* moved qualysapi to branch master-update
* fixing bug of qualys scan without vulnerabilities: vulnWhispererQualysVuln[1361] ERROR Could not process scan/1549159480.84792: 'severity'
* change to fixed qualysapi branch
* fix bug and changed to qualysapi fork master branch
* updated submodule to master branch
* Created the version 6 for ELK. Fixed#135
* Needed to make sure all the data volumes were set up properly. Some paths had VulnWhisperer, vulnwhisperer, vulnwhisp/data.
* Delete 9998_output_broker_rabbitmq.conf
* Delete 9998_input_broker_rabbitmq.conf
* Delete 0001_input_beats.conf
* add to gitignore creds files + correct elk5 docker-compose
* elk changed to 6.6.0 from 6.5.2, output path from logstash to elasticsearch host
* Update issue templates
Add an issue template for bug reports
* Update bug_report.md
Changing the "Desktop" label to "System in which VulnWhisperer runs"
* updating my base to match original vulnwhisperer (#1)
* Create docker-compose.yml
* Update 9000_output_nessus.conf
* Added an argument for username and password, which takes precendece over nessus. Fixed#5
* Update README.md
* Silence NoneType object
* Put in a check to make sure that the config file exists. FIXESaustin-taylor/VulnWhisperer#4
* remove leading and trailing spaces around all input switches. Fixesausti-taylor/VulnWhisperer#6
* Update README.md
* Allow for any directories to be monitored
* Addition of Qualys WebApp Processing
* Addition of Qualys WebApp Processing
* Fixed multiple bugs, cleaned up formatting, produces solid csv output for Qualys Web App scans
* Adding custom version of QualysAPI
* Field Cleanup
* Addition of submodules, update to connectors, base class start
* Addition of submodules, update to connectors, base class start
* Addition of submodules, update to connectors, base class start
* Refactored classes to be more modular, update to ini file and submodules
* Refactored classes to be more modular, update to ini file and submodules
* Removing commented code
* Addition of category class and special class for Qualys Scanning Reports. Also added additional enrichments to reports
* Column update for scans and N/A cleanup
* Fix for str casting
* Update README.md
* Update to README
* Update to README
* Update to README
* Update to requirements.txt
* Support for json output
* Database tracking for processed Qualys scans
* Database tracking for processed Qualys scans
* Bug fix for counter in Nessus and format fix for qualys
* Check for new records
* Update to count tracker
* Update to write path logic
* Better database handling
* Addition of VulnWhisperer-Qualys logstash files
* Addition of VulnWhisperer-Qualys logstash files
* Update to logstash template
* Updated dashboard
* Update to README
* Update to README
* Logo update
* Readme Update
* Readme Update
* Readme Update
* Adding name of scan and scan reference
* Plugin name converted to scan name
* Update to README
* Documentation update
* README Update
* README Update
* Update README.md
* Add free automated flake8 testing of pull requests
[Flake8](http://flake8.pycqa.org) tests can help to find Python syntax errors, undefined names, and other code quality issues. [Travis CI](https://travis-ci.org) is a framework for running flake8 and other tests which is free for open source projects like this one. The owner of the this repo would need to go to https://travis-ci.org/profile and flip the repository switch __on__ to enable free automated flake8 testing of each pull request.
* Testing build with no submodules
* flake8 --ignore=deps/qualysapi
* flake8 . --exclude=/deps/qualysapi
* Remove leading slash
* Add build status to README
* Travis Config update
* README Update
* README Update
* Create CNAME
* Set theme jekyll-theme-leap-day
* README Update
* Getting started steps
* Getting started steps
* Remind user to select section if using a config
* Update to readme
* Update to readme
* Update to readme
* Update to readme
* Update to README
* Update to README
* Update to example logstash config
* Update to qualys logstash conf to reflect example config
* Update to README
* Update to README
* Readme update
* Rename logstash-nessus-template.json to logstash-vulnwhisperer-template.json
* Update 1000_nessus_process_file.conf
* Delete LICENSE
* Create LICENSE
* Update to make nessus visualizations consistent with qualys
* Update to README
* Update to README
* Badge addition
* Badge addition
* Addition of OpenVAS Connector
* Addition of OpenVAS
* Update 9000_output_nessus.conf
* Delete 9000_output_nessus.conf
* Update 1000_nessus_process_file.conf
* Automatically create filepath and directory if it does not exist
* Addition of OpenVas -- ready for alpha
* Addition of OpenVas -- ready for alpha
* Allow template defined config form IDs
* Completion of OpenVAS module
* Completion of OpenVAS module
* Remove template format
* Addition of openvas logstash config
* Update setup.py
* Update README.md
* ELK Sample Install (#37)
Updated Readme.md to include a Sample ELK Install guide addressing multiple issues around ELK Cluster/Node Configuration.
