nexpose 7.2.1 → 7.3.0

data/lib/eso/configuration/configuration_manager.rb

@@ -0,0 +1,145 @@
+module Eso
+##
+# This class represents a configuration manager service, which manages a number of configurations (ie a hostname,
+# port, username, and password) used to connect to services, and the services they connect to (ie, ePO, dxl, palo-alto).
+#
+  class ConfigurationManager
+    attr_accessor :url, :nexpose_console
+
+    ##
+    # Constructor for ConfigurationManager.
+    #
+    # @param [Nexpose::Connection] nsc A logged-in Nexpose::Connection object with a valid session used to authenticate.
+    # @return [Eso::ConfigurationManager] The newly created configurationManager object
+    #
+    def initialize(nsc)
+      @nexpose_console = nsc
+      @url = "https://#{nsc.host}:#{nsc.port}/eso/configuration-manager/api/"
+    end
+
+    ##
+    # Return all of the services that are currently supported by this configuration manager.
+    #
+    # @return [Array] An array containing all of services in the configuration manager in String object form.
+    #                 Returns an empty array if no services have been configured.
+    #
+    def services
+      json_data = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}service/", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data)
+    end
+
+    ##
+    # Return all of the configurations of a particular service type.
+    #
+    # @param [String] service_name The name of a service to find configurations of.
+    # @return [Array] An array containing all the configurations of the given service type.
+    #
+    def service_configurations(service_name)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console,
+                                    "#{@url}service/configuration/#{service_name}/",
+                                    ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data, :symbolize_names => true)
+    end
+
+    ##
+    # Return the configuration of a particular service type with a particular name.
+    #
+    # @param [String] service_name The name of a service to find configurations of.
+    # @param [String] config_name The name of the Configuration.
+    # @return [Eso::Configuration] A Configuration object which matches the service name and config name requested.
+    def configuration_by_name(service_name, config_name)
+      service_configs_by_type =  service_configurations(service_name)
+      config_hash = service_configs_by_type.find { |config| config[:configName] == config_name }
+      Eso::Configuration.load(config_hash)
+    end
+
+    def configuration_type(service_name:)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console,
+                                    "#{@url}service/configurationType/#{service_name.downcase}",
+                                    ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data)
+    end
+
+    ##
+    # Get a configuration by id. Runs a GET call against the eso/configuration-manager/api/service/configuration/CONFIGURATION_ID endpoint
+    # @param [String] configuration_id The id of the configuration to get
+    # return [JSON] A json object representing a configuration
+    # TODO : Update to use an Eso::Configuration
+    def get_configuration(configuration_id)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}/service/configuration/id/#{configuration_id}", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data, :symbolize_names => true)
+    end
+
+    ##
+    # Create a new configuration.
+    #
+    # @param [String] payload The JSON representation of a configuration.
+    # @return [Integer] The configID (>= 1) of the newly created configuration. Raises error on failure.
+    # TODO: Update to use an Eso::Configuration
+    def post_service_configuration(payload)
+      # TODO retry if the post fails on timeout
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}service/configuration", payload, ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      config_id = Integer(JSON.parse(response_body)['data'])
+      raise Exception.new("API returned invalid configID (#{config_id}) while attempting to create configuration.") unless config_id >= 1
+      config_id
+    end
+
+    ##
+    # Test a configuration.
+    #
+    # @param [String] payload The JSON representation of a configuration.
+    # @return [String] The response from the call or an APIError
+    # TODO: Update to use an Eso::Configuration
+    def test_service_configuration(payload)
+      ::Nexpose::AJAX.post(@nexpose_console,
+                         "#{@url}service/configuration/test",
+                         payload,
+                         ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+    end
+
+    ##
+    # Delete a configuration. Runs a DELETE call against the eso/configuration-manager/api/service/configuration/CONFIGURATION_ID endpoint
+    #
+    # @param [String] configuration_id The id of the configuration to delete
+    # return [Boolean] Return true if the api reports a successful delete. Raises an error on failure.
+    def delete(configuration_id)
+      response_body = ::Nexpose::AJAX.delete(@nexpose_console, "#{@url}service/configuration/#{configuration_id}")
+      raise Exception.new("Failed to delete configuration with ID: #{configuration_id}") unless 'success' == response_body
+      true
+    end
+
+    ##
+    # Preview assets for a configuration. Calls a POST to the eso/configuration-manager/api/service/configuration/preview endpoint
+    #
+    # @param configuration The configuration to preview
+    # return [Array] previewed assets
+    # TODO: Update to use an Eso::Configuration
+    def preview_assets(configuration)
+      response_body = ::Nexpose::AJAX.post(@nexpose_console,
+                                         "#{@url}service/configuration/preview",
+                                         configuration,
+                                         ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      @preview_assets = JSON.parse(response_body)["previewAssets"]
+    end
+  end
+
+  module ConfigManagerMessages
+    module TestConfig
+      AUTH_FAILED_AWS       = 'Could not authenticate to Amazon Web Services.'
+      # Actual message will list out the bad ARNs
+      AUTH_FAILED_AWS_ARN   = /Could not authenticate to Amazon Web Services with the following ARNs/
+
+      CONNECTION_SUCCESSFUL = 'The connection to the external service was successful.'
+      # Applies to invalid user, password, wrong protocol, can't reach server, bad base or search query
+      CONNECTION_FAILED     = 'The connection to the external service failed.'
+
+      INVALID_FIELDS        = 'The configuration had invalid fields.'
+
+      RETRY_AD              = 'Failed to reach out to the Active Directory service, will try again.'
+      RETRY_AWS             = 'Failed to reach out to Amazon Web Services, will try again.'
+      RETRY_AZURE           = 'Failed to reach out to the Azure service, will try again.'
+      RETRY_DXL             = 'The DXL connection is currently down and the connection is in retry status.'
+      RETRY_EPO             = 'Failed to reach out to the ePO service, will try again.'
+    end
+  end
+end

