regscale-cli 6.20.5.0__py3-none-any.whl → 6.20.7.0__py3-none-any.whl

regscale/integrations/commercial/wizv2/constants.py

@@ -131,6 +131,9 @@ INVENTORY_QUERY = """
     graphEntity{
       id
       providerUniqueId
+      publicExposures(first: 5) {
+          totalCount
+      }
       name
       type
       projects {
@@ -435,6 +438,18 @@ VULNERABILITY_QUERY = """
       name
       detailedName
       description
+      commentThread {
+        comments(first:100) {
+          edges {
+            node {
+              body,
+              author {
+                name
+              }
+            }
+          }
+        }
+      },
       severity: vendorSeverity
       weightedSeverity
       status

regscale/integrations/commercial/wizv2/parsers.py

@@ -271,6 +271,29 @@ def get_ip_address_from_props(network_dict: Dict) -> Optional[str]:
     return network_dict.get("ip4_address") or network_dict.get("ip6_address")
 
 
+def get_ip_v4_from_props(network_dict: Dict) -> Optional[str]:
+    """
+    Get IPv4 address from properties
+    :param Dict network_dict: Network dictionary
+    :return: IPv4 address if it can be parsed from the network dictionary
+    :rtype: Optional[str]
+    """
+    ip = network_dict.get("address")
+    if ip:
+        logger.info("get_ip_v4_from_props: %s", ip)
+    return network_dict.get("address")
+
+
+def get_ip_v6_from_props(network_dict: Dict) -> Optional[str]:
+    """
+    Get IPv6 address from properties
+    :param Dict network_dict: Network dictionary
+    :return: IPv6 address if it can be parsed from the network dictionary
+    :rtype: Optional[str]
+    """
+    return network_dict.get("ip6_address")
+
+
 def fetch_wiz_data(
     query: str,
     variables: dict,

regscale/integrations/commercial/wizv2/scanner.py

@@ -5,10 +5,11 @@ import json
 import logging
 import os
 import re
-from typing import Any, Dict, Iterator, List, Optional, Union
+from typing import Any, Dict, Iterator, List, Optional, Union, Tuple
 
 from regscale.core.app.utils.app_utils import check_file_path, get_current_datetime
 from regscale.core.utils import get_base_protocol_from_port
+from regscale.core.utils.date import format_to_regscale_iso
 from regscale.integrations.commercial.wizv2.constants import (
     INVENTORY_FILE_PATH,
     INVENTORY_QUERY,
@@ -19,7 +20,6 @@ from regscale.integrations.commercial.wizv2.parsers import (
     collect_components_to_create,
     fetch_wiz_data,
     get_disk_storage,
-    get_ip_address_from_props,
     get_latest_version,
     get_network_info,
     get_product_ids,
@@ -101,7 +101,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :yield: IntegrationFinding objects
         :rtype: Iterator[IntegrationFinding]
         """
-        self.authenticate(kwargs.get("client_id"), kwargs.get("client_secret"))
+
         project_id = kwargs.get("wiz_project_id")
         if not project_id:
             raise ValueError("Wiz project ID is required")
@@ -137,7 +137,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         for node in nodes:
             if finding := self.parse_finding(node, vulnerability_type):
-                self.num_findings_to_process += 1
+                self.num_findings_to_process = (self.num_findings_to_process or 0) + 1
                 yield finding
 
     @classmethod
@@ -151,6 +151,25 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         """
         return cls.finding_severity_map.get(severity.capitalize(), regscale_models.IssueSeverity.Low)
 
