class NexposeThycotic::NexposeOperations
Attributes
nsc[R]
Public Class Methods
new(ip, user, pass, port = 3780)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 14 def initialize(ip, user, pass, port = 3780) @nsc = Connection.new(ip, user, pass, port) @nsc.login @logger = NexposeThycotic::NxLogger.instance @logger.on_connect(ip, port, @nsc.session_id, '{}') @insightvm_client = InsightvmClient.new(ip, port, user, pass, @logger) end
Public Instance Methods
delete_site_credentials(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 91 def delete_site_credentials(site_id) save_site(site_id, []) end
get_device_addresses(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 32 def get_device_addresses(site_id) site = get_site(site_id) included_targets = site.included_addresses # Get a list of known IP addresses from a site devices = get_devices_from_site(site_id) device_ips = devices.map { |d| d.address } hosts = [] ips = device_ips.to_set included_targets.each do |address| if address.instance_of?(Nexpose::HostName) hosts << address.host elsif address.to.nil? ips.add(address.from) end end @logger.debug("Discovered #{hosts.count} hosts and #{ips.count} IPs.") ips.to_a + hosts end
get_devices_from_site(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 28 def get_devices_from_site(site_id) @nsc.list_devices(site_id) end
get_existing_credentials(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 54 def get_existing_credentials(site_id) # @insightvm_client.get_site_credentials(site_id) site = get_site(site_id) site.site_credentials end
get_site(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 24 def get_site(site_id) Site.load(@nsc, site_id) end
save_site(site_id, credentials, overwrite=true)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 60 def save_site(site_id, credentials, overwrite=true) creds_bulk_update = [] credentials.each do |cred| # Skipping or deleting credential as no password exists; this could occur due to no password returned by # Thycotic or because the credential was returned as an existing credential for the site if cred.password.nil? # Credentials to delete (in overwrite mode); those with no password and an id if overwrite && cred.id != -1 @insightvm_client.delete_site_credential(site_id, cred.id) end # Move on to next credential next end # Convert nexpose cred to v3 json payload c = to_v3_credential(cred) if c["id"] == -1 # Add individual if new @insightvm_client.create_site_credential(site_id, c) @logger.debug("Creating Site #{site_id} credential #{c["name"]}") else creds_bulk_update.push(c) end end # Bulk update any credentials that already exist to be more efficient @insightvm_client.update_site_credentials(site_id, creds_bulk_update) unless creds_bulk_update.empty? end
scan_status(scan_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 100 def scan_status(scan_id) @nsc.scan_status(scan_id) end
start_scan(site_id)
click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 95 def start_scan(site_id) site = get_site(site_id) site.scan(@nsc) end
Private Instance Methods
to_v3_credential(credential)
click to toggle source
Convert Nexpose client Site Credential to v3 Credential
# File lib/nexpose_thycotic/operations.rb, line 107 def to_v3_credential(credential) cred = { "account": { "service": credential.service, "username": credential.user_name, "password": credential.password }, "name": credential.name, "description": credential.description, "enabled": true, "hostRestriction": credential.host_restriction, } # Set credential ID so it can be updated instead of a new one created unless credential.id.nil? cred["id"] = credential.id end cred end