data/lib/eso/filter.rb

@@ -0,0 +1,137 @@
+module Eso
+  class Filter
+    # These are defined in Eso::Filters which reside in the respective service they are related to.
+    attr_accessor :type
+
+    # These are the individual filter items
+    attr_accessor :filter_items
+
+    # Constructor for Filter.
+    #
+    # @param [String] type The type of filter this is. They are based on the service this filter exists in. These are defined in Eso::Filters which reside in the respective service they are related to.
+    # @param [Array] items Array of filters of this type
+    # @return [Eso::Filter] The newly created filter object
+    #
+    def initialize(type:, items: [])
+      @type = type
+      @filter_items = items
+     end
+
+    # Append a filter_item later
+    def <<(filter_item)
+      @filter_items << filter_item
+    end
+
+    def to_json
+      self.to_hash.to_json
+    end
+
+    def to_hash
+      hash = {}
+      hash[@type.to_sym] = {
+        valueClass: 'Array',
+        items: @filter_items.map{|item| item.to_hash}
+      }
+      hash
+    end
+    alias_method :to_h, :to_hash
+
+    class FilterItem
+      attr_accessor :type
+      # Examples are "OR", "IN", "CONTAINS". These should probably be constantized somewhere.
+      attr_accessor :operator
+      
+      # Array containing the values to filter on
+      attr_accessor :operands
+
+      def initialize(type:, operator:, operands:)
+        @type = "#{type}_ITEM"
+        @operator = operator
+        process_operands(operands)
+      end
+      
+      def process_operands(operands)
+        @operands =
+          if ["IS_EMPTY", "IS_NOT_EMPTY"].include? @operator
+            nil
+          elsif @type == "#{Eso::Filters::IP_ADDRESS}_ITEM" ||
+             @type == "#{Eso::Filters::IP_RANGE}_ITEM" ||
+             @type == "#{Eso::Filters::OPEN_PORT}_ITEM" ||
+             @type == "#{Eso::Filters::RISK_SCORE}_ITEM" ||
+             @type == "#{Eso::Filters::CVSS_SCORE}_ITEM"
+            operands.first.split('-')
+          else
+            operands
+          end
+
+        if @operands == nil
+          return
+        end
+        @operands.map! do |value|
+          # This regex is used to determine if the string is actually a float.
+          # http://stackoverflow.com/questions/1034418/determine-if-a-string-is-a-valid-float-value
+          if value =~ /^\s*[+-]?((\d+_?)*\d+(\.(\d+_?)*\d+)?|\.(\d+_?)*\d+)(\s*|([eE][+-]?(\d+_?)*\d+)\s*)$/
+            if (@type == "#{Eso::Filters::OPEN_PORT}_ITEM")
+              value.to_i
+            else
+              value.to_f
+            end
+            # If it's not a float, let's see if it's an integer.
+          elsif value.to_i.to_s == value
+            value.to_i
+            # Guess not, so lets keep the original value.
+          else
+            value
+          end
+        end
+      end
+      
+      def to_hash
+        hash = {
+          valueClass: "Object",
+          objectType: @type,
+          properties: {
+            operator: {
+              valueClass: "String",
+              value: @operator
+            }
+          }
+        }
+        # Currently there are no standards that say how many operands a filter can have
+        operand_hash = {}
+        operand_counter = 1
+        unless @operands.nil?
+          @operands.each do |operand|
+            label = "operand#{operand_counter}".to_sym
+          
+            # A correct value class is required because Jackson expects it.
+            # A Jackson processor for Ruby would probably make this much nicer
+            # Also, defaulting to Number is probably a bad idea, but based on current possible values in ESO this works.
+            case operand.class.to_s
+                
+            when "String"
+              value_class = "String"
+            when "Array"
+              value_class = "Array"
+            when "Fixnum"
+              value_class = "Integer"
+            else
+              value_class = "Number"
+            end
+            
+            operand_hash[label] = {
+              valueClass: value_class,
+              value: operand
+            }
+            operand_counter += 1
+          end
+
+          hash[:properties].merge! operand_hash
+        end
+
+        hash
+      end
+    end
+  end
+end
+

