From e6c397397b6c428ef007cada4ce1f57e014eb5cd Mon Sep 17 00:00:00 2001 From: pemontto Date: Thu, 18 Apr 2019 11:34:01 +1000 Subject: [PATCH] Update mappings and transforms --- vulnwhisp/frameworks/nessus.py | 14 +++++++++----- vulnwhisp/frameworks/openvas.py | 1 + vulnwhisp/frameworks/qualys_vuln.py | 11 +++++++---- vulnwhisp/frameworks/qualys_web.py | 1 + 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/vulnwhisp/frameworks/nessus.py b/vulnwhisp/frameworks/nessus.py index 1d6de7f..2bc306a 100755 --- a/vulnwhisp/frameworks/nessus.py +++ b/vulnwhisp/frameworks/nessus.py @@ -33,6 +33,7 @@ class NessusAPI(object): 'cvss3 temporal vector': 'cvss3_temporal_vector', 'fqdn': 'dns', 'host': 'asset', + 'ip address': 'ip', 'name': 'plugin_name', 'os': 'operating_system', 'see also': 'exploitability', @@ -200,8 +201,11 @@ class NessusAPI(object): if self.profile == 'tenable': # Prefer CVSS Base Score over CVSS for tenable self.logger.debug('Dropping redundant tenable fields') - df.drop('CVSS', axis=1, inplace=True) - df.drop('IP Address', axis=1, inplace=True) + df.drop('CVSS', axis=1, inplace=True, errors='ignore') + + if self.profile == 'nessus': + # Set IP from Host field + df['ip'] = df['Host'] # Lowercase and map fields from COLUMN_MAPPING df.columns = [x.lower() for x in df.columns] @@ -213,18 +217,18 @@ class NessusAPI(object): def transform_values(self, df): self.logger.debug('Transforming values') + df.fillna('', inplace=True) + # upper/lowercase fields self.logger.debug('Changing case of fields') df['cve'] = df['cve'].str.upper() df['protocol'] = df['protocol'].str.lower() df['risk'] = df['risk'].str.lower() - # Copy asset to IP - df['ip'] = df['asset'] - # Map risk to a SEVERITY MAPPING value self.logger.debug('Mapping risk to severity number') df['risk_number'] = df['risk'].str.lower().map(self.SEVERITY_MAPPING) df.fillna('', inplace=True) + return df \ No newline at end of file diff --git a/vulnwhisp/frameworks/openvas.py b/vulnwhisp/frameworks/openvas.py index 6c63c4c..3b2d958 100644 --- a/vulnwhisp/frameworks/openvas.py +++ b/vulnwhisp/frameworks/openvas.py @@ -203,4 +203,5 @@ class OpenVAS_API(object): def transform_values(self, df): self.logger.debug('Transforming values') + df.fillna('', inplace=True) return df \ No newline at end of file diff --git a/vulnwhisp/frameworks/qualys_vuln.py b/vulnwhisp/frameworks/qualys_vuln.py index 118d8f2..a202aab 100644 --- a/vulnwhisp/frameworks/qualys_vuln.py +++ b/vulnwhisp/frameworks/qualys_vuln.py @@ -156,32 +156,35 @@ class qualysVulnScan: def transform_values(self, df): self.logger.info('Transforming values') + df.fillna('', inplace=True) + # upper/lowercase fields self.logger.info('Changing case of fields') df['cve'] = df['cve'].str.upper() df['protocol'] = df['protocol'].str.lower() # Contruct the CVSS vector + self.logger.info('Extracting CVSS components') df['cvss_vector'] = ( - df.loc[df['cvss_base'].notnull(), 'cvss_base'] + df.loc[df['cvss_base'].str.contains(' \('), 'cvss_base'] .str.split() .apply(lambda x: x[1]) .str.strip('()') ) df['cvss_base'] = ( - df.loc[df['cvss_base'].notnull(), 'cvss_base'] + df.loc[df['cvss_base'].str.contains(' \('), 'cvss_base'] .str.split() .apply(lambda x: x[0]) ) df['cvss_temporal_vector'] = ( - df.loc[df['cvss_temporal'].notnull(), 'cvss_temporal'] + df.loc[df['cvss_temporal'].str.contains(' \('), 'cvss_temporal'] .str.split() .apply(lambda x: x[1]) .str.strip('()') ) df['cvss_temporal'] = ( - df.loc[df['cvss_temporal'].notnull(), 'cvss_temporal'] + df.loc[df['cvss_temporal'].str.contains(' \('), 'cvss_temporal'] .str.split() .apply(lambda x: x[0]) ) diff --git a/vulnwhisp/frameworks/qualys_web.py b/vulnwhisp/frameworks/qualys_web.py index b288449..98081a6 100644 --- a/vulnwhisp/frameworks/qualys_web.py +++ b/vulnwhisp/frameworks/qualys_web.py @@ -476,4 +476,5 @@ class qualysScanReport: def transform_values(self, df): self.logger.debug('Transforming values') + df.fillna('', inplace=True) return df \ No newline at end of file