Closed aashish-sec closed 5 days ago
@aashish-sec very elegant suggestion (thanks for the examples - makes it very clear).
this is an area we've talked about before but hadn't settled on an option (right now, things like this just fall into info risks). but I like the template-based approach you're showing here.
we'll talk about it internally this week and I'll update here.
I took an initial stab at implementing this here: https://github.com/praetorian-inc/chaos/pull/893
I just finished up testing and verified the PR works properly so it's ready for review
Solution is merged; will go out in the next deployment.
fyi @aashish-sec - we renamed the risk
field to detection
and inverted the logic in the code to better take advantage of default initialization. The flow as implemented is:
detection
flag under the praetorian node in the metadata.detection
value is true
, do not produce a risk.Thanks a lot, @privateducky @UNC1739 @noah-tutt-praetorian!
Hi team, Requesting processing of metadata from nuclei templates that would enable us to create attributes from them and assess whether a template poses a material risk. The feature should check the
praetorian
node within themetadata
node of the nuclei templates. Specifically, if a template is flagged withrisk
set to false, it should not be treated as a risk. Instead, it should contribute attributes to the impacted asset based on the data from the nuclei template. This functionality will aid in better risk categorization and the effective display of attributes on our platform.Implement a mechanism within the nuclei template processing to:
praetorian
node in the metadata.metadata -> praetorian -> attributes
(key-value pairs) and treat each of these as an attribute to be displayed on the platform. This would be done regardless of whether therisk:
is true or false.Example
Here is an example of a nuclei template that includes a praetorian node with risk set to false and attributes defined:
In the above template, since the risk is false, we'll not display this under the risks tab, but simply tag the asset impacted with two attributes -
cpe: some_cpe_label
andtechnology: fluentbit
Similarly, another example of a nuclei template that includes a praetorian node with risk set to false and attributes defined:
In the above template, since the risk is true, we'll display this under the risks tab, and also tag the asset impacted with the attributes -
cpe: some_cpe_label
andtechnology: Ivanti EPM