nexpose_servicenow 0.4.18 → 0.4.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/nexpose_servicenow.rb +14 -1
- data/lib/nexpose_servicenow/chunker.rb +1 -2
- data/lib/nexpose_servicenow/historical_data.rb +6 -1
- data/lib/nexpose_servicenow/nexpose_helper.rb +13 -2
- data/lib/nexpose_servicenow/queries.rb +23 -23
- data/lib/nexpose_servicenow/version.rb +1 -1
- metadata +3 -4
- data/lib/nexpose_servicenow/queries_original.rb +0 -162
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c0e5533db3d8c9507f29fb3d72c826dd3dabbff5
|
4
|
+
data.tar.gz: 546ec9e53c92c594e403c09aa04b6ea7a36ee24c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e7909b1301dfb21cb8a359481f3a80712385aac95cce0272f7177397d45895c23e6d9d0c7061c0b574b20671b590597b4895a0d84c22beadd1e256c17d329203
|
7
|
+
data.tar.gz: 527f47260c70edee76bb7c2eaf010fe09206ca9cd44ebe6b21fb895773f505c8ebf1bc6e36c2e47921432f1664110dd61d96acea5a01f06ac9fa8877e3950a1a
|
data/lib/nexpose_servicenow.rb
CHANGED
@@ -22,8 +22,14 @@ module NexposeServiceNow
|
|
22
22
|
censored_options[:nexpose_password] = "*****"
|
23
23
|
log.log_message("Options: #{censored_options}")
|
24
24
|
|
25
|
+
if options[:mode].to_s == ""
|
26
|
+
log.log_message("Script was called without mode.")
|
27
|
+
puts "No mode selected. Use -h to see command line options."
|
28
|
+
exit -1
|
29
|
+
end
|
30
|
+
|
25
31
|
if options[:nexpose_ids].first.to_s == "0"
|
26
|
-
log.
|
32
|
+
log.log_error_message('Retrieving array of all site IDs')
|
27
33
|
options[:nexpose_ids] = get_nexpose_helper(options).all_sites.sort
|
28
34
|
end
|
29
35
|
|
@@ -79,6 +85,13 @@ module NexposeServiceNow
|
|
79
85
|
return if report_details.all? { |f| File.exists?(f[:report_name]) }
|
80
86
|
end
|
81
87
|
|
88
|
+
credentials = %i{nexpose_username nexpose_password}
|
89
|
+
if credentials.any? { |cred| options[cred].to_s == "" }
|
90
|
+
log = NexposeServiceNow::NxLogger.instance
|
91
|
+
log.log_error_message "Nexpose credentials necessary but not supplied."
|
92
|
+
exit -1
|
93
|
+
end
|
94
|
+
|
82
95
|
#Filter it down to sites which actively need queried
|
83
96
|
sites_to_scan = filter_sites(options)
|
84
97
|
nexpose_helper = get_nexpose_helper(options)
|
@@ -26,10 +26,9 @@ module NexposeServiceNow
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def preprocess(nexpose_ids=nil)
|
29
|
-
@log.log_message("Breaking file #{@file_path} down into chunks.")
|
30
|
-
|
31
29
|
all_chunks = []
|
32
30
|
@report_details.each do |report|
|
31
|
+
@log.log_message("Breaking file #{report[:report_name]} down into chunks.")
|
33
32
|
chunks = process_file(report[:report_name], report[:id])
|
34
33
|
all_chunks.concat chunks
|
35
34
|
end
|
@@ -127,7 +127,12 @@ module NexposeServiceNow
|
|
127
127
|
#merge changes in from remote_csv
|
128
128
|
remote_csv.each do |row|
|
129
129
|
updated_row = updated_csv.find { |r| r['site_id'] == row['site_id'] }
|
130
|
-
updated_row
|
130
|
+
if updated_row.nil?
