From 111cb2c72c6052073594cceae7491b65e228e152 Mon Sep 17 00:00:00 2001 From: conor-mcnally Date: Tue, 7 Nov 2023 15:09:54 +0000 Subject: [PATCH] Save point #3 --- .../triggers/__init__.py | 1 + .../triggers/scan_completion/schema.py | 25 +++++++++++++------ .../triggers/scan_completion/trigger.py | 21 ++++++++++------ plugins/rapid7_insightvm/plugin.spec.yaml | 7 ++++++ 4 files changed, 39 insertions(+), 15 deletions(-) diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py index f678056e1c..b82ed27b79 100755 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/__init__.py @@ -5,3 +5,4 @@ from .new_exception_request.trigger import NewExceptionRequest from .scan_completion.trigger import ScanCompletion + diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py index 69db6eb4ea..6e670ca639 100644 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/schema.py @@ -11,6 +11,7 @@ class Input: ASSET_GROUP = "asset_group" CVE = "cve" HOSTNAME = "hostname" + INTERVAL = "interval" IP_ADDRESS = "ip_address" RISK_SCORE = "risk_score" SITE_ID = "site_id" @@ -38,45 +39,55 @@ class ScanCompletionInput(insightconnect_plugin_runtime.Input): "type": "string", "title": "Asset Group", "description": "Asset Group", - "order": 2 + "order": 3 }, "cve": { "type": "string", "title": "CVE", "description": "CVE", - "order": 6 + "order": 7 }, "hostname": { "type": "string", "title": "Hostname", "description": "Hostname", - "order": 3 + "order": 4 + }, + "interval": { + "type": "integer", + "title": "Interval", + "description": "How often the trigger should check for new vulnerability", + "default": 5, + "order": 1 }, "ip_address": { "type": "string", "title": "IP Address", "description": "IP Address", - "order": 4 + "order": 5 }, "risk_score": { "type": "integer", "title": "Risk Score", "description": "Risk score", - "order": 5 + "order": 6 }, "site_id": { "type": "string", "title": "Site ID", "description": "Site ID", - "order": 1 + "order": 2 }, "source": { "type": "string", "title": "Source", "description": "Source", - "order": 7 + "order": 8 } }, + "required": [ + "interval" + ], "definitions": {} } """) diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py index 4febd4eabd..f2ec21ccbb 100644 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/scan_completion/trigger.py @@ -69,6 +69,7 @@ def run(self, params={}): "value": site_id, } ) + z = {"filters": x, "match": "any"} # Build API call resource_helper = ResourceRequests(self.connection.session, self.logger) @@ -83,10 +84,14 @@ def run(self, params={}): while True: while True: - + endpoint_asset_search = Asset.search(self.connection.console_url) endpoint = Asset.assets(self.connection.console_url, last_id + 1) + + asset_search_response = resource_helper.resource_request( + endpoint=endpoint_asset_search, method="post", payload=z + ) try: - asset_response = resource_helper.resource_request(endpoint=endpoint, method="post") + asset_assets_response = resource_helper.resource_request(endpoint=endpoint, method="get") except Exception: break @@ -96,20 +101,20 @@ def run(self, params={}): except Exception: break - vuln_data = vuln_response.get('resources')[0] + vuln_data = vuln_response.get("resources")[0] last_id += 1 self.send( { - Output.ASSET_ID: asset_response.get('id'), - Output.HOSTNAME: asset_response.get('hostName'), - Output.IP: asset_response.get('ip'), + Output.ASSET_ID: asset_assets_response.get("id"), + Output.HOSTNAME: asset_assets_response.get("hostName"), + Output.IP: asset_assets_response.get("ip"), Output.NEXPOSE_ID: "???", - Output.SOFTWARE_UPDATE_ID: vuln_data.get('id'), + Output.SOFTWARE_UPDATE_ID: vuln_data.get("id"), Output.SOLUTION_ID: "solution_id", Output.SOLUTION_SUMMARY: "solution_summary", Output.VULNERABILITY_ID: "vulnerability_id", } ) - time.sleep(100) + time.sleep(params.get(Input.INTERVAL) * 60) diff --git a/plugins/rapid7_insightvm/plugin.spec.yaml b/plugins/rapid7_insightvm/plugin.spec.yaml index 5af63db6c2..5b88d5b433 100644 --- a/plugins/rapid7_insightvm/plugin.spec.yaml +++ b/plugins/rapid7_insightvm/plugin.spec.yaml @@ -4480,6 +4480,13 @@ triggers: title: Scan Completed description: Fire upon completed scan input: + interval: + title: Interval + description: How often the trigger should check for new vulnerability + type: integer + required: true + default: 5 + example: 5 site_id: title: Site ID description: Site ID