Giter Site home page Giter Site logo

kennasecurity / all_samples Goto Github PK

View Code? Open in Web Editor NEW
29.0 27.0 29.0 2.11 MB

Coding samples using the Kenna Security Platform REST API. All the code samples in this GitHub repository are offered “as is” and include no warranty of any kind. Use them at your own risk. In no event will Kenna be liable to end user or any other party for damages of any kind arising from the use of these samples.

Ruby 48.26% Python 11.73% PowerShell 0.19% Jupyter Notebook 39.53% Shell 0.29%
kenna security ruby python vulnerability management

all_samples's People

Contributors

ababhis2 avatar andygeorge avatar caleb-eckenwiler avatar dbrotherskenna avatar dependabot[bot] avatar ishgaror avatar jaredkalmus avatar jgamblin avatar katieweb avatar kkolon avatar lidiaattalla avatar lindambrown avatar lonyejiaka avatar mend-for-github-com[bot] avatar perrottimi avatar rick-kenna avatar ro31339 avatar tmgerhart avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

all_samples's Issues

script running issue

Traceback (most recent call last):
2: from csv_extract_with_details.rb:172:in <main>' 1: from csv_extract_with_details.rb:160:in get_bulk_assets'
csv_extract_with_details.rb:160:in `delete': no implicit conversion of nil into String (TypeError)

CWE-WASC mapping

Checkmarx identifies many vulnerability categories which have no mapping to WASC id. The script stops if the mapping is not found hard-coded dictionary in the script. How to deal with such situation? I have Checkmarx scan results with CWE ids which are not mapped to WASC id.

KDI Importer issue

I'm trying to run the KDI generic transformed script.

My csv has the following fields:
artifact,date,fixedVersion,installedVersion,Vuln Description,resource,CVSS,severity,CVE,Vuln Name

I have edited default_meta as follows

Kenna Item - DON'T EDIT THESE VALUES Associated Source File Column Required Description Object Type
date_format %d/%m/%Y yes if dates in data Script Only - used to format dates google ruby strftime for more info on format syntax
locator hostname no Script only - field used to deduplication prior to upload - should match kenna locator syntax Asset
file one value per Asset is required column name in CSV pointing to (string) path of affected file Asset
ip_address IP Address one value per Asset is required column name in CSV pointing to (string) IP of internal facing asset Asset
mac_address one value per Asset is required column name in CSV pointing to (mac format-regex) MAC address asset Asset
hostname artifact one value per Asset is required column name in CSV pointing to (string) host name/domain name of affected asset Asset
ec2 one value per Asset is required column name in CSV pointing to (string) Amazon EC2 instance id or name Asset
netbios one value per Asset is required column name in CSV pointing to(string) netbios name Asset
url one value per Asset is required column name in CSV pointing to (string) URL pointing to asset Asset
fqdn one value per Asset is required column name in CSV pointing to (string) fqdn of asset Asset
external_id one value per Asset is required column name in CSV pointing to (string) ExtID of asset Asset
database one value per Asset is required column name in CSV pointing to (string) Name of db Asset
application artifact yes column name in CSV pointing to (string) ID/app Name - label assigned to asset Asset
tags "Product Line,Product Business Unit,Product Division,Finder Type" no (string) comma separated list of columns with strings that correspond to tags on an asset - no spaces Asset Meta
tag_prefix "AppID:,Prod_BU:,Prod_Div:,Find_type:" no comma separated list of prefixes which corresponds to list in tag. Number and order of elements should match tags exactly.
owner no column name in CSV pointing to (string) Some string that identifies an owner of an asset Asset Meta
os no column name in CSV pointing to (string) Operating system of asset Asset Meta
os_version no column name in CSV pointing to (string) OS version Asset Meta
priority no column name in CSV pointing to (Integer) Priority of asset (int 1 to 10).Adjusts asset score. nil for default to 10 Asset Meta
scanner_source static yes declares scanner_type data as static (listed in this file) or column (pulled from the csv source file)
scanner_type Pen Test yes (string) - official name of scan type - should be the same across files where appropriate can be static or pulled from column as directed in scanner_source Vulnerability & Vuln Def
scanner_id Issue ID no column name in CSV pointing to (string) - Vuln ID as defined by the scanner Vulnerability & Vuln Def
details no column name in CSV pointing to (string) - Details about vuln specific to single host Vulnerability
created no column name in CSV pointing to (string) - Date vuln created Vulnerability
scanner_score CVSS no column name in CSV pointing to (Integer) - scanner score used for scoring appsec vulns - informational for network vulns - translate to int 1-10 using score_map if needed Vulnerability
score_map "{""High"":""8"",""Critical"":""10"",""Medium"":""6"",""Low"":""3""}" no hash of translation scanner score values to kenna range of 1-10 if needed based on column in scanner_score
last_fixed no column name in CSV pointing to (string) - Last fixed date Vulnerability
last_seen no column name in CSV pointing to (string) Date it was closed Vulnerability
status Current Status no "column name in CSV pointing to (string) default to ""open"" if inbound reports will only include open vulns" Vulnerability
status_map "{ ""Impact Statement Pending"" : ""open"", ""Closed"" : ""closed"", ""New"" : ""open"", ""Remediation Plan Pending"" : ""open"", ""Remedy in Progress"" : ""open""}" no Script Only - hash of translation... scanner status to Kenna status mappings if needed
closed required if status is closed column name in CSV pointing to (string) Date it was closed Vulnerability
port Port no column name in CSV pointing to (Integer) Port if associated with vuln Vulnerability
cve_id CVE yes column name in CSV pointing to (string) CVEs - note that this can be a comma-delimited list format CVE-000-0000 Vuln Def
wasc_id no column name in CSV pointing to (string) WASC - note that this can be a comma-delimited list - format WASC-00 Vuln Def
cwe_id no column name in CSV pointing to (string) CWE - note that this can be a comma-delimited list - format CWE-000 Vuln Def
name Vuln Name yes "column name in CSV pointing to (string) Name/title of Vuln will be displayed as vuln name if no cve cwe or wasc" Vuln Def
description Vuln Description yes column name in CSV pointing to (string) Description Vuln Def
solution Vuln Recommendation no column name in CSV pointing to (string) Solution Vuln Def

