def run(self, params={}):
# Generate unique identifier for report names
identifier = uuid.uuid4()
scan_id = params.get(Input.SCAN_ID)
# Report to collect site ID and asset IDs of scan
report_payload = {
'name': f"Rapid7-ScanAssets-InsightConnect-{identifier}",
'format': 'sql-query',
'query': 'SELECT site_id, asset_id '
'FROM dim_site_scan AS dss '
'JOIN dim_asset_scan AS das ON das.scan_id = dss.scan_id',
'version': '2.3.0',
'scope': {'scan': scan_id}
}
report_contents = util.adhoc_sql_report(self.connection, self.logger, report_payload)
self.logger.info(f"Processing Assets of Scan ID {scan_id}")
# Extract site ID and asset IDs
scan_asset_ids = set()
scan_site_id = None
try:
csv_report = csv.DictReader(io.StringIO(report_contents['raw']))
except Exception as e:
raise PluginException(cause=f"Error: Failed to process query response for assets returned for "
f"scan ID {scan_id}.",
assistance=f"Exception returned was {e}")
for row in csv_report:
scan_asset_ids.add(int(row["asset_id"]))
# Assign site ID for scan
if scan_site_id is None:
scan_site_id = row["site_id"]
# Get assets of site of scan
resource_helper = ResourceRequests(self.connection.session, self.logger)
search_criteria = {
"filters": [
{
"field": "site-id",
"operator": "in",
"values": [scan_site_id]
}
],
"match": "all"
}
self.logger.info("Performing filtered asset search with criteria %s" % search_criteria)
endpoint = endpoints.Asset.search(self.connection.console_url)
site_assets = resource_helper.paged_resource_request(endpoint=endpoint,
method='post',
payload=search_criteria)
# Filter assets to specific scan assets
filtered_assets = [asset for asset in site_assets if asset["id"] in scan_asset_ids]
return {Output.ASSETS: filtered_assets}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
tag_name = params.get("name")
tag_type = params.get("type")
endpoint = endpoints.Tag.tags(self.connection.console_url)
self.logger.info("Using %s ..." % endpoint)
tags = resource_helper.paged_resource_request(endpoint=endpoint)
if tag_name == '':
tag_name = None
if tag_type == '':
tag_type = None
if tag_name or tag_type:
regex = re.compile(tag_name, re.IGNORECASE)
filtered_tags = []
for t in tags:
if tag_name and tag_type:
if (regex.match(t['name'])) and (t['type'] == tag_type):
filtered_tags.append(t)
else:
if (regex.match(t['name'])) or (t['type'] == tag_type):
filtered_tags.append(t)
self.logger.info("Returning %d tags based on filters..." %
(len(filtered_tags)))
tags = filtered_tags
return {"tags": tags}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
payload = {}
scope = {}
submit = {}
scope['id'] = params.get('scope')
scope['type'] = params.get('type')
if scope['type'] == 'Instance':
if params.get('key', '') != '':
scope['key'] = params.get('key')
if params.get('port', 0) != 0:
scope['port'] = params.get('port')
scope['vulnerability'] = params.get('vulnerability')
submit['reason'] = params.get('reason', 'Other')
submit['comment'] = params.get('comment',
'Created with InsightConnect')
payload['scope'] = scope
payload['submit'] = submit
payload['expires'] = params.get('expiration', '')
if payload['expires'] == '':
payload.pop('expires', None)
payload['state'] = 'Under Review'
endpoint = endpoints.VulnerabilityException.vulnerability_exceptions(
self.connection.console_url)
response = resource_helper.resource_request(endpoint=endpoint,
method='post',
payload=payload)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
cve_id = params.get("cve_id")
endpoint = endpoints.Vulnerability.vulnerability_checks(
self.connection.console_url)
self.logger.info(f"Using {endpoint}...")
params = {"search": cve_id}
results = resource_helper.paged_resource_request(endpoint=endpoint,
method="get",
params=params)
# Get unique vulnerability IDs
vuln_ids = set()
for r in results:
vuln_ids.add(r["vulnerability"])
self.logger.info(
f"Received {len(vuln_ids)} vulnerability IDs from search, getting details..."
