nexpose_sourcefire 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -6
- data/bin/nexpose_sourcefire +3 -0
- data/lib/sourcefire/nx_logger.rb +9 -4
- data/lib/sourcefire/queries.rb +4 -2
- data/lib/sourcefire/version.rb +1 -1
- data/lib/sourcefire_connector.rb +5 -5
- data/sourcefire.gemspec +25 -0
- data/sourcefire.iml +22 -0
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9c9fb896af914fcbcdbda0d0bde478430f11c359
|
4
|
+
data.tar.gz: 2d3b0d70909afe2a7ebe7d42b6f16c6e0d9b22e4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 364fca4f693195b3b82ddd25753e49b66af98a95f39134ddff023497f48f35f4efeff3e98a83e2b223cdcdcecb760e9d7551c29fe39e3bce483edb9ba2a5e463
|
7
|
+
data.tar.gz: b9615320e59700e035ae1390777cfd95be116f42f08f06b33c24792fed36491f52220fcb57541a32106701047d8569288a62be58c456b43b3479e88760c585b3
|
data/README.md
CHANGED
@@ -1,9 +1,5 @@
|
|
1
1
|
# SourcefireRuby
|
2
2
|
|
3
|
-
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sourcefire_ruby`. To experiment with that code, run `bin/console` for an interactive prompt.
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
6
|
-
|
7
3
|
## Installation
|
8
4
|
|
9
5
|
Add this line to your application's Gemfile:
|
@@ -20,9 +16,13 @@ Or install it yourself as:
|
|
20
16
|
|
21
17
|
$ gem install sourcefire_ruby
|
22
18
|
|
23
|
-
##
|
19
|
+
## Changelog
|
20
|
+
|
21
|
+
### 0.2.0
|
22
|
+
Host OS information is now uploaded, if available.
|
24
23
|
|
25
|
-
|
24
|
+
### 0.1.0
|
25
|
+
Initial release
|
26
26
|
|
27
27
|
## Development
|
28
28
|
|
data/bin/nexpose_sourcefire
CHANGED
@@ -4,6 +4,9 @@ require 'sourcefire/nx_logger'
|
|
4
4
|
require 'sourcefire/version'
|
5
5
|
require 'yaml'
|
6
6
|
|
7
|
+
#Set the encoding for external CSV files.
|
8
|
+
Encoding.default_external=Encoding.find("UTF-8")
|
9
|
+
|
7
10
|
CONFIG_PATH = File.join(File.dirname(__FILE__), '../lib/sourcefire/config/rapid7_sourcefire.config')
|
8
11
|
|
9
12
|
# Obtain Nexpose settings from Environment Variables.
|
data/lib/sourcefire/nx_logger.rb
CHANGED
@@ -35,22 +35,22 @@ module Sourcefire
|
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
|
-
def setup_logging(enabled, log_level)
|
38
|
+
def setup_logging(enabled, log_level = 'info')
|
39
39
|
unless enabled || @log.nil?
|
40
40
|
log_message('Logging disabled.')
|
41
41
|
return
|
42
42
|
end
|
43
|
-
|
43
|
+
|
44
44
|
@logger_file = get_log_path product
|
45
45
|
|
46
46
|
require 'logger'
|
47
47
|
directory = File.dirname(@logger_file)
|
48
48
|
FileUtils.mkdir_p(directory) unless File.directory?(directory)
|
49
|
-
io = IO.for_fd(IO.sysopen(@logger_file, 'a'))
|
49
|
+
io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
|
50
50
|
io.autoclose = false
|
51
51
|
io.sync = true
|
52
52
|
@log = Logger.new(io, 'weekly')
|
53
|
-
@log.level = if log_level.casecmp('info') == 0
|
53
|
+
@log.level = if log_level.to_s.casecmp('info') == 0
|
54
54
|
Logger::INFO
|
55
55
|
else
|
56
56
|
Logger::DEBUG
|
@@ -146,5 +146,10 @@ module Sourcefire
|
|
146
146
|
end
|
147
147
|
end
|
148
148
|
|
149
|
+
#Used by net library for debugging
|
150
|
+
def <<(value)
|
151
|
+
log_debug_message(value)
|
152
|
+
end
|
153
|
+
|
149
154
|
end
|
150
155
|
end
|
data/lib/sourcefire/queries.rb
CHANGED
@@ -1,14 +1,16 @@
|
|
1
1
|
module Sourcefire
|
2
2
|
module Queries
|
3
3
|
def self.sf_host_vuln_info(options = {})
|
4
|
-
"SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector
|
4
|
+
"SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector,
|
5
|
+
os.vendor, os.name, os.version
|
5
6
|
FROM fact_vulnerability fa
|
6
7
|
JOIN dim_vulnerability dv USING (vulnerability_id)
|
7
8
|
LEFT OUTER JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
|
8
9
|
LEFT OUTER JOIN fact_asset_vulnerability_instance favi USING (vulnerability_id)
|
9
10
|
LEFT OUTER JOIN dim_asset da USING (asset_id)
|
11
|
+
JOIN dim_operating_system os ON da.operating_system_id=os.operating_system_id
|
10
12
|
WHERE affected_assets > 0
|
11
|
-
GROUP BY da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score
|
13
|
+
GROUP BY da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score, os.vendor, os.name, os.version
|
12
14
|
ORDER BY da.ip_address ASC"
|
13
15
|
end
|
14
16
|
end
|
data/lib/sourcefire/version.rb
CHANGED
data/lib/sourcefire_connector.rb
CHANGED
@@ -31,8 +31,7 @@ module Sourcefire
|
|
31
31
|
puts 'Report generation complete.'
