This PR adds two CLI flags to filter which scans get imported/requested and one to list the scans:
-f, --filter: allows supplying a regex pattern to match a scan name (this can also be specified in the config file)
--days: the number of days to look back from the current date for scans (not supported on OpenVAS yet)
--list: lists scans matching the filters and shows their imported/processed status
Other changes:
combined all Logstash config into a single file
create cvss and cvss_severity field which will always be populated from either cvss3 or cvss2
renamed qualys_web -> qualys_was
renamed qualys_vuln -> qualys_vm
renamed plugin -> signature in field mappings
added a helper script to pull Kibana API objects
updated ES index template
Beta 2.0 initial commit
A number of changes in this PR. Many fixes and cleanups, some bug fixes, and the first steps towards a vulnerability standard.
- Nessus and Tenable output as JSON
- Start of vulnerability standard (mapping and transform methods for all modules)
- Removed ELK5
- Overhauled Logstash configs
- Support for alternative Qualys WAS CSV headers
- More unicode fixes
- Mock tests for Qualys WAS and OpenVAS
Todo:
- Continue standardising modules, bring nessus/tenable inline with others
- Write better end-to-end tests and include Qualys WAS and OpenVAS