+    def process_comments(self, comments_dict: Dict) -> Optional[str]:
+        """
+        Processes comments from Wiz findings to match RegScale's comment format.
+
+        :param Dict comments_dict: The comments from the Wiz finding
+        :return: If available the Processed comments in RegScale format
+        :rtype:  Optional[str]
+        """
+        result = None
+
+        if comments := comments_dict.get("comments", {}).get("edges", []):
+            formatted_comments = [
+                f"{edge.get('node', {}).get('author', {}).get('name', 'Unknown')}: {edge.get('node', {}).get('body', 'No comment')}"
+                for edge in comments
+            ]
+            # Join with newlines
+            result = "\n".join(formatted_comments)
+        return result
+
     def parse_finding(
         self, node: Dict[str, Any], vulnerability_type: WizVulnerabilityType
     ) -> Optional[IntegrationFinding]:
@@ -168,6 +187,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 return None
 
             first_seen = node.get("firstDetectedAt") or node.get("firstSeenAt") or get_current_datetime()
+            first_seen = format_to_regscale_iso(first_seen)
             severity = self.get_issue_severity(node.get("severity", "Low"))
             due_date = regscale_models.Issue.get_due_date(severity, self.app.config, "wiz", first_seen)
 
@@ -179,6 +199,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 else node.get("cve", name)
             )
 
+            comments_dict = node.get("commentThread", {})
+            formatted_comments = self.process_comments(comments_dict)
+
             return IntegrationFinding(
                 control_labels=[],
                 category="Wiz Vulnerability",
@@ -190,7 +213,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 external_id=f"{node.get('sourceRule', {'id': cve}).get('id')}",
                 first_seen=first_seen,
                 date_created=first_seen,
-                last_seen=node.get("lastDetectedAt") or node.get("analyzedAt") or get_current_datetime(),
+                last_seen=format_to_regscale_iso(
+                    node.get("lastDetectedAt") or node.get("analyzedAt") or get_current_datetime()
+                ),
                 remediation=node.get("description", ""),
                 cvss_score=node.get("score"),
                 cve=cve,
@@ -199,6 +224,10 @@ class WizVulnerabilityIntegration(ScannerIntegration):
                 source_rule_id=node.get("sourceRule", {}).get("id"),
                 vulnerability_type=vulnerability_type.value,
                 due_date=due_date,
+                date_last_updated=format_to_regscale_iso(get_current_datetime()),
+                identification="Vulnerability Assessment",
+                comments=formatted_comments,
+                poam_comments=formatted_comments,
             )
         except (KeyError, TypeError, ValueError) as e:
             logger.error("Error parsing Wiz finding: %s", str(e), exc_info=True)
@@ -226,9 +255,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :yields: Iterator[IntegrationAsset]
         """
         self.authenticate(kwargs.get("client_id"), kwargs.get("client_secret"))
-        wiz_project_id = kwargs.get("wiz_project_id")
+        wiz_project_id: str = kwargs.get("wiz_project_id", "")
         logger.info("Fetching Wiz assets...")
-        filter_by_override = kwargs.get("filter_by_override") or WizVariables.wizInventoryFilterBy
+        filter_by_override: Dict[str, Any] = kwargs.get("filter_by_override") or WizVariables.wizInventoryFilterBy or {}
         filter_by = self.get_filter_by(filter_by_override, wiz_project_id)
 
         variables = self.get_variables()
@@ -261,6 +290,32 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             filter_by["updatedAt"] = {"after": WizVariables.wizLastInventoryPull}  # type: ignore
         return filter_by
 
+    def get_software_details(
+        self, wiz_entity_properties: Dict, node: Dict[str, Any], software_name_dict: Dict[str, str], name: str
+    ) -> Tuple[Optional[str], Optional[str], Optional[str]]:
+        """
+        Gets the software version, vendor, and name from the Wiz entity properties and node.
+        Handles container images differently by extracting the version and name from the image tags.
+        :param Dict wiz_entity_properties: The properties of the Wiz entity
+        :param Dict node: The Wiz node containing the entity
+        :param Dict software_name_dict: Dictionary containing software name and vendor
+        :param str name: The name of the software or container image
+        :return: A tuple containing software_version, software_vendor, and software_name
+        :rtype: Tuple[Optional[str], Optional[str], Optional[str]]
+        """
+        if node.get("type", "") == "CONTAINER_IMAGE":
+            software_version = handle_container_image_version(
+                image_tags=wiz_entity_properties.get("imageTags", []), name=name
+            )
+            software_name = name.split(":")[0].split("/")[-1] if name else ""
+            software_vendor = name.split(":")[0].split("/")[1] if len(name.split(":")[0].split("/")) > 1 else None
+        else:
+            software_version = self.get_software_version(wiz_entity_properties, node)
+            software_name = self.get_software_name(software_name_dict, wiz_entity_properties, node)
+            software_vendor = self.get_software_vendor(software_name_dict, wiz_entity_properties, node)
+
+        return software_version, software_vendor, software_name
+
     def parse_asset(self, node: Dict[str, Any]) -> Optional[IntegrationAsset]:
         """
         Parses Wiz assets
@@ -276,23 +331,20 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             return None
 
