Closed shodanwashere closed 4 months ago
You can add it also here. I will take a look at it.
Here's also the
@timestamp,cve_attack_vector,cve_caused_by_package,cve_container_image,scan_id,cve_container_image_id,cve_cvss_score,cve_description,cve_fixed_in,cve_id,cve_link,cve_severity,cve_overall_score,cve_type,host_name,cloud_account_id,masked
2024-02-22 15:54:17.939 +0000 UTC,cvss:3.1/av:l/ac:l/pr:n/ui:r/s:u/c:n/i:n/a:l,libsepol:2.5-8.1.amzn2.0.2,aws-node / secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,8031c90cd679ae9fb4d2689e645205d1b403e970b2fbcc19249a8b851996bacf-1708612867,8031c90cd679ae9fb4d2689e645205d1b403e970b2fbcc19249a8b851996bacf,3.3,The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).,2.5-10.amzn2.0.1,CVE-2021-36084,https://www.cve.org/CVERecord?id=CVE-2021-36084,low,3.3,base,secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,,False
2024-02-07 16:03:35.325 +0000 UTC,cvss:3.1/av:l/ac:l/pr:l/ui:n/s:u/c:h/i:n/a:n,libcurl3-gnutls:7.74.0-1.3+deb11u7,celery / secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,6e86b864c9e8c64b006074335819dbfad83a183ddda541edf3e755586d25870c-1707316590,6e86b864c9e8c64b006074335819dbfad83a183ddda541edf3e755586d25870c,5.5,"An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.",8.0.1-1.amzn2.0.1,CVE-2023-27538,https://www.cve.org/CVERecord?id=CVE-2023-27538,medium,5.5,base,secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,,False
2024-02-07 16:10:15.317 +0000 UTC,av:l/ac:h/au:n/c:c/i:n/a:n,openssl:1.1.1w-0+deb11u1,deepfence-agent / secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,d8e1a0a630121994c1f6cf7486c2573781827c0c7c779860ce88b9eb0777218e-1707316590,d8e1a0a630121994c1f6cf7486c2573781827c0c7c779860ce88b9eb0777218e,4.0,"OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a ""fault-based attack.""",,CVE-2010-0928,https://www.cve.org/CVERecord?id=CVE-2010-0928,medium,4.0,base,secpipe-core-prd-ip-10-xxx-xx-xx.eu-west-1.compute.internal,,False
@shodanwashere you can review the PR
@shodanwashere Do you have any docs/instructions/something on how someone else who has Threatmapper can reproduce the CSVs you've provided for the tool?
I'm wondering if having a parser that takes in CSVs that aren't easy to replicate for others makes sense or is just going to generate a bunch of Github issues we can't answer since we don't have experience with that tool.
@shodanwashere, could you please answer the question of @mtesauro? Then, I can finish the PR
@shodanwashere, could you please answer the question of @mtesauro? Then, I can finish the PR
yes of course sorry, i've had some parallel issues on my side and didnt have the time to check this issue
@shodanwashere Do you have any docs/instructions/something on how someone else who has Threatmapper can reproduce the CSVs you've provided for the tool?
I'm wondering if having a parser that takes in CSVs that aren't easy to replicate for others makes sense or is just going to generate a bunch of Github issues we can't answer since we don't have experience with that tool.
Threatmapper currently only returns reports in either PDF (which is not easily consumable) and XLSX (Excel spreadsheet). The team that is administrating threatmapper at my organization wrote this simple python script to convert those spreadsheets to CSV:
import pandas as pd
# Path to your Excel file
excel_file = 'threatmapperreport.xlsx'
# Read the Excel file into a pandas DataFrame
df = pd.read_excel(excel_file)
# Path to save the CSV file
csv_file = 'threatmapperreport.csv'
# Save the DataFrame to a CSV file
df.to_csv(csv_file, index=False)
It's a crude method, but since Threatmapper doesn't export to more easily consumable formats like JSON, XML or even CSV, we had to come up with this method.
Hi @shodanwashere , could you then rather support .xlsx files as we could parse them here as well?
Reminder @shodanwashere
Reminder @shodanwashere. Could you please provide .xlsx files?
ComplianceReport.xlsx MalwareReport.xlsx VulnerabilityReport.xlsx SecretReport.xlsx
@manuel-sommer here you go sorry for the late response
@shodanwashere
Threatmapper currently only returns reports in either PDF (which is not easily consumable) and XLSX (Excel spreadsheet).
In ThreatMapper, if you use HTTP Endpoint
integration, it sends in JSON.
Let's first get xlsx merged in the PR and then, I can make followup PR to also provide JSON
However, if you want, you can provide sample files in JSON @ibreakthecloud
However, if you want, you can provide sample files in JSON @ibreakthecloud
@manuel-sommer attaching example json for vulnerability. LMK if you need files for other types of scans too.
context: ThreatMapper has an HTTP Endpoint
where we can configure it with a webhook url, and resource(vulnerability, secret,malware,etc) and threatmapper will POST the result JSON on the url. If DefectDojo exposes an webhook url that supports POSTing JSON, it will work out of the box.
vulnerability-http-endpoint.json
p.s: I am one of the maintainers of Deepfence/ThreatMapper. Feel free to reach out, in case if you need any help.
@manuel-sommer any updates?
Waiting for the pending Review
Hey all! Any updates on the review needed for the pull request? It's been about a month since my last update request, but I got no response... if any of you could give me any feedback, I'd appreciate it a lot.
See #9688
@shodanwashere can you close this issue?
Scanner Name Deepfence Threatmapper is an open source cloud native security observability platform, focused on verifying vulnerabilities, exposed secrets, malware and security compliance on platforms like AWS Fargate, Kubernetes, Linux, etc. https://github.com/deepfence/ThreatMapper
Sample File Threatmapper has several types of reports. Currently, there isnt a proper export format for its reports, but I've converted some of their reports into CSV for easier consumption.
Compliance Report
Malware Report
Secret Report
I also wanted to include the vulnerability report but the way it was converted doesn't seem to follow CSV standards, so I may have to include it on this issue or open a new one with a request for that report type at a later date.