NexposeEmailParserForVuln
Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
javascript · Rapid7 InsightVM
Source
var report = args.report ? args.report : incidents[0].details; var contents = {}; var nodes = report.split(/<\/node>/); for (var i=0; i < nodes.length; i++) { var nodeRegexp = /<node address="(.*)" status="(.*)" device-id="(.*)" site-name="(.*)" site-importance="(.*)" scan-template="(.*)" risk-score="(.*)">/g; var vulnRegexp = /(<test id="(.*)" key="(.*)" status="(.*)" scan-id="(.*)" vulnerable-since="(.*)" pci-compliance-status="fail">)/g; var res = nodes[i].match(/(<test .*>)/g); var match = nodeRegexp.exec(nodes[i]); if (nodes[i] && match) { var vulnCount = nodes[i].match(vulnRegexp) ? nodes[i].match(vulnRegexp).length : '0'; var data = { Address: match[1], Name: match[4], Risk: match[6], Status: match[2], Importance: match[5], Vulnerabilities: vulnCount }; for (var j = 0; res && j < res.length; j++) { var current = vulnRegexp.exec(res[j]); if (current) { if (contents[current[2]]) { contents[current[2]].labels.push(data); } else { contents[current[2]] = {labels: [], Name: current[2]}; } } } } } var k = 0; for (var key in contents) { var element = contents[key]; var labels = ''; for (var j = 0; j < element.labels.length; j++) { labels += element.labels[j].Address + ','; } labels = labels.slice(0, -1); if (labels.length > 0) { createNewIncident({ type: 'Nexpose alert', details: JSON.stringify(element.labels), severity: args.defaultNexposeSeverity, name: key, systems: labels }); } } return closeInvestigation({Reason: 'Spawned ' + k + ' child incidents'});
README
Parses the Nexpose report into a clear table that contain risk score and vulnerability count for each server, and creates a new incident for each server.
Script Data
| Name | Description |
|---|---|
| Script Type | javascript |
| Tags | nexpose, ingestion |
Dependencies
This script uses the following commands and scripts.
- nexpose
Inputs
| Argument Name | Description |
|---|---|
| report | The full XML contents of the Nexpose report. If this is not provided, it will be taken from the incident details. |
Outputs
There are no outputs for this script.