nexpose_servicenow 0.4.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +16 -0
- data/Rakefile +2 -0
- data/bin/nexpose_servicenow +4 -0
- data/bin/setup +8 -0
- data/lib/nexpose_servicenow.rb +173 -0
- data/lib/nexpose_servicenow/arg_parser.rb +173 -0
- data/lib/nexpose_servicenow/chunker.rb +106 -0
- data/lib/nexpose_servicenow/historical_data.rb +234 -0
- data/lib/nexpose_servicenow/nexpose_helper.rb +162 -0
- data/lib/nexpose_servicenow/nx_logger.rb +166 -0
- data/lib/nexpose_servicenow/queries.rb +245 -0
- data/lib/nexpose_servicenow/queries_original.rb +162 -0
- data/lib/nexpose_servicenow/version.rb +5 -0
- data/nexpose_servicenow.gemspec +25 -0
- metadata +106 -0
|
@@ -0,0 +1,245 @@
|
|
|
1
|
+
module NexposeServiceNow
|
|
2
|
+
class Queries
|
|
3
|
+
def self.vulnerabilities(options={})
|
|
4
|
+
"SELECT
|
|
5
|
+
concat('R7_', vulnerability_id) as ID,
|
|
6
|
+
cve.ref as CVE,
|
|
7
|
+
cwe.ref as CWE,
|
|
8
|
+
concat('Rapid7 Nexpose') as Source,
|
|
9
|
+
to_char(date_published, 'yyyy-MM-dd hh:mm:ss') as date_published,
|
|
10
|
+
to_char(date_modified, 'yyyy-MM-dd hh:mm:ss') as Last_Modified,
|
|
11
|
+
dvc.category,
|
|
12
|
+
severity as Severity_Rating,
|
|
13
|
+
severity_score as Severity,
|
|
14
|
+
pci_status,
|
|
15
|
+
pci_adjusted_cvss_score as PCI_Severity,
|
|
16
|
+
title as Summary,
|
|
17
|
+
description as Threat,
|
|
18
|
+
ROUND(riskscore::numeric, 2) as Riskscore,
|
|
19
|
+
cvss_vector,
|
|
20
|
+
ROUND(cvss_impact_score::numeric, 2) as Impact_Score,
|
|
21
|
+
ROUND(cvss_exploit_score::numeric, 2) as Exploit_Score,
|
|
22
|
+
cvss_access_complexity_id as Access_Complexity,
|
|
23
|
+
cvss_access_vector_id as Access_Vector,
|
|
24
|
+
cvss_authentication_id as Authentication,
|
|
25
|
+
ROUND(cvss_score::numeric, 2) as Vulnerability_Score,
|
|
26
|
+
cvss_integrity_impact_id as Integrity_Impact,
|
|
27
|
+
cvss_confidentiality_impact_id as Confidentiality_Impact,
|
|
28
|
+
cvss_availability_impact_id as Availability_Impact,
|
|
29
|
+
CAST(CASE
|
|
30
|
+
WHEN exploits > 0
|
|
31
|
+
THEN 1
|
|
32
|
+
ELSE 0
|
|
33
|
+
END AS bit) as Exploitability,
|
|
34
|
+
CAST(CASE
|
|
35
|
+
WHEN malware_kits > 0
|
|
36
|
+
THEN 1
|
|
37
|
+
ELSE 0
|
|
38
|
+
END AS bit) as Malware_Kits,
|
|
39
|
+
sol.solutions as Solution
|
|
40
|
+
|
|
41
|
+
FROM
|
|
42
|
+
dim_vulnerability
|
|
43
|
+
|
|
44
|
+
LEFT OUTER JOIN
|
|
45
|
+
(SELECT DISTINCT on(vulnerability_id)