|
131
|
+
row.delete 'finished'
|
132
|
+
updated_csv << row
|
133
|
+
else
|
134
|
+
updated_row['last_scan_id'] = row['last_scan_id']
|
135
|
+
end
|
131
136
|
end
|
132
137
|
|
133
138
|
save_last_scan_data(updated_csv)
|
@@ -9,6 +9,9 @@ module NexposeServiceNow
|
|
9
9
|
@log = NexposeServiceNow::NxLogger.instance
|
10
10
|
@url = url
|
11
11
|
@port = port
|
12
|
+
@username = username
|
13
|
+
@password = password
|
14
|
+
|
12
15
|
@nsc = connect(username, password)
|
13
16
|
|
14
17
|
@timeout = 7200
|
@@ -131,9 +134,17 @@ module NexposeServiceNow
|
|
131
134
|
File.open(local_file_name, 'wb') do |f|
|
132
135
|
f.write(@nsc.download(report_details.uri))
|
133
136
|
end
|
137
|
+
|
138
|
+
begin
|
139
|
+
# Refresh the connection
|
140
|
+
@nsc = connect(@username, @password)
|
141
|
+
|
142
|
+
#Got the report, cleanup server-side
|
143
|
+
@nsc.delete_report_config(report_id)
|
144
|
+
rescue
|
145
|
+
@log.log_error_message "Error deleting report"
|
146
|
+
end
|
134
147
|
|
135
|
-
#Got the report, cleanup server-side
|
136
|
-
@nsc.delete_report_config(report_id)
|
137
148
|
local_file_name
|
138
149
|
end
|
139
150
|
|
@@ -180,35 +180,34 @@ module NexposeServiceNow
|
|
180
180
|
end
|
181
181
|
|
182
182
|
def self.vulnerable_new_items(options={})
|
183
|
-
"SELECT
|
183
|
+
"SELECT
|
184
184
|
coalesce(subq.host_name, CAST(subq.asset_id as text)) Configuration_Item,
|
185
185
|
TRUE as Active,
|
186
186
|
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
187
|
-
|
188
|
-
|
187
|
+
fasva.first_discovered as First_Found,
|
188
|
+
fasva.most_recently_discovered as Last_Found,
|
189
189
|
subq.vulnerability_instances as Times_Found,
|
190
190
|
subq.ip_address as IP_Address,
|
191
191
|
favi.port as Port,
|
192
|
-
|
192
|
+
coalesce(NULLIF(favi.name,''), 'None') as Protocol
|
193
193
|
|
194
194
|
FROM (
|
195
|
-
|
195
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, vulnerability_instances,
|
196
|
+
MIN(fasv.scan_id) as first_found, MAX(fasv.scan_id) as latest_found,
|
197
|
+
s.current_scan, s.host_name, s.ip_address
|
196
198
|
FROM fact_asset_scan_vulnerability_finding fasv
|
197
199
|
JOIN (
|
198
|
-
SELECT asset_id, host_name, ip_address,
|
199
|
-
) s ON s.asset_id = fasv.asset_id
|
200
|
+
SELECT asset_id, host_name, ip_address, lastScan(asset_id) AS current_scan FROM dim_asset
|
201
|
+
) s ON s.asset_id = fasv.asset_id
|
200
202
|
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
|
201
|
-
HAVING
|
203
|
+
HAVING MIN(fasv.scan_id) > #{options[:last_scan_id]} AND MAX(fasv.scan_id)=current_scan
|
202
204
|
) subq
|
203
|
-
JOIN
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
JOIN
|
210
|
-
dim_protocol dp ON dp.protocol_id = favi.protocol_id
|
211
|
-
ORDER BY fasv.asset_id, vulnerability"
|
205
|
+
JOIN (select asset_id, vulnerability_id, first_discovered, most_recently_discovered from fact_asset_vulnerability_age) fasva ON fasva.asset_id = subq.asset_id AND fasva.vulnerability_id = subq.vulnerability_id
|
206
|
+
|
207
|
+
JOIN (select DISTINCT on(asset_id, vulnerability_id) asset_id, scan_id, vulnerability_id, port, dp.name