         wiz_entity_properties = wiz_entity.get("properties", {})
+        is_public = False
+        if public_exposures := wiz_entity.get("publicExposures"):
+            if exposure_count := public_exposures.get("totalCount"):
+                is_public = exposure_count > 0
+
         network_dict = get_network_info(wiz_entity_properties)
         handle_provider_dict = handle_provider(wiz_entity_properties)
         software_name_dict = get_software_name_from_cpe(wiz_entity_properties, name)
         software_list = self.create_name_version_dict(wiz_entity_properties.get("installedPackages", []))
-
         ports_and_protocols = self.get_ports_and_protocols(wiz_entity_properties)
 
-        if node.get("type", "") == "CONTAINER_IMAGE":
-            software_version = handle_container_image_version(
-                image_tags=wiz_entity_properties.get("imageTags", []), name=name
-            )
-            software_name = name.split(":")[0].split("/")[-1] if name else ""
-            software_vendor = name.split(":")[0].split("/")[1] if len(name.split(":")[0].split("/")) > 1 else None
-        else:
-            software_version = self.get_software_version(wiz_entity_properties, node)
-            software_name = self.get_software_name(software_name_dict, wiz_entity_properties, node)
-            software_vendor = self.get_software_vendor(software_name_dict, wiz_entity_properties, node)
+        software_version, software_vendor, software_name = self.get_software_details(
+            wiz_entity_properties, node, software_name_dict, name
+        )
 
         if WizVariables.useWizHardwareAssetTypes and node.get("graphEntity", {}).get("technologies", []):
             technologies = node.get("graphEntity", {}).get("technologies", [])
@@ -316,7 +368,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             date_last_updated=wiz_entity.get("lastSeen", ""),
             management_type=handle_management_type(wiz_entity_properties),
             status=self.map_wiz_status(wiz_entity_properties.get("status")),
-            ip_address=get_ip_address_from_props(wiz_entity_properties),
+            ip_address=network_dict.get("ip4_address"),
+            ipv6_address=network_dict.get("ip6_address"),
             software_vendor=software_vendor,
             software_version=software_version,
             software_name=software_name,
@@ -325,10 +378,10 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             model=wiz_entity_properties.get("nativeType"),
             manufacturer=wiz_entity_properties.get("cloudPlatform"),
             serial_number=get_product_ids(wiz_entity_properties),
-            is_public_facing=wiz_entity_properties.get("directlyInternetFacing", False),
-            azure_identifier=handle_provider_dict.get("azureIdentifier"),
+            is_public_facing=is_public,
+            azure_identifier=handle_provider_dict.get("azureIdentifier", ""),
             mac_address=wiz_entity_properties.get("macAddress"),
-            fqdn=wiz_entity_properties.get("dnsName") or network_dict.get("dns"),
+            fqdn=network_dict.get("dns") or wiz_entity_properties.get("dnsName"),
             disk_storage=get_disk_storage(wiz_entity_properties) or 0,
             cpu=pull_resource_info_from_props(wiz_entity_properties)[1] or 0,
             ram=pull_resource_info_from_props(wiz_entity_properties)[0] or 0,
@@ -337,9 +390,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             end_of_life_date=wiz_entity_properties.get("versionEndOfLifeDate"),
             vlan_id=wiz_entity_properties.get("zone"),
             uri=network_dict.get("url"),
-            aws_identifier=handle_provider_dict.get("awsIdentifier"),
-            google_identifier=handle_provider_dict.get("googleIdentifier"),
-            other_cloud_identifier=handle_provider_dict.get("otherCloudIdentifier"),
+            aws_identifier=handle_provider_dict.get("awsIdentifier", ""),
+            google_identifier=handle_provider_dict.get("googleIdentifier", ""),
+            other_cloud_identifier=handle_provider_dict.get("otherCloudIdentifier", ""),
             patch_level=get_latest_version(wiz_entity_properties),
             cpe=wiz_entity_properties.get("cpe"),
             component_names=collect_components_to_create([node], []),
@@ -378,7 +431,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Software vendor
         :rtype: Optional[str]
         """
-        if map_category(node.get("type")) == regscale_models.AssetCategory.Software:
+        if map_category(node.get("type", "")) == regscale_models.AssetCategory.Software:
             return software_name_dict.get("software_vendor") or wiz_entity_properties.get("cloudPlatform")
         return None
 
