* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* refactor the ansible role a bit
* update readme, add fail validation step to provision.yml and fix
typo when calling a logging funciton
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* initialize variable fullpath to avoid break
* fix get latest scan entry from db and ignore 'potential' not verified vulns
* added host resolv + cache to speed already resolved, jira logging
* make sure that vulnerability criticality appears as a label on ticket + automatic actions
* jira bulk report of scans, fix on nessus logging, jira time resolution and list all ticket reported assets
* added jira ticket data download + change default time window from 6 to 12 months
* small fixes
* jira logstash files
* fix variable confusion (thx Travis :)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* delete qualysapi fork and added to requirements
* Rework logging using the stdlib machinery
Use the verbose or debug flag to enable/disable logging.DEBUG
Remove the vprint function from all classes
Remove bcolors from all code
Cleanup [INFO], [ERROR], {success} and similar
* fix some errors my local linter missed but travis catched
* add coloredlogs and --fancy command line flag
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* jira module gets now minimum criticality from config file
* added jira config to frameworks_example.ini
* fail check for config variable in case it is left empty
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* fix docker-compose logstash config
* permissions needed for logstash container to work
* changing default path qualys, there are no folders
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* No need to specify section to run
Until now it vulnwhisperer was not running if a section was not specified,
but there is the variable "enabled" on each module config, so now it will
check which modules are enabled and run them sequentialy.
Made mainly in order to be able to automate with docker-compose instance,
as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer)
has that command run at the end.
* added to readme + detectify
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* Update template to Elasticsearch 5.x
* Update template to Elasticsearch 5.x
I think _all field is no longer needed from ES 5.x because of the search all field execution if _all is disabled
* Handle cases where no scans are present
* Prevent infinite login loop with incorrect creds
* Print actual config file path
* Don't overwrite Nessus Synopsis with Description
