Skip to content
This repository was archived by the owner on Jun 12, 2020. It is now read-only.

mozilla/vuln2bugs

BranchesTags

Repository files navigation

vuln2bugs

What is this?

This is a program that takes vulnerability, asset, service, compliance data out of MozDef and figures out which teams should run security updates on their systems. MozDef is used as a state database and is fed through various other programs such as Nexpose and MIG.

Here's a rough diagram of what this looks like:

 +---------------------+
 |                     |
 |    MIG (compliance  |
 |    data)            +---------+
 |                     |         |                                                                 +----------+
 +---------------------+         |                                                                 |          |
                               +-+-------------------+              +----------------+             | Bugzilla |
  +---------+----------+       |                     |              |                |             |          |
  | Nexpose/vintmgr    |       |                     |              |    vuln2bugs   |             |          |
  | Vulnerability data +------->    MozDef (JSON/ES) <-------------->                <------------->          |
  |                    |       |                     |              |                |             |          |
  |                    |       |                     |              +----------------+             |          |
  +--------------------+       +--+------------------+                                             +----------+
                                  |
+----------------------+          |
|                      |          |
|   Asset data         |          |
|   (Various)          +----------+
|                      |
|                      |
+----------------------+

Usage

When vuln2bugs runs, it will:

  1. Check for the current vulnerabilities found per asset and per team (autogroup in MozDef).
  2. Check no prior bug exists, if none do, create a new bug to the configured team.
  1. Attach a list of vulnerable hosts (currently 2 attachments: CSV and "detailed")
  2. Indicate the due date and set some whiteboard tags
  1. If a bug exits, check if it needs updating.
  1. Update attachments if more or less vulnerabilities have been found since last run.
  2. Remind on the bug if it's paste due date (SLA) and set a NEEDINFO flag.
  3. Close the bug if all vulnerabilities have been fixed.

Vuln2bugs is expected to run after each vmintgr run (see https://github.com/ameihm0912/vmintgr/).

Configuration

Vuln2bugs uses a HJSON file for configuration. See the example vuln2bugs.json.inc file, it contains a bunch of comments to help you configure this script.

The per team filters are extremely flexible and any valid MozDef field can be used/selected, including fields that have not been created at vuln2bug's birth.

You'll need to rename the file to vuln2bugs.json for things to work :)

FAQ

Q: How do I make the script shut up? A: Remove the whiteboard tag "v2b-autoremind".

Q: How do I force the script to leave the bug open? A: Remove the whiteboard tag "v2b-autoclose".

Q: How to I make the script shut up for a while (i.e. push back the SLA reminder)? A: Change the whiteboard tag "v2b-duedate=YYYY-MM-DD" to the day you want.

About

No description, website, or topics provided.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

10 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages