From b108c1fbeb9439e31abca77a5bf7edd768b278bd Mon Sep 17 00:00:00 2001
From: Justin Henderson <jhenderson@tekrefresh.com>
Date: Fri, 6 Oct 2017 14:25:09 -0500
Subject: [PATCH 1/6] Create docker-compose.yml

---
 docker-compose.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..8527102
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,40 @@
+version: '2'
+services:
+  vulnwhisp_es1:
+    image: docker.elastic.co/elasticsearch/elasticsearch:5.6.2
+    container_name: vulnwhisp_es1
+    environment:
+      - cluster.name=vulnwhisperer
+      - bootstrap.memory_lock=true
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    mem_limit: 1g
+    volumes:
+      - esdata1:/usr/share/elasticsearch/data
+    ports:
+      - 19200:9200
+    networks:
+      - esnet
+  vulnwhisp_ks1:
+    image: docker.elastic.co/kibana/kibana:5.6.2
+    environment:
+      SERVER_NAME: vulnwhisp_ks1
+      ELASTICSEARCH_URL: http://vulnwhisp_es1:9200
+    ports:
+      - 15601:5601
+    networks:
+      - esnet
+  vulnwhisp_ls1:
+    image: docker.elastic.co/logstash/logstash:5.6.2
+    networks:
+      - esnet
+
+volumes:
+  esdata1:
+    driver: local
+
+networks:
+  esnet:

From 8808b9e458763ae1bdc2a871a82d7cfbfa86c729 Mon Sep 17 00:00:00 2001
From: Justin Henderson <jhenderson@tekrefresh.com>
Date: Fri, 6 Oct 2017 14:33:11 -0500
Subject: [PATCH 2/6] Update 9000_output_nessus.conf

---
 logstash/9000_output_nessus.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/logstash/9000_output_nessus.conf b/logstash/9000_output_nessus.conf
index 246e6ff..83bed64 100755
--- a/logstash/9000_output_nessus.conf
+++ b/logstash/9000_output_nessus.conf
@@ -7,7 +7,7 @@ output {
    if "nessus" in [tags]  or [type] == "nessus" {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => [ "localhost" ]
+      hosts => "localhost:19200"
       index => "logstash-nessus-%{+YYYY.MM}"
     }
   }

From fcd938b75aa49fc870d773aae41f6df8cff519ef Mon Sep 17 00:00:00 2001
From: Shaun McCullough <cybergoof@gmail.com>
Date: Fri, 8 Dec 2017 00:25:15 -0500
Subject: [PATCH 3/6] Put in a check to make sure that the config file exists. 
 FIXES austin-taylor/VulnWhisperer#4

---
 bin/vuln_whisperer | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/bin/vuln_whisperer b/bin/vuln_whisperer
index 9f72115..d39ec66 100644
--- a/bin/vuln_whisperer
+++ b/bin/vuln_whisperer
@@ -6,16 +6,22 @@
 
 from vulnwhisp.vulnwhisp import vulnWhisperer
 from vulnwhisp.utils.cli import bcolors
-
+import os
 import argparse
 import sys
 
+def isFileValid(parser, arg):
+    if not os.path.exists(arg):
+        parser.error("The file %s does not exist!" % arg)
+    else:
+        return arg
+
 def main():
 
     parser = argparse.ArgumentParser(description=""" VulnWhisperer is designed to create actionable data from\
      your vulnerability scans through aggregation of historical scans.""")
     parser.add_argument('-c', '--config', dest='config', required=False, default='frameworks.ini',
-                        help='Path of config file')
+                        help='Path of config file', type=lambda x: isFileValid(parser, x))
     parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', default=True,
                         help='Prints status out to screen (defaults to True)')
     parser.add_argument('-u', '--username', dest='username', required=False, default=None, help='The NESSUS username')

From c1c4a45562f7d54907a05a6c29ee9307887fc863 Mon Sep 17 00:00:00 2001
From: Shaun McCullough <cybergoof@gmail.com>
Date: Fri, 8 Dec 2017 00:40:25 -0500
Subject: [PATCH 4/6] remove leading and trailing spaces around all input
 switches. Fixes austi-taylor/VulnWhisperer#6

---
 bin/vuln_whisperer | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bin/vuln_whisperer b/bin/vuln_whisperer
index d39ec66..284b42e 100644
--- a/bin/vuln_whisperer
+++ b/bin/vuln_whisperer
@@ -21,11 +21,11 @@ def main():
     parser = argparse.ArgumentParser(description=""" VulnWhisperer is designed to create actionable data from\
      your vulnerability scans through aggregation of historical scans.""")
     parser.add_argument('-c', '--config', dest='config', required=False, default='frameworks.ini',
-                        help='Path of config file', type=lambda x: isFileValid(parser, x))
+                        help='Path of config file', type=lambda x: isFileValid(parser, x.strip()))
     parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', default=True,
                         help='Prints status out to screen (defaults to True)')
-    parser.add_argument('-u', '--username', dest='username', required=False, default=None, help='The NESSUS username')
-    parser.add_argument('-p', '--password', dest='password', required=False, default=None, help='The NESSUS password')
+    parser.add_argument('-u', '--username', dest='username', required=False, default=None, type=lambda x: x.strip(), help='The NESSUS username')
+    parser.add_argument('-p', '--password', dest='password', required=False, default=None, type=lambda x: x.strip(), help='The NESSUS password')
     args = parser.parse_args()
 
     try:

From 16369f0e40e579c2d24f5dceba98c0ecbc7c38c0 Mon Sep 17 00:00:00 2001
From: Austin Taylor <github@austintaylor.io>
Date: Wed, 20 Dec 2017 01:11:28 -0500
Subject: [PATCH 5/6] Update README.md

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8164f59..defa808 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,8 @@ sudo pip install pandas
 Using requirements file:
 sudo pip install -r /path/to/VulnWhisperer/requirements.txt
 
-python /path/to/VulnWhisperer/setup.py install
+cd /path/to/VulnWhisperer
+sudo python setup.py install
 ```
 
 

From a9a21c2e90026d3301fe24bb20387a4a69e8bbc2 Mon Sep 17 00:00:00 2001
From: Austin Taylor <github@austintaylor.io>
Date: Wed, 20 Dec 2017 03:00:04 -0500
Subject: [PATCH 6/6] Allow for any directories to be monitored

---
 logstash/1000_nessus_process_file.conf | 79 +++++++++++++-------------
 1 file changed, 41 insertions(+), 38 deletions(-)

diff --git a/logstash/1000_nessus_process_file.conf b/logstash/1000_nessus_process_file.conf
index 3ad627a..9e0a107 100644
--- a/logstash/1000_nessus_process_file.conf
+++ b/logstash/1000_nessus_process_file.conf
@@ -1,12 +1,12 @@
 # Author: Austin Taylor and Justin Henderson
 # Email: email@austintaylor.io
-# Last Update: 08/04/2017
-# Version 0.2
+# Last Update: 12/20/2017
+# Version 0.3
 # Description: Take in nessus reports from vulnWhisperer and pumps into logstash
 
 input {
   file {
-    path => "/opt/vulnwhisp/scans/My Scans/*"
+    path => "/opt/vulnwhisp/scans/**/*"
     start_position => "beginning"
     tags => "nessus"
     type => "nessus"
@@ -85,43 +85,46 @@ filter {
     # Compensating controls - adjust risk_score
     # Adobe and Java are not allowed to run in browser unless whitelisted
     # Therefore, lower score by dividing by 3 (score is subjective to risk)
-    if [risk_score] != 0 {
-      if [plugin_name] =~ "Adobe" and [risk_score] > 6 or [plugin_name] =~ "Java" and [risk_score] > 6 {
-        ruby {
-          code => "event.set('risk_score', event.get('risk_score') / 3)"
-        }
-        mutate {
-          add_field => { "compensating_control" => "Adobe and Flash removed from browsers unless whitelisted site." }
-        }
-      }
-    }
+    
+    #Modify and uncomment when ready to use
+    #if [risk_score] != 0 {
+    #  if [plugin_name] =~ "Adobe" and [risk_score] > 6 or [plugin_name] =~ "Java" and [risk_score] > 6 {
+    #    ruby {
+    #      code => "event.set('risk_score', event.get('risk_score') / 3)"
+    #    }
+    #    mutate {
+    #      add_field => { "compensating_control" => "Adobe and Flash removed from browsers unless whitelisted site." }
+    #    }
+    #  }
+    #}
 
     # Add tags for reporting based on assets or criticality
-    if [host] == "192.168.0.1" or [host] == "192.168.0.50" or [host] =~ "^192\.168\.10\." or [host] =~ "^42.42.42." {
-      mutate {
-        add_tag => [ "critical_asset" ]
-      }
-    }
-    if [host] =~ "^192\.168\.[45][0-9][0-9]\.1$" or [host] =~ "^192.168\.[50]\.[0-9]{1,2}\.1$"{
-      mutate {
-        add_tag => [ "has_hipaa_data" ]
-      }
-    }
-    if [host] =~ "^192\.168\.[45][0-9][0-9]\." {
-      mutate {
-        add_tag => [ "hipaa_asset" ]
-      }
-    }
-    if [host] =~ "^192\.168\.5\." {
-      mutate {
-        add_tag => [ "pci_asset" ]
-      }
-    }
-    if [host] =~ "^10\.0\.50\." {
-      mutate {
-        add_tag => [ "web_servers" ]
-      }
-    }
+
+    #if [host] == "192.168.0.1" or [host] == "192.168.0.50" or [host] =~ "^192\.168\.10\." or [host] =~ "^42.42.42." {
+    #  mutate {
+    #    add_tag => [ "critical_asset" ]
+    #  }
+    #}
+    #if [host] =~ "^192\.168\.[45][0-9][0-9]\.1$" or [host] =~ "^192.168\.[50]\.[0-9]{1,2}\.1$"{
+    #  mutate {
+    #    add_tag => [ "has_hipaa_data" ]
+    #  }
+    #}
+    #if [host] =~ "^192\.168\.[45][0-9][0-9]\." {
+    #  mutate {
+    #    add_tag => [ "hipaa_asset" ]
+    #  }
+    #}
+    #if [host] =~ "^192\.168\.5\." {
+    #  mutate {
+    #    add_tag => [ "pci_asset" ]
+    #  }
+    #}
+    #if [host] =~ "^10\.0\.50\." {
+    #  mutate {
+    #    add_tag => [ "web_servers" ]
+    #  }
+    #}
   }
 }