nexpose_ticketing 0.8.3 → 1.0.0

data/lib/nexpose_ticketing/queries.rb

@@ -64,8 +64,13 @@ module NexposeTicketing
     #    |url| |summary| |fix|
     #
     def self.all_new_vulns(options = {})
-	"SELECT DISTINCT on (da.ip_address, davs.solution_id) subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id,
-       ds.url,proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, fa.riskscore, dv.cvss_score, dvr.source, dvr.reference,
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+       string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                           '|Nexpose ID: ' || ds.nexpose_id ||
+                           '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
+                           '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+       fa.riskscore, dv.cvss_score,
+       string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
         fasva.first_discovered, fasva.most_recently_discovered
         FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
           FROM fact_asset_scan_vulnerability_finding fasv
@@ -77,15 +82,17 @@ module NexposeTicketing
               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, fasv.scan_id
               HAVING NOT baselineComparison(fasv.scan_id, current_scan) = 'Old'
           ) subs
-        JOIN dim_vulnerability dv USING (vulnerability_id)
-        JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
-        JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
-        JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
-        JOIN dim_solution ds USING (solution_id)
-        JOIN dim_asset da ON subs.asset_id = da.asset_id
-        JOIN fact_asset fa ON fa.asset_id = da.asset_id
-	      #{createRiskString( options[:riskScore])}
-        ORDER BY da.ip_address, davs.solution_id"
+          JOIN dim_vulnerability dv USING (vulnerability_id)
+          LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
+          JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+          JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
+          JOIN dim_solution ds USING (solution_id)
+          JOIN dim_asset da ON subs.asset_id = da.asset_id
+          JOIN fact_asset fa ON fa.asset_id = da.asset_id
+          #{createRiskString( options[:riskScore])}
+          GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+                 fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered
+          ORDER BY da.ip_address, subs.vulnerability_id"
     end
 
     # Gets all delta vulns for all sites sorted by vuln ID.
@@ -95,25 +102,38 @@ module NexposeTicketing
     #    |url| |summary| |fix|
     #
     def self.all_new_vulns_by_vuln_id(options = {})
-      "SELECT DISTINCT on (subs.vulnerability_id, subs.asset_id, davs.solution_id) subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, dv.title, davs.solution_id, ds.nexpose_id,
-       ds.url,proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, fa.riskscore
-        FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
-          FROM fact_asset_scan_vulnerability_finding fasv
-          JOIN
-          (
-            SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
-              FROM dim_asset #{createAssetString(options)}) s
-              ON s.asset_id = fasv.asset_id AND (fasv.scan_id = s.baseline_scan OR fasv.scan_id = s.current_scan)
-              GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, fasv.scan_id
-              HAVING NOT baselineComparison(fasv.scan_id, current_scan) = 'Old'
-          ) subs
-        JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
-        JOIN dim_solution ds USING (solution_id)
-        JOIN dim_asset da ON subs.asset_id = da.asset_id
-        JOIN dim_vulnerability dv ON subs.vulnerability_id = dv.vulnerability_id
-        JOIN fact_asset fa ON fa.asset_id = da.asset_id
-	      #{createRiskString(options[:riskScore])}
-        ORDER BY subs.vulnerability_id, subs.asset_id, davs.solution_id"
+        "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+                   string_agg(DISTINCT subs.asset_id ||
+                     '|' || da.ip_address ||
+                     '|' || coalesce(da.host_name, '')  ||
+                     '|' || fa.riskscore, '~') as assets,
+                 
+                   string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                     '|Nexpose ID: ' || ds.nexpose_id ||
+                     '|Fix: ' || coalesce(proofAsText(ds.fix)) ||
+                     '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+         string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references
+          FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
+            FROM fact_asset_scan_vulnerability_finding fasv
+            JOIN
+            (
+              SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
+                FROM dim_asset #{createAssetString(options)}) s
+                ON s.asset_id = fasv.asset_id AND (fasv.scan_id = s.baseline_scan OR fasv.scan_id = s.current_scan)
+                GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, fasv.scan_id
+                HAVING NOT baselineComparison(fasv.scan_id, current_scan) = 'Old'
+            ) subs
+          JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+          LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
+          JOIN dim_solution ds USING (solution_id)
+          JOIN dim_asset da ON subs.asset_id = da.asset_id
+          JOIN dim_vulnerability dv ON subs.vulnerability_id = dv.vulnerability_id
+          JOIN fact_asset fa ON fa.asset_id = da.asset_id
+          JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
+          #{createRiskString(options[:riskScore])}
+          
+          GROUP BY subs.vulnerability_id, dv.title
+          ORDER BY subs.vulnerability_id"
     end
     
