map openvas and make risk mapping common
This commit is contained in:
pemontto
@ -42,7 +42,6 @@ class NessusAPI(object):
|
||||
'system type': 'category',
|
||||
'vulnerability state': 'state'
|
||||
}
|
||||
SEVERITY_MAPPING = {'none': 0, 'low': 1, 'medium': 2, 'high': 3, 'critical': 4}
|
||||
|
||||
def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None, access_key=None, secret_key=None):
|
||||
self.logger = logging.getLogger('NessusAPI')
|
||||
@ -229,10 +228,6 @@ class NessusAPI(object):
|
||||
df['protocol'] = df['protocol'].str.lower()
|
||||
df['risk'] = df['risk'].str.lower()
|
||||
|
||||
# Map risk to a SEVERITY MAPPING value
|
||||
self.logger.debug('Mapping risk to severity number')
|
||||
df['risk_number'] = df['risk'].map(self.SEVERITY_MAPPING)
|
||||
|
||||
df.fillna('', inplace=True)
|
||||
|
||||
return df
|
||||
|
||||
@ -13,6 +13,20 @@ from bs4 import BeautifulSoup
|
||||
|
||||
class OpenVAS_API(object):
|
||||
OMP = '/omp'
|
||||
COLUMN_MAPPING = {
|
||||
'affected software/os': 'affected_software',
|
||||
'cves': 'cve',
|
||||
'impact': 'description',
|
||||
'nvt name': 'signature',
|
||||
'nvt oid': 'signature_id',
|
||||
'other references': 'exploitability',
|
||||
'port protocol': 'protocol',
|
||||
'severity': 'risk',
|
||||
'solution type': 'category',
|
||||
'task name': 'scan_name',
|
||||
'specific result': 'plugin_output',
|
||||
'summary': 'synopsis',
|
||||
}
|
||||
|
||||
def __init__(self,
|
||||
hostname=None,
|
||||
@ -200,9 +214,16 @@ class OpenVAS_API(object):
|
||||
|
||||
def map_fields(self, df):
|
||||
self.logger.debug('Mapping fields')
|
||||
# Lowercase and map fields from COLUMN_MAPPING
|
||||
df.columns = [x.lower() for x in df.columns]
|
||||
df.rename(columns=self.COLUMN_MAPPING, inplace=True)
|
||||
df.columns = [x.replace(' ', '_') for x in df.columns]
|
||||
return df
|
||||
|
||||
def transform_values(self, df):
|
||||
self.logger.debug('Transforming values')
|
||||
df['port'].fillna(0).astype(int)
|
||||
df['risk'] = df['risk'].str.lower()
|
||||
df['asset'] = df['ip']
|
||||
df.fillna('', inplace=True)
|
||||
return df
|
||||
|
||||
@ -89,8 +89,6 @@ class qualysVulnScan:
|
||||
'title': 'signature'
|
||||
}
|
||||
|
||||
SEVERITY_MAPPING = {0: 'none', 1: 'low', 2: 'medium', 3: 'high',4: 'critical'}
|
||||
|
||||
def __init__(
|
||||
self,
|
||||
config=None,
|
||||
@ -176,7 +174,6 @@ class qualysVulnScan:
|
||||
|
||||
# Convert Qualys severity to standardised risk number
|
||||
df['risk_number'] = df['severity'].astype(int)-1
|
||||
df['risk'] = df['risk_number'].map(self.SEVERITY_MAPPING)
|
||||
|
||||
df.fillna('', inplace=True)
|
||||
|
||||
|
||||
@ -300,8 +300,6 @@ class qualysScanReport:
|
||||
'Vulnerability Category': 'type',
|
||||
}
|
||||
|
||||
SEVERITY_MAPPING = {0: 'none', 1: 'low', 2: 'medium', 3: 'high', 4: 'critical'}
|
||||
|
||||
# URL Vulnerability Information
|
||||
WEB_SCAN_VULN_BLOCK = list(qualysReportFields.VULN_BLOCK)
|
||||
WEB_SCAN_VULN_BLOCK.insert(WEB_SCAN_VULN_BLOCK.index('QID'), 'Detection ID')
|
||||
@ -521,7 +519,6 @@ class qualysScanReport:
|
||||
|
||||
# Convert Qualys severity to standardised risk number
|
||||
df['risk_number'] = df['severity'].astype(int)-1
|
||||
df['risk'] = df['risk_number'].map(self.SEVERITY_MAPPING)
|
||||
|
||||
# Extract dns field from URL
|
||||
df['dns'] = df['url'].str.extract('https?://([^/]+)', expand=False)
|
||||
|
||||
Reference in New Issue
Block a user