-
Notifications
You must be signed in to change notification settings - Fork 103
Using Asset Filter Searching and Dynamic Asset Groups
Here's a walk-through of how to use Asset Filters and Dynamic Asset Groups, which build upon Asset Filtering. This walk-through is valid as of version 0.5.0 of the gem.
In order to keep verbosity to a minimum, all of the examples assume that the Nexpose module has been included:
include NexposeAs with all uses of the gem, in order to interact with a Nexpose console you will need an active, valid connection. The following line can be assumed for all code below:
nsc = Connection.new('10.2.0.1', 'nxadmin', 'secret-password')
nsc.loginIf you simply wish to search based upon a single criterion, you can use the filter method. This will return all assets with "linux" in the OS name.
assets = nsc.filter(Search::Field::OS, Search::Operator::CONTAINS, 'linux')For more complex queries, you'll want to build up the search criteria. Here is a search for all Linux assets which are also running SSH. By default, the search will try to match all criteria.
linux = Criterion.new(Search::Field::OS, Search::Operator::CONTAINS, 'linux')
ssh = Criterion.new(Search::Field::SOFTWARE, Search::Operator::CONTAINS, 'ssh')
criteria = Criteria.new([linux, ssh])
assets = nsc.search(criteria)If you wish to search for "any" criteria, you need to qualify the match when creating the criteria. This searches for any assets with PHP or Apache vulnerability findings.
php = Criterion.new(Search::Field::VULNERABILITY, Search::Operator::CONTAINS, 'php')
apache = Criterion.new(Search::Field::VULNERABILITY, Search::Operator::CONTAINS, 'apache')
criteria = Criteria.new([php, apache], 'OR')
assets = nsc.search(criteria)Dynamic Asset Groups share the Criteria construct to define the group. A list of the groups and matching assets can be accessed through the existing groups API.
To create a dynamic asset group, you must have criteria for it to be based on. The following creates a group based upon vulnerabilities with high CVSS scores.
cvss = Criterion.new(Search::Field::CVSS_SCORE, Search::Operator::GREATER_THAN, 9.0)
criteria = Criteria.new(cvss)
dag = DynamicAssetGroup.new('High CVSS Vuln Assets', criteria, 'All assets with a vuln finding greater than 9.0')
dag.save(nsc)To pull in and edit an existing configuration, you need to use the specialized classes. Saving an existing dynamic group using the static methods will convert groups to static groups. The following loads and modifies a group to match only Linux machines.
dag = DynamicAssetGroup.load(nsc, 159)
linux = Criterion.new(Search::Field::OS, Search::Operator::CONTAINS, 'linux')
dag.criteria.criteria << linux
dag.name = 'High CVSS Linux'
dag.save(nsc)Project Home 🔹 Release Notes 🔹 Wiki 🔹 Issues 🔹 Pull Requests