|
|
46
|
+
vulnerability_id,
|
|
47
|
+
dvr.reference as ref
|
|
48
|
+
FROM dim_vulnerability_reference dvr
|
|
49
|
+
WHERE source='CWE'
|
|
50
|
+
GROUP BY dvr.vulnerability_id, dvr.reference
|
|
51
|
+
) cwe USING (vulnerability_id)
|
|
52
|
+
|
|
53
|
+
LEFT OUTER JOIN
|
|
54
|
+
(SELECT DISTINCT on (vulnerability_id)
|
|
55
|
+
vulnerability_id,
|
|
56
|
+
dvr.reference as ref
|
|
57
|
+
FROM dim_vulnerability_reference dvr
|
|
58
|
+
WHERE source='CVE'
|
|
59
|
+
GROUP BY dvr.vulnerability_id, dvr.reference
|
|
60
|
+
) cve USING (vulnerability_id)
|
|
61
|
+
|
|
62
|
+
LEFT OUTER JOIN(SELECT DISTINCT on (dvc.vulnerability_id) dvc.vulnerability_id, dvc.category_name as category
|
|
63
|
+
FROM dim_vulnerability_category dvc
|
|
64
|
+
GROUP BY dvc.vulnerability_id, dvc.category_name) dvc USING (vulnerability_id)
|
|
65
|
+
|
|
66
|
+
LEFT OUTER JOIN(SELECT dvr.vulnerability_id, string_agg(dvr.source || ': ' || dvr.reference, '|') as references
|
|
67
|
+
FROM dim_vulnerability_reference dvr
|
|
68
|
+
GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
|
|
69
|
+
|
|
70
|
+
LEFT OUTER JOIN(SELECT vulnerability_id,
|
|
71
|
+
string_agg(concat('Fix: ' || fix,
|
|
72
|
+
'Solution type: ' || solution_type,
|
|
73
|
+
'URL: ' || url,
|
|
74
|
+
'Estimate: ' || estimate,
|
|
75
|
+
'Applies To: ' || applies_to,
|
|
76
|
+
'Additional Data: ' || additional_data), '\n') as solutions
|
|
77
|
+
FROM dim_solution
|
|
78
|
+
JOIN dim_vulnerability_solution USING (solution_id)
|
|
79
|
+
GROUP BY vulnerability_id) sol USING (vulnerability_id)
|
|
80
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
def self.vulnerability_references(options={})
|
|
85
|
+
"SELECT concat('R7_', vulnerability_id) as ID, dvr.Source, dvr.Reference
|
|
86
|
+
FROM dim_vulnerability
|
|
87
|
+
LEFT OUTER JOIN
|
|
88
|
+
(SELECT vulnerability_id, dvr.Source, dvr.Reference
|
|
89
|
+
FROM dim_vulnerability_reference dvr) dvr USING (vulnerability_id)
|
|
90
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def self.vulnerability_category(options={})
|
|
94
|
+
"SELECT concat('R7_', vulnerability_id) as ID, dvc.Category
|
|
95
|
+
FROM dim_vulnerability
|
|
96
|
+
LEFT OUTER JOIN
|
|
97
|
+
(SELECT vulnerability_id, category_name as Category
|
|
98
|
+
FROM dim_vulnerability_category dvc) dvc USING (vulnerability_id)
|
|
99
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
#Filter by site.
