Closed Rebits closed 1 week ago
To streamline the troubleshooting process for this issue, we've devised a straightforward script to replicate failing cases. This approach simplifies the debugging of current parsing vulnerability methods, eliminating the need to run the entire test suite.
In addition we are going to use the following alert index to simulate real information collected from the wazuh-indexer
Currently, we can see, that it is not detecting expected vulnerability:
{'vulnerabilities_affected_not_found': {'agent6': [Vulnerability(cve='CVE-2017-16014', package_name='http-proxy', package_version='0.5.9', architecture='')]}, 'vulnerabilities_mitigated_not_found': {}, 'failed_agents': ['agent6'], 'result': False}
However, if we check the currently detected vulnerability, we see that it is expecting a vulnerability with
as architecture instead of ``:
{'agent6': [Vulnerability(cve='CVE-2017-16014', package_name='http-proxy', package_version='0.5.9', architecture=' ')]}
We need to stript collected vulnerability fields in the parse_vulnerabilities_from_alerts
and get_vulnerabilities_from_states
functions
LGTM
Description
It has been detected Additional Vulnerability Detection End-to-End that vulnerability alerts for macOS agents are not correctly collected. If we check the evidence we can see in the manager alerts file and in the indexed vulnerabilities that the alerts indeed appear. However the validator is ignoring it