nexpose_sourcefire 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -6
- data/bin/nexpose_sourcefire +3 -0
- data/lib/sourcefire/nx_logger.rb +9 -4
- data/lib/sourcefire/queries.rb +4 -2
- data/lib/sourcefire/version.rb +1 -1
- data/lib/sourcefire_connector.rb +5 -5
- data/sourcefire.gemspec +25 -0
- data/sourcefire.iml +22 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9c9fb896af914fcbcdbda0d0bde478430f11c359
|
|
4
|
+
data.tar.gz: 2d3b0d70909afe2a7ebe7d42b6f16c6e0d9b22e4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 364fca4f693195b3b82ddd25753e49b66af98a95f39134ddff023497f48f35f4efeff3e98a83e2b223cdcdcecb760e9d7551c29fe39e3bce483edb9ba2a5e463
|
|
7
|
+
data.tar.gz: b9615320e59700e035ae1390777cfd95be116f42f08f06b33c24792fed36491f52220fcb57541a32106701047d8569288a62be58c456b43b3479e88760c585b3
|
data/README.md
CHANGED
|
@@ -1,9 +1,5 @@
|
|
|
1
1
|
# SourcefireRuby
|
|
2
2
|
|
|
3
|
-
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sourcefire_ruby`. To experiment with that code, run `bin/console` for an interactive prompt.
|
|
4
|
-
|
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
|
6
|
-
|
|
7
3
|
## Installation
|
|
8
4
|
|
|
9
5
|
Add this line to your application's Gemfile:
|
|
@@ -20,9 +16,13 @@ Or install it yourself as:
|
|
|
20
16
|
|
|
21
17
|
$ gem install sourcefire_ruby
|
|
22
18
|
|
|
23
|
-
##
|
|
19
|
+
## Changelog
|
|
20
|
+
|
|
21
|
+
### 0.2.0
|
|
22
|
+
Host OS information is now uploaded, if available.
|
|
24
23
|
|
|
25
|
-
|
|
24
|
+
### 0.1.0
|
|
25
|
+
Initial release
|
|
26
26
|
|
|
27
27
|
## Development
|
|
28
28
|
|
data/bin/nexpose_sourcefire
CHANGED
|
@@ -4,6 +4,9 @@ require 'sourcefire/nx_logger'
|
|
|
4
4
|
require 'sourcefire/version'
|
|
5
5
|
require 'yaml'
|
|
6
6
|
|
|
7
|
+
#Set the encoding for external CSV files.
|
|
8
|
+
Encoding.default_external=Encoding.find("UTF-8")
|
|
9
|
+
|
|
7
10
|
CONFIG_PATH = File.join(File.dirname(__FILE__), '../lib/sourcefire/config/rapid7_sourcefire.config')
|
|
8
11
|
|
|
9
12
|
# Obtain Nexpose settings from Environment Variables.
|
data/lib/sourcefire/nx_logger.rb
CHANGED
|
@@ -35,22 +35,22 @@ module Sourcefire
|
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
def setup_logging(enabled, log_level)
|
|
38
|
+
def setup_logging(enabled, log_level = 'info')
|
|
39
39
|
unless enabled || @log.nil?
|
|
40
40
|
log_message('Logging disabled.')
