nexpose_servicenow 0.4.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +16 -0
- data/Rakefile +2 -0
- data/bin/nexpose_servicenow +4 -0
- data/bin/setup +8 -0
- data/lib/nexpose_servicenow.rb +173 -0
- data/lib/nexpose_servicenow/arg_parser.rb +173 -0
- data/lib/nexpose_servicenow/chunker.rb +106 -0
- data/lib/nexpose_servicenow/historical_data.rb +234 -0
- data/lib/nexpose_servicenow/nexpose_helper.rb +162 -0
- data/lib/nexpose_servicenow/nx_logger.rb +166 -0
- data/lib/nexpose_servicenow/queries.rb +245 -0
- data/lib/nexpose_servicenow/queries_original.rb +162 -0
- data/lib/nexpose_servicenow/version.rb +5 -0
- data/nexpose_servicenow.gemspec +25 -0
- metadata +106 -0
@@ -0,0 +1,245 @@
|
|
1
|
+
module NexposeServiceNow
|
2
|
+
class Queries
|
3
|
+
def self.vulnerabilities(options={})
|
4
|
+
"SELECT
|
5
|
+
concat('R7_', vulnerability_id) as ID,
|
6
|
+
cve.ref as CVE,
|
7
|
+
cwe.ref as CWE,
|
8
|
+
concat('Rapid7 Nexpose') as Source,
|
9
|
+
to_char(date_published, 'yyyy-MM-dd hh:mm:ss') as date_published,
|
10
|
+
to_char(date_modified, 'yyyy-MM-dd hh:mm:ss') as Last_Modified,
|
11
|
+
dvc.category,
|
12
|
+
severity as Severity_Rating,
|
13
|
+
severity_score as Severity,
|
14
|
+
pci_status,
|
15
|
+
pci_adjusted_cvss_score as PCI_Severity,
|
16
|
+
title as Summary,
|
17
|
+
description as Threat,
|
18
|
+
ROUND(riskscore::numeric, 2) as Riskscore,
|
19
|
+
cvss_vector,
|
20
|
+
ROUND(cvss_impact_score::numeric, 2) as Impact_Score,
|
21
|
+
ROUND(cvss_exploit_score::numeric, 2) as Exploit_Score,
|
22
|
+
cvss_access_complexity_id as Access_Complexity,
|
23
|
+
cvss_access_vector_id as Access_Vector,
|
24
|
+
cvss_authentication_id as Authentication,
|
25
|
+
ROUND(cvss_score::numeric, 2) as Vulnerability_Score,
|
26
|
+
cvss_integrity_impact_id as Integrity_Impact,
|
27
|
+
cvss_confidentiality_impact_id as Confidentiality_Impact,
|
28
|
+
cvss_availability_impact_id as Availability_Impact,
|
29
|
+
CAST(CASE
|
30
|
+
WHEN exploits > 0
|
31
|
+
THEN 1
|
32
|
+
ELSE 0
|
33
|
+
END AS bit) as Exploitability,
|
34
|
+
CAST(CASE
|
35
|
+
WHEN malware_kits > 0
|
36
|
+
THEN 1
|
37
|
+
ELSE 0
|
38
|
+
END AS bit) as Malware_Kits,
|
39
|
+
sol.solutions as Solution
|
40
|
+
|
41
|
+
FROM
|
42
|
+
dim_vulnerability
|
43
|
+
|
44
|
+
LEFT OUTER JOIN
|
45
|
+
(SELECT DISTINCT on(vulnerability_id)
|
46
|
+
vulnerability_id,
|
47
|
+
dvr.reference as ref
|
48
|
+
FROM dim_vulnerability_reference dvr
|
49
|
+
WHERE source='CWE'
|
50
|
+
GROUP BY dvr.vulnerability_id, dvr.reference
|
51
|
+
) cwe USING (vulnerability_id)
|
52
|
+
|
53
|
+
LEFT OUTER JOIN
|
54
|
+
(SELECT DISTINCT on (vulnerability_id)
|
55
|
+
vulnerability_id,
|
56
|
+
dvr.reference as ref
|
57
|
+
FROM dim_vulnerability_reference dvr
|
58
|
+
WHERE source='CVE'
|
59
|
+
GROUP BY dvr.vulnerability_id, dvr.reference
|
60
|
+
) cve USING (vulnerability_id)
|
61
|
+
|
62
|
+
LEFT OUTER JOIN(SELECT DISTINCT on (dvc.vulnerability_id) dvc.vulnerability_id, dvc.category_name as category
|
63
|
+
FROM dim_vulnerability_category dvc
|
64
|
+
GROUP BY dvc.vulnerability_id, dvc.category_name) dvc USING (vulnerability_id)
|
65
|
+
|
66
|
+
