recog 2.3.19 → 2.3.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1730f78c5d43d5e0bf074820df10e11d051112e1f35a768807942cef830c8752
-  data.tar.gz: f4bbfb15e03793f02bed6da87e76ff6750a737b08957f216a41377ad5dd4e77f
+  metadata.gz: cb4df95cbe1561c384b06be8c36fcea1e51df3c6cdb86a2a944715213d119ae8
+  data.tar.gz: 751fa73b20c6fb9f1c372be5503c07302101b77d729cdce3befee2981651f1ca
 SHA512:
-  metadata.gz: 0ddc88f9553b8ac65157032c8d082b315dfee065fd9994bd9c4f04fb1f23738ce4b15d7e958ef85cd4d548422bbab6db7343126560242b2aacf66a0bea05794a
-  data.tar.gz: 18a1df88375afa271379547779eaeb2379f431164ac116316005ff60d2035b89608c4aec64e2a66ac9f7d27af13e58e703ead9a2f3532f8d9b1074439ad05458
+  metadata.gz: 6612cf0d0c5f19cd1a913123fe3c4fce9772ac82b7a07f78ace94f51b1681210a8dfacde3624b2b54c7d66f2f1530771d9a592c3d5bda8bde897d4f9713c2ef9
+  data.tar.gz: 7b935f573b7b4050b2b06e2b8965af9201bb385e2695f9859e6ecf233f93aadb9331d648b18a506528efbd97e2821d0b9816970bfd5df978262b05ec8aeb9f8e

data/bin/recog_standardize

@@ -50,6 +50,7 @@ end
 
 # Load the unique identifiers
 vendors = load_identifiers(File.join(bdir, "vendor.txt"))
+fields = load_identifiers(File.join(bdir, "fields.txt"))
 os_arch = load_identifiers(File.join(bdir, "os_architecture.txt"))
 os_prod = load_identifiers(File.join(bdir, "os_product.txt"))
 os_family = load_identifiers(File.join(bdir, "os_family.txt"))
@@ -67,6 +68,10 @@ ARGV.each do |arg|
     ndb.fingerprints.each do |f|
       f.params.each do |k,v|
         paramIndex, val = v
+        if ! fields[k]
+          puts "FIELD MISSING: #{k}"
+          fields[k] = true
+        end
         next if paramIndex != 0
         next if val.index("{") != nil
         next if val.strip == ""
@@ -131,6 +136,7 @@ exit if ! options.write
 
 # Write back the unique identifiers
 write_identifiers(vendors, File.join(bdir, "vendor.txt"))
+write_identifiers(fields, File.join(bdir, "fields.txt"))
 write_identifiers(os_arch, File.join(bdir, "os_architecture.txt"))
 write_identifiers(os_prod, File.join(bdir, "os_product.txt"))
 write_identifiers(os_family, File.join(bdir, "os_family.txt"))

data/cpe-remap.yaml

@@ -1,212 +1,315 @@
 mappings:
-  alpine:
-    vendor: alpinelinux
-    products:
-      linux: alpine_linux
-  apache:
-    products:
-      httpd: http_server
-  apple:
-    products:
-      ios: iphone_os
-  aprelium_technologies:
-    vendor: aprelium
-  alt-n:
-    vendor: altn
-  aruba_networks:
-    vendor: arubanetworks
-  bea:
-    products:
-      weblogic: weblogic_server
-  blue_coat:
-    vendor: bluecoat
-  carnegie_mellon_university:
-    vendor: cmu
-    products:
-      cyrus_imap: cyrus_imap_server
-  centos:
-    products:
-      linux: centos
-  centos_webpanel:
-    vendor: centos-webpanel
-  check_point:
-    vendor: checkpoint
-  cherokee_project:
-    vendor: cherokee-project
-  cisco:
-    vendor: cisco
-    products:
-      adaptive_security_appliance: adaptive_security_appliance_software
-      apic: application_policy_infrastructure_controller
-      pix: pix_firewall_software
-      telepresence: telepresence_video_communication_server_software
-  crushftp:
-    products:
-      crushftp_web_interface: crushftp
-  cumulus:
-    vendor: cumulusnetworks
-  data_domain:
-    vendor: dell
-    products:
-      dd_os: emc_data_domain_os
-  debian:
-    products:
-      linux: debian_linux
-  drupal:
-    products:
-      cms: drupal
-  embedthis:
-    products:
-       goahead_webserver: goahead
-  emc:
-    products:
-      celerra: celerra_network_attached_storage
-  f5:
-    products:
-      big-ip: big-ip_local_traffic_manager
-      big-ip_ltm: big-ip_local_traffic_manager
-  fedora_project:
-    vendor: fedoraproject
-  hp:
-    products:
-      ilo: integrated_lights_out