* Update vulnwhisp.py
* VulnFramework Links (#39)
Quick update regarding issue #33
* Updating config to be consistent with conf files
* Preserving newlines & carriage returns (#48)
* Preserve newlines & carriage returns
* Convert '\n' & '\r' to newlines & carriage returns
* Removed no longer supported InsecureRequestWarning workaround. (#55)
* Removed no longer supported InsecureRequestWarning workaround.
* Add dependencies to README.md
* Update vulnwhisp.py
* Fix to apt-get install
* Nessus bugfixes (#68)
* Handle cases where no scans are present
* Prevent infinite login loop with incorrect creds
* Print actual config file path
* Don't overwrite Nessus Synopsis with Description
* Tenable.io support (#70)
* Basic tenable.io support
* Add tenable config section
* Use existing variable
* Fix indent
* Fix paren
* Use ternary syntax
* Update Logstash config for tenable.io
* Update README.md
* Update template to version 5.x (#73)
* Update template to Elasticsearch 5.x
* Update template to Elasticsearch 5.x
I think _all field is no longer needed from ES 5.x because of the search all field execution if _all is disabled
* Qualys Vulnerability Management integration (#74)
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* Update README.md
* example.ini is frameworks_example.ini (#77)
* No need to specify section to run (#88)
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* No need to specify section to run
Until now it vulnwhisperer was not running if a section was not specified,
but there is the variable "enabled" on each module config, so now it will
check which modules are enabled and run them sequentialy.
Made mainly in order to be able to automate with docker-compose instance,
as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer)
has that command run at the end.
* added to readme + detectify
* Silence requests warnings
* Docker-compose fully working with vulnwhisperer integrated (#90)
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* Update README.md
* Update README.md
* Fix docker-compose logstash config (#92)
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* fix docker-compose logstash config
* permissions needed for logstash container to work
* changing default path qualys, there are no folders
* Update 1000_vulnWhispererBaseVisuals.json
Update field to include keyword to prevent error: TypeError: "field" is a required parameter
* Update docker-compose.yml (#93)
increase file descriptors to allow elasticsearch to start.
* Update Slack link on README.md
* Update README.md
Added to README.md @pemontto as contributor
* Jira module fully working (#104)
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* Added jira section to config file and fail check for config variable (#105)
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* jira module gets now minimum criticality from config file
* added jira config to frameworks_example.ini
* fail check for config variable in case it is left empty
* fix issue jira-qualys criticality comparison
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web (#108)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* Rework logging using the stdlib machinery (#116)
* Rework logging using the stdlib machinery
Use the verbose or debug flag to enable/disable logging.DEBUG
Remove the vprint function from all classes
Remove bcolors from all code
Cleanup [INFO], [ERROR], {success} and similar
* fix some errors my local linter missed but travis catched
* add coloredlogs and --fancy command line flag
* qualysapi dependency removal
* Qualysapi update (#118)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* delete qualysapi fork and added to requirements
* merge with testing
* Jira extras (#120)
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* initialize variable fullpath to avoid break
* fix get latest scan entry from db and ignore 'potential' not verified vulns
* added host resolv + cache to speed already resolved, jira logging
* make sure that vulnerability criticality appears as a label on ticket + automatic actions
* jira bulk report of scans, fix on nessus logging, jira time resolution and list all ticket reported assets
* added jira ticket data download + change default time window from 6 to 12 months
* small fixes
* jira logstash files
* fix variable confusion (thx Travis :)
* update readme (#121)
* Add ansible provisioning (#122)
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* refactor the ansible role a bit
* update readme, add fail validation step to provision.yml and fix
typo when calling a logging funciton
* removing ansible from vulnwhisperer, creating a new repo for ansible deployment
* closed ticket metrics only get last 12 months tickets
* Update README.md
Fixing travis link
* Restoring custom qualys wrapper
* Restoring custom qualys wrapper
* Update README.md
* Created the dockerfile
* Updating dockerfile
* in a production system, it is not advisable to have git pulling repos from inside a docker image when there is a pypi repo.
* builds the vulnwhisperer image without any of the ELK configs. It can also be used in the same directory as the main project
* reverted the qualys call
* updating my base to match original vulnwhisperer (#1)
* Create docker-compose.yml
* Update 9000_output_nessus.conf
* Added an argument for username and password, which takes precendece over nessus. Fixed#5
* Update README.md
* Silence NoneType object
* Put in a check to make sure that the config file exists. FIXESaustin-taylor/VulnWhisperer#4
* remove leading and trailing spaces around all input switches. Fixesausti-taylor/VulnWhisperer#6
* Update README.md
* Allow for any directories to be monitored
* Addition of Qualys WebApp Processing
* Addition of Qualys WebApp Processing
* Fixed multiple bugs, cleaned up formatting, produces solid csv output for Qualys Web App scans
* Adding custom version of QualysAPI
* Field Cleanup
* Addition of submodules, update to connectors, base class start
* Addition of submodules, update to connectors, base class start
* Addition of submodules, update to connectors, base class start
* Refactored classes to be more modular, update to ini file and submodules
* Refactored classes to be more modular, update to ini file and submodules
* Removing commented code
* Addition of category class and special class for Qualys Scanning Reports. Also added additional enrichments to reports
* Column update for scans and N/A cleanup
* Fix for str casting
* Update README.md
* Update to README
* Update to README
* Update to README
* Update to requirements.txt
* Support for json output
* Database tracking for processed Qualys scans
* Database tracking for processed Qualys scans
* Bug fix for counter in Nessus and format fix for qualys
* Check for new records
* Update to count tracker
* Update to write path logic
* Better database handling
* Addition of VulnWhisperer-Qualys logstash files
* Addition of VulnWhisperer-Qualys logstash files
* Update to logstash template
* Updated dashboard
* Update to README
* Update to README
* Logo update
* Readme Update
* Readme Update
* Readme Update
* Adding name of scan and scan reference
* Plugin name converted to scan name
* Update to README
* Documentation update
* README Update
* README Update
* Update README.md
* Add free automated flake8 testing of pull requests
[Flake8](http://flake8.pycqa.org) tests can help to find Python syntax errors, undefined names, and other code quality issues. [Travis CI](https://travis-ci.org) is a framework for running flake8 and other tests which is free for open source projects like this one. The owner of the this repo would need to go to https://travis-ci.org/profile and flip the repository switch __on__ to enable free automated flake8 testing of each pull request.
* Testing build with no submodules
* flake8 --ignore=deps/qualysapi
* flake8 . --exclude=/deps/qualysapi
* Remove leading slash
* Add build status to README
* Travis Config update
* README Update
* README Update
* Create CNAME
* Set theme jekyll-theme-leap-day
* README Update
* Getting started steps
* Getting started steps
* Remind user to select section if using a config
* Update to readme
* Update to readme
* Update to readme
* Update to readme
* Update to README
* Update to README
* Update to example logstash config
* Update to qualys logstash conf to reflect example config
* Update to README
* Update to README
* Readme update
* Rename logstash-nessus-template.json to logstash-vulnwhisperer-template.json
* Update 1000_nessus_process_file.conf
* Delete LICENSE
* Create LICENSE
* Update to make nessus visualizations consistent with qualys
* Update to README
* Update to README
* Badge addition
* Badge addition
* Addition of OpenVAS Connector
* Addition of OpenVAS
* Update 9000_output_nessus.conf
* Delete 9000_output_nessus.conf
* Update 1000_nessus_process_file.conf
* Automatically create filepath and directory if it does not exist
* Addition of OpenVas -- ready for alpha
* Addition of OpenVas -- ready for alpha
* Allow template defined config form IDs
* Completion of OpenVAS module
* Completion of OpenVAS module
* Remove template format
* Addition of openvas logstash config
* Update setup.py
* Update README.md
* ELK Sample Install (#37)
Updated Readme.md to include a Sample ELK Install guide addressing multiple issues around ELK Cluster/Node Configuration.