LEFT OUTER JOIN(SELECT dvr.vulnerability_id, string_agg(dvr.source || ': ' || dvr.reference, '|') as references
|
67
|
+
FROM dim_vulnerability_reference dvr
|
68
|
+
GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
|
69
|
+
|
70
|
+
LEFT OUTER JOIN(SELECT vulnerability_id,
|
71
|
+
string_agg(concat('Fix: ' || fix,
|
72
|
+
'Solution type: ' || solution_type,
|
73
|
+
'URL: ' || url,
|
74
|
+
'Estimate: ' || estimate,
|
75
|
+
'Applies To: ' || applies_to,
|
76
|
+
'Additional Data: ' || additional_data), '\n') as solutions
|
77
|
+
FROM dim_solution
|
78
|
+
JOIN dim_vulnerability_solution USING (solution_id)
|
79
|
+
GROUP BY vulnerability_id) sol USING (vulnerability_id)
|
80
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
81
|
+
end
|
82
|
+
|
83
|
+
|
84
|
+
def self.vulnerability_references(options={})
|
85
|
+
"SELECT concat('R7_', vulnerability_id) as ID, dvr.Source, dvr.Reference
|
86
|
+
FROM dim_vulnerability
|
87
|
+
LEFT OUTER JOIN
|
88
|
+
(SELECT vulnerability_id, dvr.Source, dvr.Reference
|
89
|
+
FROM dim_vulnerability_reference dvr) dvr USING (vulnerability_id)
|
90
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
91
|
+
end
|
92
|
+
|
93
|
+
def self.vulnerability_category(options={})
|
94
|
+
"SELECT concat('R7_', vulnerability_id) as ID, dvc.Category
|
95
|
+
FROM dim_vulnerability
|
96
|
+
LEFT OUTER JOIN
|
97
|
+
(SELECT vulnerability_id, category_name as Category
|
98
|
+
FROM dim_vulnerability_category dvc) dvc USING (vulnerability_id)
|
99
|
+
WHERE date_modified >= '#{options[:vuln_query_date]}'"
|
100
|
+
end
|
101
|
+
|
102
|
+
#Filter by site.
|
103
|
+
def self.assets(options={})
|
104
|
+
"SELECT coalesce(host_name, CAST(dim_asset.asset_id as text)) as Name,
|
105
|
+
dim_asset.ip_address,
|
106
|
+
dim_asset.mac_address,
|
107
|
+
concat('Rapid7 Nexpose') as Discovery_Source,
|
108
|
+
CAST(CASE
|
109
|
+
WHEN dim_host_type.description = 'Virtual Machine' or dim_host_type.description = 'Hypervisor'
|
110
|
+
THEN 1
|
111
|
+
ELSE 0
|
112
|
+
END AS bit) as Is_Virtual,
|
113
|
+
dim_operating_system.description as Operating_System,
|
114
|
+
fact_asset.scan_finished as Most_Recent_Discovery,
|
115
|
+
dim_asset.asset_id as Nexpose_ID,
|
116
|
+
fact_asset.pci_status
|
117
|
+
|
118
|
+
FROM dim_asset
|
119
|
+
JOIN fact_asset USING (asset_id)
|
120
|
+
LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
|
121
|
+
LEFT OUTER JOIN dim_host_type USING (host_type_id)"
|
122
|
+
end
|
123
|
+
|
124
|
+
def self.software_instance(options={})
|
125
|
+
"SELECT asset_id as Nexpose_ID, coalesce(da.host_name, CAST(da.asset_id as text)) as Installed_On, ds.name, ds.Product_Name, ds.version, ds.cpe
|
126
|
+
FROM fact_asset_scan_software
|
127
|
+
LEFT OUTER JOIN (SELECT software_id, name, vendor || ' ' || family as Product_Name, version, cpe FROM dim_software) ds USING (software_id)
|
128
|
+
LEFT OUTER JOIN (SELECT asset_id, host_name FROM dim_asset) da USING (asset_id)
|
129
|
+
WHERE scan_id = lastScan(asset_id)"
|
130
|
+
end
|
131
|
+
|
132
|
+
def self.service_instance(options={})
|
133
|
+
"SELECT ds.Service_Name, asset_id as Nexpose_ID, port, dp.protocol, dsf.name
|
134
|
+
FROM fact_asset_scan_service