     # Gets all new vulnerabilities happening after a reported scan id.
@@ -126,25 +146,36 @@ module NexposeTicketing
     #     |url| |summary| |fix|
     #
     def self.new_vulns_since_scan(options = {})
-      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id,
-       ds.url, proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, fa.riskscore
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+       string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                           '|Nexpose ID: ' || ds.nexpose_id ||
+                           '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
+                           '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+       fa.riskscore, dv.cvss_score,
+       string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
+       fasva.first_discovered, fasva.most_recently_discovered
         FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
           FROM fact_asset_scan_vulnerability_finding fasv
           JOIN
           (
             SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
               FROM dim_asset #{createAssetString(options)}) s
-              ON s.asset_id = fasv.asset_id AND (fasv.scan_id >= #{options[:scan_id]} OR fasv.scan_id = s.current_scan)
+              ON s.asset_id = fasv.asset_id AND (fasv.scan_id >=  #{options[:scan_id]} OR fasv.scan_id = s.current_scan)
               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
               HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
           ) subs
+      JOIN dim_vulnerability dv USING (vulnerability_id)
+      LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
       JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+      JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
       JOIN dim_solution ds USING (solution_id)
       JOIN dim_asset da ON subs.asset_id = da.asset_id
       AND subs.current_scan > #{options[:scan_id]}
       JOIN fact_asset fa ON fa.asset_id = da.asset_id
       #{createRiskString(options[:riskScore])}
-      ORDER BY da.ip_address"
+      GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+                 fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered
+      ORDER BY da.ip_address, subs.vulnerability_id"
     end
 
 
@@ -158,8 +189,17 @@ module NexposeTicketing
     #     |url| |summary| |fix|
     #
     def self.new_vulns_by_vuln_id_since_scan(options = {})
-      "SELECT DISTINCT on (subs.vulnerability_id, subs.asset_id, davs.solution_id) subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id,
-       ds.url, proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, fa.riskscore
+      "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+                   string_agg(DISTINCT subs.asset_id ||
+                     '|' || da.ip_address ||
+                     '|' || coalesce(da.host_name, '')  ||
+                     '|' || fa.riskscore, '~') as assets,
+                 
+                   string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                     '|Nexpose ID: ' || ds.nexpose_id ||
+                     '|Fix: ' || coalesce(proofAsText(ds.fix)) ||
+                     '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+         string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references
         FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
           FROM fact_asset_scan_vulnerability_finding fasv
           JOIN
@@ -170,13 +210,17 @@ module NexposeTicketing
               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
               HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
           ) subs
+      JOIN dim_vulnerability dv USING (vulnerability_id)
+      LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
       JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+      JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
       JOIN dim_solution ds USING (solution_id)
       JOIN dim_asset da ON subs.asset_id = da.asset_id
       AND subs.current_scan > #{options[:scan_id]}
       JOIN fact_asset fa ON fa.asset_id = da.asset_id
       #{createRiskString(options[:riskScore])}
-      ORDER BY subs.vulnerability_id, subs.asset_id, davs.solution_id"
+      GROUP BY subs.vulnerability_id, dv.title
+      ORDER BY vulnerability_id"
     end
 
