diff --git a/plugins/rapid7_insightvm/.CHECKSUM b/plugins/rapid7_insightvm/.CHECKSUM index 50320fdcc5..bca3e180f9 100644 --- a/plugins/rapid7_insightvm/.CHECKSUM +++ b/plugins/rapid7_insightvm/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "8c162487e4fc21d316ae671ff14bdada", - "manifest": "1ad7045d507da48f30f04999d8e73b3b", - "setup": "1c6dcdf34833dd8b8ada2f2a80ae8279", + "spec": "48b8677fa13b141851f006ed0ca24571", + "manifest": "01d70222f096c2c8d1fae9041d1bd438", + "setup": "0fc42833668b7a1d39eb2bd61544273a", "schemas": [ { "identifier": "add_scan_engine_pool_engine/schema.py", @@ -297,7 +297,7 @@ }, { "identifier": "top_remediations/schema.py", - "hash": "08cb410b6e19f692509163845cceea57" + "hash": "0c39bbb6dfe9eb4c871fd4e49c2b37d7" }, { "identifier": "update_asset_group_search_criteria/schema.py", @@ -373,7 +373,7 @@ }, { "identifier": "scan_completion/schema.py", - "hash": "25386d06cb7cd3fe16a007c2aabe7c87" + "hash": "8e91ff0fafaf5bea63edc2d8ab574e62" } ] } \ No newline at end of file diff --git a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm index 80505308dc..e6023bb2fb 100755 --- a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm +++ b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 InsightVM Console" Vendor = "rapid7" -Version = "6.2.0" +Version = "7.0.0" Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans" diff --git a/plugins/rapid7_insightvm/help.md b/plugins/rapid7_insightvm/help.md index 38361ce1b0..29c3643a4e 100644 --- a/plugins/rapid7_insightvm/help.md +++ b/plugins/rapid7_insightvm/help.md @@ -3193,7 +3193,7 @@ Example output: #### New Vulnerability Exception -This action is used to check for new InsightVM vulnerability exceptions +This trigger is used to check for new InsightVM vulnerability exceptions ##### Input @@ -3229,7 +3229,7 @@ Example output: #### New Scans -This action is used to check for new InsightVM scans by site and scan status +This trigger is used to check for new InsightVM scans by site and scan status ##### Input @@ -3269,31 +3269,21 @@ Example output: #### Scan Completed -This action is used to fire upon completed scan +This trigger is used to fire upon completed scan ##### Input |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|asset_group|string|None|False|Asset Group|None|2| -|cve|string|None|False|CVE|None|ssh-cve-2018| -|cvss_score|integer|0|False|A vulneravility score from 1-10. Only those with a score equal to or above the input will be shown|None|4| |interval|integer|5|True|How often the trigger should check for new vulnerability scans in minutes|None|5| -|severity|string|None|False|Severity of the vulnerability|['', 'Moderate', 'Severe', 'Critical']|Severe| |site_id|string|None|False|Site ID|None|219| -|source|string|None|False|Source|None|url| Example input: ``` { - "asset_group": 2, - "cve": "ssh-cve-2018", - "cvss_score": 0, "interval": 5, - "severity": "Severe", - "site_id": 219, - "source": "url" + "site_id": 219 } ``` @@ -3301,24 +3291,15 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|asset_id|integer|False|Asset ID|219| -|hostname|string|False|Hostname|doc.rapid7.com| -|ip|string|False|IP|8.8.8.8| -|vulnerability_info|[]object|False|An array containing vulnerability id, solution id & solution summary|[{"vulnerability_id": 1111, "nexpose_id": "ssh-cve-2018", "solution_id": 1111, "solution_summary": "Example solution for cve"}, {"vulnerability_id": 2222, "nexpose_id": "ssh-cve-2019", "solution_id": 2222, "solution_summary": "Example solution for cve"}]| - +|scan_completed_output|[]scanCompleted|False|An array containing all the info|{}| +|scan_id|integer|False|The ID of the scan|42| + Example output: ``` { - "asset_id": 219, - "hostname": "doc.rapid7.com", - "ip": "8.8.8.8", - "vulnerability_info": { - "nexpose_id": "ssh-cve-2018", - "solution_id": 1111, - "solution_summary": "Example solution for cve", - "vulnerability_id": 1111 - } + "scan_completed_output": {}, + "scan_id": 42 } ``` ### Tasks @@ -3327,6 +3308,35 @@ Example output: ### Custom Types +**scanCompleted** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Best