-      tru64_unix: tru64
-  ibm:
-    products:
-      lotus_domino: lotus_domino_server
-      ibm_domino: lotus_domino
-      os/400: os_400
-      i5/os: i5os
-  ignite_realtime:
-    vendor: igniterealtime
-  intel:
-    products:
-      intel(r)_active_management_technology: active_management_technology
-      intel(r)_standard_manageability: standard_manageability
-  jamf:
-    products:
-      jamf_pro: jamf
-  juniper:
-    products:
-      junos_os: junos
-  kibana:
-    vendor: elasticsearch
-  kodi:
-    products:
-      media_server: kodi
-  cz.nic:
-    vendor: knot-dns
-  litespeed_technologies:
-    vendor: litespeedtech
-  linux:
-    products:
-      linux: linux_kernel
-  lynx_technology:
-    vendor: lynxtechnology
-    products:
-      twonky_media_server: twonky_server
-  mailenable:
-    products:
-      mail_server: mailenable
-  microsoft:
-    products:
-      active_directory_controller: active_directory
-      exchange_server_5.5: exchange_server
-      exchange_2000_server: exchange_server
-      exchange_2003_server: exchange_server
-      exchange_2007_server: exchange_server
-      lightweight_directory_server: active_directory_lightweight_directory_service
-      windows_server_2003_datacenter_edition: windows_server_2003
-      windows_server_2003_r2: windows_server_2003
-      windows_2008_r2: windows_server_2008
-      windows_server_2008_datacenter_edition: windows_server_2008
-      windows_server_2008_r2: windows_server_2008
-      windows_server_2008_r2_datacenter_edition: windows_server_2008
-      windows_server_2012_r2: windows_server_2012
-      nt: windows_nt
-      windows_nt_desktop: windows_nt
-      windows_nt_server: windows_nt
-      windows_server_2000: windows_2000
-      windows_2000_server: windows_2000
-      windows_2000_datacenter_server: windows_2000
-      pws: personal_web_server
-  mod_ssl:
-    vendor: modssl
-  mod_wsgi:
-    vendor: modwsgi
-  mort_bay:
-    vendor: mortbay
-  munin:
-    vendor: munin-monitoring
-  nlnet_labs:
-    vendor: nlnetlabs
-    products:
-      dnsd: name_server_daemon
-  net-snmp:
-    products:
-      snmp_agent: net-snmp
-  owncloud:
-    products:
-      owncloud_server: owncloud
-  palo_alto_networks:
-    vendor: paloaltonetworks
-    products:
-      pa_firewall: pan-os
-  parallels:
-    products:
-      plesk: parallels_plesk_panel
-  plesk:
-    vendor: parallels
-  proftpd_project:
-    vendor: proftpd
-  progress:
-    products:
-      openedge_explorer: openedge
-  pulse_secure:
-    vendor: pulsesecure
-  realvnc_ltd.:
-    vendor: realvnc
-  red_hat:
-    vendor: redhat
-    products:
-      cygwin_x_server_project: cygwin
-      fedora_core_linux: fedora_core
-      jboss_as: jboss_wildfly_application_server
-      jboss_eap: jboss_enterprise_application_platform
-      jbossweb: jboss_web_framework_kit
-      red_hat_directory_server: directory_server
-  squid_cache:
-    vendor: squid-cache
-  sun:
-    vendor: sun
-    products:
-      solaris: sunos
-  swagger:
-    vendor: smartbear
-  tandberg:
-    vendor: cisco
-  tightvnc:
-    products:
-      desktop: tightvnc
-  tor_project:
-    vendor: torproject
-  ubiquiti:
-    vendor: ui
-  ubuntu:
-    vendor: canonical
-    products:
-      linux: ubuntu_linux
-  vandyke_software:
-    vendor: vandyke
-  vmware:
-    products:
-      photon_linux: photon_os
-      zimbra: zimbra_desktop
-      vcenter: vcenter_server
-      vmware_esx_server: esx
-      vmware_esxi_server: esxi
-  wind_river:
-    vendor: windriver
-  x.org:
-    products:
-      x.org_x11: x11
+  # The following section contains CPE application or 'a' remappings. These will
+  # ONLY be used for mapping Recog 'service' attributes.