|
135
|
+
LEFT OUTER JOIN (SELECT service_id, name as service_name FROM dim_service) ds USING (service_id)
|
136
|
+
LEFT OUTER JOIN (SELECT service_fingerprint_id, name FROM dim_service_fingerprint) dsf USING (service_fingerprint_id)
|
137
|
+
LEFT OUTER JOIN (SELECT protocol_id, name as protocol FROM dim_protocol) dp USING (protocol_id)
|
138
|
+
WHERE scan_id = lastScan(asset_id)"
|
139
|
+
end
|
140
|
+
|
141
|
+
|
142
|
+
#Need to wipe table each time
|
143
|
+
def self.group_accounts(options={})
|
144
|
+
"SELECT asset_id as Nexpose_ID, daga.name as Group_Account_Name
|
145
|
+
FROM dim_asset
|
146
|
+
JOIN dim_asset_group_account daga USING (asset_id)"
|
147
|
+
end
|
148
|
+
|
149
|
+
#Need to wipe table each time
|
150
|
+
def self.user_accounts(options={})
|
151
|
+
"SELECT da.asset_id as Nexpose_ID, daua.name as User_Account_Name,
|
152
|
+
daua.full_name as User_Account_Full_Name
|
153
|
+
|
154
|
+
FROM dim_asset da
|
155
|
+
JOIN dim_asset_user_account daua USING (asset_id)"
|
156
|
+
end
|
157
|
+
|
158
|
+
#Need to wipe table each time
|
159
|
+
def self.asset_groups(options={})
|
160
|
+
"SELECT asset_id as Nexpose_ID, dag.name as Asset_Group_Name,
|
161
|
+
dag.dynamic_membership, dag.description
|
162
|
+
FROM dim_asset_group_asset daga
|
163
|
+
JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id"
|
164
|
+
end
|
165
|
+
|
166
|
+
#Need to wipe table each time
|
167
|
+
def self.sites(options={})
|
168
|
+
"SELECT asset_id as Nexpose_ID, ds.name as site_name
|
169
|
+
FROM dim_asset
|
170
|
+
JOIN dim_site_asset dsa USING (asset_id)
|
171
|
+
JOIN dim_site ds on dsa.site_id = ds.site_id
|
172
|
+
ORDER BY ip_address"
|
173
|
+
end
|
174
|
+
|
175
|
+
#Need to wipe table each time
|
176
|
+
def self.tags(options={})
|
177
|
+
"SELECT asset_id as Nexpose_ID, dt.tag_name
|
178
|
+
FROM dim_tag_asset dta
|
179
|
+
JOIN dim_tag dt on dta.tag_id = dt.tag_id"
|
180
|
+
end
|
181
|
+
|
182
|
+
def self.vulnerable_new_items(options={})
|
183
|
+
"SELECT
|
184
|
+
coalesce(subq.host_name, CAST(subq.asset_id as text)) Configuration_Item,
|
185
|
+
TRUE as Active,
|
186
|
+
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
187
|
+
fasv.first_discovered as First_Found,
|
188
|
+
fasv.most_recently_discovered as Last_Found,
|
189
|
+
subq.vulnerability_instances as Times_Found,
|
190
|
+
subq.ip_address as IP_Address,
|
191
|
+
favi.port as Port,
|
192
|
+
dp.name as Protocol
|
193
|
+
|
194
|
+
FROM (
|
195
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, vulnerability_instances, s.current_scan, s.host_name, s.ip_address, baselineComparison(fasv.scan_id, s.current_scan) as comparison
|
196
|
+
FROM fact_asset_scan_vulnerability_finding fasv
|
197
|
+
JOIN (
|
198
|
+
SELECT asset_id, host_name, ip_address, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan FROM dim_asset
|
199
|
+
) s ON s.asset_id = fasv.asset_id AND (fasv.scan_id >= #{options[:last_scan_id]} OR fasv.scan_id = s.current_scan)
|
200
|
+
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
|
201
|
+
HAVING baselineComparison(fasv.scan_id, s.current_scan) = 'New'
|
202
|
+
) subq
|
203
|
+
JOIN
|
204
|
+