|
|
103
|
+
def self.assets(options={})
|
|
104
|
+
"SELECT coalesce(host_name, CAST(dim_asset.asset_id as text)) as Name,
|
|
105
|
+
dim_asset.ip_address,
|
|
106
|
+
dim_asset.mac_address,
|
|
107
|
+
concat('Rapid7 Nexpose') as Discovery_Source,
|
|
108
|
+
CAST(CASE
|
|
109
|
+
WHEN dim_host_type.description = 'Virtual Machine' or dim_host_type.description = 'Hypervisor'
|
|
110
|
+
THEN 1
|
|
111
|
+
ELSE 0
|
|
112
|
+
END AS bit) as Is_Virtual,
|
|
113
|
+
dim_operating_system.description as Operating_System,
|
|
114
|
+
fact_asset.scan_finished as Most_Recent_Discovery,
|
|
115
|
+
dim_asset.asset_id as Nexpose_ID,
|
|
116
|
+
fact_asset.pci_status
|
|
117
|
+
|
|
118
|
+
FROM dim_asset
|
|
119
|
+
JOIN fact_asset USING (asset_id)
|
|
120
|
+
LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
|
|
121
|
+
LEFT OUTER JOIN dim_host_type USING (host_type_id)"
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def self.software_instance(options={})
|
|
125
|
+
"SELECT asset_id as Nexpose_ID, coalesce(da.host_name, CAST(da.asset_id as text)) as Installed_On, ds.name, ds.Product_Name, ds.version, ds.cpe
|
|
126
|
+
FROM fact_asset_scan_software
|
|
127
|
+
LEFT OUTER JOIN (SELECT software_id, name, vendor || ' ' || family as Product_Name, version, cpe FROM dim_software) ds USING (software_id)
|
|
128
|
+
LEFT OUTER JOIN (SELECT asset_id, host_name FROM dim_asset) da USING (asset_id)
|
|
129
|
+
WHERE scan_id = lastScan(asset_id)"
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
def self.service_instance(options={})
|
|
133
|
+
"SELECT ds.Service_Name, asset_id as Nexpose_ID, port, dp.protocol, dsf.name
|
|
134
|
+
FROM fact_asset_scan_service
|
|
135
|
+
LEFT OUTER JOIN (SELECT service_id, name as service_name FROM dim_service) ds USING (service_id)
|
|
136
|
+
LEFT OUTER JOIN (SELECT service_fingerprint_id, name FROM dim_service_fingerprint) dsf USING (service_fingerprint_id)
|
|
137
|
+
LEFT OUTER JOIN (SELECT protocol_id, name as protocol FROM dim_protocol) dp USING (protocol_id)
|
|
138
|
+
WHERE scan_id = lastScan(asset_id)"
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
|
|
142
|
+
#Need to wipe table each time
|
|
143
|
+
def self.group_accounts(options={})
|
|
144
|
+
"SELECT asset_id as Nexpose_ID, daga.name as Group_Account_Name
|
|
145
|
+
FROM dim_asset
|
|
146
|
+
JOIN dim_asset_group_account daga USING (asset_id)"
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
#Need to wipe table each time
|
|
150
|
+
def self.user_accounts(options={})
|
|
151
|
+
"SELECT da.asset_id as Nexpose_ID, daua.name as User_Account_Name,
|
|
152
|
+
daua.full_name as User_Account_Full_Name
|
|
153
|
+
|
|
154
|
+
FROM dim_asset da
|
|
155
|
+
JOIN dim_asset_user_account daua USING (asset_id)"
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
#Need to wipe table each time
|
|
159
|
+
def self.asset_groups(options={})
|
|
160
|
+
"SELECT asset_id as Nexpose_ID, dag.name as Asset_Group_Name,
|
|
161
|
+
dag.dynamic_membership, dag.description
|
|
162
|
+
FROM dim_asset_group_asset daga
|
|
163
|
+
JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id"
