Closed neo4u closed 7 years ago
False alarm. This was due to pip3 installation issue.
Great to hear it. I hadn't gotten around to looking at it yet. I admit I mostly still code in python 2.7
Yeah. I realized that and made some changes. Hey so while you're online I thought I'd ask. Is there anything in this repo that download's scan results in a JSON format? I see the current implementation only downloads the .nessus files. Is that the most efficient way to download the scan results?
Python 2.7 or 3.5 this is the only project out there doing this. So good job. 👍
What's the use case for downloading everything? Wouldn't make more sense to only pull what your specifically looking for from the aggregate?
I am trying to import each host and its vulnerabilities. But I said "all data" to mean that I'm trying to replicate the database onto a different DB Server to keep store historic information and create a Vuln-Intel server and only store up to 3 months of historic data on the Nessus SecurityCenters for performance.
Is there any method in the currently implementation ...Perhaps someway to use the analysis method to get each asset and its vulnerabilities?
so the repositories will naturally keep state. the only thing in the repositories that grow is the snapshots. Those are only used for trendlines. if your trying to keep the SC dataset down, I'd recommend you either disable the snapshotting, or set the snapshotting to NOT do full test searching. I know it sounds counter-intuitive, but trust me.
As for a method to get each asset & it's vulns...you'd likely be handling everything via the 'vulndetails' tool.
Thank you so much for the advise. I would like to contribute to this project whenever possible. I will raise pull requests whenever I do so, mostly towards supporting python3. Some of the places the library has been changed to only support python3 and some its only python2 so since python2 is going to be phased out, I thought it might be easier to just stick to python3.
Also, my team at work is going to copy the logic of this repo out into a ruby gem, with an open source license. Hope that is okay with you.
Last thing, I don't see the 'vulndetails' tool in the SC5 API documentation. Is that a SC4 thing or is this piece of information missing from the documentation? Where did you find it for your reference?
from securitycenter import SecurityCenter5
fails for python3. Any reasons why?