Auto pushed

4 years ago · 1ddef84bd1
commit 1ddef84bd1
4 changed files with 59 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+api.json
--- a/README.md
+++ b/README.md
@ -0,0 +1,2 @@
+# HighalertAssets
+
--- a/script.sh
+++ b/script.sh
@ -0,0 +1,37 @@
+secret=$(jq .secret -r api.json)
+id=$(jq .id -r api.json)
+
+domain=node4-central
+
+toke=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/oauth/token?grant_type=client_credentials" --user $id:$secret |jq .access_token -r)
+
+search=$(echo '
+{
+  "page":1,
+  "size":10000
+}
+')
+
+obj=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/vulnerabilities/search" -H "Authorization: Bearer $toke" -d "$search")
+
+tenantarr=($(echo $obj|jq -r '.results[].tenantId' | sort|uniq |sort))
+cvsssec=("High" "Medium" "Low")
+
+tenold="faketen"
+
+for ten in ${tenantarr[@]}
+do
+  if [ $ten != $tenold ]; then printf "\n$ten Hosts: \n"; fi
+
+  for sev in ${cvsssec[@]}
+  do
+    if [ $sev != $tenold ]; then printf "\nCVSS Severity - $sev : \n"; fi
+    echo $obj|jq -r ".results[] |select (.tenantId==\"$ten\")| select (.vulnerability.cvssSeverity==\"$sev\")|.asset.name" |sort|uniq -c |sort -n -r
+    tenold=$sev
+  done
+  tenold=$ten
+done
+
+
+# curl -X GET "https://"$domain".alienvault.cloud/api/1.1/alarms/8abc9871-31c5-b5b4-8dfb-46c0f5772969" \
+# 	-H "Authorization: Bearer $toke" -vv
--- a/search.json
+++ b/search.json
@ -0,0 +1,19 @@
+{
+  "page": 1,
+  "size": 20,
+  "find": {
+    "vulnerability.isValid": [
+      "false"
+    ]
+  },
+  "sort": {
+    "vulnerability.lastTimestamp": "desc"
+  },
+  "range": {
+    "vulnerability.lastTimestamp": {
+      "gte": "now-7d",
+      "lte": "now",
+      "timeZone": "-0500"
+    }
+  }
+}