search

GhostManager / Ghostwriter

The SpecterOps project management and reporting engine
https://ghostwriter.wiki
BSD 3-Clause "New" or "Revised" License
1.23k stars 174 forks source link

Bulk Import Finding CSV File Failed #392

Closed g33kroid closed 2 months ago

g33kroid commented 4 months ago

Describe the bug Importing Findings CSV File Failed with Errors

To Reproduce Go To Admin Bulk Finding Upload Import CSV File Formated Below

id,severity,cvss_score,cvss_vector,title,description,impact,mitigation,replication_steps,host_detection_techniques,network_detection_techniques,references,finding_guidance,tags
CVE-2023-0001,MEDIUM,6,CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H,Cortex XDR Agent: Cleartext Exposure of Agent Admin Password,An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext. which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.,An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext. which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.,This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)After you upgrade to a fixed version of the Cortex XDR agent. you must change the agent admin password in case it was already disclosed to users.,There are no known workarounds for this issue.,N/A,N/A,N/A,N/A,N/A
CVE-2023-0002,MEDIUM,5.5,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,Cortex XDR Agent: Product Disruption by Local Windows User,"A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. ","A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. ",This issue is fixed in Cortex XDR agent 5.0.12.22203. Cortex XDR agent 7.5.101-CE. and all later supported Cortex XDR agent versions.,There are no known workarounds for this issue.,N/A,N/A,N/A,N/A,N/A

Expected Behavior It Should Update the findings Database

Screenshots image image

Server Specs:

g33kroid commented 4 months ago

I have added the first row manually and its working fine

image image

I am not sure why the bulk upload is not working

chrismaddalena commented 4 months ago

Hey @g33kroid, the bulk upload fails when it tries to insert/update rows with the provided columns. Your first column is id but the values in that column are CVE numbers, which you seem to intend to be the title value.

For example, here are the first few columns and your first row:

id, severity, cvss_score, cvss_vector, ...
CVE-2023-0001, MEDIUM, 6, CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H, ...

The import tries to interpret CVE-2023-0001 as an id to lookup an existing row and that string won't convert to an integer as a valid id value. The other column headers may also be mismatched. Your third column seems to be the id and the first column seems to be your title.