From 155c3ba163ffd576b98146a9c01a0221c468b2ec Mon Sep 17 00:00:00 2001
From: pemontto <pemontto@gmail.com>
Date: Tue, 7 May 2019 17:17:53 +0100
Subject: [PATCH] create unified cvss field

---
 resources/elk6/logstash-vulnwhisperer-template.json | 3 +++
 vulnwhisp/frameworks/qualys_was.py                  | 2 ++
 vulnwhisp/vulnwhisp.py                              | 7 ++++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/resources/elk6/logstash-vulnwhisperer-template.json b/resources/elk6/logstash-vulnwhisperer-template.json
index 23266e6..bfb95e3 100755
--- a/resources/elk6/logstash-vulnwhisperer-template.json
+++ b/resources/elk6/logstash-vulnwhisperer-template.json
@@ -32,6 +32,9 @@
         "cvss": {
           "type": "float"
         },
+        "cvss_severity": {
+          "type": "keyword"
+        },
         "cvss2_base": {
           "type": "float"
         },
diff --git a/vulnwhisp/frameworks/qualys_was.py b/vulnwhisp/frameworks/qualys_was.py
index a0530af..18c835e 100644
--- a/vulnwhisp/frameworks/qualys_was.py
+++ b/vulnwhisp/frameworks/qualys_was.py
@@ -285,6 +285,8 @@ class qualysUtils:
 class qualysScanReport:
 
     COLUMN_MAPPING = {
+        'CVSS Base': 'cvss2_base',
+        'CVSS Temporal': 'cvss2_temporal',
         'DescriptionCatSev': 'category_description',
         'DescriptionSeverity': 'synopsis',
         'Evidence #1': 'evidence',
diff --git a/vulnwhisp/vulnwhisp.py b/vulnwhisp/vulnwhisp.py
index 3c8484f..a8c95eb 100755
--- a/vulnwhisp/vulnwhisp.py
+++ b/vulnwhisp/vulnwhisp.py
@@ -264,7 +264,7 @@ class vulnWhispererBase(object):
             df['risk'] = df['risk_number'].map(self.SEVERITY_NUMBER_MAPPING)
 
         self.logger.debug('Normalising CVSS')
-        for cvss_version in ['cvss2', 'cvss3']:
+        for cvss_version in ['cvss', 'cvss2', 'cvss3']:
             # cvssX = cvssX_temporal else cvssX_base
             if cvss_version + '_base' in df:
                 self.logger.debug('Normalising {} base'.format(cvss_version))
@@ -295,8 +295,10 @@ class vulnWhispererBase(object):
         if not 'cvss' in df:
             if 'cvss3' in df:
                 df['cvss'] = df['cvss3'].fillna(df['cvss2'])
+                df['cvss_severity'] = df['cvss3_severity'].fillna(df['cvss2_severity'])
             elif 'cvss2' in df:
                 df['cvss'] = df['cvss2']
+                df['cvss_severity'] = df['cvss2_severity']
 
         self.logger.debug('Creating Unique Document ID')
         df['_unique'] = df.index.values
@@ -638,6 +640,7 @@ class vulnWhispererQualysWAS(vulnWhispererBase):
                     vuln_ready['scan_name'] = scan_name.encode('utf8')
                     vuln_ready['scan_source'] = self.CONFIG_SECTION
                     vuln_ready['scan_time'] = launched_date
+                    vuln_ready['vendor'] = 'qualys'
 
                     vuln_ready = self.common_normalise(vuln_ready)
 
@@ -772,6 +775,7 @@ class vulnWhispererOpenVAS(vulnWhispererBase):
                 vuln_ready['scan_id'] = report_id
                 vuln_ready['scan_time'] = launched_date
                 vuln_ready['scan_source'] = self.CONFIG_SECTION
+                vuln_ready['vendor'] = 'greenbone'
 
                 vuln_ready = self.common_normalise(vuln_ready)
 
@@ -890,6 +894,7 @@ class vulnWhispererQualysVM(vulnWhispererBase):
                     vuln_ready['scan_id'] = report_id
                     vuln_ready['scan_time'] = launched_date
                     vuln_ready['scan_source'] = self.CONFIG_SECTION
+                    vuln_ready['vendor'] = 'qualys'
 
                     vuln_ready = self.common_normalise(vuln_ready)