@@ -392,8 +445,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Software version
         :rtype: Optional[str]
         """
-        if map_category(node.get("type")) == regscale_models.AssetCategory.Software:
-            return handle_software_version(wiz_entity_properties, map_category(node.get("type"))) or "1.0"
+        if map_category(node.get("type", "")) == regscale_models.AssetCategory.Software:
+            return handle_software_version(wiz_entity_properties, map_category(node.get("type", ""))) or "1.0"
         return None
 
     @staticmethod
@@ -407,7 +460,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :return: Software name
         :rtype: Optional[str]
         """
-        if map_category(node.get("type")) == regscale_models.AssetCategory.Software:
+        if map_category(node.get("type", "")) == regscale_models.AssetCategory.Software:
             return software_name_dict.get("software_name") or wiz_entity_properties.get("nativeType")
         return None
 
@@ -458,6 +511,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         else:
             logger.info("File %s does not exist. Fetching new data...", file_path)
 
+        self.authenticate(WizVariables.wizClientId, WizVariables.wizClientSecret)
+
         if not self.wiz_token:
             raise ValueError("Wiz token is not set. Please authenticate first.")
 

regscale/integrations/commercial/wizv2/utils.py

@@ -19,6 +19,7 @@ from pydantic import ValidationError
 from rich.progress import Progress, TaskID
 
 from regscale.core.app.api import Api
+from regscale.core.app.application import Application
 from regscale.core.app.utils.app_utils import (
     error_and_exit,
     check_file_path,
@@ -50,6 +51,8 @@ from regscale.models import (
     ControlImplementation,
     Assessment,
     regscale_models,
+    ControlImplementationStatus,
+    ImplementationObjective,
 )
 from regscale.utils import PaginatedGraphQLClient
 from regscale.utils.decorators import deprecated
@@ -58,6 +61,31 @@ logger = logging.getLogger("regscale")
 compliance_job_progress = create_progress_object()
 
 
+def is_report_expired(report_run_at: str, max_age_days: int) -> bool:
+    """
+    Check if a report is expired based on its run date
+
+    :param str report_run_at: Report run date in ISO format
+    :param int max_age_days: Maximum age in days
+    :return: True if report is expired, False otherwise
+    :rtype: bool
+    """
+    try:
+        run_date = datetime_obj(report_run_at)
+        if not run_date:
+            return True
+
+        # Convert to naive datetime for comparison
+        run_date_naive = run_date.replace(tzinfo=None)
+        current_date = datetime.datetime.now()
+        age_in_days = (current_date - run_date_naive).days
+
+        return age_in_days >= max_age_days
+    except (ValueError, TypeError):
+        # If we can't parse the date, consider it expired
+        return True
+
+
 def get_notes_from_wiz_props(wiz_entity_properties: Dict, external_id: str) -> str:
     """
     Get notes from wiz properties
@@ -418,15 +446,28 @@ def get_or_create_report_id(
     :param target_framework: Target framework name with underscores
     :return: Single report ID
     """
+    app = Application()
+    report_age_days = app.config.get("wizReportAge", 15)
     report_name = f"{target_framework}_project_{project_id}"
 
