InsightVM 7.0.0 release (#2236)

* [PLGN-498] InsightVM Change Top Remediations id (#2194) * Updated armorblox plugin with the review comments. (#1721) * Initial commit for armorblox plugin * Fix validate errors * Timestamp changes * Updated armorblox-sdk 0.1.4 version in requirements.txt * Updated the suggestions for plugin.spec.yaml * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Updated review comments * Update plugins/armorblox/icon_armorblox/triggers/get_incidents/schema.py * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Updated armorblox plugin with the required fixes * Updated plugin with latest fixes * Updated plugin with parameterized on test cases * "Fixed review comments" * Updated support field to community in plugin.spec.yaml --------- Co-authored-by: Ankita Sharma <ankita.sharma@xoriant.com> Co-authored-by: Rajat Upadhyaya <45485+urajat@users.noreply.github.com> * run black linter, fix unit tests and validators (#1857) * plgn-618 insight idr update schema (#2164) * Salesforce - Task Monitor Users: Improved logging (#2170) * [PLGN-621] Add OAuth to ServiceNow Plugin (#2157) * Update plugin spec * Add oauth authentication * get client id instead of key * Bump version * Revert help.md * Add type annotation for BearerAuth * Blacken * Revert Dockerfile * Fix test * Add timeout * black * Fix unit tests * Blacken unit tests * Update request_helper.py * Updated help.md | Added typehints in unittests --------- Co-authored-by: igorski-r7 <igor_gorski@rapid7.com> * [PLGN-408] Insight IDR - Adding new actions for Get Alert Information, Search Alerts, Retrieve Evidence for a Single Alert and Retrieve Actors for a Single Alert (#2175) * PLGN-408-Adding new actions for Get Alert Information, Search Alerts, Retrieve Evidence for a Single Alert and Retrieve Actors for a Single Alert * PLGN-408-Adding new actions for Get Alert Information, Search Alerts, Retrieve Evidence for a Single Alert and Retrieve Actors for a Single Alert * PLGN-408-Adding new actions for Get Alert Information, Search Alerts, Retrieve Evidence for a Single Alert and Retrieve Actors for a Single Alert * PLGN-408-Re-adding back in size and index to action, dropping version to make a multiple plugin release, adding in type hints * PLGN-408-Running black format * PLGN-408-Updating data to be of type object * PLGN-408-Updating to use f string * PLGN-408-Removing debug print * PLGN-408-Updating error var name * [PLGN-498]- Change Top Remediations id --------- Co-authored-by: SamhithaTatipalli <57620888+SamhithaTatipalli@users.noreply.github.com> Co-authored-by: Ankita Sharma <ankita.sharma@xoriant.com> Co-authored-by: Rajat Upadhyaya <45485+urajat@users.noreply.github.com> Co-authored-by: llaszuk-r7 <99184394+llaszuk-r7@users.noreply.github.com> Co-authored-by: igorski-r7 <99184344+igorski-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: igorski-r7 <igor_gorski@rapid7.com> Co-authored-by: rbowden-r7 <144030336+rbowden-r7@users.noreply.github.com> * [PLGN-653] IVM - Scan completion update (#2195) * Spec file mapped * Update version * Latest code change * Update version to 7 * Fix help.md * Validator fixes * Update IP in helpmd * Fix inconsistency * Fix inconsistency * Add connection version * Update query * Remove connection version * Updated query * Updated comments * Black formatting * change func call to util * Fix scan id input again * Remove filter function, made it local * Remove filter function, made it local * Fix silly mistakes * Change f string to multiline * Handle key error * Add asset group id in query * Add asset group id in query * Linter * Ivm trigger updates 2 - 8.0.0 (#2213) * Add in forgotten ip address and hostname * Updated query with source hardcoded * nosec on query & move strip msft to nexpose id * New query - removed duplicates * Reinsert scan ID * Remove strip msft * Fix plugin validators * Add connection version: * Fix typo in solution id and category * Remove all inputs minus site id & new query & new output mapping * Remove all inputs minus site id & new query & new output mapping * Remove all inputs minus site id & new query & new output mapping * Update help.md * Scan id added into report payload * Update connection version * Remove unused fstring * Fix helpmd breaking validator * Add scan id to output * Add scan ID to output in trigger * Update spacing in query * Linter * Update descriptions * Return version back to 7.0.0 (#2234) * Return version back to 7.0.0 * Return connection version to 7 * Update changelog --------- Co-authored-by: Jenna Richardson <96541628+jerichardson-r7@users.noreply.github.com> Co-authored-by: SamhithaTatipalli <57620888+SamhithaTatipalli@users.noreply.github.com> Co-authored-by: Ankita Sharma <ankita.sharma@xoriant.com> Co-authored-by: Rajat Upadhyaya <45485+urajat@users.noreply.github.com> Co-authored-by: llaszuk-r7 <99184394+llaszuk-r7@users.noreply.github.com> Co-authored-by: igorski-r7 <99184344+igorski-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: igorski-r7 <igor_gorski@rapid7.com> Co-authored-by: rbowden-r7 <144030336+rbowden-r7@users.noreply.github.com>
rapid7 · Jan 16, 2024 · 4d02599 · 4d02599
1 parent b2d5197
commit 4d02599
Show file tree

