Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qualys Fetch Vulnerabilities - Include all vulnerabilities on assets #36899

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Qualys Fetch Vulnerabilities - Include all vulnerabilities on assets #36899

wants to merge 1 commit into from
+46 −9

Conversation

content-bot
Copy link
Collaborator

Original External PR

external pull request

Contributor

@johnnywilkes

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • [] In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-dc.paloaltonetworks.com/browse/EXPANDR-10862

Description

Proposed change is making sure we not only pull Qualys vulnerabilities modified in the last 90 days but also those that are affecting assets that haven’t been modified in the last 90 days. This is to make sure this isn’t a breaking change.
How we do this:

  1. Every time assets are pulled create a list of vulnerabilities (QIDs) we see on them.
  2. Deduplicate this list.
  3. Add the list to getAssetsLastRun()
  4. When we lookup vulnerabilities, first do the call to pull all vulnerabilities modified in last 90 days and create list of these QIDs
  5. Compare list from steps 3 and 4 and deduplicate (create a list of QIDs found on assets that haven’t been modified for last 90 days)
  6. 2nd API call to pull these vulnerabilities that hadn’t been pulled before
  7. Send full list of vulnerabilties to XSIAM

Must have

  • Tests
  • Documentation

@johnnywilkes @ShirleyDenkberg @aaron1535
Qualys Fetch Vulnerabilities - Include all vulnerabilities on assets (#…
868c64b 
…36748)

* this works

* 90 day vuln plus affected

* cleanup

* formatting

* RN

* Update Packs/qualys/ReleaseNotes/3_0_8.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/qualys/Integrations/Qualysv2/Qualysv2.py

Co-authored-by: azonenfeld <117573492+aaron1535@users.noreply.github.com>

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: azonenfeld <117573492+aaron1535@users.noreply.github.com>
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! docs-approved Contribution Form Filled Whether contribution form filled or not. Community Xsoar Support Level Indicates that the contribution is for XSOAR supported pack Internal PR labels Oct 30, 2024
@content-bot content-bot requested a review from aaron1535 October 30, 2024 08:45
@github-actions GitHub Actions
Copy link

Coverage

Coverage Report
FileStmtsMissCoverMissing
Packs/qualys/Integrations/Qualysv2
   Qualysv2.py70617575%1599, 1609–1610, 1627–1628, 1630, 1656, 1685, 1719–1721, 1800–1801, 1806–1807, 1952, 1957, 2068–2070, 2091–2093, 2104, 2198, 2200–2202, 2231–2234, 2317, 2321, 2325, 2327, 2366, 2368–2369, 2371, 2384, 2386–2389, 2391–2392, 2394, 2415–2422, 2435–2437, 2452–2455, 2457–2462, 2464, 2482–2486, 2488–2489, 2491–2493, 2495–2497, 2499–2500, 2502–2505, 2507, 2523–2526, 2528–2531, 2533–2535, 2537–2540, 2543, 2561, 2571, 2602–2603, 2605–2606, 2608, 2622–2623, 2625, 2627, 2643–2644, 2646–2647, 2649, 2664–2669, 2671, 2673, 2682–2683, 2756, 2763, 2780, 2855–2859, 2861–2863, 2978–2979, 2981–2982, 3053, 3101–3102, 3104–3106, 3116–3118, 3120–3121, 3123, 3143, 3145, 3150, 3153–3154, 3157, 3160, 3163, 3165–3167, 3170, 3173–3175, 3184
TOTAL70617575% 

Tests Skipped Failures Errors Time
336 0 💤 0 ❌ 0 🔥 9.748s ⏱️

@aaron1535 aaron1535 added the Contribution On Hold Indicates that the contribution is on hold and no work is done on this PR at the moment label Nov 13, 2024
@johnnywilkes johnnywilkes mentioned this pull request Dec 4, 2024
Merged
4 tasks
@BigEasyJ
Copy link
Contributor

@aaron1535 Can we please get an update on this on the internal ticket?

@aaron1535 aaron1535 marked this pull request as draft January 9, 2025 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaron1535 aaron1535 Awaiting requested review from aaron1535

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Community Contribution Form Filled Whether contribution form filled or not. Contribution On Hold Indicates that the contribution is on hold and no work is done on this PR at the moment Contribution Thank you! Contributions are always welcome! docs-approved Internal PR Xsoar Support Level Indicates that the contribution is for XSOAR supported pack
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@content-bot @BigEasyJ @aaron1535 @johnnywilkes