search

hammackj / risu

Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
http://hammackj.github.io/risu
MIT License
63 stars 20 forks source link

how to get list of top 10 vulnerabilities found #17

Closed ebdavison closed 13 years ago

ebdavison commented 13 years ago

I need to include a list of the top 10 vulnerabilities found. What object call or code snippet would I use get this list?

hammackj commented 13 years ago

top10vulns = Item.risks_by_plugin(limit)

limit is default to 10. you can do any number really

ebdavison commented 13 years ago

I haven't been able to get the count of the number of the plugins for each of these top 10 items.

How about the top 10 hosts with vulnerabilities?

And the number of hosts with critical, high, medium and low vulnerabilities (as opposed to the number of critical, high, etc.)?

hammackj commented 13 years ago

just add .all.count or .all.size to the query and it will return the counts.

this is the code from the top 10 hosts ordered by vuln count, not sure exactly what you want as there is a graph that already generates that data if i understand you correctly.

            #
            #
            def top_vuln_graph(limit=10)
                g = Gruff::Bar.new(GRAPH_WIDTH)
                g.title = sprintf "Top %d Critical/High Finding Count Per Host ", Item.risks_by_host(limit).all.count
                g.sort = false
                g.theme = {
                    :colors => %w(red green blue orange yellow purple black grey brown pink),
                    :background_colors => %w(white white)
                }

                Item.risks_by_host(limit).all.each do |item|
                    ip = Host.find_by_id(item.host_id).name
                    count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count

                    g.data(ip, count)
                end

                StringIO.new(g.to_blob)
            end

Item.where(:severity => 3).group(:host).all.count , should return all hosts with crit vulns

ebdavison commented 13 years ago

Thanks for the code for these counts.

I am putting these counts into text as well as showing the graph in the executive summary which I am working on now.

hammackj commented 13 years ago

You can take a look at the models lib/nessusdb/models/* for all the helper methods.they are not fully documented yet. I will get them sooner or later.

ebdavison commented 13 years ago

That should actually be: Item.where(:severity => 3).group(:host_id).all.count