Solution|string|None|False|Best solution|None| +|CVSS Score|float|None|False|CVSS Score|None| +|CVSS V3 Score|float|None|False|CVSS v3 score|None| +|Date First Seen On Asset|string|None|False|Date first seen on the asset|None| +|Date Most Recently Seen On Asset|string|None|False|Date most recently seen on the asset|None| +|Days Present On Asset|integer|None|False|Days present on the asset|None| +|Days Since Vulnerability First Published|integer|None|False|Days since the vulnerability was first published|None| +|Estimated Time To Fix Per Asset|string|None|False|Estimated time to fix per asset|None| +|Exploits|integer|None|False|Number of public exploits|None| +|Hostname|string|None|False|Hostname|None| +|IP Address|string|None|False|ip|None| +|Malware Kits|integer|None|False|Number of malware kits known|None| +|Member of Sites|[]string|None|False|Show which sites the vuln is a member of|None| +|Nexpose ID|string|None|False|Nexpose ID|None| +|Operating System|string|None|False|OS|None| +|Risk Score|integer|None|False|Risk score|None| +|Severity|string|None|False|Severity|None| +|Solution ID|integer|None|False|Solution ID|None| +|Solution Type|string|None|False|The type of the solution for the vulnerability|None| +|Date Vulnerability First Published|string|None|False|Date the vulnerability was first published|None| +|Vulnerability Details|string|None|False|Vulnerability details|None| +|Vulnerability ID|integer|None|False|Vulnerability ID|None| +|Vulnerability Instances|integer|None|False|Vulnerability count on asset|None| +|Vulnerability Name|string|None|False|Vulnerability name|None| + **report_id** |Name|Type|Default|Required|Description|Example| @@ -3907,7 +3917,7 @@ Example output: | :--- | :--- | :--- | :--- | :--- | :--- | |CVSS Score|string|None|True|The CVSS score of the vulnerability|None| |Description|string|None|True|The description of the vulnerability|None| -|ID|integer|None|True|Identifier of the vulnerability|None| +|ID|string|None|True|Identifier of the vulnerability|None| |Risk Score|integer|None|True|The risk score of the vulnerability|None| |Severity|integer|None|True|The severity of the vulnerability|None| |Title|string|None|True|The title of the vulnerability|None| @@ -3966,6 +3976,7 @@ Example output: # Version History +* 7.0.0 - `Scan Completion` - Rework trigger to use a new query, resulting in a new output & removed all inputs except for `site_id` | `Top Remediations` - Update vulnerability_id to nexpose_id * 6.2.0 - `Scan Completion` - New trigger added to retrieve vulnerability information on assets when a scan is completed | Improved error handling across all API calls * 6.1.1 - Update actions `Update Site Excluded Targets` and `Update Site Included Targets` to prevent error on empty addresses * 6.1.0 - Add new optional input `override_blackout` in `Scan` action diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py index 7f801ccc5b..048cbad108 100755 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/action.py @@ -18,7 +18,7 @@ def __init__(self): output=TopRemediationsOutput(), ) - def run(self, params={}): + def run(self, params={}): # noqa: MC0001 remediations_limit = params.get(Input.LIMIT) # Generate unique identifier for report names identifier = uuid.uuid4() @@ -124,7 +124,7 @@ def run(self, params={}): vuln_limit = params.get(Input.VULNERABILITY_LIMIT) if (vuln_limit == 0) or (len(remediations[row["solution_id"]]["vulnerabilities"]) < vuln_limit): vulnerability = { - "id": int(row["vulnerability_id"]), + "id": row["nexpose_id"], "title": row["title"], "description": row["description"], "cvssScore": row["cvss_score"], @@ -183,7 +183,7 @@ def vulnerabilities_query(limit): f"SELECT DISTINCT solution_id, vulnerability_id " f"FROM dim_asset_vulnerability_solution " f")" - f"SELECT DISTINCT fr.solution_id, dv.vulnerability_id, dv.title, dv.description, " + f"SELECT DISTINCT fr.solution_id, dv.nexpose_id, dv.title, dv.description, " f"dv.severity_score, dv.riskscore, dv.cvss_score " f"FROM fact_remediation({limit}, 