(url:, content_type: CONTENT_TYPE_JSON)
+      get = Net::HTTP::Get.new(url)
+      get.set_content_type(content_type)
+      request(request: get)
+    end
+
+    def put(url:, payload:, content_type: CONTENT_TYPE_JSON)
+      put = Net::HTTP::Put.new(url)
+      put.set_content_type(content_type)
+      put.body = payload.to_s if payload
+      request(request: put)
+    end
+
+    def post(url:, payload: nil, content_type: CONTENT_TYPE_JSON)
+      post = Net::HTTP::Post.new(url)
+      post.set_content_type(content_type)
+      post.body = payload.to_s if payload
+      request(request: post)
+    end
+
+    def delete(url:, content_type: CONTENT_TYPE_JSON)
+      delete = Net::HTTP::Delete.new(url)
+      delete.set_content_type(content_type)
+      request(request: delete)
+    end
+
+    def http(timeout:)
+      http = Net::HTTP.new(@host, @port)
+      http.read_timeout = timeout if timeout
+      http.use_ssl = false
+      http
+    end
+
+    def https(timeout:)
+      http = Net::HTTP.new(@host, @port)
+      http.read_timeout = timeout if timeout
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      http
+    end
+
+    def add_nexpose_session(request:)
+      request.add_field('nexposeCCSessionID', @nexpose_console.session_id)
+      request.add_field('Cookie', "nexposeCCSessionID=#{@nexpose_console.session_id}")
+      request.add_field('X-Requested-With', 'XMLHttpRequest')
+    end
+
+    def request(request:, timeout: nil)
+      http = https(timeout: timeout)
+      add_nexpose_session(request: request)
+      response = http.request(request)
+      case response
+        when Net::HTTPOK, Net::HTTPCreated
+          rv = nil
+          if response.content_type == "application/json" && !response.body.empty?
+            json_data = JSON.parse(response.body, symbolize_names: true)
+            json_data[:data].nil? ? rv = json_data : rv = json_data[:data]
+          end
+          rv
+        when Net::HTTPForbidden
+          raise "Access denied. Response was #{response.body}"
+        else
+          raise "There was an error sending the request. Response was #{response.body}"
+      end
+    end
+  end
+end