Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create unified cvss field

Browse Source
This commit is contained in:
pemontto
2019-05-07 17:17:53 +01:00
parent c350ec73c2
commit 155c3ba163
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
resources/elk6/logstash-vulnwhisperer-template.json
View File

@ -32,6 +32,9 @@
"cvss": { "cvss": {
"type": "float" "type": "float"
}, },
"cvss_severity": {
"type": "keyword"
},
"cvss2_base": { "cvss2_base": {
"type": "float" "type": "float"
}, },

2
vulnwhisp/frameworks/qualys_was.py
View File

@ -285,6 +285,8 @@ class qualysUtils:
class qualysScanReport: class qualysScanReport:
COLUMN_MAPPING = { COLUMN_MAPPING = {
'CVSS Base': 'cvss2_base',
'CVSS Temporal': 'cvss2_temporal',
'DescriptionCatSev': 'category_description', 'DescriptionCatSev': 'category_description',
'DescriptionSeverity': 'synopsis', 'DescriptionSeverity': 'synopsis',
'Evidence #1': 'evidence', 'Evidence #1': 'evidence',

7
vulnwhisp/vulnwhisp.py
View File

@ -264,7 +264,7 @@ class vulnWhispererBase(object):
df['risk'] = df['risk_number'].map(self.SEVERITY_NUMBER_MAPPING) df['risk'] = df['risk_number'].map(self.SEVERITY_NUMBER_MAPPING)
self.logger.debug('Normalising CVSS') self.logger.debug('Normalising CVSS')
for cvss_version in ['cvss2', 'cvss3']: for cvss_version in ['cvss', 'cvss2', 'cvss3']:
# cvssX = cvssX_temporal else cvssX_base # cvssX = cvssX_temporal else cvssX_base
if cvss_version + '_base' in df: if cvss_version + '_base' in df:
self.logger.debug('Normalising {} base'.format(cvss_version)) self.logger.debug('Normalising {} base'.format(cvss_version))
@ -295,8 +295,10 @@ class vulnWhispererBase(object):
if not 'cvss' in df: if not 'cvss' in df:
if 'cvss3' in df: if 'cvss3' in df:
df['cvss'] = df['cvss3'].fillna(df['cvss2']) df['cvss'] = df['cvss3'].fillna(df['cvss2'])
df['cvss_severity'] = df['cvss3_severity'].fillna(df['cvss2_severity'])
elif 'cvss2' in df: elif 'cvss2' in df:
df['cvss'] = df['cvss2'] df['cvss'] = df['cvss2']
df['cvss_severity'] = df['cvss2_severity']
self.logger.debug('Creating Unique Document ID') self.logger.debug('Creating Unique Document ID')
df['_unique'] = df.index.values df['_unique'] = df.index.values
@ -638,6 +640,7 @@ class vulnWhispererQualysWAS(vulnWhispererBase):
vuln_ready['scan_name'] = scan_name.encode('utf8') vuln_ready['scan_name'] = scan_name.encode('utf8')
vuln_ready['scan_source'] = self.CONFIG_SECTION vuln_ready['scan_source'] = self.CONFIG_SECTION
vuln_ready['scan_time'] = launched_date vuln_ready['scan_time'] = launched_date
vuln_ready['vendor'] = 'qualys'
vuln_ready = self.common_normalise(vuln_ready) vuln_ready = self.common_normalise(vuln_ready)
@ -772,6 +775,7 @@ class vulnWhispererOpenVAS(vulnWhispererBase):
vuln_ready['scan_id'] = report_id vuln_ready['scan_id'] = report_id
vuln_ready['scan_time'] = launched_date vuln_ready['scan_time'] = launched_date
vuln_ready['scan_source'] = self.CONFIG_SECTION vuln_ready['scan_source'] = self.CONFIG_SECTION
vuln_ready['vendor'] = 'greenbone'
vuln_ready = self.common_normalise(vuln_ready) vuln_ready = self.common_normalise(vuln_ready)
@ -890,6 +894,7 @@ class vulnWhispererQualysVM(vulnWhispererBase):
vuln_ready['scan_id'] = report_id vuln_ready['scan_id'] = report_id
vuln_ready['scan_time'] = launched_date vuln_ready['scan_time'] = launched_date
vuln_ready['scan_source'] = self.CONFIG_SECTION vuln_ready['scan_source'] = self.CONFIG_SECTION
vuln_ready['vendor'] = 'qualys'
vuln_ready = self.common_normalise(vuln_ready) vuln_ready = self.common_normalise(vuln_ready)