'riskscore DESC') AS fr " f"JOIN remediation_vulnerabilities rv ON fr.solution_id = rv.solution_id " diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py index 9bd883b9f0..8126926887 100755 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/actions/top_remediations/schema.py @@ -241,7 +241,7 @@ class TopRemediationsOutput(insightconnect_plugin_runtime.Output): "title": "remediation_vulnerability", "properties": { "id": { - "type": "integer", + "type": "string", "title": "ID", "description": "Identifier of the vulnerability", "order": 1 diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py index 0b612aa538..b12dbb7e66 100644 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py @@ -8,20 +8,13 @@ class Component: class Input: - ASSET_GROUP = "asset_group" - CVE = "cve" - CVSS_SCORE = "cvss_score" INTERVAL = "interval" - SEVERITY = "severity" SITE_ID = "site_id" - SOURCE = "source" class Output: - ASSET_ID = "asset_id" - HOSTNAME = "hostname" - IP = "ip" - VULNERABILITY_INFO = "vulnerability_info" + SCAN_COMPLETED_OUTPUT = "scan_completed_output" + SCAN_ID = "scan_id" class ScanCompletionInput(insightconnect_plugin_runtime.Input): @@ -30,25 +23,6 @@ class ScanCompletionInput(insightconnect_plugin_runtime.Input): "type": "object", "title": "Variables", "properties": { - "asset_group": { - "type": "string", - "title": "Asset Group", - "description": "Asset Group", - "order": 3 - }, - "cve": { - "type": "string", - "title": "CVE", - "description": "CVE", - "order": 4 - }, - "cvss_score": { - "type": "integer", - "title": "CVSS V3 Score", - "description": "A vulneravility score from 1-10. Only those with a score equal to or above the input will be shown", - "default": 0, - "order": 6 - }, "interval": { "type": "integer", "title": "Interval", @@ -56,29 +30,11 @@ class ScanCompletionInput(insightconnect_plugin_runtime.Input): "default": 5, "order": 1 }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity of the vulnerability", - "enum": [ - "", - "Moderate", - "Severe", - "Critical" - ], - "order": 7 - }, "site_id": { "type": "string", "title": "Site ID", "description": "Site ID", "order": 2 - }, - "source": { - "type": "string", - "title": "Source", - "description": "Source", - "order": 5 } }, "required": [ @@ -98,35 +54,177 @@ class ScanCompletionOutput(insightconnect_plugin_runtime.Output): "type": "object", "title": "Variables", "properties": { - "asset_id": { - "type": "integer", - "title": "Asset ID", - "description": "Asset ID", - "order": 1 - }, - "hostname": { - "type": "string", - "title": "Hostname", - "description": "Hostname", - "order": 2 - }, - "ip": { - "type": "string", - "title": "IP", - "description": "IP", - "order": 3 - }, - "vulnerability_info": { + "scan_completed_output": { "type": "array", - "title": "Vulnerability Info", - "description": "An array containing vulnerability id, solution id & solution summary", + "title": "Scan Completed Output", + "description": "An array containing all the info", "items": { - "type": "object" + "$ref": "#/definitions/scanCompleted" }, - "order": 4 + "order": 2 + }, + "scan_id": { + "type": "integer", + "title": "Scan ID", + "description": "The ID of the scan", + "order": 1 } }, - "definitions": {} + "definitions": { + "scanCompleted": { + "type": "object", + "title": "scanCompleted", + "properties": { + "ip_address": { + "type": "string", + "title": "IP Address", + "description": "ip", + "order": 1 + }, + "hostname": { + "type": "string", + "title": "Hostname", + "description": "Hostname", + "order": 2 + }, + "os": { + "type": "string", + "title": "Operating System", + "description": "OS", + "order": 3 + }, + "member_of_sites": { + "type": "array", + "title": "Member of Sites", + "description": "Show which sites the vuln is a member of", + "items": { + "type": "string" + }, + "order": 4 + }, + "severity": { + "type": "string", + "title": "Severity", + "description": "Severity", + "order": 5 + }, + "riskscore": { + "type": "integer", + "title": "Risk Score", + "description": "Risk score", + "order": 6 + }, + "cvss_score": { + "type": "number", + "title": "CVSS Score", + "description": "CVSS Score", + "order": 7 + }, + "cvss_v3_score": { + "type": "number", + "title": "CVSS V3 Score", + "description": "CVSS v3 score", + "order": 8 + }, + "exploits": { + "type": "integer", + "title": "Exploits", + "description": "Number of public exploits", + "order": 9 + }, + "malware_kits": { + "type": "integer", + "title": "Malware Kits", + "description": "Number of malware kits known", + "order": 10 + }, + "vulnerability_id": { + "type": "integer", + "title": "Vulnerability ID", + "description": "Vulnerability ID", + "order": 11 + }, + "vulnerability_name": { + "type": "string", + "title": "Vulnerability Name", + "description": "Vulnerability name", + "order": 12 + }, + "vulnerability_details": { + "type": "string", + "title": "Vulnerability Details", + "description": "Vulnerability details", + "order": 13 + }, + "vulnerability_instances": { + "type": "integer", + "title": "Vulnerability Instances", + "description": "Vulnerability count on asset", + "order": 14 + }, + "vuln_first_published": { + "type": "string", + "title": "Date Vulnerability First Published", + "description": "Date the vulnerability was first published", + "order": 15 + }, + "days_since_vuln_first_published": { + "type": "integer", + "title": "Days Since Vulnerability First Published", + "description": "Days since the vulnerability was first published", + "order": 16 + }, + "days_present_on_asset": { + "type": "integer", + "title": "Days Present On Asset", + "description": "Days present on the asset", + "order": 17 + }, + "date_first_seen_on_asset": { + "type": "string", + "title": "Date First Seen On Asset", + "description": "Date first seen on the asset", + "order": 18 + }, + "date_most_recently_seen_on_asset": { + "type": "string", + "title": "Date Most Recently Seen On Asset", + "description": "Date most recently seen on the asset", + "order": 19 + }, + "solution_id": { + "type": "integer", + "title": "Solution ID", + "description": "Solution ID", + "order": 20 + }, + "nexpose_id": { + "type": "string", + "title": "Nexpose ID", + "description": "Nexpose ID", + "order": 21 + }, + "best_solution": { + "type": "string", + "title": "Best Solution", + "description": "Best solution", + "order": 22 + }, + "est_time_to_fix": { + "type": "string", + "title": "Estimated Time To Fix Per Asset", + "description": "Estimated time to fix per asset", + "order": 23 + }, + "solution_type": { + "type": "string", + "title": "Solution Type", + "description": "The type of the solution for the vulnerability", + "order": 24 + } + } + } + } } """) diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py index e430cf4f38..b0684adca0 100644 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py @@ -7,7 +7,6 @@ from komand_rapid7_insightvm.util import util import csv import io -from typing import List, Union, Dict from insightconnect_plugin_runtime.exceptions import PluginException from komand_rapid7_insightvm.util.resource_requests import ResourceRequests from komand_rapid7_insightvm.util import endpoints @@ -41,30 +40,21 @@ def run(self, params={}): time.sleep(60) continue - results = self.get_results_from_latest_scan(params=params, scan_id=int(latest_scan_id)) + results = self.get_results_from_latest_scan(scan_id=int(latest_scan_id)) # Submit scan for trigger - for item in results: - self.send( - { - Output.ASSET_ID: item.get("asset_id"), - Output.IP: item.get("ip_address"), - Output.HOSTNAME: item.get("hostname"), - Output.VULNERABILITY_INFO: item.get("vulnerability_info"), - } - ) + self.send({Output.SCAN_ID: latest_scan_id, Output.SCAN_COMPLETED_OUTPUT: results}) first_latest_scan_id = latest_scan_id # Sleep configured in minutes time.sleep(params.get(Input.INTERVAL, 5) * 60) - def get_results_from_latest_scan(self, params: dict, scan_id: int) -> List[Dict[str, Union[str, int]]]: + def get_results_from_latest_scan(self, scan_id: int): """ Take a scan id and run a sql query to retrieve the information needed for the trigger output - :param params: All of the user input params :param scan_id: The ID of the scan :return: A list of condensed and filter results for output in the trigger. @@ -80,7 +70,8 @@ def get_results_from_latest_scan(self, params: dict, scan_id: int) -> List[Dict[ report_payload = { "name": f"Rapid7-InsightConnect-ScanCompletion-{identifier}", "format": "sql-query", - "query": ScanQueries.query_results_from_latest_scan(scan_id), + "scope": {"scan": scan_id}, + "query": ScanQueries.query_results_from_latest_scan(), "version": "2.3.0", } @@ -94,11 +85,12 @@ def get_results_from_latest_scan(self, params: dict, scan_id: int) -> List[Dict[ assistance=f"Exception returned was {error}", ) - results_dict = {} + results_list = [] + for row in csv_report: - results_dict.update(Util.filter_results(params, row, results_dict)) + results_list.append(row) - return list(results_dict.values()) + return results_list def find_latest_completed_scan(self, site_id: str, cached: bool) -> int: """ @@ -136,105 +128,51 @@ def find_latest_completed_scan(self, site_id: str, cached: bool) -> int: class ScanQueries: @staticmethod - def query_results_from_latest_scan(scan_id: int) -> str: + def query_results_from_latest_scan() -> str: """ Generate an SQL query string needed to to retrieve all the necessary outputs - :param scan_id: Scan ID to query against :return: The completed query string """ - - return ( - f"SELECT fasvi.scan_id, fasvi.asset_id, fasvi.vulnerability_id, dv.cvss_v3_score, dvr.source, daga.asset_group_id, dss.solution_id, dss.summary, dv.nexpose_id " # nosec B608 - f"FROM fact_asset_scan_vulnerability_instance AS fasvi " - f"JOIN dim_asset_group_asset AS daga ON (fasvi.asset_id = daga.asset_id) " - f"JOIN dim_vulnerability AS dv ON (fasvi.vulnerability_id = dv.vulnerability_id) " - f"JOIN dim_vulnerability_reference AS dvr ON (fasvi.vulnerability_id = dvr.vulnerability_id) " - f"JOIN dim_solution AS dss ON (dv.nexpose_id = dss.nexpose_id) " - f"WHERE fasvi.scan_id = {scan_id} " - ) + return """SELECT + DISTINCT ON (dv.vulnerability_id, da.ip_address, da.host_name) da.ip_address AS "IP Address", + da.host_name AS "Hostname", + dos.description AS "Operating System", + da.sites AS "Member of Sites", + dv.severity AS "Severity", + round(dv.riskscore :: numeric, 0) AS "Risk", + round(dv.cvss_score :: numeric, 2) AS "CVSS Score", + round(dv.cvss_v3_score :: numeric, 2) AS "CVSSv3 Score", + dv.exploits AS "Number of Public Exploits", + dv.malware_kits AS "Number of Malware Kits Known", + dv.vulnerability_id AS "Vulnerability ID", + dv.title AS "Vulnerability Name", + proofAsText(dv.description) AS "Vulnerability Details", + fasvf.vulnerability_instances AS "Vulnerability Count on Asset", + dv.date_published AS "Date Vulnerability First Published", + CURRENT_DATE - dv.date_published :: date AS "Days Since Vulnerability First Published", + round(fava.age_in_days :: numeric, 0) AS "Days Present on Asset", + fava.first_discovered AS "Date First Seen on Asset", + fava.most_recently_discovered AS "Date Most Recently Seen on Asset", + ds.solution_id AS "Solution ID", + ds.nexpose_id AS "Nexpose ID", + proofAsText(ds.fix) AS "Best Solution", + ds.estimate AS "Estimated Time To Fix Per Asset", + proofAsText(ds.solution_type) AS "Solution Type" + FROM + dim_asset da + JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id + JOIN dim_asset_vulnerability_best_solution davbs ON davbs.asset_id = da.asset_id + JOIN dim_solution ds ON ds.solution_id = davbs.solution_id + JOIN dim_vulnerability dv ON dv.vulnerability_id = davbs.vulnerability_id + JOIN dim_vulnerability_reference dvf ON dvf.vulnerability_id = dv.vulnerability_id + JOIN fact_asset_vulnerability_age fava ON dv.vulnerability_id = fava.vulnerability_id + JOIN fact_asset_vulnerability_finding fasvf ON dv.vulnerability_id = fasvf.vulnerability_id + WHERE dvf.source IN ('MSKB','MS') + """ # nosec B608 class Util: - @staticmethod - def filter_results(params: dict, csv_row: dict, results: dict) -> Union[None, dict]: - """ - Filter the outputted results based on the user inputs. - - :param