)
# Get vulnerability details
vulns = []
for v in vuln_ids:
endpoint = endpoints.Vulnerability.vulnerability(
self.connection.console_url, v)
response = resource_helper.resource_request(endpoint=endpoint)
vulns.append(response)
return {"vulnerabilities": vulns}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
endpoint = endpoints.Site.sites(self.connection.console_url)
self.logger.info(f"Using {endpoint} ...")
payload = params
# Construct Scan Scope for site
assets = {
"includedTargets": {"addresses": params['included_addresses']},
"excludedTargets": {"addresses": params['excluded_addresses']},
"includedAssetGroups": {"assetGroupIDs": params['included_asset_groups']},
"excludedAssetGroups": {"assetGroupIDs": params['excluded_asset_groups']}
}
scan_scope = {"assets": assets}
payload['scan'] = scan_scope
delete_keys = ['excluded_addresses', 'excluded_asset_groups', 'included_addresses',
'included_asset_groups']
for k in list(payload.keys()):
if k in delete_keys:
del(payload[k])
self.logger.info(f"Sending Payload: {payload}")
response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
name = params.get("name")
endpoint = endpoints.ScanEnginePool.scan_engine_pools(
self.connection.console_url)
engine_pools = resource_helper.resource_request(endpoint=endpoint)
# Not paged for some reason...
engine_pools = engine_pools["resources"]
# Process filters
if name == "":
name = None
if name:
regex = re.compile(name, re.IGNORECASE)
filtered_engine_pools = []
for e in engine_pools:
if regex.match(e["name"]):
filtered_engine_pools.append(e)
self.logger.info(
"Returning %d scan engine pools based on filters..." %
(len(filtered_engine_pools)))
engine_pools = filtered_engine_pools
# Add an engines key to the default engine pool if it's in the list...
for e in engine_pools:
if e["name"] == "Default Engine Pool":
e["engines"] = []
return {"scan_engine_pools": engine_pools}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
name = params.get("name")
endpoint = endpoints.AssetGroup.asset_groups(
self.connection.console_url)
self.logger.info("Using %s ..." % endpoint)
groups = resource_helper.paged_resource_request(endpoint=endpoint)
if name == '':
name = None
if name:
regex = re.compile(name, re.IGNORECASE)
filtered_groups = []
for g in groups:
if regex.match(g['name']):
filtered_groups.append(g)
self.logger.info("Returning %d asset groups based on filters..." %
(len(filtered_groups)))
groups = filtered_groups
return {"asset_groups": groups}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
validate = ValidateUser(self.connection.session, self.logger)
endpoint = endpoints.User.users(self.connection.console_url, params.get('user_id'))
self.logger.info("Using %s ..." % endpoint)
# Get the existing details so the specific role ID key can be modified
payload = resource_helper.resource_request(endpoint=endpoint)
# Delete keys not required for user update
del(payload['links'])
del(payload['role']['name'])
del(payload['role']['privileges'])
# Set role and permissions
payload['role']['id'] = params.get('role_id')
payload['role']['allAssetGroups'] = params.get('access_all_asset_groups')
payload['role']['allSites'] = params.get('access_all_sites')
# Validate/fix the user configuration
payload = validate.validate_user(self.connection.console_url, payload)
# Modify the role if validated
response = resource_helper.resource_request(endpoint=endpoint, method='put', payload=payload)
return response
def run(self, params={}):
# Note: ID is not a required payload parameter despite the API docs saying it is
# Providing it actually causes the request to fail
resource_helper = ResourceRequests(self.connection.session,
self.logger)
endpoint = endpoints.ScanEngine.scan_engines(
self.connection.console_url)
payload = params
self.logger.info("Creating scan engine...")
try:
response = resource_helper.resource_request(endpoint=endpoint,
method='post',
payload=payload)
except Exception as e:
if "An unexpected error occurred." in str(e):
error = 'Security console failed to connect to scan engine'
elif "errors with the input or parameters supplied" in str(e):
error = f"{str(e)} - " \
f"This may be due to an engine with this IP or name already existing in the Security Console."
