This folder contains multiple python scripts to help with vulnerability management and Workload Security.
policy-on-queryEnsures to set IPS rules for a number of specified computer(s) based on a list of CVEs.policy-on-r7-reportConfigures IPS policies for computers based on vulnerability scans by Rapid7.policy-on-r7-report-ansibleConfigures IPS policies for computers based on vulnerability scans by Rapid7 - Ansible variant.policy-on-tenable-reportConfigures IPS policies for computers based on vulnerability scans by Tenable.
Note: The integrations with vulnerability management solutions like Rapid7 and Tenable are to be used with caution! This is because of multiple reasons:
- If these solutions detect a vulnerability, they document the vulnerability typically alongside multiple CVEs referring to that vulnerability. In the case, that Workload Security can protect against the exploitation of one or more CVEs referred by the scanner, but not all of them, is it correct to set an exception or recast the vulnerability? Programatically, it is not possible to decide this. The scripts do set these, so use with caution!
- Workload Security covers only vulnerabilities that are exploitable via the network. Therefore the majority of discovered vulnerabilities will remain.
- If an IPS rule is identified and applied to the computer's policy, the scripts do not care about, if the rule requires some configuration. The rule might then be ineffective or could even break the system.
- Additionally, rules being not part of the recommended set of IPS rules to be applied by the recommendation scan, might be assigned to the computers policy as well. This can potentially lead to service failures or false positives. So it is advised to limit to rules being part of the recommendation scan.
To summarize: Take these scripts as proofs-of-concept, not to be used in production. Adapt them to your needs, e.g. integrate approval workflows before assigning rules to a policy or placing exceptions.
First, create your config.yml by
cp config.yml.sample config.ymland define the values.
Ensure to have the requirements satisfied
pip3 install -r requirements.txt --userUpdates the policy of (multiple) computer objects to protect against a given list of CVEs.
Run the comparison by
./policy_on_query.py --query 'CVE-2002-1700'Output created:
- Reports the policy update state
Updates the policy of (multiple) computer objects to protect against findings by Rapid7 Vulnerability Management.
Run the comparison by
./policy_on_r7_report.pyOutput created:
- Reports the policy update status
Updates the policy of (multiple) computer objects to protect against findings by Tenable Vulnerability Management.
Run the comparison by
./policy_on_tenable_report.pyOutput created:
- Reports the policy update status
This is an Open Source community project. Project contributors may be able to help, depending on their time and availability. Please be specific about what you're trying to do, your system, and steps to reproduce the problem.
For bug reports or feature requests, please open an issue. You are welcome to contribute.
Official support from Trend Micro is not available. Individual contributors may be Trend Micro employees, but are not official support.
I do accept contributions from the community. To submit changes:
- Fork this repository.
- Create a new feature branch.
- Make your changes.
- Submit a pull request with an explanation of your changes or additions.
I will review and work with you to release the code.