params: Input params - :param csv_row: Dict row of the csv results - :param results: New object to append results to - - :return: New object containing only the necessary fields for the required output. - """ - - # Input retrieval - asset_group = params.get(Input.ASSET_GROUP, None) - cve = params.get(Input.CVE, None) - source = params.get(Input.SOURCE, None) - cvss_score = params.get(Input.CVSS_SCORE, None) - severity = params.get(Input.SEVERITY, None) - - # We retrieve this separately because we use it as a unique identifier for - # the filtering process - asset_id = int(csv_row.get("asset_id", 0)) - - new_dict = { - "asset_id": asset_id, - "hostname": csv_row.get("host_name", ""), - "ip_address": csv_row.get("ip_address", ""), - "vulnerability_info": [ - { - "vulnerability_id": csv_row.get("vulnerability_id", ""), - "nexpose_id": csv_row.get("nexpose_id", ""), - "cvss_v3_score": csv_row.get("cvss_v3_score", 0), - "severity": csv_row.get("severity", ""), - "solution_id": Util.strip_msft_id(csv_row.get("solution_id", "")), - "solution_summary": csv_row.get("summary", ""), - } - ], - } - - # If an input and it is not found, return None in place of the row to filter - # out the result - if asset_group and asset_group not in csv_row.get("asset_group_id", ""): - return {} - if cve and cve not in csv_row.get("nexpose_id", ""): - return {} - if source and source not in csv_row.get("source", ""): - return {} - if cvss_score and csv_row.get("cvss_v3_score", 0) < cvss_score: - return {} - if severity and severity not in csv_row.get("severity", ""): - return {} - # Otherwise, return the newly filtered result. - - existing_asset_id = results.get(asset_id, None) - - if existing_asset_id: - existing_asset_id["vulnerability_info"] += new_dict.get("vulnerability_info", []) - else: - results[asset_id] = new_dict - - return results - - @staticmethod - def strip_msft_id(solution_id: str) -> str: - """ - Helper method to strip solution IDs specific to microsoft IDs - to return a useful solution ID for sccm - - :param solution_id: Solution ID - :return: Regular solution ID or stripped solution ID - """ - - list_x = solution_id.split("-") - - if list_x[0] == "msft": - return "-".join(list_x[2:]) - else: - return solution_id - @staticmethod def verify_scan_id_input(scan_id: int): """ diff --git a/plugins/rapid7_insightvm/plugin.spec.yaml b/plugins/rapid7_insightvm/plugin.spec.yaml index bfeb9b65b1..de9aa9f299 100644 --- a/plugins/rapid7_insightvm/plugin.spec.yaml +++ b/plugins/rapid7_insightvm/plugin.spec.yaml @@ -4,7 +4,8 @@ products: [insightconnect] name: rapid7_insightvm title: Rapid7 InsightVM Console description: InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans -version: 6.2.0 +version: 7.0.0 +connection_version: 7 supported_versions: ["Rapid7 InsightVM API v3 2022-05-25"] vendor: rapid7 support: rapid7 @@ -25,6 +26,127 @@ hub_tags: keywords: [insightvm, rapid7] features: [] types: + scanCompleted: + ip_address: + title: IP Address + description: ip + type: string + required: false + hostname: + title: Hostname + description: Hostname + type: string + required: false + os: + title: Operating System + description: OS + type: string + required: false + member_of_sites: + title: Member of Sites + description: Show which sites the vuln is a member of + type: '[]string' + required: false + severity: + title: Severity + description: Severity + type: string + required: false + riskscore: + title: Risk Score + description: Risk score + type: integer + required: false + cvss_score: + title: CVSS Score + description: CVSS Score + type: float + required: false + cvss_v3_score: + title: CVSS V3 Score + description: CVSS v3 score + type: float + required: false + exploits: + title: Exploits + description: Number of public exploits + type: integer + required: false + malware_kits: + title: Malware Kits + description: Number of malware kits known + type: integer + required: false + vulnerability_id: + title: Vulnerability ID + description: Vulnerability ID + type: integer + required: false + vulnerability_name: + title: Vulnerability Name + description: Vulnerability name + type: string + required: false + vulnerability_details: + title: Vulnerability Details + description: Vulnerability details + type: string + required: false + vulnerability_instances: + title: Vulnerability Instances + description: Vulnerability count on asset + type: integer + required: false + vuln_first_published: + title: Date Vulnerability First Published + description: Date the vulnerability was first published + type: string + required: false + days_since_vuln_first_published: + title: Days Since Vulnerability First Published + description: Days since the vulnerability was first published + type: integer + required: false + days_present_on_asset: + title: Days Present On Asset + description: Days present on the asset + type: integer + required: false + date_first_seen_on_asset: + title: Date First Seen On Asset + description: Date first seen on the asset + type: string + required: false + date_most_recently_seen_on_asset: + title: Date Most Recently Seen On Asset + description: Date most recently seen on the asset + type: string + required: false + solution_id: + title: Solution ID + description: Solution ID + type: integer + required: false + nexpose_id: + title: Nexpose ID + description: Nexpose ID + type: string + required: false + best_solution: + title: Best Solution + description: Best solution + type: string + required: false + est_time_to_fix: + title: Estimated Time To Fix Per Asset + description: Estimated time to fix per asset + type: string + required: false + solution_type: + title: Solution Type + description: The type of the solution for the vulnerability + type: string + required: false report_id: id: description: Identifer @@ -1661,7 +1783,7 @@ types: id: title: ID description: Identifier of the vulnerability - type: integer + type: string required: true title: title: Title @@ -4493,64 +4615,16 @@ triggers: type: string required: false example: 219 - asset_group: - title: Asset Group - description: Asset Group - type: string - required: false - example: 2 - cve: - title: CVE - description: CVE - type: string - required: false - example: ssh-cve-2018 - source: - title: Source - description: Source - type: string - required: false - example: url - cvss_score: - title: CVSS V3 Score - description: A vulneravility score from 1-10. Only those with a score equal to or above the input will be shown - type: integer - required: false - default: 0 - example: 4 - severity: - title: Severity - description: Severity of the vulnerability - type: string - required: false - enum: - - "" - - Moderate - - Severe - - Critical - example: Severe output: - asset_id: - title: Asset ID - description: Asset ID + scan_id: + title: Scan ID + description: The ID of the scan type: integer + example: 42 required: false - example: 219 - hostname: - title: Hostname - description: Hostname - type: string - required: false - example: doc.rapid7.com - ip: - title: IP - description: IP - type: string - required: false - example: 8.8.8.8 - vulnerability_info: - title: Vulnerability Info - description: An array containing vulnerability id, solution id & solution summary - type: '[]object' + scan_completed_output: + title: Scan Completed Output + description: An array containing all the info + type: '[]scanCompleted' + example: {} required: false - example: [{'vulnerability_id': 1111, 'nexpose_id': 'ssh-cve-2018', 'solution_id': 1111, 'solution_summary': 'Example solution for cve'}, {'vulnerability_id': 2222, 'nexpose_id': 'ssh-cve-2019', 'solution_id': 2222, 'solution_summary': 'Example solution for cve'}] diff --git a/plugins/rapid7_insightvm/setup.py b/plugins/rapid7_insightvm/setup.py index 4d1c2b4715..5a29fc2be3 100755 --- a/plugins/rapid7_insightvm/setup.py +++ b/plugins/rapid7_insightvm/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insightvm-rapid7-plugin", - version="6.2.0", + version="7.0.0", description="InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans", author="rapid7", author_email="",