     # Check for existing report with exact name
     for report in existing_reports:
         if report.get("name") == report_name:
             logger.info(f"Found existing report '{report_name}' with ID {report['id']}")
-            return report["id"]
 
-    # Create new report if no exact match found
+            # Check if report is expired based on wizReportAge
+            run_at = report.get("lastRun", {}).get("runAt")
+
+            if run_at and is_report_expired(run_at, report_age_days):
+                logger.info(
+                    f"Report '{report_name}' is expired (older than {report_age_days} days), will create new report"
+                )
+                break
+            else:
+                logger.info(f"Report '{report_name}' is still valid, using existing report")
+                return report["id"]
+
+    # Create new report if no valid existing report found
     try:
         framework_index = frameworks.index(target_framework)
         framework_id = wiz_frameworks[framework_index].get("id")
@@ -756,7 +797,7 @@ def _sync_compliance(
         compliance_job_progress.update(report_job, completed=True, advance=1)
 
         if catalog_id:
-            logger.info("Fetching all Controls for catalog #%d...", catalog_id)
+            logger.info("Fetching all Controls for catalog #%s...", catalog_id)
             catalog = Catalog.get_with_all_details(catalog_id=catalog_id)
             controls = catalog.get("controls") if catalog else []
         else:
@@ -916,7 +957,7 @@ def create_report_assessment(filtered_results: List, reports: List, control_id:
     for report in reports:
         html_summary = format_dict_to_html(report.dict())
         if implementation:
-            Assessment(
+            a = Assessment(
                 leadAssessorId=implementation.createdById,
                 title=f"Wiz compliance report assessment for {control_id}",
                 assessmentType="Control Testing",
@@ -930,3 +971,49 @@ def create_report_assessment(filtered_results: List, reports: List, control_id:
                 parentModule="controls",
                 isPublic=True,
             ).create()
+            update_implementation_status(
+                implementation=implementation,
+                result=report.result,
+            )
+            logger.info(f"Created report assessment for {control_id}: {a.id}")
+
+
+def update_implementation_status(implementation: ControlImplementation, result: str) -> ControlImplementation:
+    """
+    Update implementation status based on the report result
+
+    :param ControlImplementation implementation: Control Implementation object
+    :param str result: Report result
+    :return: Updated Control Implementation object
+    :rtype: ControlImplementation
+    """
+    objectives = ImplementationObjective.get_all_by_parent(
+        parent_module=implementation.get_module_slug(),
+        parent_id=implementation.id,
+    )
+    if objectives:
+        for objective in objectives:
+            objective.status = report_result_to_implementation_status(result)
+            objective.save()
+            logger.debug(f"Updated status for {objective.id}: {objective.status}")
+    else:
+        implementation.objectives = []
+    implementation.status = report_result_to_implementation_status(result)
+    implementation.save()
+    logger.info(f"Updated implementation status for {implementation.id}: {implementation.status}")
+
+
+def report_result_to_implementation_status(result: str) -> str:
+    """
+    Convert report result to implementation status
+
+    :param str result: Report result
+    :return: Implementation status
+    :rtype: str
+    """
+    if result == ComplianceCheckStatus.PASS.value:
+        return ControlImplementationStatus.Implemented.value
+    elif result == ComplianceCheckStatus.FAIL.value:
+        return ControlImplementationStatus.InRemediation.value
+    else:
+        return ControlImplementationStatus.NotImplemented.value

