From c5ad51d032ca2b32a65d580aef457d5e3f378e27 Mon Sep 17 00:00:00 2001 From: Aaron Meihm Date: Mon, 11 Sep 2017 10:43:35 -0500 Subject: [PATCH] include vulnerability summary in indicator details --- runscan/runscan.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/runscan/runscan.py b/runscan/runscan.py index 7323dda..975a986 100755 --- a/runscan/runscan.py +++ b/runscan/runscan.py @@ -145,20 +145,42 @@ class ScanAPIServices(object): # for the indicator value, find the highest level reported vulnerability in the # results for a given host; unknown if credentialed checks is false level = 1 + # seentitles tracks the titles of vulnerabilities we have already seen, so when + # we are counting we don't count the same issue twice (e.g., more than one entry + # may be present if a single vulnerability is represented my more than one + # CVE + seentitles = [] + details = { + 'maximum': 0, + 'high': 0, + 'medium': 0, + 'low': 0, + 'coverage': False + } for v in x['vulnerabilities']: if v['risk'] == 'critical': tv = 4 + if v['name'] not in seentitles: + details['maximum'] += 1 elif v['risk'] == 'high': tv = 3 + if v['name'] not in seentitles: + details['high'] += 1 elif v['risk'] == 'medium': tv = 2 + if v['name'] not in seentitles: + details['medium'] += 1 elif v['risk'] == 'low': tv = 1 + if v['name'] not in seentitles: + details['low'] += 1 else: tv = 0 + seentitles.append(v['name']) if tv > level: level = tv if x['credentialed_checks']: + details['coverage'] = True if level == 4: lind = 'maximum' elif level == 3: @@ -177,7 +199,7 @@ class ScanAPIServices(object): 'timestamp_utc': pytz.timezone('UTC').localize(datetime.datetime.utcnow()).isoformat(), 'event_source_name': 'scanapi', 'likelihood_indicator': lind, - 'details': {} + 'details': details } headers = {'SERVICEAPIKEY': self._sapikey} r = requests.post(self._sapiurl + '/api/v1/indicator', data=json.dumps(ind), headers=headers)