 
@@ -190,7 +234,7 @@ module NexposeTicketing
     #     |url| |summary| |fix|
     #
     def self.old_vulns_since_scan(options = {})
-      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, dvs.solution_id, ds.nexpose_id, ds.url, 
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, dvs.solution_id, ds.nexpose_id, ds.url, 
         proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, subs.comparison, fa.riskscore
         FROM (
           SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison 
@@ -223,8 +267,14 @@ module NexposeTicketing
     #     |url| |summary| |fix| |comparison|
     #
     def self.all_vulns_since_scan(options = {})
-      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, dvs.solution_id, ds.nexpose_id, ds.url, 
-        proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, subs.comparison, fa.riskscore
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+        string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                           '|Nexpose ID: ' || ds.nexpose_id ||
+                           '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
+                           '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions, 
+        subs.comparison, fa.riskscore, dv.cvss_score, 
+        string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
+        null as first_discovered, null as most_recently_discovered
         FROM (
           SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
           FROM fact_asset_scan_vulnerability_finding fasv
@@ -235,17 +285,27 @@ module NexposeTicketing
           GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
           HAVING baselineComparison(fasv.scan_id, current_scan) = 'Old'
         ) subs
+        JOIN dim_vulnerability dv USING (vulnerability_id)
+        LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
         JOIN dim_vulnerability_solution dvs USING (vulnerability_id)
         JOIN dim_solution ds USING (solution_id)
         JOIN dim_asset da ON subs.asset_id = da.asset_id
-      	JOIN fact_asset fa ON fa.asset_id = subs.asset_id
-      	 #{createRiskString(options[:riskScore])}
+        JOIN fact_asset fa ON fa.asset_id = subs.asset_id
+         #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
+        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+                 fa.riskscore, dv.cvss_score, subs.comparison
 
         UNION
 
-        SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id, ds.url, 
-        proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, subs.comparison, fa.riskscore
+        SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id,
+        string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                           '|Nexpose ID: ' || ds.nexpose_id ||
+                           '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
+                           '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions, 
+        subs.comparison, fa.riskscore, dv.cvss_score, 
+        string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
+        fasva.first_discovered, fasva.most_recently_discovered
         FROM 
         (
           SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
@@ -258,18 +318,23 @@ module NexposeTicketing
           GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
           HAVING baselineComparison(fasv.scan_id, current_scan) IN ('Same','New')
         ) subs
+        JOIN dim_vulnerability dv USING (vulnerability_id)
+        LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
         JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+        JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
         JOIN dim_solution ds USING (solution_id)
         JOIN dim_asset da ON subs.asset_id = da.asset_id
         JOIN fact_asset fa ON fa.asset_id = subs.asset_id
-      	#{createRiskString(options[:riskScore])}
+        #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
+        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+                 fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered, subs.comparison
 
         ORDER BY ip_address, comparison"
     end
 
     # Gets all vulnerabilities happening after a reported scan id. Sorted by vuln ID. This result set also includes the
-    # baseline comparision ("Old", "New", or "Same") allowing for IP-based ticket updating.
+    # baseline comparision ("Old", "New", or "Same") allowing for vulnerability-based ticket updating.
     #
     # * *Args*    :
     #   - +reported_scan+ -  Last reported scan id.
@@ -279,8 +344,18 @@ module NexposeTicketing
     #     |url| |summary| |fix| |comparison|
     #
     def self.all_vulns_by_vuln_id_since_scan(options = {})
-      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, dv.title, dvs.solution_id, ds.nexpose_id, ds.url,
-        proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, subs.comparison, fa.riskscore
+      "SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+                   string_agg(DISTINCT subs.asset_id ||
+                     '|' || da.ip_address ||
+                     '|' || coalesce(da.host_name, '')  ||
+                     '|' || fa.riskscore, '~') as assets,
+                 
+                   string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                     '|Nexpose ID: ' || ds.nexpose_id ||
+                     '|Fix: ' || coalesce(proofAsText(ds.fix)) ||
+                     '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+                   string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
+                   subs.comparison
         FROM (
           SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
           FROM fact_asset_scan_vulnerability_finding fasv
@@ -291,19 +366,31 @@ module NexposeTicketing
           GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
           HAVING baselineComparison(fasv.scan_id, current_scan) = 'Old'
         ) subs
+        JOIN dim_vulnerability dv USING (vulnerability_id)
+        LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
         JOIN dim_vulnerability_solution dvs USING (vulnerability_id)
         JOIN dim_solution ds USING (solution_id)
         JOIN dim_asset da ON subs.asset_id = da.asset_id
-        JOIN dim_vulnerability dv ON subs.vulnerability_id = dv.vulnerability_id
-      	JOIN fact_asset fa ON fa.asset_id = subs.asset_id
-      	#{createRiskString(options[:riskScore])}
+        JOIN fact_asset fa ON fa.asset_id = subs.asset_id
+         #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
+        GROUP BY subs.vulnerability_id, dv.title, subs.comparison
 
