def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) validate = ValidateUser(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url, params.get('user_id')) self.logger.info("Using %s ..." % endpoint) # Get the existing details so the specific role ID key can be modified payload = resource_helper.resource_request(endpoint=endpoint) # Delete keys not required for user update del(payload['links']) del(payload['role']['name']) del(payload['role']['privileges']) # Set role and permissions payload['role']['id'] = params.get('role_id') payload['role']['allAssetGroups'] = params.get('access_all_asset_groups') payload['role']['allSites'] = params.get('access_all_sites') # Validate/fix the user configuration payload = validate.validate_user(self.connection.console_url, payload) # Modify the role if validated response = resource_helper.resource_request(endpoint=endpoint, method='put', payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) name = params.get("name") address = params.get("address") endpoint = endpoints.ScanEngine.scan_engines( self.connection.console_url) engines = resource_helper.resource_request(endpoint=endpoint) # Not paged for some reason... engines = engines["resources"] # Process filters if name == "": name = None if address == "": address = None if name: regex = re.compile(name, re.IGNORECASE) filtered_engines = [] for e in engines: if regex.match(e["name"]): filtered_engines.append(e) self.logger.info("Returning %d scan engines based on filters..." % (len(filtered_engines))) engines = filtered_engines if address: regex = re.compile(address, re.IGNORECASE) filtered_engines = [] for e in engines: if regex.match(e["address"]): filtered_engines.append(e) self.logger.info("Returning %d scan engines based on filters..." % (len(filtered_engines))) engines = filtered_engines # Remove the default engine pool if it's in the list... for idx, e in enumerate(engines): if e["name"] == "Default Engine Pool": del engines[idx] # Request engine pools separately because the API is broken atm for e in engines: endpoint = endpoints.ScanEngine.scan_engine_pools( self.connection.console_url, e["id"]) scan_engine_pools_response = resource_helper.resource_request( endpoint=endpoint) pools = [] for pool in scan_engine_pools_response["resources"]: pools.append(pool["id"]) e["enginePools"] = pools return {"scan_engines": engines}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) validate = ValidateUser(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url) self.logger.info("Using %s ..." % endpoint) # Set dict params and delete the original keys payload = params payload['authentication'] = { "type": payload.get("authentication_type") } # Handle default value which is invalid if payload.get("authentication_id") != 0: payload['authentication']['id'] = payload.get("authentication_id") payload['role'] = { 'allAssetGroups': payload.get('access_all_asset_groups'), 'allSites': payload.get('access_all_sites'), 'id': payload.get('role_id'), 'superuser': payload.get('superuser') } delete_keys = ['authentication_id', 'authentication_type', 'access_all_asset_groups', 'access_all_sites', 'role_id', 'superuser'] for k in list(payload.keys()): if k in delete_keys: del(payload[k]) # Validate/fix the user configuration payload = validate.validate_user(self.connection.console_url, payload) response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload) return response
def run(self, params={}): scope = params.get(Input.EXCLUDED_ASSET_GROUPS) resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.Site.site_excluded_asset_groups(self.connection.console_url, params.get(Input.ID)) # Pull current site scope in order to append to list instead of overwriting if not params.get(Input.OVERWRITE): current_scope = resource_helper.resource_request(endpoint=endpoint, method="get") current_asset_group_ids = [group["id"] for group in current_scope["resources"]] self.logger.info("Appending to current list of excluded asset groups") scope.extend(current_asset_group_ids) self.logger.info(f"Using {endpoint} ...") response = resource_helper.resource_request(endpoint=endpoint, method="put", payload=scope) return {"id": params.get(Input.ID), "links": response["links"]}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) payload = {} scope = {} submit = {} scope["id"] = params.get("scope") scope["type"] = params.get("type") if scope["type"] == "Instance": if params.get("key", "") != "": scope["key"] = params.get("key") if params.get("port", 0) != 0: scope["port"] = params.get("port") scope["vulnerability"] = params.get("vulnerability") submit["reason"] = params.get("reason", "Other") submit["comment"] = params.get("comment", "Created with InsightConnect") payload["scope"] = scope payload["submit"] = submit payload["expires"] = params.get("expiration", "") if payload["expires"] == "": payload.pop("expires", None) payload["state"] = "Under Review" endpoint = endpoints.VulnerabilityException.vulnerability_exceptions( self.connection.console_url) response = resource_helper.resource_request(endpoint=endpoint, method="post", payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) site_id = params.get("id") state = params.get("active") params = {"active": state} # # If a filter was provided, first get the site name because it's not provided # in the results from the site scans endpoint and this action should be # consistent even when the API is not. # if site_id: endpoint = endpoints.Site.sites(self.connection.console_url, site_id) response = resource_helper.resource_request(endpoint) site_name = response["name"] endpoint = endpoints.Scan.site_scans(self.connection.console_url, site_id) else: site_name = None endpoint = endpoints.Scan.scans(self.connection.console_url) response = resource_helper.paged_resource_request(endpoint=endpoint, params=params) # Add the name and ID if necessary if site_id: for r in response: r["siteId"] = site_id r["siteName"] = site_name return {"scans": response}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) name = params.get("name") endpoint = endpoints.ScanEnginePool.scan_engine_pools( self.connection.console_url) engine_pools = resource_helper.resource_request(endpoint=endpoint) # Not paged for some reason... engine_pools = engine_pools["resources"] # Process filters if name == "": name = None if name: regex = re.compile(name, re.IGNORECASE) filtered_engine_pools = [] for e in engine_pools: if regex.match(e["name"]): filtered_engine_pools.append(e) self.logger.info( "Returning %d scan engine pools based on filters..." % (len(filtered_engine_pools))) engine_pools = filtered_engine_pools # Add an engines key to the default engine pool if it's in the list... for e in engine_pools: if e["name"] == "Default Engine Pool": e["engines"] = [] return {"scan_engine_pools": engine_pools}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) cve_id = params.get("cve_id") endpoint = endpoints.Vulnerability.vulnerability_checks( self.connection.console_url) self.logger.info(f"Using {endpoint}...") params = {"search": cve_id} results = resource_helper.paged_resource_request(endpoint=endpoint, method="get", params=params) # Get unique vulnerability IDs vuln_ids = set() for r in results: vuln_ids.add(r["vulnerability"]) self.logger.info( f"Received {len(vuln_ids)} vulnerability IDs from search, getting details..." ) # Get vulnerability details vulns = [] for v in vuln_ids: endpoint = endpoints.Vulnerability.vulnerability( self.connection.console_url, v) response = resource_helper.resource_request(endpoint=endpoint) vulns.append(response) return {"vulnerabilities": vulns}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) payload = {} scope = {} submit = {} scope['id'] = params.get('scope') scope['type'] = params.get('type') if scope['type'] == 'Instance': if params.get('key', '') != '': scope['key'] = params.get('key') if params.get('port', 0) != 0: scope['port'] = params.get('port') scope['vulnerability'] = params.get('vulnerability') submit['reason'] = params.get('reason', 'Other') submit['comment'] = params.get('comment', 'Created with InsightConnect') payload['scope'] = scope payload['submit'] = submit payload['expires'] = params.get('expiration', '') if payload['expires'] == '': payload.pop('expires', None) payload['state'] = 'Under Review' endpoint = endpoints.VulnerabilityException.vulnerability_exceptions( self.connection.console_url) response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.Site.sites(self.connection.console_url) self.logger.info(f"Using {endpoint} ...") payload = params # Construct Scan Scope for site assets = { "includedTargets": {"addresses": params['included_addresses']}, "excludedTargets": {"addresses": params['excluded_addresses']}, "includedAssetGroups": {"assetGroupIDs": params['included_asset_groups']}, "excludedAssetGroups": {"assetGroupIDs": params['excluded_asset_groups']} } scan_scope = {"assets": assets} payload['scan'] = scan_scope delete_keys = ['excluded_addresses', 'excluded_asset_groups', 'included_addresses', 'included_asset_groups'] for k in list(payload.keys()): if k in delete_keys: del(payload[k]) self.logger.info(f"Sending Payload: {payload}") response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload) return response
def run(self, params={}): # Note: ID is not a required payload parameter despite the API docs saying it is # Providing it actually causes the request to fail resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.ScanEngine.scan_engines( self.connection.console_url) payload = params self.logger.info("Creating scan engine...") try: response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload) except Exception as e: if "An unexpected error occurred." in str(e): error = 'Security console failed to connect to scan engine' elif "errors with the input or parameters supplied" in str(e): error = f"{str(e)} - " \ f"This may be due to an engine with this IP or name already existing in the Security Console." else: error = e raise PluginException(preset=PluginException.Preset.UNKNOWN, data=error) return response
def run(self, params={}): days_left = params.get(Input.EXPIRES_IN_LESS_THAN) params = {"sort": "expires,ASC"} # Get all the exceptions resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.VulnerabilityException.vulnerability_exceptions( self.connection.console_url) response = resource_helper.resource_request(endpoint=endpoint, method="get", params=params) resources = response.get("resources", []) exceptions_to_return = [] # This looks for any exceptions that are expiring sooner than the # days specified by the user. It appends any that are to the output array. for i, exception in enumerate(resources): expires = exception.get("expires") if expires: # If an exception is set to never expire, it will not have an expires key days = ( datetime.now() - datetime.strptime(expires, "%Y-%m-%dT%H:%M:%S.