regscale-cli 6.20.0.0__py3-none-any.whl → 6.20.1.1__py3-none-any.whl

regscale/__init__.py

@@ -1 +1 @@
-__version__ = "6.20.0.0"
+__version__ = "6.20.1.1"

regscale/integrations/commercial/synqly/assets.py

@@ -23,6 +23,22 @@ def sync_armis_centrix(regscale_ssp_id: int) -> None:
     assets_armis_centrix.run_sync(regscale_ssp_id=regscale_ssp_id)
 
 
+@assets.command(name="sync_crowdstrike")
+@regscale_ssp_id()
+@click.option(
+    "--url",
+    type=click.STRING,
+    help="The root domain where your CrowdStrike Falcon tenant is located.",
+    required=False,
+)
+def sync_crowdstrike(regscale_ssp_id: int, url: str) -> None:
+    """Sync Assets from Crowdstrike to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_crowdstrike = Assets("crowdstrike")
+    assets_crowdstrike.run_sync(regscale_ssp_id=regscale_ssp_id, url=url)
+
+
 @assets.command(name="sync_nozomi_vantage")
 @regscale_ssp_id()
 def sync_nozomi_vantage(regscale_ssp_id: int) -> None:

regscale/integrations/commercial/synqly/edr.py

@@ -57,12 +57,18 @@ def sync_malwarebytes(regscale_ssp_id: int, url: str) -> None:
 
 @edr.command(name="sync_sentinelone")
 @regscale_ssp_id()
-def sync_sentinelone(regscale_ssp_id: int) -> None:
+@click.option(
+    "--edr_events_url",
+    type=click.STRING,
+    help="Base URL for the SentinelOne Singularity Data Lake API. This URL is required if you plan to use the EDR Events API.",
+    required=False,
+)
+def sync_sentinelone(regscale_ssp_id: int, edr_events_url: str) -> None:
     """Sync Edr from Sentinelone to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Edr
 
     edr_sentinelone = Edr("sentinelone")
-    edr_sentinelone.run_sync(regscale_ssp_id=regscale_ssp_id)
+    edr_sentinelone.run_sync(regscale_ssp_id=regscale_ssp_id, edr_events_url=edr_events_url)
 
 
 @edr.command(name="sync_sophos")

regscale/integrations/commercial/synqly/ticketing.py

@@ -24,6 +24,31 @@ def sync_autotask(regscale_id: int, regscale_module: str) -> None:
     ticketing_autotask.run_sync(regscale_id=regscale_id, regscale_module=regscale_module)
 
 
+@ticketing.command(name="sync_freshdesk")
+@regscale_id()
+@regscale_module()
+@click.option(
+    "--name",
+    type=click.STRING,
+    help="freshdesk name",
+    required=True,
+    prompt="freshdesk name",
+)
+@click.option(
+    "--subject",
+    type=click.STRING,
+    help="freshdesk subject",
+    required=True,
+    prompt="freshdesk subject",
+)
+def sync_freshdesk(regscale_id: int, regscale_module: str, name: str, subject: str) -> None:
+    """Sync Ticketing data between Freshdesk and RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Ticketing
+
+    ticketing_freshdesk = Ticketing("freshdesk")
+    ticketing_freshdesk.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, name=name, subject=subject)
+
+
 @ticketing.command(name="sync_jira")
 @regscale_id()
 @regscale_module()

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -360,13 +360,15 @@ def update_imp_objective(
     )
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
     responsibility = responsibility_map.get(responsibility, responsibility)
+    logger.debug(f"CRM Record: {crm_record}")
+    can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     for objective in objectives:
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
             imp_obj = ImplementationObjective(
                 id=0,
                 uuid="",
-                inherited=crm_record.get("can_be_inherited_from_csp") in ["Yes", "Partial"],
+                inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
                 implementationId=imp.id,
                 status=status_map.get(cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED),
                 objectiveId=objective.id,
@@ -374,8 +376,8 @@ def update_imp_objective(
                 securityControlId=objective.securityControlId,
                 securityPlanId=REGSCALE_SSP_ID,
                 responsibility=responsibility,
-                cloudResponsibility=customer_responsibility,
-                customerResponsibility=customer_responsibility,
+                cloudResponsibility=customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else "",
+                customerResponsibility=(customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""),
                 authorizationId=leverage_auth_id,
                 parentObjectiveId=objective.parentObjectiveId,
             )

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,114 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.05.15",
-    "dateReleased": "2025-05-15T17:04:05.6633Z",
-    "count": 1345,
+    "catalogVersion": "2025.05.29",
+    "dateReleased": "2025-05-29T11:25:31.4802Z",
+    "count": 1352,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-4632",
+            "vendorProject": "Samsung",
+            "product": "MagicINFO 9 Server",
+            "vulnerabilityName": "Samsung MagicINFO 9 Server Path Traversal Vulnerability",
+            "dateAdded": "2025-05-22",
+            "shortDescription": "Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.samsungtv.com\/securityUpdates#SVP-MAY-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4632",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-38950",
+            "vendorProject": "ZKTeco",
+            "product": "BioTime",
+            "vulnerabilityName": "ZKTeco BioTime Path Traversal Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.zkteco.com\/en\/Security_Bulletinsibs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38950",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-27443",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/8.8.15\/P46#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P39#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/10.0.7#Security_Fixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27443",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-27920",
+            "vendorProject": "Srimax",
+            "product": "Output Messenger",
+            "vulnerabilityName": "Srimax Output Messenger Directory Traversal Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.outputmessenger.com\/cve-2025-27920\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27920",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-11182",
+            "vendorProject": "MDaemon",
+            "product": "Email Server",
+            "vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/files.mdaemon.com\/mdaemon\/beta\/RelNotes_en.html ; https:\/\/mdaemon.com\/pages\/downloads-critical-updates ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11182",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4428",
+            "vendorProject": "Ivanti",
+            "product": "Endpoint Manager Mobile (EPMM)",
+            "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4428",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4427",
+            "vendorProject": "Ivanti",
+            "product": "Endpoint Manager Mobile (EPMM)",
+            "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4427",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
         {
             "cveID": "CVE-2025-42999",
             "vendorProject": "SAP",
@@ -1117,7 +1222,7 @@
             "shortDescription": "SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-03-06",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
             "cwes": [
                 "CWE-22"
@@ -8280,7 +8385,7 @@
             "shortDescription": "RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-08-30",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "Vulnerability updated with version 6.12. Accessing link will download update information: https:\/\/www.rarlab.com\/rar\/rarlinux-x32-612.tar.gz;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30333",
             "cwes": [
                 "CWE-22",
@@ -8296,7 +8401,7 @@
             "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-08-25",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P24.1#Security_Fixes;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27924",
             "cwes": [
                 "CWE-93"
@@ -9510,7 +9615,7 @@
             "shortDescription": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-06-15",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-1710",
             "cwes": []
         },
@@ -14048,7 +14153,7 @@
             "shortDescription": "The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-03-24",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-4681",
             "cwes": []
         },