|
|
41
41
|
return
|
|
42
42
|
end
|
|
43
|
-
|
|
43
|
+
|
|
44
44
|
@logger_file = get_log_path product
|
|
45
45
|
|
|
46
46
|
require 'logger'
|
|
47
47
|
directory = File.dirname(@logger_file)
|
|
48
48
|
FileUtils.mkdir_p(directory) unless File.directory?(directory)
|
|
49
|
-
io = IO.for_fd(IO.sysopen(@logger_file, 'a'))
|
|
49
|
+
io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
|
|
50
50
|
io.autoclose = false
|
|
51
51
|
io.sync = true
|
|
52
52
|
@log = Logger.new(io, 'weekly')
|
|
53
|
-
@log.level = if log_level.casecmp('info') == 0
|
|
53
|
+
@log.level = if log_level.to_s.casecmp('info') == 0
|
|
54
54
|
Logger::INFO
|
|
55
55
|
else
|
|
56
56
|
Logger::DEBUG
|
|
@@ -146,5 +146,10 @@ module Sourcefire
|
|
|
146
146
|
end
|
|
147
147
|
end
|
|
148
148
|
|
|
149
|
+
#Used by net library for debugging
|
|
150
|
+
def <<(value)
|
|
151
|
+
log_debug_message(value)
|
|
152
|
+
end
|
|
153
|
+
|
|
149
154
|
end
|
|
150
155
|
end
|
data/lib/sourcefire/queries.rb
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
module Sourcefire
|
|
2
2
|
module Queries
|
|
3
3
|
def self.sf_host_vuln_info(options = {})
|
|
4
|
-
"SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector
|
|
4
|
+
"SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector,
|
|
5
|
+
os.vendor, os.name, os.version
|
|
5
6
|
FROM fact_vulnerability fa
|
|
6
7
|
JOIN dim_vulnerability dv USING (vulnerability_id)
|
|
7
8
|
LEFT OUTER JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
|
|
8
9
|
LEFT OUTER JOIN fact_asset_vulnerability_instance favi USING (vulnerability_id)
|
|
9
10
|
LEFT OUTER JOIN dim_asset da USING (asset_id)
|
|
11
|
+
JOIN dim_operating_system os ON da.operating_system_id=os.operating_system_id
|
|
10
12
|
WHERE affected_assets > 0
|
|
11
|
-
GROUP BY da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score
|
|
13
|
+
GROUP BY da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score, os.vendor, os.name, os.version
|
|
12
14
|
ORDER BY da.ip_address ASC"
|
|
13
15
|
end
|
|
14
16
|
end
|
data/lib/sourcefire/version.rb
CHANGED
data/lib/sourcefire_connector.rb
CHANGED
|
@@ -31,8 +31,7 @@ module Sourcefire
|
|
|
31
31
|
puts 'Report generation complete.'
|
|
32
32
|
|
|
33
33
|
#Process the Nexpose results.report("name:") { TESTS.times { } }ort into SourceFire format
|
|
34
|
-
|
|
35
|
-
data_sets = process_nexpose_data(report_file, processed_report_file)
|
|
34
|
+
data_sets = process_nexpose_data(report_file)
|
|
36
35
|
|
|
37
36
|
#Establish connection with Sourcefire
|
|
38
37
|
puts "Connecting to Sourcefire: #{@config[:sourcefire_address]}"
|
|
@@ -58,6 +57,7 @@ module Sourcefire
|
|
|
58
57
|
CSV.foreach(report_file, headers: true) do |row|
|
|
59
58
|
if current_asset.nil?
|
|
60
59
|
current_asset = "AddHost,#{row['ip_address']}\n"
|
|
60
|
+
current_asset << "SetOS,#{row['ip_address']},#{row['vendor']},#{row['name']},#{row['version']}\n"
|
|
61
61
|
current_ip = row['ip_address']
|
|
62
62
|
end
|
|
63
63
|
|
|
@@ -75,7 +75,7 @@ module Sourcefire
|
|
|
75
75
|
|
|
76
76
|
current_asset += sf_csv
|
|
77
77
|
next
|
|
78
|
-
end
|
|
78
|
+
end
|
|
79
79
|
|
|
80
80
|
#Next asset
|
|
81
81
|
assets << current_asset
|
|
@@ -89,7 +89,7 @@ module Sourcefire
|
|
|
89
89
|
assets
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
-
def process_nexpose_data(report_file
|
|
92
|
+
def process_nexpose_data(report_file)
|
|
93
93
|
max_data_size = 524288
|
|
94
94
|
|
|
95
95
|
@log.log_message('Creating data sets')
|
|
@@ -137,7 +137,7 @@ module Sourcefire