|
32
32
|
|
33
33
|
#Process the Nexpose results.report("name:") { TESTS.times { } }ort into SourceFire format
|
34
|
-
|
35
|
-
data_sets = process_nexpose_data(report_file, processed_report_file)
|
34
|
+
data_sets = process_nexpose_data(report_file)
|
36
35
|
|
37
36
|
#Establish connection with Sourcefire
|
38
37
|
puts "Connecting to Sourcefire: #{@config[:sourcefire_address]}"
|
@@ -58,6 +57,7 @@ module Sourcefire
|
|
58
57
|
CSV.foreach(report_file, headers: true) do |row|
|
59
58
|
if current_asset.nil?
|
60
59
|
current_asset = "AddHost,#{row['ip_address']}\n"
|
60
|
+
current_asset << "SetOS,#{row['ip_address']},#{row['vendor']},#{row['name']},#{row['version']}\n"
|
61
61
|
current_ip = row['ip_address']
|
62
62
|
end
|
63
63
|
|
@@ -75,7 +75,7 @@ module Sourcefire
|
|
75
75
|
|
76
76
|
current_asset += sf_csv
|
77
77
|
next
|
78
|
-
end
|
78
|
+
end
|
79
79
|
|
80
80
|
#Next asset
|
81
81
|
assets << current_asset
|
@@ -89,7 +89,7 @@ module Sourcefire
|
|
89
89
|
assets
|
90
90
|
end
|
91
91
|
|
92
|
-
def process_nexpose_data(report_file
|
92
|
+
def process_nexpose_data(report_file)
|
93
93
|
max_data_size = 524288
|
94
94
|
|
95
95
|
@log.log_message('Creating data sets')
|
@@ -137,7 +137,7 @@ module Sourcefire
|
|
137
137
|
data_sets
|
138
138
|
end
|
139
139
|
|
140
|
-
def process_nexpose_data_alt(report_file
|
140
|
+
def process_nexpose_data_alt(report_file)
|
141
141
|
max_data_size = 524288
|
142
142
|
|
143
143
|
assets = get_assets(report_file)
|
data/sourcefire.gemspec
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'sourcefire/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = 'nexpose_sourcefire'
|
8
|
+
spec.version = Sourcefire::VERSION
|
9
|
+
spec.authors = ['JJ Cassidy', 'David Valente']
|
10
|
+
spec.email = ['integrations_support@rapid7.com']
|
11
|
+
|
12
|
+
spec.summary = 'Nexpose SourceFire Integration GEM'
|
13
|
+
spec.description = 'This GEM allows enables the importing of Nexpose host and vulnerability data into SourceFire'
|
14
|
+
spec.homepage = 'http://www.rapid7.com'
|
15
|
+
spec.license = 'MIT'
|
16
|
+
|
17
|
+
spec.files = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
|
18
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
23
|
+
spec.add_runtime_dependency 'nexpose', "~> 0.9"
|
24
|
+
spec.required_ruby_version = '>= 1.9'
|
25
|
+
end
|
data/sourcefire.iml
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<module type="RUBY_MODULE" version="4">
|
3
|
+
<component name="FacetManager">
|
4
|
+
<facet type="gem" name="Ruby Gem">
|
5
|
+
<configuration>
|
6
|
+
<option name="GEM_APP_ROOT_PATH" value="$MODULE_DIR$" />
|
7
|
+
<option name="GEM_APP_TEST_PATH" value="" />
|
8
|
+
<option name="GEM_APP_LIB_PATH" value="" />
|
9
|
+
</configuration>
|
10
|
+
</facet>
|
11
|
+
</component>
|
12
|
+
<component name="NewModuleRootManager" inherit-compiler-output="true">
|
13
|
+
<exclude-output />
|
14
|
+
<content url="file://$MODULE_DIR$" />
|
15
|
+
<orderEntry type="jdk" jdkName="RVM: ruby-1.9.3-p547 [global]" jdkType="RUBY_SDK" />
|
16
|
+
<orderEntry type="sourceFolder" forTests="false" />
|
17
|
+
<orderEntry type="library" scope="PROVIDED" name="bundler (v1.10.4, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
18
|
+
<orderEntry type="library" scope="PROVIDED" name="nexpose (v0.9.8, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
19
|
+
<orderEntry type="library" scope="PROVIDED" name="rake (v10.4.2, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
20
|
+
<orderEntry type="library" scope="PROVIDED" name="rex (v2.0.7, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
21
|
+
</component>
|
22
|
+
</module>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose_sourcefire
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- JJ Cassidy
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2016-02-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -75,6 +75,8 @@ files:
|
|
75
75
|
- lib/sourcefire/queries.rb
|
76
76
|
- lib/sourcefire/version.rb
|
77
77
|
- lib/sourcefire_connector.rb
|
78
|
+
- sourcefire.gemspec
|
79
|
+
- sourcefire.iml
|
78
80
|
homepage: http://www.rapid7.com
|
79
81
|
licenses:
|
80
82
|
- MIT
|
@@ -95,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
97
|
version: '0'
|
96
98
|
requirements: []
|
97
99
|
rubyforge_project:
|
98
|
-
rubygems_version: 2.4.
|
100
|
+
rubygems_version: 2.4.8
|
99
101
|
signing_key:
|
100
102
|
specification_version: 4
|
101
103
|
summary: Nexpose SourceFire Integration GEM
|