This development of Cisco psirt vulnerability automation, provides the ability to pull live vulnerability data from Cisco's repository.
- Cisco [API CONSOLE] account registration
- Register the application you will be using.
- Create access method (i.e. shared secret/key) with registered applicaiton.
- Install Python 3.x
- Verify you have all the correct Python libraries installed e.g.
pip -install {libary_name}
- Copy all the files from the repo into the directory/folder you will be executing the script from.
- configuration.json: used for cred storing. Please keep the same formatting as listed in the example, and provided below
"servers": {
"cisco": {
"psirt_key" : "_KEY_",
"psirt_secret" : "_SECRET_"
}
}
}
- Verify you have SQLite DB application (https://sqlitebrowser.org/), if you desire to utilize a sql database, and correlating script 'all_sql.py'
- Execute the main task with python to run all the scripts.
python -i all_jobs.py - Optional: Import your network infrascrutures inventory into the sqlite database, and preform data comparison (i.e SQL comparison)
- Nugget: Running vuln_cvrf.py requires the use of the Sqlite DB referenced earlier. If this script is intiated, it will iniate the download of cvrf data from Cisco for all the Vulns you stored earlier, into a searlized xml format.
- Nugget: You can pass the
all_sql.pyclass any file type: csv, txt, searlized, and it will extract the data into key/value pairs and store the data in the desired database table.
This script simplifies auth, data retrevial, and storing. In addition, there is an option to utilize sqlite3 and a database, for structured psirt vuln data storing and data relating. This will allow the storing of vulnerbility data for all vulnerabilities that have been released in the past 5 years, via Cisco.
vuln.py
- Configuration.json is used for cred storing
- Auth with cisco oauth, token retrieval
- Token auth and get data with cisco endpoint
- Data sent to two parsing functions:
- first compiles the data into a formatting with the vulnerability code as the primary key, and appending each product additionally 1NF formatting (could be useful for data comparison)
- second compiles the data in a easy viewing parsing format, but non SQL NF.
- Searlizes the data with pickle and stores as an outputfile, which can be desearlized/opened and interpreted at will.
all_sql.py
- De-searlizes the stored data into .txt formatting
- Validation of database existance
- Auto-generation of sql table. As listed in the
all_jobs.pythe first value passed into all_sql.file_interpreter() is the previously searlized data, the second is what your table name will be in sql.test = all_sql.file_interpreter('searlized_data.txt', 'My_SQLITE_TABLE') - Post the table generation, the script will auto-append the data to the newly created table (execute), and save the database config.