regscale-cli 6.24.0.1__py3-none-any.whl → 6.25.0.1__py3-none-any.whl

regscale/integrations/commercial/synqly/vulnerabilities.py

@@ -14,6 +14,33 @@ def vulnerabilities() -> None:
     pass
 
 
+@vulnerabilities.command(name="build-query")
+@click.option(
+    "--provider",
+    required=False,
+    help="Provider ID (e.g., vulnerabilities_armis_centrix). If not specified, starts interactive mode.",
+)
+@click.option("--validate", help="Validate a filter string against provider capabilities")
+@click.option("--list-fields", is_flag=True, default=False, help="List all available fields for the provider")
+def build_query(provider, validate, list_fields):
+    """
+    Build and validate filter queries for Vulnerabilities connectors.
+
+    Examples:
+        # Build a filter query
+        regscale vulnerabilities build-query
+
+        # List all fields for a specific provider
+        regscale vulnerabilities build-query --provider vulnerabilities_armis_centrix --list-fields
+
+        # Validate a filter string
+        regscale vulnerabilities build-query --provider vulnerabilities_armis_centrix --validate "device.ip[eq]192.168.1.1"
+    """
+    from regscale.integrations.commercial.synqly.query_builder import handle_build_query
+
+    handle_build_query("vulnerabilities", provider, validate, list_fields)
+
+
 @vulnerabilities.command(name="sync_crowdstrike")
 @regscale_ssp_id()
 @click.option(
@@ -37,19 +64,33 @@ def vulnerabilities() -> None:
     is_flag=True,
     default=False,
 )
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
 @click.option(
     "--url",
     type=click.STRING,
     help="Base URL for the CrowdStrike Falcon® Spotlight API.",
     required=False,
 )
-def sync_crowdstrike(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, url: str) -> None:
+def sync_crowdstrike(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str, url: str
+) -> None:
     """Sync Vulnerabilities from Crowdstrike to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_crowdstrike = Vulnerabilities("crowdstrike")
     vulnerabilities_crowdstrike.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans, url=url
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
+        url=url,
     )
 
 
@@ -72,13 +113,26 @@ def sync_crowdstrike(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime
 @click.option(
     "--all_scans", help="Whether to sync all vulnerabilities from Nucleus", required=False, is_flag=True, default=False
 )
-def sync_nucleus(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool) -> None:
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_nucleus(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str
+) -> None:
     """Sync Vulnerabilities from Nucleus to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_nucleus = Vulnerabilities("nucleus")
     vulnerabilities_nucleus.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
     )
 
 
@@ -105,13 +159,26 @@ def sync_nucleus(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, al
     is_flag=True,
     default=False,
 )
-def sync_qualys_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool) -> None:
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_qualys_cloud(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str
+) -> None:
     """Sync Vulnerabilities from Qualys Cloud to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_qualys_cloud = Vulnerabilities("qualys_cloud")
     vulnerabilities_qualys_cloud.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
     )
 
 
@@ -138,13 +205,26 @@ def sync_qualys_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetim
     is_flag=True,
     default=False,
 )
-def sync_rapid7_insight_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool) -> None:
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_rapid7_insight_cloud(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str
+) -> None:
     """Sync Vulnerabilities from Rapid7 Insight Cloud to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_rapid7_insight_cloud = Vulnerabilities("rapid7_insight_cloud")
     vulnerabilities_rapid7_insight_cloud.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
     )
 
 
@@ -171,13 +251,26 @@ def sync_rapid7_insight_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date:
     is_flag=True,
     default=False,
 )
-def sync_servicenow_vr(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool) -> None:
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_servicenow_vr(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str
+) -> None:
     """Sync Vulnerabilities from Servicenow Vr to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_servicenow_vr = Vulnerabilities("servicenow_vr")
     vulnerabilities_servicenow_vr.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
     )
 
 
@@ -204,13 +297,26 @@ def sync_servicenow_vr(regscale_ssp_id: int, vuln_filter: str, scan_date: dateti
     is_flag=True,
     default=False,
 )
-def sync_tanium_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool) -> None:
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_tanium_cloud(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str
+) -> None:
     """Sync Vulnerabilities from Tanium Cloud to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_tanium_cloud = Vulnerabilities("tanium_cloud")
     vulnerabilities_tanium_cloud.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
     )
 