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
#Need to wipe table each time
|
|
167
|
+
def self.sites(options={})
|
|
168
|
+
"SELECT asset_id as Nexpose_ID, ds.name as site_name
|
|
169
|
+
FROM dim_asset
|
|
170
|
+
JOIN dim_site_asset dsa USING (asset_id)
|
|
171
|
+
JOIN dim_site ds on dsa.site_id = ds.site_id
|
|
172
|
+
ORDER BY ip_address"
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
#Need to wipe table each time
|
|
176
|
+
def self.tags(options={})
|
|
177
|
+
"SELECT asset_id as Nexpose_ID, dt.tag_name
|
|
178
|
+
FROM dim_tag_asset dta
|
|
179
|
+
JOIN dim_tag dt on dta.tag_id = dt.tag_id"
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
def self.vulnerable_new_items(options={})
|
|
183
|
+
"SELECT
|
|
184
|
+
coalesce(subq.host_name, CAST(subq.asset_id as text)) Configuration_Item,
|
|
185
|
+
TRUE as Active,
|
|
186
|
+
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
|
187
|
+
fasv.first_discovered as First_Found,
|
|
188
|
+
fasv.most_recently_discovered as Last_Found,
|
|
189
|
+
subq.vulnerability_instances as Times_Found,
|
|
190
|
+
subq.ip_address as IP_Address,
|
|
191
|
+
favi.port as Port,
|
|
192
|
+
dp.name as Protocol
|
|
193
|
+
|
|
194
|
+
FROM (
|
|
195
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, vulnerability_instances, s.current_scan, s.host_name, s.ip_address, baselineComparison(fasv.scan_id, s.current_scan) as comparison
|
|
196
|
+
FROM fact_asset_scan_vulnerability_finding fasv
|
|
197
|
+
JOIN (
|
|
198
|
+
SELECT asset_id, host_name, ip_address, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan FROM dim_asset
|
|
199
|
+
) s ON s.asset_id = fasv.asset_id AND (fasv.scan_id >= #{options[:last_scan_id]} OR fasv.scan_id = s.current_scan)
|
|
200
|
+
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
|
|
201
|
+
HAVING baselineComparison(fasv.scan_id, s.current_scan) = 'New'
|
|
202
|
+
) subq
|
|
203
|
+
JOIN
|
|
204
|
+
fact_asset_vulnerability_instance favi ON favi.asset_id = subq.asset_id AND favi.scan_id = subq.current_scan AND favi.vulnerability_id = subq.vulnerability_id
|
|
205
|
+
JOIN
|
|
206
|
+
fact_asset_vulnerability_age fasv ON fasv.asset_id = subq.asset_id AND fasv.vulnerability_id = subq.vulnerability_id
|
|
207
|
+
JOIN
|
|
208
|
+
dim_asset da ON subq.asset_id = da.asset_id
|
|
209
|
+
JOIN
|
|
210
|
+
dim_protocol dp ON dp.protocol_id = favi.protocol_id
|
|
211
|
+
ORDER BY fasv.asset_id, vulnerability"
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
def self.vulnerable_old_items(options={})
|
|
215
|
+
"SELECT
|
|
216
|
+
coalesce(da.host_name, CAST(da.asset_id as text)) Configuration_Item,
|
|
217
|
+
FALSE as Active,
|
|
218
|
+
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
|
219
|
+
da.ip_address as IP_Address
|
|
220
|
+
FROM (
|
|
221
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
|
|
222
|
+
FROM fact_asset_scan_vulnerability_finding fasv
|
|
223
|
+
JOIN (
|
|
224
|
+
select asset_id, lastScan(asset_id) AS current_scan from fact_asset_vulnerability_instance WHERE scan_id = lastScan(asset_id)
|
|
225
|
+
) s ON s.asset_id = fasv.asset_id AND (fasv.scan_id >= #{options[:last_scan_id]} OR fasv.scan_id = s.current_scan)