|
|
|
137
137
|
data_sets
|
|
138
138
|
end
|
|
139
139
|
|
|
140
|
-
def process_nexpose_data_alt(report_file
|
|
140
|
+
def process_nexpose_data_alt(report_file)
|
|
141
141
|
max_data_size = 524288
|
|
142
142
|
|
|
143
143
|
assets = get_assets(report_file)
|
data/sourcefire.gemspec
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
+
require 'sourcefire/version'
|
|
5
|
+
|
|
6
|
+
Gem::Specification.new do |spec|
|
|
7
|
+
spec.name = 'nexpose_sourcefire'
|
|
8
|
+
spec.version = Sourcefire::VERSION
|
|
9
|
+
spec.authors = ['JJ Cassidy', 'David Valente']
|
|
10
|
+
spec.email = ['integrations_support@rapid7.com']
|
|
11
|
+
|
|
12
|
+
spec.summary = 'Nexpose SourceFire Integration GEM'
|
|
13
|
+
spec.description = 'This GEM allows enables the importing of Nexpose host and vulnerability data into SourceFire'
|
|
14
|
+
spec.homepage = 'http://www.rapid7.com'
|
|
15
|
+
spec.license = 'MIT'
|
|
16
|
+
|
|
17
|
+
spec.files = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
|
|
18
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
19
|
+
spec.require_paths = ["lib"]
|
|
20
|
+
|
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
|
23
|
+
spec.add_runtime_dependency 'nexpose', "~> 0.9"
|
|
24
|
+
spec.required_ruby_version = '>= 1.9'
|
|
25
|
+
end
|
data/sourcefire.iml
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<module type="RUBY_MODULE" version="4">
|
|
3
|
+
<component name="FacetManager">
|
|
4
|
+
<facet type="gem" name="Ruby Gem">
|
|
5
|
+
<configuration>
|
|
6
|
+
<option name="GEM_APP_ROOT_PATH" value="$MODULE_DIR$" />
|
|
7
|
+
<option name="GEM_APP_TEST_PATH" value="" />
|
|
8
|
+
<option name="GEM_APP_LIB_PATH" value="" />
|
|
9
|
+
</configuration>
|
|
10
|
+
</facet>
|
|
11
|
+
</component>
|
|
12
|
+
<component name="NewModuleRootManager" inherit-compiler-output="true">
|
|
13
|
+
<exclude-output />
|
|
14
|
+
<content url="file://$MODULE_DIR$" />
|
|
15
|
+
<orderEntry type="jdk" jdkName="RVM: ruby-1.9.3-p547 [global]" jdkType="RUBY_SDK" />
|
|
16
|
+
<orderEntry type="sourceFolder" forTests="false" />
|
|
17
|
+
<orderEntry type="library" scope="PROVIDED" name="bundler (v1.10.4, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
|
18
|
+
<orderEntry type="library" scope="PROVIDED" name="nexpose (v0.9.8, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
|
19
|
+
<orderEntry type="library" scope="PROVIDED" name="rake (v10.4.2, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
|
20
|
+
<orderEntry type="library" scope="PROVIDED" name="rex (v2.0.7, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
|
|
21
|
+
</component>
|
|
22
|
+
</module>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexpose_sourcefire
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- JJ Cassidy
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2016-02-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -75,6 +75,8 @@ files:
|
|
|
75
75
|
- lib/sourcefire/queries.rb
|
|
76
76
|
- lib/sourcefire/version.rb
|
|
77
77
|
- lib/sourcefire_connector.rb
|
|
78
|
+
- sourcefire.gemspec
|
|
79
|
+
- sourcefire.iml
|
|
78
80
|
homepage: http://www.rapid7.com
|
|
79
81
|
licenses:
|
|
80
82
|
- MIT
|
|
@@ -95,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
95
97
|
version: '0'
|
|
96
98
|
requirements: []
|
|
97
99
|
rubyforge_project:
|
|
98
|
-
rubygems_version: 2.4.
|
|
100
|
+
rubygems_version: 2.4.8
|
|
99
101
|
signing_key:
|
|
100
102
|
specification_version: 4
|
|
101
103
|
summary: Nexpose SourceFire Integration GEM
|