+  a:
+    akamai:
+      products:
+        ghost: akamaighost
+    amazon:
+      products:
+        s3: amazon_simple_storage_service
+        cloudfront_load_balancer: amazon_cloudfront
+    apache:
+      products:
+        httpd: http_server
+    aprelium_technologies:
+      vendor: aprelium
+    alt-n:
+      vendor: altn
+    aruba_networks:
+      vendor: arubanetworks
+    bea:
+      products:
+        weblogic: weblogic_server
+    blue_coat:
+      vendor: bluecoat
+    carnegie_mellon_university:
+      vendor: cmu
+      products:
+        cyrus_imap: cyrus_imap_server
+    centos_webpanel:
+      vendor: centos-webpanel
+    check_point:
+      vendor: checkpoint
+    cherokee_project:
+      vendor: cherokee-project
+    cisco:
+      products:
+        apic: application_policy_infrastructure_controller
+    cloudflare:
+      products:
+        cloudflare_load_balancer: load_balancing
+    cpanel:
+      products:
+        cpanel_service_daemon: cpanel
+    crushftp:
+      products:
+        crushftp_web_interface: crushftp
+    cz.nic:
+      vendor: knot-dns
+    drupal:
+      products:
+        cms: drupal
+    embedthis:
+      products:
+        goahead_webserver: goahead
+    envoy_proxy:
+      vendor: envoyproxy
+    f5:
+      products:
+        big-ip: big-ip_local_traffic_manager
+        big-ip_ltm: big-ip_local_traffic_manager
+    fedora_project:
+      vendor: fedoraproject
+    google:
+      products:
+        google_web_services: web_server
+    ibm:
+      products:
+        lotus_domino: lotus_domino_server
+        ibm_domino: lotus_domino
+    ignite_realtime:
+      vendor: igniterealtime
+    intel:
+      products:
+        intel(r)_active_management_technology: active_management_technology
+        intel(r)_standard_manageability: standard_manageability
+    jamf:
+      products:
+        jamf_pro: jamf
+    kibana:
+      vendor: elasticsearch
+    kubernetes:
+      products:
+        nginx_ingress_controller: ingress-nginx
+    kodi:
+      products:
+        media_server: kodi
+    kong:
+      vendor: konghq
+      products:
+        gateway: kong_gateway
+    litespeed_technologies:
+      vendor: litespeedtech
+    lotus:
+      vendor: ibm
+    lynx_technology:
+      vendor: lynxtechnology
+      products:
+        twonky_media_server: twonky_server
+    mailenable:
+      products:
+        mail_server: mailenable
+    manageengine:
+      vendor: zohocorp
+      products:
+        adaudit_plus: manageengine_adaudit_plus
+        desktop_central: manageengine_desktop_central
+        opmanager: manageengine_opmanager
+    microsoft:
+      products:
+        active_directory_controller: active_directory
+        exchange_server_5.5: exchange_server
+        exchange_2000_server: exchange_server
+        exchange_2003_server: exchange_server
+        exchange_2007_server: exchange_server
+        lightweight_directory_server: active_directory_lightweight_directory_service
+        pws: personal_web_server
+    mod_ssl:
+      vendor: modssl
+    mod_wsgi:
+      vendor: modwsgi
+    # NIST took the vendor name from the website but apparently missed the `.in`
+    # in moinmo.in was part of the name
+    moinmoin:
+      vendor: moinmo
+    mort_bay:
+      vendor: mortbay
+    munin:
+      vendor: munin-monitoring
+    nlnet_labs:
+      vendor: nlnetlabs
+      products:
+        dnsd: name_server_daemon
+    net-snmp:
+      products:
+        snmp_agent: net-snmp
+    owncloud:
+      products:
+        owncloud_server: owncloud
+    parallels:
+      products:
+        plesk: parallels_plesk_panel
+    plesk:
+      vendor: parallels
+    proftpd_project:
+      vendor: proftpd
+    progress:
+      products:
+        openedge_explorer: openedge
+    pulse_secure:
+      vendor: pulsesecure
+    realvnc_ltd.:
+      vendor: realvnc
+    red_hat:
+      vendor: redhat
+      products:
+        cygwin_x_server_project: cygwin
+        jboss_as: jboss_wildfly_application_server
+        jboss_eap: jboss_enterprise_application_platform
+        jbossweb: jboss_web_framework_kit
+        red_hat_directory_server: directory_server
+    serv-u:
+      vendor: solarwinds
+    squid_cache:
+      vendor: squid-cache
+    ssh_communications_security:
+      vendor: ssh
+      products:
+        ssh_tectia_server: tectia_server
+    standard_networks:
+      vendor: ipswitch
+    swagger:
+      vendor: smartbear
+    synology:
+      products:
+        dsm: diskstation_manager
+    tightvnc:
+      products:
+        desktop: tightvnc
+    tor_project:
+      vendor: torproject
+    traefik_labs:
+      vendor: containous
+      products:
+        traefik_proxy: traefik
+    twistedmatrix:
+      products:
+        twisted_web: twistedweb
+    ubiquiti:
+      vendor: ui
+    vandyke_software:
+      vendor: vandyke
+    vmware:
+      products:
+        zimbra: zimbra_desktop
+        vcenter: vcenter_server
+    x.org:
+      products:
+        x.org_x11: x11
+
+  # The following section contains CPE operating system or 'o' remappings. These will
+  # ONLY be used for mapping Recog 'os' attributes.