|
|
226
|
+
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
|
|
227
|
+
HAVING baselineComparison(fasv.scan_id, s.current_scan) = 'Old'
|
|
228
|
+
) subq
|
|
229
|
+
JOIN dim_asset da ON subq.asset_id = da.asset_id
|
|
230
|
+
ORDER BY da.ip_address"
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def self.latest_scans(options={})
|
|
234
|
+
'SELECT ds.site_id, ds.last_scan_id, dsc.finished
|
|
235
|
+
FROM dim_site ds
|
|
236
|
+
JOIN dim_scan dsc ON ds.last_scan_id = dsc.scan_id'
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
def self.multiple_reports?(query_name)
|
|
240
|
+
single_queries = ['vulnerabilities', 'vulnerability_category',
|
|
241
|
+
'vulnerability_references', 'latest_scans']
|
|
242
|
+
return !(single_queries.include? query_name.to_s)
|
|
243
|
+
end
|
|
244
|
+
end
|
|
245
|
+
end
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
module NexposeServiceNow
|
|
2
|
+
class Queries
|
|
3
|
+
def self.cmdb_ci_outofband_device(nexpose_url)
|
|
4
|
+
"SELECT coalesce(host_name, CAST(dim_asset.asset_id as text)) as Name,
|
|
5
|
+
host_name as Aliases,
|
|
6
|
+
ip_address as IP_Address,
|
|
7
|
+
concat('https://#{nexpose_url}/asset.jsp?devid=', dim_asset.asset_id) as URL,
|
|
8
|
+
dim_host_type.description as Type,
|
|
9
|
+
dim_operating_system.description as Product_Version,
|
|
10
|
+
fa.scan_finished as Most_Recent_Discovery,
|
|
11
|
+
fa.vulnerabilities as Vulnerabilities,
|
|
12
|
+
fa.critical_vulnerabilities as Critical_Vulnerabilities,
|
|
13
|
+
fa.severe_vulnerabilities as Severe_Vulnerabilities,
|
|
14
|
+
fa.moderate_vulnerabilities as Moderate_Vulnerabilities,
|
|
15
|
+
fa.malware_kits as Malware_kits,
|
|
16
|
+
fa.exploits as Exploits,
|
|
17
|
+
fa.vulnerabilities_with_malware_kit as Vulnerabilities_With_Malware_Kit,
|
|
18
|
+
fa.vulnerabilities_with_exploit as Vulnerabilities_With_Exploit,
|
|
19
|
+
fa.vulnerability_instances as Vulnerability_Instances,
|
|
20
|
+
dim_asset.asset_id as Nexpose_ID,
|
|
21
|
+
fa.riskscore as Risk_Score,
|
|
22
|
+
ga.group_accounts as Group_Accounts,
|
|
23
|
+
ag.asset_groups as Asset_Groups,
|
|
24
|
+
serv.services as Services,
|
|
25
|
+
softw.software as Software,
|
|
26
|
+
use.user_accounts as User_Accounts,
|
|
27
|
+
site.sites as Sites,
|
|
28
|
+
tag.tags as Tags,
|
|
29
|
+
fa.pci_status as PCI_Status
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
FROM dim_asset
|
|
33
|
+
LEFT OUTER JOIN dim_host_type on dim_asset.host_type_id = dim_host_type.host_type_id
|
|
34
|
+
LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
|
|
35
|
+
|
|
36
|
+
JOIN fact_asset fa USING (asset_id)
|
|
37
|
+
|
|
38
|
+
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(daga.name, '|') as Group_Accounts
|
|
39
|
+
FROM dim_asset_group_account daga
|
|
40
|
+
GROUP BY daga.asset_id) ga USING (asset_id)
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(dag.name, '|') as Asset_Groups
|
|
44
|
+
FROM dim_asset_group_asset daga
|
|
45
|
+
JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id
|
|
46
|
+
GROUP BY daga.asset_id) ag USING (asset_id)
