search

packetchaos / navi

A Command-line tool which leverages the Tenable.io API to reduce the time it takes to get information that is common during remediation or a troubleshooting event
GNU General Public License v3.0
72 stars 26 forks source link

export command not working with 'not like' #33

Closed andreassyz closed 1 year ago

andreassyz commented 1 year ago

Hello Guys! I have an issue with the following command, that it is not taking in the vulns plugin name NOT LIKE Oracle Java. Any of you guys are having the same issue? Or did I miss something out? TIA!

navi export query --file "xxxx" "SELECT DISTINCT JULIANDAY(vulns.last_found) - JULIANDAY(vulns.first_found) AS Age, vulns.severity, vulns.asset_ip, vulns.asset_hostname, assets.operating_system, vulns.plugin_id, vulns.protocol, vulns.port, vulns.plugin_name, vulns.solution, vulns.description, vulns.output, vulns.see_also, assets.last_licensed_scan_date FROM vulns LEFT OUTER JOIN tags ON vulns.asset_uuid = tags.asset_uuid LEFT OUTER JOIN assets ON tags.asset_uuid = assets.uuid WHERE tags.tag_key='Owner' AND tags.tag_value='xxx' AND vulns.severity!='info' AND vulns.plugin_id!='57582' AND vulns.plugin_id!='51192' AND vulns.plugin_id!='132101' AND vulns.plugin_id!='170626' AND vulns.plugin_id!='166555' AND vulns.plugin_name NOT LIKE 'Oracle Java%') ORDER BY vulns.severity ASC";

andreassyz commented 1 year ago

sorry, see the below command instead

navi export query --file "xxxx" "SELECT DISTINCT JULIANDAY(vulns.last_found) - JULIANDAY(vulns.first_found) AS Age, vulns.severity, vulns.asset_ip, vulns.asset_hostname, assets.operating_system, vulns.plugin_id, vulns.protocol, vulns.port, vulns.plugin_name, vulns.solution, vulns.description, vulns.output, vulns.see_also, assets.last_licensed_scan_date FROM vulns LEFT OUTER JOIN tags ON vulns.asset_uuid = tags.asset_uuid LEFT OUTER JOIN assets ON tags.asset_uuid = assets.uuid WHERE tags.tag_key='Owner' AND tags.tag_value='xxx' AND vulns.severity!='info' AND vulns.plugin_id!='57582' AND vulns.plugin_id!='51192' AND vulns.plugin_id!='132101' AND vulns.plugin_id!='170626' AND vulns.plugin_id!='166555' AND vulns.plugin_name NOT LIKE 'Oracle Java%' ORDER BY vulns.severity ASC";

packetchaos commented 1 year ago

I tried a very simple NOT LIKE example in my lab and I got the results I expected.

I will dig into your query and see if I can be of any help.

andreassyz commented 1 year ago

Hi! I have tried a simpler command. It does not seem to take away anything that contains the word 'Oracle'. I am really scratching my head right now.

navi export query --file "TestTestTest" "SELECT plugin_name FROM vulns WHERE plugin_name NOT LIKE '%Oracle%'";

andreassyz commented 1 year ago

I have also tried testing this query using a SQL LITE DB Application, and the query works. Do you know what could be causing this?

andreassyz commented 1 year ago

Is it possible that I am missing a package or library or anything similar that might be causing this?

andreassyz commented 1 year ago

Hello all, I have a workaround to update the DB instead of working on the queries. So I will close this issue. Thank you for your time.

andreassyz commented 1 year ago

Hello all, I have a workaround to update the DB instead of working on the queries. So I will close this issue. Thank you for your time.