fact_asset_vulnerability_instance favi ON favi.asset_id = subq.asset_id AND favi.scan_id = subq.current_scan AND favi.vulnerability_id = subq.vulnerability_id
|
205
|
+
JOIN
|
206
|
+
fact_asset_vulnerability_age fasv ON fasv.asset_id = subq.asset_id AND fasv.vulnerability_id = subq.vulnerability_id
|
207
|
+
JOIN
|
208
|
+
dim_asset da ON subq.asset_id = da.asset_id
|
209
|
+
JOIN
|
210
|
+
dim_protocol dp ON dp.protocol_id = favi.protocol_id
|
211
|
+
ORDER BY fasv.asset_id, vulnerability"
|
212
|
+
end
|
213
|
+
|
214
|
+
def self.vulnerable_old_items(options={})
|
215
|
+
"SELECT
|
216
|
+
coalesce(da.host_name, CAST(da.asset_id as text)) Configuration_Item,
|
217
|
+
FALSE as Active,
|
218
|
+
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
219
|
+
da.ip_address as IP_Address
|
220
|
+
FROM (
|
221
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
|
222
|
+
FROM fact_asset_scan_vulnerability_finding fasv
|
223
|
+
JOIN (
|
224
|
+
select asset_id, lastScan(asset_id) AS current_scan from fact_asset_vulnerability_instance WHERE scan_id = lastScan(asset_id)
|
225
|
+
) s ON s.asset_id = fasv.asset_id AND (fasv.scan_id >= #{options[:last_scan_id]} OR fasv.scan_id = s.current_scan)
|
226
|
+
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
|
227
|
+
HAVING baselineComparison(fasv.scan_id, s.current_scan) = 'Old'
|
228
|
+
) subq
|
229
|
+
JOIN dim_asset da ON subq.asset_id = da.asset_id
|
230
|
+
ORDER BY da.ip_address"
|
231
|
+
end
|
232
|
+
|
233
|
+
def self.latest_scans(options={})
|
234
|
+
'SELECT ds.site_id, ds.last_scan_id, dsc.finished
|
235
|
+
FROM dim_site ds
|
236
|
+
JOIN dim_scan dsc ON ds.last_scan_id = dsc.scan_id'
|
237
|
+
end
|
238
|
+
|
239
|
+
def self.multiple_reports?(query_name)
|
240
|
+
single_queries = ['vulnerabilities', 'vulnerability_category',
|
241
|
+
'vulnerability_references', 'latest_scans']
|
242
|
+
return !(single_queries.include? query_name.to_s)
|
243
|
+
end
|
244
|
+
end
|
245
|
+
end
|
@@ -0,0 +1,162 @@
|
|
1
|
+
module NexposeServiceNow
|
2
|
+
class Queries
|
3
|
+
def self.cmdb_ci_outofband_device(nexpose_url)
|
4
|
+
"SELECT coalesce(host_name, CAST(dim_asset.asset_id as text)) as Name,
|
5
|
+
host_name as Aliases,
|
6
|
+
ip_address as IP_Address,
|
7
|
+
concat('https://#{nexpose_url}/asset.jsp?devid=', dim_asset.asset_id) as URL,
|
8
|
+
dim_host_type.description as Type,
|
9
|
+
dim_operating_system.description as Product_Version,
|
10
|
+
fa.scan_finished as Most_Recent_Discovery,
|
11
|
+
fa.vulnerabilities as Vulnerabilities,
|
12
|
+
fa.critical_vulnerabilities as Critical_Vulnerabilities,
|
13
|
+
fa.severe_vulnerabilities as Severe_Vulnerabilities,
|
14
|
+
fa.moderate_vulnerabilities as Moderate_Vulnerabilities,
|
15
|
+
fa.malware_kits as Malware_kits,
|
16
|
+
fa.exploits as Exploits,
|
17
|
+
fa.vulnerabilities_with_malware_kit as Vulnerabilities_With_Malware_Kit,
|
18
|
+
fa.vulnerabilities_with_exploit as Vulnerabilities_With_Exploit,
|
19
|
+
fa.vulnerability_instances as Vulnerability_Instances,
|
20
|
+
dim_asset.asset_id as Nexpose_ID,
|
21
|
+
fa.riskscore as Risk_Score,
|
22
|
+
ga.group_accounts as Group_Accounts,
|
23
|
+
ag.asset_groups as Asset_Groups,
|
24