Hide file tree

Showing 9 changed files with 398 additions and 277 deletions.
diff --git a/plugins/rapid7_insightvm/.CHECKSUM b/plugins/rapid7_insightvm/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "8c162487e4fc21d316ae671ff14bdada",
-	"manifest": "1ad7045d507da48f30f04999d8e73b3b",
-	"setup": "1c6dcdf34833dd8b8ada2f2a80ae8279",
+	"spec": "48b8677fa13b141851f006ed0ca24571",
+	"manifest": "01d70222f096c2c8d1fae9041d1bd438",
+	"setup": "0fc42833668b7a1d39eb2bd61544273a",
 	"schemas": [
 		{
 			"identifier": "add_scan_engine_pool_engine/schema.py",
@@ -297,7 +297,7 @@
 		},
 		{
 			"identifier": "top_remediations/schema.py",
-			"hash": "08cb410b6e19f692509163845cceea57"
+			"hash": "0c39bbb6dfe9eb4c871fd4e49c2b37d7"
 		},
 		{
 			"identifier": "update_asset_group_search_criteria/schema.py",
@@ -373,7 +373,7 @@
 		},
 		{
 			"identifier": "scan_completion/schema.py",
-			"hash": "25386d06cb7cd3fe16a007c2aabe7c87"
+			"hash": "8e91ff0fafaf5bea63edc2d8ab574e62"
 		}
 	]
 }
diff --git a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 InsightVM Console"
 Vendor = "rapid7"
-Version = "6.2.0"
+Version = "7.0.0"
 Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans"
 
 

diff --git a/plugins/rapid7_insightvm/help.md b/plugins/rapid7_insightvm/help.md
@@ -3193,7 +3193,7 @@ Example output:
 
 #### New Vulnerability Exception
 
-This action is used to check for new InsightVM vulnerability exceptions
+This trigger is used to check for new InsightVM vulnerability exceptions
 
 ##### Input
 
@@ -3229,7 +3229,7 @@ Example output:
 
 #### New Scans
 
-This action is used to check for new InsightVM scans by site and scan status
+This trigger is used to check for new InsightVM scans by site and scan status
 
 ##### Input
 
@@ -3269,56 +3269,37 @@ Example output:
 
 #### Scan Completed
 
-This action is used to fire upon completed scan
+This trigger is used to fire upon completed scan
 
 ##### Input
 
 |Name|Type|Default|Required|Description|Enum|Example|
 | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|asset_group|string|None|False|Asset Group|None|2|
-|cve|string|None|False|CVE|None|ssh-cve-2018|
-|cvss_score|integer|0|False|A vulneravility score from 1-10. Only those with a score equal to or above the input will be shown|None|4|
 |interval|integer|5|True|How often the trigger should check for new vulnerability scans in minutes|None|5|
-|severity|string|None|False|Severity of the vulnerability|['', 'Moderate', 'Severe', 'Critical']|Severe|
 |site_id|string|None|False|Site ID|None|219|
-|source|string|None|False|Source|None|url|
 
 Example input:
 
 ```
 {
-  "asset_group": 2,
-  "cve": "ssh-cve-2018",
-  "cvss_score": 0,
   "interval": 5,
-  "severity": "Severe",
-  "site_id": 219,
-  "source": "url"
+  "site_id": 219
 }
 ```
 
 ##### Output
 
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
-|asset_id|integer|False|Asset ID|219|
-|hostname|string|False|Hostname|doc.rapid7.com|
-|ip|string|False|IP|8.8.8.8|
-|vulnerability_info|[]object|False|An array containing vulnerability id, solution id & solution summary|[{"vulnerability_id": 1111, "nexpose_id": "ssh-cve-2018", "solution_id": 1111, "solution_summary": "Example solution for cve"}, {"vulnerability_id": 2222, "nexpose_id": "ssh-cve-2019", "solution_id": 2222, "solution_summary": "Example solution for cve"}]|
-
+|scan_completed_output|[]scanCompleted|False|An array containing all the info|{}|
+|scan_id|integer|False|The ID of the scan|42|
+
 Example output:
 
 ```
 {
-  "asset_id": 219,
-  "hostname": "doc.rapid7.com",
-  "ip": "8.8.8.8",
-  "vulnerability_info": {
-    "nexpose_id": "ssh-cve-2018",
-    "solution_id": 1111,
-    "solution_summary": "Example solution for cve",
-    "vulnerability_id": 1111
-  }
+  "scan_completed_output": {},
+  "scan_id": 42
 }
 ```
 ### Tasks
@@ -3327,6 +3308,35 @@ Example output:
 