|
208
|
+
from fact_asset_vulnerability_instance
|
209
|
+
inner join dim_protocol dp USING (protocol_id)) favi ON favi.asset_id = subq.asset_id AND favi.scan_id = subq.current_scan AND favi.vulnerability_id = subq.vulnerability_id
|
210
|
+
ORDER BY fasva.asset_id, vulnerability"
|
212
211
|
end
|
213
212
|
|
214
213
|
def self.vulnerable_old_items(options={})
|
@@ -218,14 +217,15 @@ module NexposeServiceNow
|
|
218
217
|
concat('R7_', subq.vulnerability_id) as Vulnerability,
|
219
218
|
da.ip_address as IP_Address
|
220
219
|
FROM (
|
221
|
-
|
220
|
+
SELECT fasv.asset_id, fasv.vulnerability_id, MAX(fasv.scan_id) as latest_found,
|
221
|
+
s.current_scan, s.host_name, s.ip_address
|
222
222
|
FROM fact_asset_scan_vulnerability_finding fasv
|
223
223
|
JOIN (
|
224
|
-
|
225
|
-
) s ON s.asset_id = fasv.asset_id
|
226
|
-
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
|
227
|
-
HAVING
|
228
|
-
|
224
|
+
SELECT asset_id, host_name, ip_address, lastScan(asset_id) AS current_scan FROM dim_asset
|
225
|
+
) s ON s.asset_id = fasv.asset_id
|
226
|
+
GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
|
227
|
+
HAVING MAX(fasv.scan_id) < current_scan AND MAX(fasv.scan_id) >= #{options[:last_scan_id]}
|
228
|
+
) subq
|
229
229
|
JOIN dim_asset da ON subq.asset_id = da.asset_id
|
230
230
|
ORDER BY da.ip_address"
|
231
231
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose_servicenow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.22
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Valente
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-12-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -74,7 +74,6 @@ files:
|
|
74
74
|
- lib/nexpose_servicenow/nexpose_helper.rb
|
75
75
|
- lib/nexpose_servicenow/nx_logger.rb
|
76
76
|
- lib/nexpose_servicenow/queries.rb
|
77
|
-
- lib/nexpose_servicenow/queries_original.rb
|
78
77
|
- lib/nexpose_servicenow/version.rb
|
79
78
|
- nexpose_servicenow.gemspec
|
80
79
|
homepage: http://www.rapid7.com
|
@@ -98,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
98
97
|
version: '0'
|
99
98
|
requirements: []
|
100
99
|
rubyforge_project:
|
101
|
-
rubygems_version: 2.
|
100
|
+
rubygems_version: 2.5.1
|
102
101
|
signing_key:
|
103
102
|
specification_version: 4
|
104
103
|
summary: Gem for Nexpose-ServiceNow integration.
|
@@ -1,162 +0,0 @@
|
|
1
|
-
module NexposeServiceNow
|
2
|
-
class Queries
|
3
|
-
def self.cmdb_ci_outofband_device(nexpose_url)
|
4
|
-
"SELECT coalesce(host_name, CAST(dim_asset.asset_id as text)) as Name,
|
5
|
-
host_name as Aliases,
|
6
|
-
ip_address as IP_Address,
|
7
|
-
concat('https://#{nexpose_url}/asset.jsp?devid=', dim_asset.asset_id) as URL,
|
8
|
-
dim_host_type.description as Type,
|
9
|
-
dim_operating_system.description as Product_Version,
|
10
|
-
fa.scan_finished as Most_Recent_Discovery,
|
11
|
-
fa.vulnerabilities as Vulnerabilities,
|
12
|
-
fa.critical_vulnerabilities as Critical_Vulnerabilities,
|
13
|
-
fa.severe_vulnerabilities as Severe_Vulnerabilities,
|
14
|
-
fa.moderate_vulnerabilities as Moderate_Vulnerabilities,
|