%fZ")).days if days > ( -days_left ): # Expiration dates should be in the future, thus -days_left exceptions_to_return.append(exception) return {Output.EXCEPTIONS: exceptions_to_return}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) id_ = params['exception_id'] endpoint = endpoints.VulnerabilityException.vulnerability_exception(self.connection.console_url, id_) response = resource_helper.resource_request(endpoint=endpoint, method='delete') return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url, params.get("id")) self.logger.info("Using %s ..." % endpoint) response = resource_helper.resource_request(endpoint) return {"user": response}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) site_id = params.get("id") endpoint = endpoints.Site.sites(self.connection.console_url, site_id) self.logger.info("Using %s ..." % endpoint) site = resource_helper.resource_request(endpoint) return {"site": site}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) self.logger.info(f"Deleting site ID {params.get(Input.ID)}") endpoint = endpoints.Site.sites(self.connection.console_url, params.get(Input.ID)) response = resource_helper.resource_request(endpoint=endpoint, method="delete") return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url, params.get("id")) self.logger.info("Using %s ..." % endpoint) # Get the existing details so the specific role ID key can be modified response = resource_helper.resource_request(endpoint=endpoint, method="delete") return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) tag_id = params.get("id") self.logger.info("Deleting asset group ID %d" % tag_id) endpoint = endpoints.AssetGroup.asset_groups(self.connection.console_url, tag_id) response = resource_helper.resource_request(endpoint=endpoint, method="delete") return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) tag_id = params.get("id") endpoint = endpoints.Tag.tags(self.connection.console_url, tag_id) self.logger.info("Using %s ..." % endpoint) tag = resource_helper.resource_request(endpoint) return {"tag": tag}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) tag_id = params.get("id") endpoint = endpoints.Tag.tag_asset_groups(self.connection.console_url, tag_id) self.logger.info("Using %s ..." % endpoint) response = resource_helper.resource_request(endpoint=endpoint, method="delete") return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url, params.get("id")) self.logger.info("Using %s ..." % endpoint) # Get the existing details so the specific key can be modified payload = resource_helper.resource_request(endpoint=endpoint) # Delete keys not required for user update del payload["links"] del payload["role"]["name"] del payload["role"]["privileges"] # Set status payload["enabled"] = True response = resource_helper.resource_request(endpoint=endpoint, method="put", payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.User.user_sites(self.connection.console_url, params.get('user_id')) payload = params.get('site_ids') self.logger.info("Using %s ..." % endpoint) response = resource_helper.resource_request(endpoint=endpoint, method='put', payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.User.users(self.connection.console_url, params.get('id')) self.logger.info("Using %s ..." % endpoint) # Get the existing details so the specific key can be modified payload = resource_helper.resource_request(endpoint=endpoint) # Delete keys not required for user update del(payload['links']) del(payload['role']['name']) del(payload['role']['privileges']) # Set status payload['enabled'] = False response = resource_helper.resource_request(endpoint=endpoint, method='put', payload=payload) return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) engine_pool_id = params.get('pool_id') engine_id = params.get('engine_id') endpoint = endpoints.ScanEnginePool.scan_engine_pool_engines(self.connection.console_url, engine_pool_id) response = resource_helper.resource_request(endpoint=endpoint) current_engines = response['resources'] if engine_id in current_engines: self.logger.info("Removing scan engine from the pool...") endpoint = endpoints.ScanEnginePool.scan_engine_pool_engines(self.connection.console_url, engine_pool_id, engine_id) response = resource_helper.resource_request(endpoint=endpoint, method='delete') return response else: self.logger.info("Engine was not found in list of associated engines for the pool...") return {"links": response['links']}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) asset_id = params.get(Input.ID) endpoint = endpoints.Asset.assets(self.connection.console_url, asset_id) self.logger.info("Using %s ..." % endpoint) asset = resource_helper.resource_request(endpoint) return {Output.ASSET: asset}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) id = params.get("id") endpoint = endpoints.Vulnerability.vulnerability( self.connection.console_url, id) self.logger.info(f"Using {endpoint}...") response = resource_helper.resource_request(endpoint=endpoint) return {"vulnerability": response}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) endpoint = endpoints.AuthenticationSource.authentication_sources( self.connection.console_url, params.get("id")) self.logger.info("Using %s ..." % endpoint) response = resource_helper.resource_request(endpoint=endpoint) return {"authentication_source": response}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) asset_id = params.get("asset_id") tag_id = params.get("tag_id") endpoint = endpoints.Asset.asset_tags(self.connection.console_url, asset_id, tag_id) self.logger.info("Using %s ..." % endpoint) response = resource_helper.resource_request(endpoint=endpoint, method='put') return response
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) asset_group_id = params.get("id") endpoint = endpoints.AssetGroup.asset_groups( self.connection.console_url, asset_group_id) self.logger.info("Using %s ..." % endpoint) asset_group = resource_helper.resource_request(endpoint) return {"asset_group": asset_group}
def run(self, params={}): resource_helper = ResourceRequests(self.connection.session, self.logger) engine_id = params.get("id") endpoint = endpoints.ScanEngine.scan_engines( self.connection.console_url, engine_id) response = resource_helper.resource_request(endpoint=endpoint, method="delete") return response