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Services
|
|
50
|
+
FROM dim_asset_service das
|
|
51
|
+
JOIN dim_service ds on das.service_id = ds.service_id
|
|
52
|
+
GROUP BY das.asset_id) serv USING (asset_id)
|
|
53
|
+
|
|
54
|
+
LEFT OUTER JOIN (SELECT dauc.asset_id, string_agg(dauc.name, '|') as User_Accounts
|
|
55
|
+
FROM dim_asset_user_account dauc
|
|
56
|
+
GROUP BY dauc.asset_id) use USING (asset_id)
|
|
57
|
+
|
|
58
|
+
LEFT OUTER JOIN (SELECT dsa.asset_id, string_agg(ds.name, '|') as Sites
|
|
59
|
+
FROM dim_site_asset dsa
|
|
60
|
+
JOIN dim_site ds on dsa.site_id = ds.site_id
|
|
61
|
+
GROUP BY dsa.asset_id) site USING (asset_id)
|
|
62
|
+
|
|
63
|
+
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Software
|
|
64
|
+
FROM dim_asset_software das
|
|
65
|
+
JOIN dim_software ds on das.software_id = ds.software_id
|
|
66
|
+
GROUP BY das.asset_id) softw USING (asset_id)
|
|
67
|
+
|
|
68
|
+
LEFT OUTER JOIN (SELECT dta.asset_id, string_agg(dt.tag_name, '|') as Tags
|
|
69
|
+
FROM dim_tag_asset dta
|
|
70
|
+
JOIN dim_tag dt on dta.tag_id = dt.tag_id
|
|
71
|
+
GROUP BY dta.asset_id) tag USING (asset_id)
|
|
72
|
+
|
|
73
|
+
GROUP BY dim_asset.host_name, dim_asset.asset_id, dim_asset.ip_address, fa.pci_status, dim_host_type.description,
|
|
74
|
+
dim_operating_system.description, fa.scan_finished, fa.vulnerabilities, fa.critical_vulnerabilities, fa.severe_vulnerabilities,
|
|
75
|
+
fa.moderate_vulnerabilities, fa.malware_kits, fa.exploits, fa.vulnerabilities_with_malware_kit, fa.vulnerabilities_with_exploit,
|
|
76
|
+
fa.vulnerability_instances, fa.riskscore, ga.group_accounts, softw.software, ag.asset_groups, serv.services, use.user_accounts, site.sites, tag.tags"
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def self.sn_vul_vulnerable_item(options={})
|
|
80
|
+
"SELECT
|
|
81
|
+
asset_id as Configuration_Item,
|
|
82
|
+
concat('R7_', vulnerability_id) as Vulnerability,
|
|
83
|
+
fasv.first_discovered as First_Found,
|
|
84
|
+
fasv.most_recently_discovered as Last_Found,
|
|
85
|
+
fact_asset_vulnerability_finding.vulnerability_instances as Times_Found,
|
|
86
|
+
dim_asset.ip_address as IP_Address,
|
|
87
|
+
port as Port,
|
|
88
|
+
dim_protocol.name as Protocol
|
|
89
|
+
|
|
90
|
+
FROM
|
|
91
|
+
fact_asset_vulnerability_instance
|
|
92
|
+
JOIN
|
|
93
|
+
fact_asset_vulnerability_finding USING (asset_id, vulnerability_id)
|
|
94
|
+
JOIN
|
|
95
|
+
fact_asset_vulnerability_age fasv USING (asset_id, vulnerability_id)
|
|
96
|
+
JOIN
|
|
97
|
+
dim_asset USING (asset_id)
|
|
98
|
+
JOIN
|
|
99
|
+
dim_protocol USING (protocol_id)"
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def self.sn_vul_third_party_entry(options={})
|
|
103
|
+
"SELECT
|
|
104
|
+
concat('R7_', vulnerability_id) as ID,
|
|
105
|
+
cve.ref as CVE,
|
|
106
|
+
cwe.ref as CWE,
|
|
107
|
+
concat('Rapid7 Nexpose') as Source,
|
|
108
|
+
date_published,
|
|
109
|
+
date_modified as Last_Modified,
|
|
110
|
+
dvc.categories,
|
|
111
|
+
severity_score as Severity,
|
|
112
|
+
title as Summary,
|
|
113
|
+
description as Threat,
|
|
114
|
+