 
@@ -237,19 +343,33 @@ def sync_tanium_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetim
     is_flag=True,
     default=False,
 )
+@click.option(
+    "--asset_filter",
+    help='STRING: Apply filters to asset queries. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
 @click.option(
     "--url",
     type=click.STRING,
     help="Base URL for the Tenable Cloud API.",
     required=False,
 )
-def sync_tenable_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, url: str) -> None:
+def sync_tenable_cloud(
+    regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, asset_filter: str, url: str
+) -> None:
     """Sync Vulnerabilities from Tenable Cloud to RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Vulnerabilities
 
     vulnerabilities_tenable_cloud = Vulnerabilities("tenable_cloud")
     vulnerabilities_tenable_cloud.run_sync(
-        regscale_ssp_id=regscale_ssp_id, vuln_filter=vuln_filter, scan_date=scan_date, all_scans=all_scans, url=url
+        regscale_ssp_id=regscale_ssp_id,
+        vuln_filter=vuln_filter,
+        scan_date=scan_date,
+        all_scans=all_scans,
+        filter=asset_filter.split(";") if asset_filter else [],
+        url=url,
     )
 
 

regscale/integrations/commercial/wizv2/compliance_report.py

@@ -925,6 +925,19 @@ class WizComplianceReportProcessor(ComplianceIntegration):
                         impl.lastAssessmentResult = "Pass"
                         impl.bStatusImplemented = True
 
+                        # Ensure required fields are set if empty
+                        if not impl.responsibility:
+                            impl.responsibility = ControlImplementation.get_default_responsibility(
+                                parent_id=impl.parentId
+                            )
+                            logger.debug(
+                                f"Setting default responsibility for control {control_id}: {impl.responsibility}"
+                            )
+
+                        if not impl.implementation:
+                            impl.implementation = f"Implementation details for {control_id} will be documented."
+                            logger.debug(f"Setting default implementation statement for control {control_id}")
+
                         # Set audit fields if available
                         user_id = self.app.config.get("userId")
                         if user_id:
@@ -1041,6 +1054,15 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         impl.lastAssessmentResult = "Fail"
         impl.bStatusImplemented = False
 
+        # Ensure required fields are set if empty
+        if not impl.responsibility:
+            impl.responsibility = ControlImplementation.get_default_responsibility(parent_id=impl.parentId)
+            logger.debug(f"Setting default responsibility for control {control_id}: {impl.responsibility}")
+
+        if not impl.implementation:
+            impl.implementation = f"Implementation details for {control_id} will be documented."
+            logger.debug(f"Setting default implementation statement for control {control_id}")
+
         # Set audit fields if available
         user_id = self.app.config.get("userId")
         if user_id:

regscale/integrations/compliance_integration.py

@@ -1864,6 +1864,23 @@ class ComplianceIntegration(ScannerIntegration, ABC):
             implementation.status = new_status
             implementation.dateLastAssessed = get_current_datetime()
             implementation.lastAssessmentResult = result
+
+            # Ensure required fields are set if empty
+            if not implementation.responsibility:
+                implementation.responsibility = ControlImplementation.get_default_responsibility(
+                    parent_id=implementation.parentId
+                )
+                logger.debug(
+                    f"Setting default responsibility for implementation {implementation.id}: {implementation.responsibility}"
+                )
+
+            if not implementation.implementation:
+                control_id = (
+                    getattr(implementation.control, "controlId", "control") if implementation.control else "control"
+                )
+                implementation.implementation = f"Implementation details for {control_id} will be documented."
+                logger.debug(f"Setting default implementation statement for implementation {implementation.id}")
+
             implementation.save()
 
             # Update objectives if they exist

regscale/integrations/scanner_integration.py

@@ -1162,6 +1162,21 @@ class ScannerIntegration(ABC):
         self.components_by_title[component_name] = component
         return component
 
+    def _get_compliance_settings_id(self) -> Optional[int]:
+        """
+        Get the compliance settings ID from the security plan.
+
+        :return: The compliance settings ID if available
+        :rtype: Optional[int]
+        """
+        try:
+            security_plan = regscale_models.SecurityPlan.get_object(object_id=self.plan_id)
+            if security_plan and hasattr(security_plan, "complianceSettingsId"):
+                return security_plan.complianceSettingsId
+        except Exception as e:
+            logger.debug(f"Failed to get compliance settings ID from security plan {self.plan_id}: {e}")
+        return None
+
     def _create_new_component(self, asset: IntegrationAsset, component_name: str) -> regscale_models.Component:
         """
         Create a new component for the asset.
@@ -1178,6 +1193,7 @@ class ScannerIntegration(ABC):
             securityPlansId=self.plan_id,
             description=component_name,
             componentOwnerId=self.get_assessor_id(),
+            complianceSettingsId=self._get_compliance_settings_id(),
         ).get_or_create()
         self.components.append(component)
         return component