data/lib/eso/integration_option.rb

@@ -0,0 +1,88 @@
+module Eso
+
+  module IntegrationOptionNames
+    IMPORT_AD_ASSETS = 'import_ad_assets'
+    IMPORT_EPO_ASSETS = 'import_epo_assets'
+    SYNC_AZURE_ASSETS = 'sync_azure_assets'
+    SYNC_AZURE_ASSETS_WITH_TAGS = 'sync_azure_assets_with_tags'
+  end
+
+  # IntegrationOptionTypes is a way to categorize what various Integration Options do.
+  module IntegrationOptionTypes
+    # The IMPORT_TO_SITE Array tracks Integration Options which load Assets into a Site.
+    IMPORT_TO_SITE = [
+        IntegrationOptionNames::IMPORT_AD_ASSETS,
+        IntegrationOptionNames::IMPORT_EPO_ASSETS,
+        IntegrationOptionNames::SYNC_AZURE_ASSETS,
+        IntegrationOptionNames::SYNC_AZURE_ASSETS_WITH_TAGS
+    ]
+  end
+
+  class IntegrationOption
+    attr_accessor :name
+    attr_accessor :steps
+    attr_accessor :id
+
+    def initialize(id: nil, name:, steps: [])
+      @id = id
+      @name = name
+      @steps = steps
+    end
+
+    def site_id=(site_id)
+      # As of now, the site is always in the last Step of the IntegrationOption. Might change.
+      @steps.last.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id)
+    end
+
+    def site_id
+      # As of now, the site is always in the last Step of the IntegrationOption. Might change.
+      @steps.last.site_id
+    end
+
+    # Return this object and the associated steps in a digestible JSON format.
+    #
+    # @return [String] JSON interpretation of this workflow.
+    #
+    def to_json
+      # Convert Object to Hash
+      hash = self.to_hash
+
+      # Grab the Step objects and convert to Hashes
+      steps = hash['steps']
+      hashified_steps = []
+      steps.each {|step| hashified_steps << step.to_hash}
+      hash['steps'] = hashified_steps
+
+      # Convert Hash to JSON
+      hash.to_json
+    end
+
+    # Return this object as a Hash. The corresponding Steps will still be objects.
+    #
+    # @return [Hash] Hash interpretation of this IntegrationOption.
+    def to_hash
+      hash = {}
+      instance_variables.each {|var| hash[var.to_s.delete("@")] = instance_variable_get(var)}
+      hash
+    end
+
+    # Load a Hash of an IntegrationOption into an actual IntegrationOption. Probably didn't need to
+    # break out separately, but might be useful
+    #
+    # @param [Hash] raw_integration_option is a Hash representation of an IntegrationOption
+    # @return [IntegrationOption] The IntegrationOption version of the Hash
+    def self.load(raw_integration_option)
+      integration_option = IntegrationOption.new(id: raw_integration_option[:id], name: raw_integration_option[:name])
+      steps = raw_integration_option[:steps]
+      steps.each do |step|
+        step_config = step[:stepConfiguration]
+        integration_option.steps << Step.new(uuid: step[:uuid],
+                                             service_name: step[:serviceName],
+                                             type_name: step_config[:typeName],
+                                             previous_type_name: step_config[:previousTypeName],
+                                             configuration_params: step_config[:configurationParams])
+      end
+      integration_option
+    end
+  end
+end

