class NexposeThycotic::NexposeOperations

Attributes

nsc[R]

Public Class Methods

new(ip, user, pass, port = 3780) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 14
def initialize(ip, user, pass, port = 3780)
  @nsc = Connection.new(ip, user, pass, port)
  @nsc.login

  @logger = NexposeThycotic::NxLogger.instance
  @logger.on_connect(ip, port, @nsc.session_id, '{}')

  @insightvm_client = InsightvmClient.new(ip, port, user, pass, @logger)
end

Public Instance Methods

delete_site_credentials(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 91
def delete_site_credentials(site_id)
  save_site(site_id, [])
end
get_device_addresses(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 32
def get_device_addresses(site_id)
  site = get_site(site_id)
  included_targets = site.included_addresses

  # Get a list of known IP addresses from a site
  devices = get_devices_from_site(site_id)
  device_ips = devices.map { |d| d.address }

  hosts = []
  ips = device_ips.to_set
  included_targets.each do |address|
    if address.instance_of?(Nexpose::HostName)
      hosts << address.host
    elsif address.to.nil?
      ips.add(address.from)
    end
  end

  @logger.debug("Discovered #{hosts.count} hosts and #{ips.count} IPs.")
  ips.to_a + hosts
end
get_devices_from_site(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 28
def get_devices_from_site(site_id)
  @nsc.list_devices(site_id)
end
get_existing_credentials(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 54
def get_existing_credentials(site_id)
  # @insightvm_client.get_site_credentials(site_id)
  site = get_site(site_id)
  site.site_credentials
end
get_site(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 24
def get_site(site_id)
  Site.load(@nsc, site_id)
end
save_site(site_id, credentials, overwrite=true) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 60
def save_site(site_id, credentials, overwrite=true)
  creds_bulk_update = []
  credentials.each do |cred|
    # Skipping or deleting credential as no password exists; this could occur due to no password returned by
    # Thycotic or because the credential was returned as an existing credential for the site
    if cred.password.nil?
      # Credentials to delete (in overwrite mode); those with no password and an id
      if overwrite && cred.id != -1
        @insightvm_client.delete_site_credential(site_id, cred.id)
      end

      # Move on to next credential
      next
    end

    # Convert nexpose cred to v3 json payload
    c = to_v3_credential(cred)

    if c["id"] == -1
      # Add individual if new
      @insightvm_client.create_site_credential(site_id, c)
      @logger.debug("Creating Site #{site_id} credential #{c["name"]}")
    else
      creds_bulk_update.push(c)
    end
  end

  # Bulk update any credentials that already exist to be more efficient
  @insightvm_client.update_site_credentials(site_id, creds_bulk_update) unless creds_bulk_update.empty?
end
scan_status(scan_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 100
def scan_status(scan_id)
  @nsc.scan_status(scan_id)
end
start_scan(site_id) click to toggle source
# File lib/nexpose_thycotic/operations.rb, line 95
def start_scan(site_id)
  site = get_site(site_id)
  site.scan(@nsc)
end

Private Instance Methods

to_v3_credential(credential) click to toggle source

Convert Nexpose client Site Credential to v3 Credential

# File lib/nexpose_thycotic/operations.rb, line 107
def to_v3_credential(credential)
  cred = {
      "account": {
          "service": credential.service,
          "username": credential.user_name,
          "password": credential.password
      },
      "name": credential.name,
      "description": credential.description,
      "enabled": true,
      "hostRestriction": credential.host_restriction,
  }
  # Set credential ID so it can be updated instead of a new one created
  unless credential.id.nil?
    cred["id"] = credential.id
  end
  cred
end