Notifications

286 views

Description

Previous version for upgrade and new user cases

       When a customer sees the error: "Import relies on nexpose_id in the SQL field. To add nexpose id into the SQL, see the Vulnerabiity Response release                notes”, you will need to fix the SQL field for each of the following integrations:

  1. Reference integration
  2. Vulnerable Item integration
  3. Category integration
  4. Solution map integration
  5.  Resolution integration

       Steps to address:

  1. Navigate to "Rapid7 Vulnerability Integration" -> "Integrations"
  2. Open up “Reference Integration ”
  3. Ensure the SQL field is displayed on the form.  If it is not, configure the Form Layout to add the field
  4. Review the SQL to ensure that the nexpose_id is in the SQL’s column list (refer to the highlight OOB code at the end)
  5. Repeat for each of the 5 integrations
 

Upgrade cases:

  1. Upgrade to 6.2.0 from any previous version: The following integrations override existing integration record: reference integration, vulnerable item integration, category integration. Solution map integration, resolution integration will not have the nexpose id change, add them manually to the SQL.
  2. Upgrade from prior to 6.2.0 version to 6.2.1: Same as case1.
  3. Upgrade from prior to 6.2.0 version to 7.1.0: vulnerable item integration will override existing integration record, reference integration, category integration, solution map integration, resolution integration will not have the nexpose id change, need to be added manually.
  4. Upgrade from prior to 6.2.0 version to 8.0.0/8.0.1: Same as case 3.
  5. Upgrade from 6.2.0/6.2.1 to 7.1.0 / 8.0.0 / 8.0.1: Works correctly.

New users cases:

  1. 6.2.0 / 6.2.1: Works correctly.
  2. 7.1.0 / 8.0.0 / 8.0.1: Solution map integration, resolution integration does not have the nexpose id change. Add them manually to the SQL.

Current version(8.0.2) for upgrade and new user cases

  • Version 8.0.2 contains the correct SQL and the integrations run correctly.
  • For upgrade user:
    1. When the integration should have nexpose_id, but it is missing in SQL field, integration run will be marked to be failed with a notes "Import relies on nexpose_id in the SQL field.  To add nexpose id into the SQL, see the Vulnerabiity Response release notes".
    2. If the integration run receives that error, please check the OOB SQL below and add nexpose_id to SQL field accordingly.
    • Reference Integration:

                            SELECT
                            ref.vulnerability_id as vulnerability_id,
                            ref.source as source,
                            ref.reference as reference,
                            vul.date_modified as date_modified,
                            vul.nexpose_id as nexpose_id
                            FROM public.dim_vulnerability_reference as ref
                            INNER JOIN public.dim_vulnerability as vul ON ref.vulnerability_id = vul.vulnerability_id

    • Vulnerable Item Integration:

                          SELECT favi.asset_id,
                             favi.vulnerability_id,
                             dv.cvss_score,
                             dv.nexpose_id AS nexpose_id,
                             favi.date AS scan_date,
                             favi.status AS status,
                             favi.proof AS proof,
                             favi.KEY AS secondary_key,
                             favi.port AS port,
                             favi.protocol AS protocol,
                             favf.date AS discovery_date,
                             favf.vulnerability_instances AS times_found,
                             da.ip_address AS ip_address,
                             da.host_name AS hostname,
                             da.mac_address AS mac_address,
                             da.os_type AS os_type,
                             da.os_vendor AS os_vendor,
                             da.os_family AS os_family,
                             da.os_name AS os_name,
                             da.os_version AS os_version,
                             da.os_architecture AS os_architecture,
                             da.os_description AS os_description,
                             da.os_system AS os_system,
                             da.os_cpe AS os_cpe,
                             da.last_assessed_for_vulnerabilities AS last_assessed,
                             dsa.site_id AS site_id
                             FROM fact_asset_vulnerability_instance favi
                             JOIN fact_asset_vulnerability_finding AS favf using (
                             asset_id, vulnerability_id )
                             JOIN dim_asset da using (asset_id)
                             JOIN dim_site_asset dsa using (asset_id)
                             JOIN dim_vulnerability dv using (vulnerability_id)

    • Category Integration:

                             SELECT
                             cat.vulnerability_id as vulnerability_id,
                             cat.category_name as category_name,
                             vul.date_modified as date_modified,
                             vul.nexpose_id as nexpose_id
                             FROM public.dim_vulnerability_category as cat
                             INNER JOIN public.dim_vulnerability as vul ON cat.vulnerability_id = vul.vulnerability_id

    • Solution Map Integration:

                             SELECT
                             vs.vulnerability_id as vulnerability_id,
                             vs.solution_id as solution_id,
                             vul.date_modified as date_modified,
                             vul.nexpose_id as nexpose_id
                             FROM public.dim_vulnerability_solution as vs
                             INNER JOIN public.dim_vulnerability as vul ON vs.vulnerability_id = vul.vulnerability_id

    • Resolution Integration:

                            SELECT day,
                            asset_id,
                            vulnerability_id,
                            dv.cvss_score ,
                            dv.nexpose_id
                            FROM "public"."fact_asset_vulnerability_remediation_date"
                            JOIN dim_site_asset dsa using (asset_id)
                            JOIN dim_vulnerability dv using (vulnerability_id)

Article Information

Last Updated:2019-08-02 20:39:56
Published:2019-07-29