From 1ddef84bd1a75558d295f00db4d3e5cc46727d0d Mon Sep 17 00:00:00 2001
From: nannal <d.abbott@nannal.com>
Date: Sat, 25 Jan 2020 14:01:36 +0200
Subject: [PATCH] Auto pushed

---
 .gitignore  |  1 +
 README.md   |  2 ++
 script.sh   | 37 +++++++++++++++++++++++++++++++++++++
 search.json | 19 +++++++++++++++++++
 4 files changed, 59 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100755 script.sh
 create mode 100644 search.json

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1a11577
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+api.json
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9f01cc5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# HighalertAssets
+
diff --git a/script.sh b/script.sh
new file mode 100755
index 0000000..2857fba
--- /dev/null
+++ b/script.sh
@@ -0,0 +1,37 @@
+secret=$(jq .secret -r api.json)
+id=$(jq .id -r api.json)
+
+domain=node4-central
+
+toke=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/oauth/token?grant_type=client_credentials" --user $id:$secret |jq .access_token -r)
+
+search=$(echo '
+{
+  "page":1,
+  "size":10000
+}
+')
+
+obj=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/vulnerabilities/search" -H "Authorization: Bearer $toke" -d "$search")
+
+tenantarr=($(echo $obj|jq -r '.results[].tenantId' | sort|uniq |sort))
+cvsssec=("High" "Medium" "Low")
+
+tenold="faketen"
+
+for ten in ${tenantarr[@]}
+do
+  if [ $ten != $tenold ]; then printf "\n$ten Hosts: \n"; fi
+
+  for sev in ${cvsssec[@]}
+  do
+    if [ $sev != $tenold ]; then printf "\nCVSS Severity - $sev : \n"; fi
+    echo $obj|jq -r ".results[] |select (.tenantId==\"$ten\")| select (.vulnerability.cvssSeverity==\"$sev\")|.asset.name" |sort|uniq -c |sort -n -r
+    tenold=$sev
+  done
+  tenold=$ten
+done
+
+
+# curl -X GET "https://"$domain".alienvault.cloud/api/1.1/alarms/8abc9871-31c5-b5b4-8dfb-46c0f5772969" \
+# 	-H "Authorization: Bearer $toke" -vv
diff --git a/search.json b/search.json
new file mode 100644
index 0000000..ec4749b
--- /dev/null
+++ b/search.json
@@ -0,0 +1,19 @@
+{
+  "page": 1,
+  "size": 20,
+  "find": {
+    "vulnerability.isValid": [
+      "false"
+    ]
+  },
+  "sort": {
+    "vulnerability.lastTimestamp": "desc"
+  },
+  "range": {
+    "vulnerability.lastTimestamp": {
+      "gte": "now-7d",
+      "lte": "now",
+      "timeZone": "-0500"
+    }
+  }
+}