         UNION
 
-        SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, dv.title, davs.solution_id, ds.nexpose_id, ds.url,
-        proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix, subs.comparison, fa.riskscore
-        FROM
+        SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+                   string_agg(DISTINCT subs.asset_id ||
+                     '|' || da.ip_address ||
+                     '|' || coalesce(da.host_name, '')  ||
+                     '|' || fa.riskscore, '~') as assets,
+                 
+                   string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
+                     '|Nexpose ID: ' || ds.nexpose_id ||
+                     '|Fix: ' || coalesce(proofAsText(ds.fix)) ||
+                     '|URL: ' || coalesce(ds.url, 'None'), '~') as solutions,
+                   string_agg(DISTINCT dvr.source || ': ' || dvr.reference, ', ') as references,
+                   subs.comparison
+        FROM 
         (
           SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
           FROM fact_asset_scan_vulnerability_finding fasv
@@ -315,15 +402,17 @@ module NexposeTicketing
           GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
           HAVING baselineComparison(fasv.scan_id, current_scan) IN ('Same','New')
         ) subs
+        JOIN dim_vulnerability dv USING (vulnerability_id)
+        LEFT JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
         JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
         JOIN dim_solution ds USING (solution_id)
         JOIN dim_asset da ON subs.asset_id = da.asset_id
-        JOIN dim_vulnerability dv ON subs.vulnerability_id = dv.vulnerability_id
-      	JOIN fact_asset fa ON fa.asset_id = subs.asset_id
-      	#{createRiskString(options[:riskScore])}
+        JOIN fact_asset fa ON fa.asset_id = subs.asset_id
+        #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
+        GROUP BY subs.vulnerability_id, dv.title, subs.comparison
 
-        ORDER BY vulnerability_id, comparison, asset_id, solution_id"
+        ORDER BY vulnerability_id, comparison"
     end
 
 
@@ -336,7 +425,7 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |comparison|
     #
     def self.old_tickets_by_ip(options = {})
-      "SELECT subs.asset_id, subs.ip_address, subs.current_scan, subs.vulnerability_id, subs.comparison
+      "SELECT DISTINCT on(subs.ip_address) subs.asset_id, subs.ip_address, subs.current_scan, subs.vulnerability_id, subs.comparison
         FROM (
           SELECT fasv.asset_id,  s.ip_address, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison
           FROM fact_asset_scan_vulnerability_finding fasv

data/lib/nexpose_ticketing/ticket_repository.rb

@@ -5,6 +5,8 @@ module NexposeTicketing
     require 'nexpose'
     require 'nexpose_ticketing/queries'
     require 'nexpose_ticketing/report_helper'
+    require 'nexpose_ticketing/nx_logger'
+    require 'nexpose_ticketing/version'
 
     @timeout = 10800
 
@@ -13,8 +15,12 @@ module NexposeTicketing
     end
 
     def nexpose_login(nexpose_data)
+      
       @nsc = Nexpose::Connection.new(nexpose_data[:nxconsole], nexpose_data[:nxuser], nexpose_data[:nxpasswd])
       @nsc.login
+      @log = NexposeTicketing::NxLogger.instance
+      @log.on_connect(nexpose_data[:nxconsole], 3780, @nsc.session_id, "{}")
+
       #After login, create the report helper
       @report_helper = NexposeReportHelper::ReportOps.new(@nsc, @timeout)
     end

data/lib/nexpose_ticketing/ticket_service.rb

@@ -52,9 +52,12 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     require 'yaml'
     require 'fileutils'
     require 'nexpose_ticketing/ticket_repository'
+    require 'nexpose_ticketing'
+    require 'nexpose_ticketing/nx_logger'
+    require 'nexpose_ticketing/version'
 
     TICKET_SERVICE_CONFIG_PATH =  File.join(File.dirname(__FILE__), '/config/ticket_service.config')
-    LOGGER_FILE = File.join(File.dirname(__FILE__), '/log/ticket_service.log')
+    LOGGER_FILE = File.join(File.dirname(__FILE__), '/logs/ticket_service.log')
 
     attr_accessor :helper_data, :nexpose_data, :options, :ticket_repository, :first_time, :nexpose_item_histories
 