else:
error = e
raise PluginException(preset=PluginException.Preset.UNKNOWN,
data=error)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
payload = {}
scope = {}
submit = {}
scope["id"] = params.get("scope")
scope["type"] = params.get("type")
if scope["type"] == "Instance":
if params.get("key", "") != "":
scope["key"] = params.get("key")
if params.get("port", 0) != 0:
scope["port"] = params.get("port")
scope["vulnerability"] = params.get("vulnerability")
submit["reason"] = params.get("reason", "Other")
submit["comment"] = params.get("comment",
"Created with InsightConnect")
payload["scope"] = scope
payload["submit"] = submit
payload["expires"] = params.get("expiration", "")
if payload["expires"] == "":
payload.pop("expires", None)
payload["state"] = "Under Review"
endpoint = endpoints.VulnerabilityException.vulnerability_exceptions(
self.connection.console_url)
response = resource_helper.resource_request(endpoint=endpoint,
method="post",
payload=payload)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
site_id = params.get("id")
state = params.get("active")
params = {"active": state}
#
# If a filter was provided, first get the site name because it's not provided
# in the results from the site scans endpoint and this action should be
# consistent even when the API is not.
#
if site_id:
endpoint = endpoints.Site.sites(self.connection.console_url,
site_id)
response = resource_helper.resource_request(endpoint)
site_name = response["name"]
endpoint = endpoints.Scan.site_scans(self.connection.console_url,
site_id)
else:
site_name = None
endpoint = endpoints.Scan.scans(self.connection.console_url)
response = resource_helper.paged_resource_request(endpoint=endpoint,
params=params)
# Add the name and ID if necessary
if site_id:
for r in response:
r["siteId"] = site_id
r["siteName"] = site_name
return {"scans": response}
def run(self, params={}):
days_left = params.get(Input.EXPIRES_IN_LESS_THAN)
params = {"sort": "expires,ASC"}
# Get all the exceptions
resource_helper = ResourceRequests(self.connection.session,
self.logger)
endpoint = endpoints.VulnerabilityException.vulnerability_exceptions(
self.connection.console_url)
response = resource_helper.resource_request(endpoint=endpoint,
method="get",
params=params)
resources = response.get("resources", [])
exceptions_to_return = []
# This looks for any exceptions that are expiring sooner than the
# days specified by the user. It appends any that are to the output array.
for i, exception in enumerate(resources):
expires = exception.get("expires")
if expires: # If an exception is set to never expire, it will not have an expires key
days = (
datetime.now() -
datetime.strptime(expires, "%Y-%m-%dT%H:%M:%S.%fZ")).days
if days > (
-days_left
): # Expiration dates should be in the future, thus -days_left
exceptions_to_return.append(exception)
return {Output.EXCEPTIONS: exceptions_to_return}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
validate = ValidateUser(self.connection.session, self.logger)
endpoint = endpoints.User.users(self.connection.console_url)
self.logger.info("Using %s ..." % endpoint)
# Set dict params and delete the original keys
payload = params
payload['authentication'] = {
"type": payload.get("authentication_type")
}
# Handle default value which is invalid
if payload.get("authentication_id") != 0:
payload['authentication']['id'] = payload.get("authentication_id")
payload['role'] = {
'allAssetGroups': payload.get('access_all_asset_groups'),
'allSites': payload.get('access_all_sites'),
'id': payload.get('role_id'),
'superuser': payload.get('superuser')
}
delete_keys = ['authentication_id', 'authentication_type', 'access_all_asset_groups',
'access_all_sites', 'role_id', 'superuser']
for k in list(payload.keys()):
if k in delete_keys:
del(payload[k])
# Validate/fix the user configuration
payload = validate.validate_user(self.connection.console_url, payload)
response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
self.logger.info(f"Deleting site ID {params.get(Input.ID)}")
endpoint = endpoints.Site.sites(self.connection.console_url, params.get(Input.ID))
response = resource_helper.resource_request(endpoint=endpoint, method="delete")
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
site_id = params.get("id")
endpoint = endpoints.Site.sites(self.connection.console_url, site_id)
self.logger.info("Using %s ..." % endpoint)
site = resource_helper.resource_request(endpoint)
return {"site": site}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