|
+
serv.services as Services,
|
25
|
+
softw.software as Software,
|
26
|
+
use.user_accounts as User_Accounts,
|
27
|
+
site.sites as Sites,
|
28
|
+
tag.tags as Tags,
|
29
|
+
fa.pci_status as PCI_Status
|
30
|
+
|
31
|
+
|
32
|
+
FROM dim_asset
|
33
|
+
LEFT OUTER JOIN dim_host_type on dim_asset.host_type_id = dim_host_type.host_type_id
|
34
|
+
LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
|
35
|
+
|
36
|
+
JOIN fact_asset fa USING (asset_id)
|
37
|
+
|
38
|
+
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(daga.name, '|') as Group_Accounts
|
39
|
+
FROM dim_asset_group_account daga
|
40
|
+
GROUP BY daga.asset_id) ga USING (asset_id)
|
41
|
+
|
42
|
+
|
43
|
+
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(dag.name, '|') as Asset_Groups
|
44
|
+
FROM dim_asset_group_asset daga
|
45
|
+
JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id
|
46
|
+
GROUP BY daga.asset_id) ag USING (asset_id)
|
47
|
+
|
48
|
+
|
49
|
+
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Services
|
50
|
+
FROM dim_asset_service das
|
51
|
+
JOIN dim_service ds on das.service_id = ds.service_id
|
52
|
+
GROUP BY das.asset_id) serv USING (asset_id)
|
53
|
+
|
54
|
+
LEFT OUTER JOIN (SELECT dauc.asset_id, string_agg(dauc.name, '|') as User_Accounts
|
55
|
+
FROM dim_asset_user_account dauc
|
56
|
+
GROUP BY dauc.asset_id) use USING (asset_id)
|
57
|
+
|
58
|
+
LEFT OUTER JOIN (SELECT dsa.asset_id, string_agg(ds.name, '|') as Sites
|
59
|
+
FROM dim_site_asset dsa
|
60
|
+
JOIN dim_site ds on dsa.site_id = ds.site_id
|
61
|
+
GROUP BY dsa.asset_id) site USING (asset_id)
|
62
|
+
|
63
|
+
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Software
|
64
|
+
FROM dim_asset_software das
|
65
|
+
JOIN dim_software ds on das.software_id = ds.software_id
|
66
|
+
GROUP BY das.asset_id) softw USING (asset_id)
|
67
|
+
|
68
|
+
LEFT OUTER JOIN (SELECT dta.asset_id, string_agg(dt.tag_name, '|') as Tags
|
69
|
+
FROM dim_tag_asset dta
|
70
|
+
JOIN dim_tag dt on dta.tag_id = dt.tag_id
|
71
|
+
GROUP BY dta.asset_id) tag USING (asset_id)
|
72
|
+
|
73
|
+
GROUP BY dim_asset.host_name, dim_asset.asset_id, dim_asset.ip_address, fa.pci_status, dim_host_type.description,
|
74
|
+
dim_operating_system.description, fa.scan_finished, fa.vulnerabilities, fa.critical_vulnerabilities, fa.severe_vulnerabilities,
|
75
|
+
fa.moderate_vulnerabilities, fa.malware_kits, fa.exploits, fa.vulnerabilities_with_malware_kit, fa.vulnerabilities_with_exploit,
|
76
|
+
fa.vulnerability_instances, fa.riskscore, ga.group_accounts, softw.software, ag.asset_groups, serv.services, use.user_accounts, site.sites, tag.tags"
|
77
|
+
end
|
78
|
+
|
79
|
+
def self.sn_vul_vulnerable_item(options={})
|
80
|
+
"SELECT
|
81
|
+
asset_id as Configuration_Item,
|
82
|
+
concat('R7_', vulnerability_id) as Vulnerability,
|
83
|
+
fasv.first_discovered as First_Found,
|
84
|
+
fasv.most_recently_discovered as Last_Found,
|
85
|
+
fact_asset_vulnerability_finding.vulnerability_instances as Times_Found,
|
86
|
+
dim_asset.ip_address as IP_Address,
|
87
|
+
port as Port,
|
88
|
+
dim_protocol.name as Protocol
|
89
|
+
|
90
|
+
FROM
|
91
|
+
fact_asset_vulnerability_instance
