Closed j-monroe closed 4 years ago
I think i'm going to need some more information. It looks like it's selecting issuetype ID 11527. What I'm going to need to you do is save and run the following code:
from tenable_jira.jira import Jira
from tenable_jira.config import base_config
from restfly.utils import dict_merge
import yaml, json
config_file = 'config.yaml'
config = dict_merge(
base_config(),
yaml.load(open(config_file), Loader=yaml.Loader)
)
jira = Jira(
'https://{}/rest/api/3'.format(config['jira']['address']),
config['jira']['api_username'],
config['jira']['api_token']
)
print('Issuetypes Selected are:')
for i in jira.issue_types.upsert(config['issue_types']):
print('{:>10}: {}'.format(i.get('jira_id'), i.get('name')))
print('Available Issue Types are:')
for a in jira.issue_types.list():
print('{:>10}: {}'.format(a.get('id'), a.get('name')))
It should output something like this:
Issuetypes Selected are:
10101: Task
10102: Sub-task
Available Issue Types are:
10100: Story
10101: Task
10103: Bug
10102: Sub-task
10000: Epic
Please reply with the results of the script.
Issuetypes Selected are:
11527: Task
11200: Sub-task
Available Issue Types are:
11533: Problem
11558: New Feature
11557: Improvement
11529: Incident
11530: Service Request
11531: Service Request with Approvals
11532: Change
11200: Sub-task
11504: Story
10900: Story
11525: Story
11526: Epic
11528: Bug
11527: Task
11513: Writing
10: Bug
12: Task
11515: Test
11300: Feature Enhancement
6: Epic
13: Design
11503: Story
Multiple issuetypes named "Task" may likely be the issue. Not sure if they are the right IDs, but here is a stab at it...
Can you add the following to your configuration file:
issue_types:
- name: Task
jira_id: 12
type: standard
search:
- Tenable Plugin ID
- name: Sub-task
jira_id: 11200
type: subtask
search:
- Tenable Platform
- Tenable Plugin ID
- Tenable Asset UUID
- Device IPv4 Addresses
- Device IPv6 Addresses
- Vulnerability Port
- Vulnerability Protocol
Thanks Steve, it does work I am finding that it only pulls high, critical. I am seeing that it is that way for config.py
from the config.yaml I am seeing I might add this
tio_severities:
- low
- medium
- high
- critical
is this the best approach to be able to pull in all the findings from the tenable platform ?
it would actually be listed under the tenable section. so it would look like this:
tenable:
tio_severities:
- low
- medium
- high
- critical
Thanks Steve, I added
tenable:
tio_severities:
- low
- medium
- high
- critical
at the top of the file and it's till only pulling the high and critical findings
remember spaces are important. also you'll want to make sure that you merge this into the rest of your tenable section. it should look something like this all said and done:
tenable:
platform: tenable.io
access_key: ACCESS_KEY_GOES_HERE
secret_key: SECRET_KEY_GOES_HERE
tio_severities:
- low
- medium
- high
- critical
I'm very sorry. I'm not sure if I am doing something wrong
cat config.yaml | grep -v key | head -25
tenable:
platform: tenable.io
# Tenable.io or API Access Key
# Tenable.io or API Secret Key
tio_severities:
- low
- medium
- high
- critical
the key values have been suppressed
This results still in only pulling the high / critical events out
I start python3 directly and then issued
import yaml f = open('config.yaml') yaml = yaml.safe_load(f) print(yaml['tenable']['tio_severities']) ['low', 'medium', 'high', 'critical']
can you enable debug logging so we can see what's being passed to the API?
yes, I have a debug setting for the log but I am not sure what parts of the log file that you're hoping to see
2020-03-06 00:38:24,547 root INFO Tenable2JiraCloud Version 1.1.3
2020-03-06 00:38:24,547 root INFO Using configuration file config.yaml
2020-03-06 00:38:24,551 root INFO Running on Python 3.7.6 Linux/x86_64
2020-03-06 00:38:24,553 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): healthtap.atlassian.net:443
2020-03-06 00:38:24,854 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/project/VULN HTTP/1.1" 200 None
2020-03-06 00:38:25,121 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/field HTTP/1.1" 200 None
2020-03-06 00:38:25,278 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/issuetype HTTP/1.1" 200 None
2020-03-06 00:38:25,281 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/screens, query={'startAt': 0, 'maxResults': 100}, body={}
2020-03-06 00:38:25,437 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens?startAt=0&maxResults=100 HTTP/1.1" 200 None
2020-03-06 00:38:25,440 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/screens, query={'startAt': 100, 'maxResults': 100}, body={}
2020-03-06 00:38:25,669 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens?startAt=100&maxResults=100 HTTP/1.1" 200 None
2020-03-06 00:38:25,672 tenable_jira.transform.Tio2Jira INFO Using JIRA Screens [13822, 13823]
2020-03-06 00:38:25,801 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs HTTP/1.1" 200 None
2020-03-06 00:38:25,999 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs/14336/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 13822:14336
2020-03-06 00:38:26,170 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs/14337/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 13822:14337
2020-03-06 00:38:26,378 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs HTTP/1.1" 200 None
2020-03-06 00:38:26,547 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs/14338/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 13823:14338
2020-03-06 00:38:26,688 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs/14339/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,690 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable.io.TenableIO DEBUG {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"last_found": 1582574923, "severity": ["low", "medium", "high", "critical"]}, "num_assets": "1000"}}
2020-03-06 00:38:26,694 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): cloud.tenable.com:443
2020-03-06 00:38:26,860 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG Request-UUID 9cb8b1bf17fa3ede2be4f6cd3e941f8e for https://cloud.tenable.com/vulns/export
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG Initiated vuln export 207d3cae-493e-47c0-b487-8a611e055dee
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status", "params": {}, "body": {}}
2020-03-06 00:38:26,988 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status HTTP/1.1" 200 None
2020-03-06 00:38:26,989 tenable.io.TenableIO DEBUG Request-UUID baa655c0df4620da6e8a8aafde5a94f5 for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status
2020-03-06 00:38:28,992 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status", "params": {}, "body": {}}
2020-03-06 00:38:29,066 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status HTTP/1.1" 200 None
2020-03-06 00:38:29,067 tenable.io.TenableIO DEBUG Request-UUID fa60a4f7e21e92f68a302ef7e8916a8e for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status
2020-03-06 00:38:29,067 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1", "params": {}, "body": {}}
2020-03-06 00:38:29,324 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1 HTTP/1.1" 200 363014
2020-03-06 00:38:29,344 tenable.io.TenableIO DEBUG Request-UUID b530ba1b13fa533243cd555fb82b58a8 for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1
From the look of it, it appears to be working as expected:
2020-03-06 00:38:26,691 tenable.io.TenableIO DEBUG {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"last_found": 1582574923, "severity": ["low", "medium", "high", "critical"]}, "num_assets": "1000"}}
Note the severity parameter.