* Update vulnwhisp.py
* VulnFramework Links (#39)
Quick update regarding issue #33
* Updating config to be consistent with conf files
* Preserving newlines & carriage returns (#48)
* Preserve newlines & carriage returns
* Convert '\n' & '\r' to newlines & carriage returns
* Removed no longer supported InsecureRequestWarning workaround. (#55)
* Removed no longer supported InsecureRequestWarning workaround.
* Add dependencies to README.md
* Update vulnwhisp.py
* Fix to apt-get install
* Nessus bugfixes (#68)
* Handle cases where no scans are present
* Prevent infinite login loop with incorrect creds
* Print actual config file path
* Don't overwrite Nessus Synopsis with Description
* Tenable.io support (#70)
* Basic tenable.io support
* Add tenable config section
* Use existing variable
* Fix indent
* Fix paren
* Use ternary syntax
* Update Logstash config for tenable.io
* Update README.md
* Update template to version 5.x (#73)
* Update template to Elasticsearch 5.x
* Update template to Elasticsearch 5.x
I think _all field is no longer needed from ES 5.x because of the search all field execution if _all is disabled
* Qualys Vulnerability Management integration (#74)
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* Update README.md
* example.ini is frameworks_example.ini (#77)
* No need to specify section to run (#88)
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* No need to specify section to run
Until now it vulnwhisperer was not running if a section was not specified,
but there is the variable "enabled" on each module config, so now it will
check which modules are enabled and run them sequentialy.
Made mainly in order to be able to automate with docker-compose instance,
as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer)
has that command run at the end.
* added to readme + detectify
* Silence requests warnings
* Docker-compose fully working with vulnwhisperer integrated (#90)
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* Update README.md
* Update README.md
* Fix docker-compose logstash config (#92)
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* fix docker-compose logstash config
* permissions needed for logstash container to work
* changing default path qualys, there are no folders
* Update 1000_vulnWhispererBaseVisuals.json
Update field to include keyword to prevent error: TypeError: "field" is a required parameter
* Update docker-compose.yml (#93)
increase file descriptors to allow elasticsearch to start.
* Update Slack link on README.md
* Update README.md
Added to README.md @pemontto as contributor
* Jira module fully working (#104)
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* Added jira section to config file and fail check for config variable (#105)
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* jira module gets now minimum criticality from config file
* added jira config to frameworks_example.ini
* fail check for config variable in case it is left empty
* fix issue jira-qualys criticality comparison
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web (#108)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* Rework logging using the stdlib machinery (#116)
* Rework logging using the stdlib machinery
Use the verbose or debug flag to enable/disable logging.DEBUG
Remove the vprint function from all classes
Remove bcolors from all code
Cleanup [INFO], [ERROR], {success} and similar
* fix some errors my local linter missed but travis catched
* add coloredlogs and --fancy command line flag
* qualysapi dependency removal
* Qualysapi update (#118)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* delete qualysapi fork and added to requirements
* merge with testing
* Jira extras (#120)
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* initialize variable fullpath to avoid break
* fix get latest scan entry from db and ignore 'potential' not verified vulns
* added host resolv + cache to speed already resolved, jira logging
* make sure that vulnerability criticality appears as a label on ticket + automatic actions
* jira bulk report of scans, fix on nessus logging, jira time resolution and list all ticket reported assets
* added jira ticket data download + change default time window from 6 to 12 months
* small fixes
* jira logstash files
* fix variable confusion (thx Travis :)
* update readme (#121)
* Add ansible provisioning (#122)
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* refactor the ansible role a bit
* update readme, add fail validation step to provision.yml and fix
typo when calling a logging funciton
* removing ansible from vulnwhisperer, creating a new repo for ansible deployment
* closed ticket metrics only get last 12 months tickets
* Update README.md
Fixing travis link
* Restoring custom qualys wrapper
* Restoring custom qualys wrapper
* Update README.md
* Updated the visualizations to support the 6.x ELK stack
* making the text message more generic