data/lib/eso/integration_options_manager.rb

@@ -0,0 +1,178 @@
+require 'nexpose'
+
+module Eso
+  ##
+  # This class is a manager for the integration options api. Integration options match epo/dxl/etc steps
+  # (ie discover-epo-assets) to nexpose steps (ie import-external-assets).
+
+  class IntegrationOptionsManager
+
+    ##
+    # Constructor for IntegrationOptionsManager.
+    #
+    # @param [Nexpose::Connection] nsc A logged-in Nexpose::Connection object with a valid session used to authenticate.
+    # @return [Eso::IntegrationOptionsManager] The newly created IntegrationOptionManager object
+    #
+    def initialize(nsc)
+      @nexpose_console = nsc
+      @url = "https://#{nsc.host}:#{nsc.port}/eso/integration-manager-service/api/integration-options/"
+    end
+
+    ##
+    # Create a new or Update existing integration option.
+    #
+    # @param [String] payload The JSON representation of an integration option.
+    # @return [String] The integrationOptionID (a UUID) of the newly created configuration. Raises error on failure.
+    #
+    def create(payload)
+      # TODO retry if the post fails on timeout
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}", payload, ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(response_body)['data']['id']
+    end
+    alias_method :update, :create
+
+    # Deleting and stopping are the same thing
+    def delete(integration_option_id)
+      ::Nexpose::AJAX.delete(@nexpose_console, "#{@url}#{integration_option_id}/state")
+    end
+    alias_method :stop, :delete
+
+    ##
+    # Get an existing integration option.
+    #
+    # @param [String] integration_option_id The integration_option_id of the integration option.
+    # @return IntegrationOption for that id, or nil
+    #
+    def get(integration_option_id)
+      # Gets all integration options
+      response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      response = JSON.parse(response_body, symbolize_names: true)
+
+      # Find the desired one
+      raw_integration_option = response.find{|raw| raw[:id] == integration_option_id}
+      raise "No IntegrationOption with ID #{integration_option_id}" if raw_integration_option.nil?
+
+      # Load it to an object
+      IntegrationOption.load(raw_integration_option)
+    end
+
+    ##
+    # Get the status of an integration option.
+    #
+    # @param [String] integration_option_id The integration_option_id of the integration option.
+    # @return the state (READY, STOPPED, etc)
+    #
+    def status(integration_option_id)
+      response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}#{integration_option_id}/status", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      response = JSON.parse(response_body)
+      response['state']
+    end
+
+    def start(integration_option_id)
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}#{integration_option_id}/state", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(response_body)
+    end
+
+    # TODO: These build_* methods must die.
+    def self.build_import_epo_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::DISCOVER_EPO)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_import_ad_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::ACTIVE_DIRECTORY, type_name: StepNames::DISCOVER_ACTIVE_DIRECTORY)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_aws_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_verify_aws_targets_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VERIFY_EXTERNAL_TARGETS,
+                       previous_type_name: step1.type_name)
+      step3 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS,
+                       previous_type_name: step2.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+
+      IntegrationOption.new(name: name, steps: [step1, step2, step3])
+    end
+
+    def self.build_sync_azure_assets_option(name:, discovery_conn_id:, site_id: nil)
+      step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_aws_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, tags: '')
+      step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+                  .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
+                  .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, "")
+                  .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, tags)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_sync_azure_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, only_tags: '', exclude_tags: '')
+      step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+                  .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
+                  .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, exclude_tags)
+                  .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, only_tags)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)
+
+      #This isn't always known immediately, which is why we have IntegrationOption.site_id=
+      step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_export_risk_scores_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::RISK_SCORE_UPDATED)
+      step2 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::PUSH_RISK_SCORE, previous_type_name: step1.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+
+    def self.build_find_vuln_details_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VULN_DETAILS, previous_type_name: step1.type_name)
+      step3 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST, previous_type_name: step2.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2, step3])
+    end
+
+    def self.build_publish_vulnerabilities_option(name:, discovery_conn_id:)
+      step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::NEW_ASSET_VULN)
+      step2 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::PUBLISH_VULN_INT_TYPE, previous_type_name: step1.type_name)
+                  .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
+      IntegrationOption.new(name: name, steps: [step1, step2])
+    end
+  end
+end