ROUND(riskscore::numeric, 2) as Riskscore,
|
|
115
|
+
cvss_vector,
|
|
116
|
+
ROUND(cvss_score::numeric, 2) as CVSS_Score,
|
|
117
|
+
exploits,
|
|
118
|
+
ref.references,
|
|
119
|
+
sol.solutions
|
|
120
|
+
|
|
121
|
+
FROM
|
|
122
|
+
dim_vulnerabilityYep
|
|
123
|
+
|
|
124
|
+
LEFT OUTER JOIN
|
|
125
|
+
(SELECT
|
|
126
|
+
vulnerability_id,
|
|
127
|
+
string_agg(dvr.reference, '|') as ref
|
|
128
|
+
FROM dim_vulnerability_reference dvr
|
|
129
|
+
WHERE source='CWE'
|
|
130
|
+
GROUP BY dvr.vulnerability_id
|
|
131
|
+
) cwe USING (vulnerability_id)
|
|
132
|
+
|
|
133
|
+
LEFT OUTER JOIN
|
|
134
|
+
(SELECT
|
|
135
|
+
vulnerability_id,
|
|
136
|
+
string_agg(dvr.reference, '|') as ref
|
|
137
|
+
FROM dim_vulnerability_reference dvr
|
|
138
|
+
WHERE source='CVE'
|
|
139
|
+
GROUP BY dvr.vulnerability_id
|
|
140
|
+
) cve USING (vulnerability_id)
|
|
141
|
+
|
|
142
|
+
LEFT OUTER JOIN(SELECT dvc.vulnerability_id, string_agg(dvc.category_name, '|') as categories
|
|
143
|
+
FROM dim_vulnerability_category dvc
|
|
144
|
+
GROUP BY dvc.vulnerability_id) dvc USING (vulnerability_id)
|
|
145
|
+
|
|
146
|
+
LEFT OUTER JOIN(SELECT dvr.vulnerability_id, string_agg(dvr.source || ': ' || dvr.reference, '|') as references
|
|
147
|
+
FROM dim_vulnerability_reference dvr
|
|
148
|
+
GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
|
|
149
|
+
|
|
150
|
+
LEFT OUTER JOIN(SELECT vulnerability_id,
|
|
151
|
+
string_agg(concat('Fix: ' || fix,
|
|
152
|
+
'Solution type: ' || solution_type,
|
|
153
|
+
'URL: ' || url,
|
|
154
|
+
'Estimate: ' || estimate,
|
|
155
|
+
'Applies To: ' || applies_to,
|
|
156
|
+
'Additional Data: ' || additional_data), '|') as solutions
|
|
157
|
+
FROM dim_solution
|
|
158
|
+
JOIN dim_vulnerability_solution USING (solution_id)
|
|
159
|
+
GROUP BY vulnerability_id) sol USING (vulnerability_id)"
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
+
require 'nexpose_servicenow/version'
|
|
5
|
+
|
|
6
|
+
Gem::Specification.new do |spec|
|
|
7
|
+
spec.name = "nexpose_servicenow"
|
|
8
|
+
spec.version = NexposeServiceNow::VERSION
|
|
9
|
+
spec.authors = ["David Valente", 'JJ Cassidy']
|
|
10
|
+
|
|
11
|
+
spec.require_paths = ["lib"]
|
|
12
|
+
spec.summary = %Q{Gem for Nexpose-ServiceNow marketplace application integration. Requires Servicenow Application component available on Servicenow application store.}
|
|
13
|
+
spec.description = %Q{Provides an interface to Nexpose for the Rapid7 ServiceNow MarketPlace application.}
|
|
14
|
+
spec.executables = ["nexpose_servicenow"]
|
|
15
|
+
spec.email = ['support@rapid7.com']
|
|
16
|
+
spec.license = "MIT"
|
|
17
|
+
|
|
18
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
19
|
+
spec.bindir = "bin"
|
|
20
|
+
spec.require_paths = ["lib"]
|
|
21
|
+
|
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.11"
|
|
23
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
|
24
|
+
spec.add_dependency 'nexpose', '~> 3.2'
|
|
25
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: nexpose_servicenow
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.4.15
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- David Valente