* removed visualizations that were not part of a dashboard
* Built a single file, since Kibana allows for that. Created a new scripted value in the logstash-vulnwhisperer that will allow uniqu fingerprinting. Updated all visualizations to support the unqiue count of the scan_fingerprint. Fixes#130Fixes#126Fixes#111
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* first ansible skeleton
* first commit of ansible installation of vulnwhisperer outside docker
* refactor the ansible role a bit
* update readme, add fail validation step to provision.yml and fix
typo when calling a logging funciton
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* initialize variable fullpath to avoid break
* fix get latest scan entry from db and ignore 'potential' not verified vulns
* added host resolv + cache to speed already resolved, jira logging
* make sure that vulnerability criticality appears as a label on ticket + automatic actions
* jira bulk report of scans, fix on nessus logging, jira time resolution and list all ticket reported assets
* added jira ticket data download + change default time window from 6 to 12 months
* small fixes
* jira logstash files
* fix variable confusion (thx Travis :)
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* delete qualysapi fork and added to requirements
* Rework logging using the stdlib machinery
Use the verbose or debug flag to enable/disable logging.DEBUG
Remove the vprint function from all classes
Remove bcolors from all code
Cleanup [INFO], [ERROR], {success} and similar
* fix some errors my local linter missed but travis catched
* add coloredlogs and --fancy command line flag
* update qualysapi to latest + PR and refactored vulnwhisperer qualys module to qualys-web
* changing config template paths for qualys
* Update frameworks_example.ini
Will leave for now qualys local folder as "qualys" instead of changing to one for each module, as like this it will still be compatible with the current logstash and we will be able to update master to drop the qualysapi fork once the new version is uploaded to PyPI repository.
PR from qualysapi repo has already been merged, so the only missing is the upload to PyPI.
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* jira module gets now minimum criticality from config file
* added jira config to frameworks_example.ini
* fail check for config variable in case it is left empty
* clean OS X .DS_Store files
* fix nessus end of line carriage, added JIRA args
* JIRA module fully working
* jira module working with nessus
* added check on already existing jira config, update README
* qualys_vm<->jira working, qualys_vm database entries with qualys_vm, improved checks
* JIRA module updates ticket's assets and comments update
* added JIRA auto-close function for resolved vulnerabitilies
* fix if components variable empty issue
* fix creation of new ticket after updating existing one
* final fixes, added extra line in template
* added vulnerability criticality as label in order to be able to filter
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* fix docker-compose logstash config
* permissions needed for logstash container to work
* changing default path qualys, there are no folders
* ignore nessus requests warnings
* docker-compose fully working with vulnwhisperer integrated
* remove comments docker-compose
* documenting docker-compose
* Readme corrections
* fix after recheck everything works out of the box
* fix exits that break the no specified section execution mode
* fix docker qualysapi issue, updated README
* revert change on deps/qualysapi/qualysapi/util.py (no effect)
* temporarily changed Dockerfile link to the working one
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* No need to specify section to run
Until now it vulnwhisperer was not running if a section was not specified,
but there is the variable "enabled" on each module config, so now it will
check which modules are enabled and run them sequentialy.
Made mainly in order to be able to automate with docker-compose instance,
as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer)
has that command run at the end.
* added to readme + detectify
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Add Qualys vulnerability scans
* Use non-zero exit codes for failures
* Convert to strings for Logstash
* Update logstash config for vulnerability scans
* Update README
* Grab all scans statuses
* Fix error: "Cannot convert non-finite values (NA or inf) to integer"
When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:
[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer
This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.
Taking out the last line solves the issue.
Also adding the qualys_vuln scheme to the frameworks_example.ini
* Update template to Elasticsearch 5.x
* Update template to Elasticsearch 5.x
I think _all field is no longer needed from ES 5.x because of the search all field execution if _all is disabled