@@ -90,14 +93,17 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     end
 
     def setup_logging(enabled = false)
-      if enabled
-        require 'logger'
-        directory = File.dirname(LOGGER_FILE)
-        FileUtils.mkdir_p(directory) unless File.directory?(directory)
-        @log = Logger.new(LOGGER_FILE, 'monthly')
-        @log.level = Logger::INFO
-        log_message('Logging enabled, starting service.')
-      end
+      helper_log = NexposeTicketing::NxLogger.instance
+      helper_log.setup_logging(@options[:logging_enabled],
+                               @options[:log_level])
+
+      return unless enabled
+      require 'logger'
+      directory = File.dirname(LOGGER_FILE)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      @log = Logger.new(LOGGER_FILE, 'monthly')
+      @log.level = Logger::INFO
+      log_message('Logging enabled, starting service.')
     end
 
     # Logs a message if logging is enabled.
@@ -222,6 +228,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     # There's a new scan with possibly new vulnerabilities.
     def delta_site_new_scan(ticket_repository, nexpose_item, options, helper, file_site_histories, tag_id=nil)
       log_message("New scan detected for nexpose id: #{nexpose_item}. Generating report.")
+      item = options[:tag_run] ? 'asset' : 'site'
       
       if options[:ticket_mode] == 'I' || options[:ticket_mode] == 'V'
         # I-mode and V-mode tickets require updating the tickets in the target system.
@@ -270,16 +277,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                                                                tag_run: options[:tag_run],
                                                                tag: tag_id)
 
-        preparse = CSV.new(new_scan_vuln_file.path, headers: :first_row)
+        preparse = CSV.open(new_scan_vuln_file.path, headers: :first_row)
         empty_report = preparse.shift.nil?
-        log_message("No new vulnerabilities found in new scan for site: #{nexpose_item}.") if empty_report
-        log_message("New vulnerabilities found in new scan for site #{nexpose_item}, preparing tickets.") unless empty_report
+        preparse.close
+
+        
+        log_message("No new vulnerabilities found in new scan for #{item}: #{nexpose_item}.") if empty_report
+        log_message("New vulnerabilities found in new scan for #{item} #{nexpose_item}, preparing tickets.") unless empty_report
         unless empty_report
           ticket_rate_limiter(options, new_scan_vuln_file, Proc.new {|ticket_batch| helper.prepare_create_tickets(ticket_batch, tag_id.nil? ? nexpose_item : "T#{tag_id}")}, Proc.new {|tickets| helper.create_tickets(tickets)})
         end
         
         if helper.respond_to?('prepare_close_tickets') && helper.respond_to?('close_tickets')
           old_scan_vuln_file = ticket_repository.old_vulns(scan_id: file_site_histories[nexpose_item],
+                                                                 nexpose_item: nexpose_item,
                                                                  site_id: nexpose_item,
                                                                  severity: options[:severity],
                                                                  riskScore: options[:riskScore],
@@ -287,10 +298,11 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                                                                  tag_run: options[:tag_run],
                                                                  tag: tag_id)
 
-          preparse = CSV.new(old_scan_vuln_file.path, headers: :first_row, :skip_blanks => true)
+          preparse = CSV.open(old_scan_vuln_file.path, headers: :first_row, :skip_blanks => true)
           empty_report = preparse.shift.nil?
-          log_message("No old (closed) vulnerabilities found in new scan for site: #{nexpose_item}.") if empty_report
-          log_message("Old vulnerabilities found in new scan for site #{nexpose_item}, preparing closures.") unless empty_report
+          preparse.close
+          log_message("No old (closed) vulnerabilities found in new scan for #{item}: #{nexpose_item}.") if empty_report
+          log_message("Old vulnerabilities found in new scan for #{item} #{nexpose_item}, preparing closures.") unless empty_report
           unless empty_report
             ticket_rate_limiter(options, old_scan_vuln_file, Proc.new {|ticket_batch| helper.prepare_close_tickets(ticket_batch, tag_id.nil? ? nexpose_item : "T#{tag_id}")}, Proc.new {|tickets| helper.close_tickets(tickets)})
           end
@@ -366,7 +378,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       # Prep the batch of tickets
       log_message('Creating tickets.')
       tickets = ticket_prepare_method.call(ticket_batch.join(''))
-      log_message("Generated tickets: #{ticket_batch.size}")
+      log_message("Parsed rows: #{ticket_batch.size}")
       # Sent them off
       log_message('Sending tickets.')
       ticket_send_method.call(tickets)