|
|
8
|
+
- JJ Cassidy
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2016-06-16 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: bundler
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
requirements:
|
|
18
|
+
- - ~>
|
|
19
|
+
- !ruby/object:Gem::Version
|
|
20
|
+
version: '1.11'
|
|
21
|
+
type: :development
|
|
22
|
+
prerelease: false
|
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - ~>
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
version: '1.11'
|
|
28
|
+
- !ruby/object:Gem::Dependency
|
|
29
|
+
name: rake
|
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ~>
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '10.0'
|
|
35
|
+
type: :development
|
|
36
|
+
prerelease: false
|
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - ~>
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
version: '10.0'
|
|
42
|
+
- !ruby/object:Gem::Dependency
|
|
43
|
+
name: nexpose
|
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
|
45
|
+
requirements:
|
|
46
|
+
- - ~>
|
|
47
|
+
- !ruby/object:Gem::Version
|
|
48
|
+
version: '3.2'
|
|
49
|
+
type: :runtime
|
|
50
|
+
prerelease: false
|
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
52
|
+
requirements:
|
|
53
|
+
- - ~>
|
|
54
|
+
- !ruby/object:Gem::Version
|
|
55
|
+
version: '3.2'
|
|
56
|
+
description: Provides an interface to Nexpose for the Rapid7 ServiceNow MarketPlace
|
|
57
|
+
application.
|
|
58
|
+
email:
|
|
59
|
+
- support@rapid7.com
|
|
60
|
+
executables:
|
|
61
|
+
- nexpose_servicenow
|
|
62
|
+
extensions: []
|
|
63
|
+
extra_rdoc_files: []
|
|
64
|
+
files:
|
|
65
|
+
- Gemfile
|
|
66
|
+
- LICENSE.txt
|
|
67
|
+
- README.md
|
|
68
|
+
- Rakefile
|
|
69
|
+
- bin/nexpose_servicenow
|
|
70
|
+
- bin/setup
|
|
71
|
+
- lib/nexpose_servicenow.rb
|
|
72
|
+
- lib/nexpose_servicenow/arg_parser.rb
|
|
73
|
+
- lib/nexpose_servicenow/chunker.rb
|
|
74
|
+
- lib/nexpose_servicenow/historical_data.rb
|
|
75
|
+
- lib/nexpose_servicenow/nexpose_helper.rb
|
|
76
|
+
- lib/nexpose_servicenow/nx_logger.rb
|
|
77
|
+
- lib/nexpose_servicenow/queries.rb
|
|
78
|
+
- lib/nexpose_servicenow/queries_original.rb
|
|
79
|
+
- lib/nexpose_servicenow/version.rb
|
|
80
|
+
- nexpose_servicenow.gemspec
|
|
81
|
+
homepage:
|
|
82
|
+
licenses:
|
|
83
|
+
- MIT
|
|
84
|
+
metadata: {}
|
|
85
|
+
post_install_message:
|
|
86
|
+
rdoc_options: []
|
|
87
|
+
require_paths:
|
|
88
|
+
- lib
|
|
89
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
90
|
+
requirements:
|
|
91
|
+
- - ! '>='
|
|
92
|
+
- !ruby/object:Gem::Version
|
|
93
|
+
version: '0'
|
|
94
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
|
+
requirements:
|
|
96
|
+
- - ! '>='
|
|
97
|
+
- !ruby/object:Gem::Version
|
|
98
|
+
version: '0'
|
|
99
|
+
requirements: []
|
|
100
|
+
rubyforge_project:
|
|
101
|
+
rubygems_version: 2.2.2
|
|
102
|
+
signing_key:
|
|
103
|
+
specification_version: 4
|
|
104
|
+
summary: Gem for Nexpose-ServiceNow marketplace application integration. Requires
|
|
105
|
+
Servicenow Application component available on Servicenow application store.
|
|
106
|
+
test_files: []
|