+  o:
+    alpine:
+      vendor: alpinelinux
+      products:
+        linux: alpine_linux
+    apple:
+      products:
+        ios: iphone_os
+    centos:
+      products:
+        linux: centos
+    check_point:
+      vendor: checkpoint
+    cisco:
+      products:
+        adaptive_security_appliance: adaptive_security_appliance_software
+        nam: network_analysis_module_software
+        pix: pix_firewall_software
+        telepresence: telepresence_video_communication_server_software
+        vpn_3000_concentrator: vpn_3000_concentrator_series_software
+        wireless_lan_controller: wireless_lan_controller_software
+    citrix:
+      products:
+        netscaler: netscaler_firmware
+        netscaler_gateway: netscaler_gateway_firmware
+    cumulus:
+      vendor: cumulusnetworks
+    data_domain:
+      vendor: dell
+      products:
+        dd_os: emc_data_domain_os
+    debian:
+      products:
+        linux: debian_linux
+    hp:
+      products:
+        ilo: integrated_lights-out_firmware
+        ilo_firmware: integrated_lights-out_firmware
+        ilo_2: integrated_lights-out_2_firmware
+        ilo_3: integrated_lights-out_3_firmware
+        ilo_4: integrated_lights-out_4_firmware
+        ilo_5: integrated_lights-out_5_firmware
+        tru64_unix: tru64
+    ibm:
+      products:
+        os/400: os_400
+        i5/os: i5os
+    juniper:
+      products:
+        junos_os: junos
+    linux:
+      products:
+        linux: linux_kernel
+    microsoft:
+      products:
+        windows_server_2003_datacenter_edition: windows_server_2003
+        windows_server_2003_r2: windows_server_2003
+        windows_2008_r2: windows_server_2008
+        windows_server_2008_datacenter_edition: windows_server_2008
+        windows_server_2008_r2: windows_server_2008
+        windows_server_2008_r2_datacenter_edition: windows_server_2008
+        windows_server_2012_r2: windows_server_2012
+        nt: windows_nt
+        windows_nt_desktop: windows_nt
+        windows_nt_server: windows_nt
+        windows_server_2000: windows_2000
+        windows_2000_server: windows_2000
+        windows_2000_datacenter_server: windows_2000
+    oracle:
+      products:
+        ilom: integrated_lights_out_manager_firmware
+    palo_alto_networks:
+      vendor: paloaltonetworks
+    red_hat:
+      vendor: redhat
+      products:
+        fedora_core_linux: fedora_core
+    sun:
+      products:
+        solaris: sunos
+    ubiquiti:
+      vendor: ui
+    ubuntu:
+      vendor: canonical
+      products:
+        linux: ubuntu_linux
+    vmware:
+      products:
+        photon_linux: photon_os
+        vmware_esx_server: esx
+        vmware_esxi_server: esxi
+    wind_river:
+      vendor: windriver
+
+  # The following section contains CPE hardware or 'h' remappings. These will
+  # ONLY be used for mapping Recog 'hw' attributes.
+  h:
+    cisco:
+      products:
+        nam: network_analysis_module
+    citrix:
+      products:
+        netscaler_sdx_gateway: netscaler_sdx
+    emc:
+      products:
+        celerra: celerra_network_attached_storage
+    hp:
+      products:
+        ilo: integrated_lights-out
+    tandberg:
+      vendor: cisco
+    ubiquiti:
+      vendor: ui