However, on execution fails:

[~]$ ruby csv_KDI_json.rb vuln_parsed.csv has_header? default_meta.csv skip_autoclose? output.json assets_only? domain_suffix?
Traceback (most recent call last):
3: from csv_KDI_json.rb:223:in '<main>'
2: from /usr/share/ruby/csv.rb:1319:in 'parse'
1: from /usr/share/ruby/csv.rb:1764:in 'each'
csv_KDI_json.rb:231:in 'block in <main>': no implicit conversion of String into Integer (TypeError)

Error while running the script

Hello,

I am trying to run the script un the /asset_priority_by_risk_meter/ folder and getting the following error message. Can you help me how to fix this issue?

$ ruby kenna-priority-by-risk-meter.rb $KENNA_TOKEN rm_meters_meta.csv  rmid priority
Currently processing page 1 of 12
Currently processing page 1 of 1
made it to bulk update
https://api.kennasecurity.com/assets/bulk
made it to bulk update
https://api.kennasecurity.com/assets/bulk
{"assets_updated"=>19}
kenna-priority-by-risk-meter.rb:266:in `rescue in block (3 levels) in <main>': uninitialized constant RestClient::TooManyRequests (NameError)
        from kenna-priority-by-risk-meter.rb:223:in `block (3 levels) in <main>'
$

I am using the tested ruby version on my server

$ ruby --version
ruby 2.0.0p648 (2015-12-16) [x86_64-linux]

MRPU support

This script will no longer work for the majority of customers on September 1st when Kenna roles out multiple roles per user functionality. "role" field will need to change to "roles", and role names will need to be passed as part of an array. I suggest creating a legacy version of the script for customers without MRPU, while updating the default script to use MRPU by default

Script does not work without meter list

The documentation for the script says that the script will grab all risk meters if a meter list csv is not provided. This isn't currently working. The API response for all risk meters comes in as an array instead of a hash (asset_groups:[] vs asset_group:{}). To support this the array for all risk meters would need to be mapped into hashes. Alternatively, the documentation could be updated to require a meter list to be provided. I would also note that many customers have a large number of risk meters and would require pagination support to be added to the script to work as intended

multithreaded tagger script uses thread unsafe file handling

When processing an asset tag csv with multiple threads, there can occur times when one thread open the log for writing, another thread also opens the file for writing, the first thread closes the file, and the second thread attempts to write to the (now closed) file - raising EBADF or a stream closed error.

An easy "fix" use Logger on a single file opened once outside the block creating threads, closed once via an ensure at the end of the block. This will possibly not enforce in-order logging (two threads might mix their lines and the log would be corrupt, but the program will run). I believe the open/close can be lifted out of the thread code to here: https://github.com/KennaPublicSamples/All_Samples/blob/updates_branch/kenna-asset-tagger/kenna-asset-tagger_mt.rb#L319-L321

Better to find a standard thread safe logging option - or use a thread local log output file, and splice them if needed after the execution.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.