regscale/integrations/commercial/wizv2/variables.py

@@ -31,7 +31,7 @@ class WizVariables(metaclass=RsVariablesMeta):
   "PRIVATE_LINK", "RAW_ACCESS_POLICY", "REGISTERED_DOMAIN", "RESOURCE_GROUP", "SECRET",
   "SECRET_CONTAINER", "SERVERLESS", "SERVERLESS_PACKAGE", "SERVICE_ACCOUNT", "SERVICE_CONFIGURATION",
   "STORAGE_ACCOUNT", "SUBNET", "SUBSCRIPTION", "VIRTUAL_DESKTOP", "VIRTUAL_MACHINE",
-  "VIRTUAL_MACHINE_IMAGE", "VIRTUAL_NETWORK", "VOLUME", "WEB_SERVICE" ] }""",
+  "VIRTUAL_MACHINE_IMAGE", "VIRTUAL_NETWORK", "VOLUME", "WEB_SERVICE", "NETWORK_ADDRESS"] }""",
     )  # type: ignore
     wizAccessToken: RsVariableType(str, "", sensitive=True, required=False)  # type: ignore
     wizClientId: RsVariableType(str, "", sensitive=True)  # type: ignore
@@ -44,3 +44,4 @@ class WizVariables(metaclass=RsVariablesMeta):
         default=["SERVER_APPLICATION", "CLIENT_APPLICATION", "VIRTUAL_APPLIANCE"],
         required=False,
     )  # type: ignore
+    wizReportAge: RsVariableType(int, "14", default=14, required=False)  # type: ignore

regscale/integrations/commercial/wizv2/wiz_auth.py

@@ -49,10 +49,10 @@ def wiz_authenticate(client_id: Optional[str] = None, client_secret: Optional[st
     # get secrets
     client_id = WizVariables.wizClientId if client_id is None else client_id
     if not client_id:
-        raise ValueError("No Wiz Client ID provided in system environment or CLI command.")
+        error_and_exit("No Wiz Client ID provided in system environment or CLI command.")
     client_secret = WizVariables.wizClientSecret if client_secret is None else client_secret
     if not client_secret:
-        raise ValueError("No Wiz Client Secret provided in system environment or CLI command.")
+        error_and_exit("No Wiz Client Secret provided in system environment or CLI command.")
     wiz_auth_url = config.get("wizAuthUrl")
     if not wiz_auth_url:
         error_and_exit("No Wiz Authentication URL provided in the init.yaml file.")
@@ -100,7 +100,7 @@ def get_token(api: Api, client_id: str, client_secret: str, token_url: str) -> t
     )
     if response.ok:
         status_code = 200
-    logger.debug(response.reason)
+    logger.info(response.reason)
     # If response is unauthorized, try the first cognito url
     if response.status_code == requests.codes.unauthorized:
         try:

regscale/integrations/public/fedramp/fedramp_docx.py

@@ -12,6 +12,7 @@ from ssp import SSP  # type: ignore
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
+from regscale.core.app.utils.app_utils import error_and_exit
 from regscale.integrations.public.fedramp.fedramp_common import (
     get_profile_info_by_id,
     logger,
@@ -38,10 +39,8 @@ from regscale.integrations.public.fedramp.fedramp_common import (
     post_ports,
     post_links,
     post_implementations,
-    debug_logger,
     post_leveraged_authorizations,
 )
-from regscale.core.app.utils.app_utils import error_and_exit
 from regscale.models import ProfileMapping
 
 
@@ -365,7 +364,7 @@ def process_fedramp_docx(
             load_missing=load_missing,
         )
     except Exception as e:
-        debug_logger.info(e, exc_info=True)
+        logger.info(e)
         logger.error(
             f"Unable to gather implementations: {e}",
             record_type="implementations",

regscale/integrations/scanner_integration.py

@@ -247,6 +247,7 @@ class IntegrationAsset:
     mac_address: Optional[str] = None
     fqdn: Optional[str] = None
     ip_address: Optional[str] = None
+    ipv6_address: Optional[str] = None
     component_names: List[str] = dataclasses.field(default_factory=list)
     is_virtual: bool = True
 