 ### Custom Types
 
+**scanCompleted**
+
+|Name|Type|Default|Required|Description|Example|
+| :--- | :--- | :--- | :--- | :--- | :--- |
+|Best Solution|string|None|False|Best solution|None|
+|CVSS Score|float|None|False|CVSS Score|None|
+|CVSS V3 Score|float|None|False|CVSS v3 score|None|
+|Date First Seen On Asset|string|None|False|Date first seen on the asset|None|
+|Date Most Recently Seen On Asset|string|None|False|Date most recently seen on the asset|None|
+|Days Present On Asset|integer|None|False|Days present on the asset|None|
+|Days Since Vulnerability First Published|integer|None|False|Days since the vulnerability was first published|None|
+|Estimated Time To Fix Per Asset|string|None|False|Estimated time to fix per asset|None|
+|Exploits|integer|None|False|Number of public exploits|None|
+|Hostname|string|None|False|Hostname|None|
+|IP Address|string|None|False|ip|None|
+|Malware Kits|integer|None|False|Number of malware kits known|None|
+|Member of Sites|[]string|None|False|Show which sites the vuln is a member of|None|
+|Nexpose ID|string|None|False|Nexpose ID|None|
+|Operating System|string|None|False|OS|None|
+|Risk Score|integer|None|False|Risk score|None|
+|Severity|string|None|False|Severity|None|
+|Solution ID|integer|None|False|Solution ID|None|
+|Solution Type|string|None|False|The type of the solution for the vulnerability|None|
+|Date Vulnerability First Published|string|None|False|Date the vulnerability was first published|None|
+|Vulnerability Details|string|None|False|Vulnerability details|None|
+|Vulnerability ID|integer|None|False|Vulnerability ID|None|
+|Vulnerability Instances|integer|None|False|Vulnerability count on asset|None|
+|Vulnerability Name|string|None|False|Vulnerability name|None|
+
 **report_id**
 
 |Name|Type|Default|Required|Description|Example|
@@ -3907,7 +3917,7 @@ Example output:
 | :--- | :--- | :--- | :--- | :--- | :--- |
 |CVSS Score|string|None|True|The CVSS score of the vulnerability|None|
 |Description|string|None|True|The description of the vulnerability|None|
-|ID|integer|None|True|Identifier of the vulnerability|None|
+|ID|string|None|True|Identifier of the vulnerability|None|
 |Risk Score|integer|None|True|The risk score of the vulnerability|None|
 |Severity|integer|None|True|The severity of the vulnerability|None|
 |Title|string|None|True|The title of the vulnerability|None|
@@ -3966,6 +3976,7 @@ Example output:
 
 # Version History
 
+* 7.0.0 - `Scan Completion` - Rework trigger to use a new query, resulting in a new output & removed all inputs except for `site_id` | `Top Remediations` - Update vulnerability_id to nexpose_id
 * 6.2.0 - `Scan Completion` - New trigger added to retrieve vulnerability information on assets when a scan is completed | Improved error handling across all API calls
 * 6.1.1 - Update actions `Update Site Excluded Targets` and `Update Site Included Targets` to prevent error on empty addresses
 * 6.1.0 - Add new optional input `override_blackout` in `Scan` action

diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py
@@ -18,7 +18,7 @@ def __init__(self):
             output=TopRemediationsOutput(),
         )
 
-    def run(self, params={}):
+    def run(self, params={}):  # noqa: MC0001
         remediations_limit = params.get(Input.LIMIT)
         # Generate unique identifier for report names
         identifier = uuid.uuid4()
@@ -124,7 +124,7 @@ def run(self, params={}):
             vuln_limit = params.get(Input.VULNERABILITY_LIMIT)
             if (vuln_limit == 0) or (len(remediations[row["solution_id"]]["vulnerabilities"]) < vuln_limit):
                 vulnerability = {
-                    "id": int(row["vulnerability_id"]),
+                    "id": row["nexpose_id"],
                     "title": row["title"],
                     "description": row["description"],
                     "cvssScore": row["cvss_score"],
@@ -183,7 +183,7 @@ def vulnerabilities_query(limit):
             f"SELECT DISTINCT solution_id, vulnerability_id "
             f"FROM dim_asset_vulnerability_solution "
             f")"
-            f"SELECT DISTINCT fr.solution_id, dv.vulnerability_id, dv.title, dv.description, "
+            f"SELECT DISTINCT fr.solution_id, dv.nexpose_id, dv.title, dv.description, "
             f"dv.severity_score, dv.riskscore, dv.cvss_score "
             f"FROM fact_remediation({limit}, 'riskscore DESC') AS fr "
             f"JOIN remediation_vulnerabilities rv ON fr.solution_id = rv.solution_id "

diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py
@@ -241,7 +241,7 @@ class TopRemediationsOutput(insightconnect_plugin_runtime.Output):
       "title": "remediation_vulnerability",
       "properties": {
         "id": {
-          "type": "integer",
+          "type": "string",
           "title": "ID",
           "description": "Identifier of the vulnerability",
           "order": 1