Ivm trigger updates 2 - 8.0.0 (#2213)

* Add in forgotten ip address and hostname * Updated query with source hardcoded * nosec on query & move strip msft to nexpose id * New query - removed duplicates * Reinsert scan ID * Remove strip msft * Fix plugin validators * Add connection version: * Fix typo in solution id and category * Remove all inputs minus site id & new query & new output mapping * Remove all inputs minus site id & new query & new output mapping * Remove all inputs minus site id & new query & new output mapping * Update help.md * Scan id added into report payload * Update connection version * Remove unused fstring * Fix helpmd breaking validator * Add scan id to output * Add scan ID to output in trigger * Update spacing in query * Linter * Update descriptions
rapid7 · Jan 16, 2024 · 1665869 · 1665869
1 parent 872d76b
commit 1665869
Show file tree

Hide file tree

Showing 7 changed files with 330 additions and 331 deletions.
diff --git a/plugins/rapid7_insightvm/.CHECKSUM b/plugins/rapid7_insightvm/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "84735bc9207f85e52a60b6276e5ad90e",
-	"manifest": "01d70222f096c2c8d1fae9041d1bd438",
-	"setup": "0fc42833668b7a1d39eb2bd61544273a",
+	"spec": "a1b4f8907e7b9682d45613323d977fa3",
+	"manifest": "4bc45025d1c674c0e6c9a79beb52f706",
+	"setup": "da73e498d36a2a300d67b34f3cefeb1b",
 	"schemas": [
 		{
 			"identifier": "add_scan_engine_pool_engine/schema.py",
@@ -373,7 +373,7 @@
 		},
 		{
 			"identifier": "scan_completion/schema.py",
-			"hash": "d3d1f1a737deeb15f6456af6c1e94fc5"
+			"hash": "8e91ff0fafaf5bea63edc2d8ab574e62"
 		}
 	]
 }
diff --git a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 InsightVM Console"
 Vendor = "rapid7"
-Version = "7.0.0"
+Version = "8.0.0"
 Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans"
 
 

diff --git a/plugins/rapid7_insightvm/help.md b/plugins/rapid7_insightvm/help.md
@@ -3275,52 +3275,31 @@ This trigger is used to fire upon completed scan
 
 |Name|Type|Default|Required|Description|Enum|Example|
 | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|asset_group|string|None|False|Asset Group|None|2|
-|category_name|string|None|False|Name of the category the vulnerability is contained within|None|Debian Linux|
-|cve|string|None|False|CVE|None|ssh-cve-2018|
-|cvss_score|integer|0|False|A vulneravility score from 1-10. Only those with a score equal to or above the input will be shown|None|4|
 |interval|integer|5|True|How often the trigger should check for new vulnerability scans in minutes|None|5|
-|severity|string|None|False|Severity of the vulnerability|['', 'Moderate', 'Severe', 'Critical']|Severe|
 |site_id|string|None|False|Site ID|None|219|
-|source|string|None|False|Source|None|url|
 
 Example input:
 
 ```
 {
-  "asset_group": 2,
-  "category_name": "Debian Linux",
-  "cve": "ssh-cve-2018",
-  "cvss_score": 0,
   "interval": 5,
-  "severity": "Severe",
-  "site_id": 219,
-  "source": "url"
+  "site_id": 219
 }
 ```
 
 ##### Output
 
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
-|assets|[]assets|False|An array containing the asset id, hostname and IP address|[{"asset_id": 1, "hostname": "google.com", "ip": "8.8.8.8"}, {"asset_id": 2, "hostname": "google.co.uk", "ip": "8.8.8.8"}]|
-|vulnerability_info|[]vulnerability_info|False|An array containing vulnerability id, solution id & solution summary|[{"vulnerability_id": 1111, "nexpose_id": "ssh-cve-2018", "solution_id": 1111, "solution_summary": "Example solution for cve"}, {"vulnerability_id": 2222, "nexpose_id": "ssh-cve-2019", "solution_id": 2222, "solution_summary": "Example solution for cve"}]|
+|scan_completed_output|[]scanCompleted|False|An array containing all the info|{}|
+|scan_id|integer|False|The ID of the scan|42|
 