|
92
|
+
JOIN
|
93
|
+
fact_asset_vulnerability_finding USING (asset_id, vulnerability_id)
|
94
|
+
JOIN
|
95
|
+
fact_asset_vulnerability_age fasv USING (asset_id, vulnerability_id)
|
96
|
+
JOIN
|
97
|
+
dim_asset USING (asset_id)
|
98
|
+
JOIN
|
99
|
+
dim_protocol USING (protocol_id)"
|
100
|
+
end
|
101
|
+
|
102
|
+
def self.sn_vul_third_party_entry(options={})
|
103
|
+
"SELECT
|
104
|
+
concat('R7_', vulnerability_id) as ID,
|
105
|
+
cve.ref as CVE,
|
106
|
+
cwe.ref as CWE,
|
107
|
+
concat('Rapid7 Nexpose') as Source,
|
108
|
+
date_published,
|
109
|
+
date_modified as Last_Modified,
|
110
|
+
dvc.categories,
|
111
|
+
severity_score as Severity,
|
112
|
+
title as Summary,
|
113
|
+
description as Threat,
|
114
|
+
ROUND(riskscore::numeric, 2) as Riskscore,
|
115
|
+
cvss_vector,
|
116
|
+
ROUND(cvss_score::numeric, 2) as CVSS_Score,
|
117
|
+
exploits,
|
118
|
+
ref.references,
|
119
|
+
sol.solutions
|
120
|
+
|
121
|
+
FROM
|
122
|
+
dim_vulnerabilityYep
|
123
|
+
|
124
|
+
LEFT OUTER JOIN
|
125
|
+
(SELECT
|
126
|
+
vulnerability_id,
|
127
|
+
string_agg(dvr.reference, '|') as ref
|
128
|
+
FROM dim_vulnerability_reference dvr
|
129
|
+
WHERE source='CWE'
|
130
|
+
GROUP BY dvr.vulnerability_id
|
131
|
+
) cwe USING (vulnerability_id)
|
132
|
+
|
133
|
+
LEFT OUTER JOIN
|
134
|
+
(SELECT
|
135
|
+
vulnerability_id,
|
136
|
+
string_agg(dvr.reference, '|') as ref
|
137
|
+
FROM dim_vulnerability_reference dvr
|
138
|
+
WHERE source='CVE'
|
139
|
+
GROUP BY dvr.vulnerability_id
|
140
|
+
) cve USING (vulnerability_id)
|
141
|
+
|
142
|
+
LEFT OUTER JOIN(SELECT dvc.vulnerability_id, string_agg(dvc.category_name, '|') as categories
|
143
|
+
FROM dim_vulnerability_category dvc
|
144
|
+
GROUP BY dvc.vulnerability_id) dvc USING (vulnerability_id)
|
145
|
+
|
146
|
+
LEFT OUTER JOIN(SELECT dvr.vulnerability_id, string_agg(dvr.source || ': ' || dvr.reference, '|') as references
|
147
|
+
FROM dim_vulnerability_reference dvr
|
148
|
+
GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
|
149
|
+
|
150
|
+
LEFT OUTER JOIN(SELECT vulnerability_id,
|
151
|
+
string_agg(concat('Fix: ' || fix,
|
152
|
+
'Solution type: ' || solution_type,
|
153
|
+
'URL: ' || url,
|
154
|
+
'Estimate: ' || estimate,
|
155
|
+
'Applies To: ' || applies_to,
|
156
|
+
'Additional Data: ' || additional_data), '|') as solutions
|
157
|
+
FROM dim_solution
|
158
|
+
JOIN dim_vulnerability_solution USING (solution_id)
|
159
|
+
GROUP BY vulnerability_id) sol USING (vulnerability_id)"
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'nexpose_servicenow/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "nexpose_servicenow"
|
8
|
+
spec.version = NexposeServiceNow::VERSION
|
9
|
+
spec.authors = ["David Valente", 'JJ Cassidy']
|
10
|
+
|
11
|
+
spec.require_paths = ["lib"]
|
12
|
+
spec.summary = %Q{Gem for Nexpose-ServiceNow marketplace application integration. Requires Servicenow Application component available on Servicenow application store.}
|
13
|
+
spec.description = %Q{Provides an interface to Nexpose for the Rapid7 ServiceNow MarketPlace application.}
|
14
|
+
spec.executables = ["nexpose_servicenow"]
|
15
|
+