15
|
-
fa.malware_kits as Malware_kits,
|
16
|
-
fa.exploits as Exploits,
|
17
|
-
fa.vulnerabilities_with_malware_kit as Vulnerabilities_With_Malware_Kit,
|
18
|
-
fa.vulnerabilities_with_exploit as Vulnerabilities_With_Exploit,
|
19
|
-
fa.vulnerability_instances as Vulnerability_Instances,
|
20
|
-
dim_asset.asset_id as Nexpose_ID,
|
21
|
-
fa.riskscore as Risk_Score,
|
22
|
-
ga.group_accounts as Group_Accounts,
|
23
|
-
ag.asset_groups as Asset_Groups,
|
24
|
-
serv.services as Services,
|
25
|
-
softw.software as Software,
|
26
|
-
use.user_accounts as User_Accounts,
|
27
|
-
site.sites as Sites,
|
28
|
-
tag.tags as Tags,
|
29
|
-
fa.pci_status as PCI_Status
|
30
|
-
|
31
|
-
|
32
|
-
FROM dim_asset
|
33
|
-
LEFT OUTER JOIN dim_host_type on dim_asset.host_type_id = dim_host_type.host_type_id
|
34
|
-
LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
|
35
|
-
|
36
|
-
JOIN fact_asset fa USING (asset_id)
|
37
|
-
|
38
|
-
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(daga.name, '|') as Group_Accounts
|
39
|
-
FROM dim_asset_group_account daga
|
40
|
-
GROUP BY daga.asset_id) ga USING (asset_id)
|
41
|
-
|
42
|
-
|
43
|
-
LEFT OUTER JOIN (SELECT daga.asset_id, string_agg(dag.name, '|') as Asset_Groups
|
44
|
-
FROM dim_asset_group_asset daga
|
45
|
-
JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id
|
46
|
-
GROUP BY daga.asset_id) ag USING (asset_id)
|
47
|
-
|
48
|
-
|
49
|
-
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Services
|
50
|
-
FROM dim_asset_service das
|
51
|
-
JOIN dim_service ds on das.service_id = ds.service_id
|
52
|
-
GROUP BY das.asset_id) serv USING (asset_id)
|
53
|
-
|
54
|
-
LEFT OUTER JOIN (SELECT dauc.asset_id, string_agg(dauc.name, '|') as User_Accounts
|
55
|
-
FROM dim_asset_user_account dauc
|
56
|
-
GROUP BY dauc.asset_id) use USING (asset_id)
|
57
|
-
|
58
|
-
LEFT OUTER JOIN (SELECT dsa.asset_id, string_agg(ds.name, '|') as Sites
|
59
|
-
FROM dim_site_asset dsa
|
60
|
-
JOIN dim_site ds on dsa.site_id = ds.site_id
|
61
|
-
GROUP BY dsa.asset_id) site USING (asset_id)
|
62
|
-
|
63
|
-
LEFT OUTER JOIN (SELECT das.asset_id, string_agg(ds.name, '|') as Software
|
64
|
-
FROM dim_asset_software das
|
65
|
-
JOIN dim_software ds on das.software_id = ds.software_id
|
66
|
-
GROUP BY das.asset_id) softw USING (asset_id)
|
67
|
-
|
68
|
-
LEFT OUTER JOIN (SELECT dta.asset_id, string_agg(dt.tag_name, '|') as Tags
|
69
|
-
FROM dim_tag_asset dta
|
70
|
-
JOIN dim_tag dt on dta.tag_id = dt.tag_id
|
71
|
-
GROUP BY dta.asset_id) tag USING (asset_id)
|
72
|
-
|
73
|
-
GROUP BY dim_asset.host_name, dim_asset.asset_id, dim_asset.ip_address, fa.pci_status, dim_host_type.description,
|
74
|
-
dim_operating_system.description, fa.scan_finished, fa.vulnerabilities, fa.critical_vulnerabilities, fa.severe_vulnerabilities,
|
75
|
-
fa.moderate_vulnerabilities, fa.malware_kits, fa.exploits, fa.vulnerabilities_with_malware_kit, fa.vulnerabilities_with_exploit,
|
76
|
-
fa.vulnerability_instances, fa.riskscore, ga.group_accounts, softw.software, ag.asset_groups, serv.services, use.user_accounts, site.sites, tag.tags"
