Save point #3

rapid7 · Dec 13, 2023 · 111cb2c · 111cb2c
1 parent 8c17fc8
commit 111cb2c
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 15 deletions.
diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py
@@ -5,3 +5,4 @@
 from .new_exception_request.trigger import NewExceptionRequest
 
 from .scan_completion.trigger import ScanCompletion
+
diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py
@@ -11,6 +11,7 @@ class Input:
     ASSET_GROUP = "asset_group"
     CVE = "cve"
     HOSTNAME = "hostname"
+    INTERVAL = "interval"
     IP_ADDRESS = "ip_address"
     RISK_SCORE = "risk_score"
     SITE_ID = "site_id"
@@ -38,45 +39,55 @@ class ScanCompletionInput(insightconnect_plugin_runtime.Input):
       "type": "string",
       "title": "Asset Group",
       "description": "Asset Group",
-      "order": 2
+      "order": 3
     },
     "cve": {
       "type": "string",
       "title": "CVE",
       "description": "CVE",
-      "order": 6
+      "order": 7
     },
     "hostname": {
       "type": "string",
       "title": "Hostname",
       "description": "Hostname",
-      "order": 3
+      "order": 4
+    },
+    "interval": {
+      "type": "integer",
+      "title": "Interval",
+      "description": "How often the trigger should check for new vulnerability",
+      "default": 5,
+      "order": 1
     },
     "ip_address": {
       "type": "string",
       "title": "IP Address",
       "description": "IP Address",
-      "order": 4
+      "order": 5
     },
     "risk_score": {
       "type": "integer",
       "title": "Risk Score",
       "description": "Risk score",
-      "order": 5
+      "order": 6
     },
     "site_id": {
       "type": "string",
       "title": "Site ID",
       "description": "Site ID",
-      "order": 1
+      "order": 2
     },
     "source": {
       "type": "string",
       "title": "Source",
       "description": "Source",
-      "order": 7
+      "order": 8
     }
   },
+  "required": [
+    "interval"
+  ],
   "definitions": {}
 }
     """)

diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py
@@ -69,6 +69,7 @@ def run(self, params={}):
                     "value": site_id,
                 }
             )
+        z = {"filters": x, "match": "any"}
 
         # Build API call
         resource_helper = ResourceRequests(self.connection.session, self.logger)
@@ -83,10 +84,14 @@ def run(self, params={}):
 
         while True:
             while True:
-
+                endpoint_asset_search = Asset.search(self.connection.console_url)
                 endpoint = Asset.assets(self.connection.console_url, last_id + 1)
+
+                asset_search_response = resource_helper.resource_request(
+                    endpoint=endpoint_asset_search, method="post", payload=z
+                )
                 try:
-                    asset_response = resource_helper.resource_request(endpoint=endpoint, method="post")
+                    asset_assets_response = resource_helper.resource_request(endpoint=endpoint, method="get")
                 except Exception:
                     break
 
@@ -96,20 +101,20 @@ def run(self, params={}):
                 except Exception:
                     break
 
-                vuln_data = vuln_response.get('resources')[0]
+                vuln_data = vuln_response.get("resources")[0]
                 last_id += 1
 
                 self.send(
                     {
-                        Output.ASSET_ID: asset_response.get('id'),
-                        Output.HOSTNAME: asset_response.get('hostName'),
-                        Output.IP: asset_response.get('ip'),
+                        Output.ASSET_ID: asset_assets_response.get("id"),
+                        Output.HOSTNAME: asset_assets_response.get("hostName"),
+                        Output.IP: asset_assets_response.get("ip"),
                         Output.NEXPOSE_ID: "???",
-                        Output.SOFTWARE_UPDATE_ID: vuln_data.get('id'),
+                        Output.SOFTWARE_UPDATE_ID: vuln_data.get("id"),
                         Output.SOLUTION_ID: "solution_id",
                         Output.SOLUTION_SUMMARY: "solution_summary",
                         Output.VULNERABILITY_ID: "vulnerability_id",
                     }
                 )
 
-            time.sleep(100)
+            time.sleep(params.get(Input.INTERVAL) * 60)
diff --git a/plugins/rapid7_insightvm/plugin.spec.yaml b/plugins/rapid7_insightvm/plugin.spec.yaml
@@ -4480,6 +4480,13 @@ triggers:
     title: Scan Completed
     description: Fire upon completed scan
     input:
+      interval:
+        title: Interval
+        description: How often the trigger should check for new vulnerability
+        type: integer
+        required: true
+        default: 5
+        example: 5
       site_id:
         title: Site ID
         description: Site ID