spec.email = ['support@rapid7.com']
|
16
|
+
spec.license = "MIT"
|
17
|
+
|
18
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
19
|
+
spec.bindir = "bin"
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.11"
|
23
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
24
|
+
spec.add_dependency 'nexpose', '~> 3.2'
|
25
|
+
end
|
metadata
ADDED
@@ -0,0 +1,106 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: nexpose_servicenow
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.4.15
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- David Valente
|
8
|
+
- JJ Cassidy
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2016-06-16 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: bundler
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - ~>
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '1.11'
|
21
|
+
type: :development
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ~>
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: '1.11'
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: rake
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ~>
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '10.0'
|
35
|
+
type: :development
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ~>
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: '10.0'
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: nexpose
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - ~>
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '3.2'
|
49
|
+
type: :runtime
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ~>
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '3.2'
|
56
|
+
description: Provides an interface to Nexpose for the Rapid7 ServiceNow MarketPlace
|
57
|
+
application.
|
58
|
+
email:
|
59
|
+
- support@rapid7.com
|
60
|
+
executables:
|
61
|
+
- nexpose_servicenow
|
62
|
+
extensions: []
|
63
|
+
extra_rdoc_files: []
|
64
|
+
files:
|
65
|
+
- Gemfile
|
66
|
+
- LICENSE.txt
|
67
|
+
- README.md
|
68
|
+
- Rakefile
|
69
|
+
- bin/nexpose_servicenow
|
70
|
+
- bin/setup
|
71
|
+
- lib/nexpose_servicenow.rb
|
72
|
+
- lib/nexpose_servicenow/arg_parser.rb
|
73
|
+
- lib/nexpose_servicenow/chunker.rb
|
74
|
+
- lib/nexpose_servicenow/historical_data.rb
|
75
|
+
- lib/nexpose_servicenow/nexpose_helper.rb
|
76
|
+
- lib/nexpose_servicenow/nx_logger.rb
|
77
|
+
- lib/nexpose_servicenow/queries.rb
|
78
|
+
- lib/nexpose_servicenow/queries_original.rb
|
79
|
+
- lib/nexpose_servicenow/version.rb
|
80
|
+
- nexpose_servicenow.gemspec
|
81
|
+
homepage:
|
82
|
+
licenses:
|
83
|
+
- MIT
|
84
|
+
metadata: {}
|
85
|
+
post_install_message:
|
86
|
+
rdoc_options: []
|
87
|
+
require_paths:
|
88
|
+
- lib
|
89
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
95
|
+
requirements:
|
96
|
+
- - ! '>='
|
97
|
+
- !ruby/object:Gem::Version
|
98
|
+
version: '0'
|
99
|
+
requirements: []
|
100
|
+
rubyforge_project:
|
101
|
+
rubygems_version: 2.2.2
|
102
|
+
signing_key:
|
103
|
+
specification_version: 4
|
104
|
+
summary: Gem for Nexpose-ServiceNow marketplace application integration. Requires
|
105
|
+
Servicenow Application component available on Servicenow application store.
|
106
|
+
test_files: []
|