|
77
|
-
end
|
78
|
-
|
79
|
-
def self.sn_vul_vulnerable_item(options={})
|
80
|
-
"SELECT
|
81
|
-
asset_id as Configuration_Item,
|
82
|
-
concat('R7_', vulnerability_id) as Vulnerability,
|
83
|
-
fasv.first_discovered as First_Found,
|
84
|
-
fasv.most_recently_discovered as Last_Found,
|
85
|
-
fact_asset_vulnerability_finding.vulnerability_instances as Times_Found,
|
86
|
-
dim_asset.ip_address as IP_Address,
|
87
|
-
port as Port,
|
88
|
-
dim_protocol.name as Protocol
|
89
|
-
|
90
|
-
FROM
|
91
|
-
fact_asset_vulnerability_instance
|
92
|
-
JOIN
|
93
|
-
fact_asset_vulnerability_finding USING (asset_id, vulnerability_id)
|
94
|
-
JOIN
|
95
|
-
fact_asset_vulnerability_age fasv USING (asset_id, vulnerability_id)
|
96
|
-
JOIN
|
97
|
-
dim_asset USING (asset_id)
|
98
|
-
JOIN
|
99
|
-
dim_protocol USING (protocol_id)"
|
100
|
-
end
|
101
|
-
|
102
|
-
def self.sn_vul_third_party_entry(options={})
|
103
|
-
"SELECT
|
104
|
-
concat('R7_', vulnerability_id) as ID,
|
105
|
-
cve.ref as CVE,
|
106
|
-
cwe.ref as CWE,
|
107
|
-
concat('Rapid7 Nexpose') as Source,
|
108
|
-
date_published,
|
109
|
-
date_modified as Last_Modified,
|
110
|
-
dvc.categories,
|
111
|
-
severity_score as Severity,
|
112
|
-
title as Summary,
|
113
|
-
description as Threat,
|
114
|
-
ROUND(riskscore::numeric, 2) as Riskscore,
|
115
|
-
cvss_vector,
|
116
|
-
ROUND(cvss_score::numeric, 2) as CVSS_Score,
|
117
|
-
exploits,
|
118
|
-
ref.references,
|
119
|
-
sol.solutions
|
120
|
-
|
121
|
-
FROM
|
122
|
-
dim_vulnerabilityYep
|
123
|
-
|
124
|
-
LEFT OUTER JOIN
|
125
|
-
(SELECT
|
126
|
-
vulnerability_id,
|
127
|
-
string_agg(dvr.reference, '|') as ref
|
128
|
-
FROM dim_vulnerability_reference dvr
|
129
|
-
WHERE source='CWE'
|
130
|
-
GROUP BY dvr.vulnerability_id
|
131
|
-
) cwe USING (vulnerability_id)
|
132
|
-
|
133
|
-
LEFT OUTER JOIN
|
134
|
-
(SELECT
|
135
|
-
vulnerability_id,
|
136
|
-
string_agg(dvr.reference, '|') as ref
|
137
|
-
FROM dim_vulnerability_reference dvr
|
138
|
-
WHERE source='CVE'
|
139
|
-
GROUP BY dvr.vulnerability_id
|
140
|
-
) cve USING (vulnerability_id)
|
141
|
-
|
142
|
-
LEFT OUTER JOIN(SELECT dvc.vulnerability_id, string_agg(dvc.category_name, '|') as categories
|
143
|
-
FROM dim_vulnerability_category dvc
|
144
|
-
GROUP BY dvc.vulnerability_id) dvc USING (vulnerability_id)
|
145
|
-
|
146
|
-
LEFT OUTER JOIN(SELECT dvr.vulnerability_id, string_agg(dvr.source || ': ' || dvr.reference, '|') as references
|
147
|
-
FROM dim_vulnerability_reference dvr
|
148
|
-
GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
|
149
|
-
|
150
|
-
LEFT OUTER JOIN(SELECT vulnerability_id,
|
151
|
-
string_agg(concat('Fix: ' || fix,
|
152
|
-
'Solution type: ' || solution_type,
|
153
|
-
'URL: ' || url,
|
154
|
-
'Estimate: ' || estimate,
|
155
|
-
'Applies To: ' || applies_to,
|
156
|
-
'Additional Data: ' || additional_data), '|') as solutions
|
157
|
-
FROM dim_solution
|
158
|
-
JOIN dim_vulnerability_solution USING (solution_id)
|
159
|
-
GROUP BY vulnerability_id) sol USING (vulnerability_id)"
|
160
|
-
end
|
161
|
-
end
|
162
|
-
end
|