endpoint = endpoints.User.users(self.connection.console_url, params.get("id"))
self.logger.info("Using %s ..." % endpoint)
response = resource_helper.resource_request(endpoint)
return {"user": response}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
id_ = params['exception_id']
endpoint = endpoints.VulnerabilityException.vulnerability_exception(self.connection.console_url, id_)
response = resource_helper.resource_request(endpoint=endpoint, method='delete')
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
tag_id = params.get("id")
endpoint = endpoints.Tag.tags(self.connection.console_url, tag_id)
self.logger.info("Using %s ..." % endpoint)
tag = resource_helper.resource_request(endpoint)
return {"tag": tag}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
tag_id = params.get("id")
self.logger.info("Deleting asset group ID %d" % tag_id)
endpoint = endpoints.AssetGroup.asset_groups(self.connection.console_url, tag_id)
response = resource_helper.resource_request(endpoint=endpoint, method="delete")
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
tag_id = params.get("id")
endpoint = endpoints.Tag.tag_asset_groups(self.connection.console_url, tag_id)
self.logger.info("Using %s ..." % endpoint)
response = resource_helper.resource_request(endpoint=endpoint, method="delete")
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
endpoint = endpoints.User.users(self.connection.console_url, params.get("id"))
self.logger.info("Using %s ..." % endpoint)
# Get the existing details so the specific role ID key can be modified
response = resource_helper.resource_request(endpoint=endpoint, method="delete")
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
endpoint = endpoints.User.user_sites(self.connection.console_url, params.get('user_id'))
payload = params.get('site_ids')
self.logger.info("Using %s ..." % endpoint)
response = resource_helper.resource_request(endpoint=endpoint, method='put', payload=payload)
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
id = params.get("id")
endpoint = endpoints.Vulnerability.vulnerability(
self.connection.console_url, id)
self.logger.info(f"Using {endpoint}...")
response = resource_helper.resource_request(endpoint=endpoint)
return {"vulnerability": response}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
engine_pool_id = params.get("id")
endpoint = endpoints.ScanEnginePool.scan_engine_pools(self.connection.console_url, engine_pool_id)
response = resource_helper.resource_request(endpoint=endpoint)
# Add the engines key if it is the Default Engine Pool
if response["name"] == "Default Engine Pool":
response["engines"] = []
return {"scan_engine_pool": response}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
endpoint = endpoints.AuthenticationSource.authentication_sources(
self.connection.console_url, params.get("id"))
self.logger.info("Using %s ..." % endpoint)
response = resource_helper.resource_request(endpoint=endpoint)
return {"authentication_source": response}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session, self.logger)
asset_id = params.get("asset_id")
tag_id = params.get("tag_id")
endpoint = endpoints.Asset.asset_tags(self.connection.console_url, asset_id, tag_id)
self.logger.info("Using %s ..." % endpoint)
response = resource_helper.resource_request(endpoint=endpoint, method='put')
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
engine_id = params.get("id")
endpoint = endpoints.ScanEngine.scan_engines(
self.connection.console_url, engine_id)
response = resource_helper.resource_request(endpoint=endpoint,
method="delete")
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
endpoint = endpoints.ScanEnginePool.scan_engine_pools(
self.connection.console_url, params['id'])
response = resource_helper.resource_request(endpoint=endpoint,
method='delete')
return response
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
asset_group_id = params.get("id")
endpoint = endpoints.AssetGroup.asset_groups(
self.connection.console_url, asset_group_id)
self.logger.info("Using %s ..." % endpoint)
asset_group = resource_helper.resource_request(endpoint)
return {"asset_group": asset_group}
def run(self, params={}):
resource_helper = ResourceRequests(self.connection.session,
self.logger)
asset_id = params.get(Input.ID)
endpoint = endpoints.Asset.assets(self.connection.console_url,
asset_id)
self.logger.info("Using %s ..." % endpoint)
asset = resource_helper.resource_request(endpoint)
return {Output.ASSET: asset}
