Auto pushed

This commit is contained in:
nannal 2020-01-25 14:01:36 +02:00
commit 1ddef84bd1
4 changed files with 59 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
api.json

2
README.md Normal file
View File

@ -0,0 +1,2 @@
# HighalertAssets

37
script.sh Executable file
View File

@ -0,0 +1,37 @@
secret=$(jq .secret -r api.json)
id=$(jq .id -r api.json)
domain=node4-central
toke=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/oauth/token?grant_type=client_credentials" --user $id:$secret |jq .access_token -r)
search=$(echo '
{
"page":1,
"size":10000
}
')
obj=$(curl -sS -X POST "https://"$domain".alienvault.cloud/api/1.1/vulnerabilities/search" -H "Authorization: Bearer $toke" -d "$search")
tenantarr=($(echo $obj|jq -r '.results[].tenantId' | sort|uniq |sort))
cvsssec=("High" "Medium" "Low")
tenold="faketen"
for ten in ${tenantarr[@]}
do
if [ $ten != $tenold ]; then printf "\n$ten Hosts: \n"; fi
for sev in ${cvsssec[@]}
do
if [ $sev != $tenold ]; then printf "\nCVSS Severity - $sev : \n"; fi
echo $obj|jq -r ".results[] |select (.tenantId==\"$ten\")| select (.vulnerability.cvssSeverity==\"$sev\")|.asset.name" |sort|uniq -c |sort -n -r
tenold=$sev
done
tenold=$ten
done
# curl -X GET "https://"$domain".alienvault.cloud/api/1.1/alarms/8abc9871-31c5-b5b4-8dfb-46c0f5772969" \
# -H "Authorization: Bearer $toke" -vv

19
search.json Normal file
View File

@ -0,0 +1,19 @@
{
"page": 1,
"size": 20,
"find": {
"vulnerability.isValid": [
"false"
]
},
"sort": {
"vulnerability.lastTimestamp": "desc"
},
"range": {
"vulnerability.lastTimestamp": {
"gte": "now-7d",
"lte": "now",
"timeZone": "-0500"
}
}
}