 Example output:
 
 ```
 {
-  "assets": {
-    "asset_id": 1,
-    "hostname": "google.com",
-    "ip": "8.8.8.8"
-  },
-  "vulnerability_info": {
-    "nexpose_id": "ssh-cve-2018",
-    "solution_id": 1111,
-    "solution_summary": "Example solution for cve",
-    "vulnerability_id": 1111
-  }
+  "scan_completed_output": {},
+  "scan_id": 42
 }
 ```
 ### Tasks
@@ -3329,24 +3308,34 @@ Example output:
 
 ### Custom Types
 
-**assets**
-
-|Name|Type|Default|Required|Description|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- |
-|Asset ID|integer|None|False|The unique ID of the asset|None|
-|Hostname|string|None|False|The hostname for the asset|None|
-|IP Address|string|None|False|The IP address of the asset|None|
-
-**vulnerability_info**
+**scanCompleted**
 
 |Name|Type|Default|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- | :--- |
-|CVSS V3 Score|string|None|False|The CVSS score of the vulnerability|None|
-|Nexpose ID|string|None|False|The unique identifier for the vulnerability in nexpose|None|
-|Severity|string|None|False|The severity of the vulnerability|None|
-|Solution ID|string|None|False|The unique ID of the solution|None|
-|Solution Summary|string|None|False|The summary of the solution for the vulnerability|None|
-|Vulnerability ID|string|None|False|The unique ID of the vulnerability|None|
+|Best Solution|string|None|False|Best solution|None|
+|CVSS Score|float|None|False|CVSS Score|None|
+|CVSS V3 Score|float|None|False|CVSS v3 score|None|
+|Date First Seen On Asset|string|None|False|Date first seen on the asset|None|
+|Date Most Recently Seen On Asset|string|None|False|Date most recently seen on the asset|None|
+|Days Present On Asset|integer|None|False|Days present on the asset|None|
+|Days Since Vulnerability First Published|integer|None|False|Days since the vulnerability was first published|None|
+|Estimated Time To Fix Per Asset|string|None|False|Estimated time to fix per asset|None|
+|Exploits|integer|None|False|Number of public exploits|None|
+|Hostname|string|None|False|Hostname|None|
+|IP Address|string|None|False|ip|None|
+|Malware Kits|integer|None|False|Number of malware kits known|None|
+|Member of Sites|[]string|None|False|Show which sites the vuln is a member of|None|
+|Nexpose ID|string|None|False|Nexpose ID|None|
+|Operating System|string|None|False|OS|None|
+|Risk Score|integer|None|False|Risk score|None|
+|Severity|string|None|False|Severity|None|
+|Solution ID|integer|None|False|Solution ID|None|
+|Solution Type|string|None|False|The type of the solution for the vulnerability|None|
+|Date Vulnerability First Published|string|None|False|Date the vulnerability was first published|None|
+|Vulnerability Details|string|None|False|Vulnerability details|None|
+|Vulnerability ID|integer|None|False|Vulnerability ID|None|
+|Vulnerability Instances|integer|None|False|Vulnerability count on asset|None|
+|Vulnerability Name|string|None|False|Vulnerability name|None|
 
 **report_id**
 
@@ -3987,6 +3976,7 @@ Example output:
 
 # Version History
 
+* 8.0.0 - `Scan Completion` - Rework trigger to use a new query, resulting in a new output & removed all inputs except for `site_id`
 * 7.0.0 - `Scan Completion` - Update the trigger output and add new 'Category' input
 * 6.2.1 - Update Top Remediations id to be the nexpose_id
 * 6.2.0 - `Scan Completion` - New trigger added to retrieve vulnerability information on assets when a scan is completed | Improved error handling across all API calls