@@ -1112,6 +1113,7 @@ class ScannerIntegration(ABC):
             azureIdentifier=asset.azure_identifier,
             location=asset.location,
             ipAddress=asset.ip_address,
+            iPv6Address=asset.ipv6_address,
             fqdn=asset.fqdn,
             macAddress=asset.mac_address,
             diskStorage=asset.disk_storage,
@@ -1651,6 +1653,7 @@ class ScannerIntegration(ABC):
         issue.riskAdjustment = finding.risk_adjustment
         issue.operationalRequirement = finding.operational_requirements
         issue.deviationRationale = finding.deviation_rationale
+        issue.dateLastUpdated = get_current_datetime()
 
         if finding.cve:
             issue = self.lookup_kev_and_upate_issue(cve=finding.cve, issue=issue, cisa_kevs=self._kev_data)
@@ -2323,7 +2326,7 @@ class ScannerIntegration(ABC):
             or finding.observations,  # or finding.evidence, whichever is more appropriate
             port=finding.port if hasattr(finding, "port") else None,
             protocol=finding.protocol if hasattr(finding, "protocol") else None,
-            operatingSystem=asset.operating_system if hasattr(asset, "operating_system") else None,
+            operatingSystem=asset.operatingSystem if hasattr(asset, "operatingSystem") else None,
             fixedVersions=finding.fixed_versions,
             buildVersion=finding.build_version,
             fixStatus=finding.fix_status,
@@ -2339,7 +2342,7 @@ class ScannerIntegration(ABC):
             vulnerabilityId=vulnerability.id,
             assetId=asset.id,
             scanId=scan_history.id,
-            securityPlansId=self.plan_id if not self.is_component else None,
+            securityPlanId=self.plan_id if not self.is_component else None,
             createdById=self.assessor_id,
             tenantsId=self.tenant_id,
             isPublic=True,
@@ -2347,6 +2350,7 @@ class ScannerIntegration(ABC):
             firstSeen=finding.first_seen,
             lastSeen=finding.last_seen,
             status=finding.status,
+            dateLastUpdated=get_current_datetime(),
         ).create_unique()
         return vulnerability
 
@@ -2534,6 +2538,7 @@ class ScannerIntegration(ABC):
             f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
         )
         issue.changes = f"{issue.changes}\n{changes_text}" if issue.changes else changes_text
+        issue.dateLastUpdated = get_current_datetime()
         issue.save()
 
         with count_lock:

regscale/models/app_models/import_validater.py

@@ -133,9 +133,13 @@ class ImportValidater:
         :param Union[list, pd.Index] headers: List of headers from the file
         """
         import re
+        from pandas import Index
 
         from regscale.models import Mapping
 
+        if isinstance(headers, Index):
+            headers = [str(header) for header in headers]  # Convert pd.Index to list of strings
+
         if not self.ignore_unnamed and any(re.search(r"unnamed", header, re.IGNORECASE) for header in headers):  # type: ignore
             raise ValidationException(
                 f"Unable to parse headers from the file. Please ensure the headers are named in {self.file_path}"
@@ -227,7 +231,7 @@ class ImportValidater:
             elif self.worksheet_name:
                 df = pandas.read_excel(file_path, sheet_name=self.worksheet_name)
             elif self.skip_rows:
-                df = pandas.read_excel(file_path, skiprows=self.skip_rows)
+                df = pandas.read_excel(file_path, skiprows=self.skip_rows - 1)
             else:
                 df = pandas.read_excel(file_path)
         except Exception as e:

regscale/models/app_models/mapping.py

@@ -121,8 +121,10 @@ class Mapping(BaseModel):
         mapping = values.data.get("mapping")
         if mapping is not None and expected_field_names is not None:
             if missing_fields := [field for field in expected_field_names if field not in mapping]:
+                # Get file_path_for_prompt from values instead of cls
+                file_path = values.data.get("file_path_for_prompt")
                 for field in missing_fields:
-                    cls._prompt_for_field(field, mapping, cls.file_path_for_prompt)
+                    cls._prompt_for_field(field, mapping, file_path)
         return expected_field_names
 
     @field_validator("expected_field_names")