BIG UPDATE. Reference pull request for full details. #49
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
crodriguez6497
added a commit
that referenced
this pull request
Jun 4, 2024
BIG UPDATE. Reference pull request for full details.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
-Updated all SQL statements to parameterized queries.
-Added additional logic and validation to IAVM Number field. If an IAVM number is provided, an icon is generated with a link to the VRAM IAV Release Details page. An IAV Comply By Datepicker is also displayed and IAV Comply By Date becomes a required field once an IAVM number is provided.
-Added functionality to update a POAM Asset List with any applicable assets that have findings in STIG Manager based off of Vulnerability ID.
-Added STIG Manager findings section. The primary "FINDINGS GRID" tab displays the results of a query to STIG Managers' collections/{collectionId}/findings and stigs/rules/${ruleId}. This is aggregated by groupId with acceptedOnly = false. Additional projections for "collections/{collectionId}/findings" include assets and stigs while projections for "stigs/rules/${ruleId}" include check, and fix.
Ultimately this displays a grid that includes Group ID, Rule Title, Benchmark ID, Severity and Asset Count of all findings. When expanding a row it displays a list of affected assets. ADDITIONALLY, the far right column has a "Create or Update POAM" button. When clicked, a draft POAM will be opened with the "Source Identifying Control Vulnerability", "STIG Title", "Source Identifying Control Vulnerability - ID #", "Raw Severity Value", and the Asset List filled out. Additionally, Discussion, Check, and Fix are compiled into a textarea. A toggle will appear at the top of the POAM to "View STIG Manager Check Data" if this data is available. The secondary "FINDINGS CHART" tab displays a chart view of the severity of all findings. Chart design/style is similar to other C-PAT charts and also includes export functionality. Filters have been added beneath both the grid and the chart to filter the findings based off of whether a POAM already exists or not. All column titles are sortable. Primary use case: filter by Severity high-low find items without an existing poam.