Skip to content

Instantly share code, notes, and snippets.

View cmcdevitt's full-sized avatar
🏠
Working from home

Chris McDevitt cmcdevitt

🏠
Working from home
View GitHub Profile
@cmcdevitt
cmcdevitt / trim_records.js
Created November 15, 2018 16:55
Trim delete records in table log file
(function() {
var _days = gs.getProperty('sn_vul_qualys.qualys_desc_days');
var grOld = new GlideRecord('sn_vul_qualys_discrepancy');
grOld.addQuery('sys_updated_on', '<=', gs.daysAgo(_days));
grOld.query();
grOld.deleteMultiple();
})();
//Uses a system property that is an integer. Example 7, delte anything 7 days or older
//This example runs in a schedule job
@cmcdevitt
cmcdevitt / close_vit.js
Created November 15, 2018 17:49
Close and update a VIT Vulnerable item
var grvit = new GlideRecord('sn_vul_vulnerable_item');
grvit.addQuery('cmdb_ci', '2dc1c018dbd5ab4047a0a422ca9619c0');
grvit.query();
while(grvit.next()){
grvit.state = 3; // Closed
grvit.substate = 5; // Cancled
grvit.close_notes = "Closed by System becouse CI Status was set to Retired";
grvit.update();
}
@cmcdevitt
cmcdevitt / auto_close_vit_last_found.js
Last active December 20, 2018 21:08
Auto Close Vulnerable item (VIT) if it has not been found by Qualys in X days (Scheduled Job)
//DO NOT Use last_found. Qualys + SN consolidate findings into a single vit. The last_found field is update multiple times, one per finding, per load.
(function(){
var closing = 0;
var _days = gs.getProperty('sn_vul.close_vit_days');
var grvit = new GlideRecord('sn_vul_vulnerable_item');
grvit.addQuery('state',1); //Open
grvit.addQuery('source','Qualys');
grvit.addQuery('last_found', '<=', gs.daysAgo(_days));
grvit.query();
while(grvit.next()){
@cmcdevitt
cmcdevitt / close_vit_on_ci_retire.js
Created November 19, 2018 15:58
CMDB_CI Close Vulnerability (VIT) on CI Retire Business Rule
(function executeRule(current, previous /*null when async*/) {
var grvit = new GlideRecord('sn_vul_vulnerable_item');
grvit.addQuery('cmdb_ci', current.sys_id);
grvit.query();
while(grvit.next()){
grvit.state = 3; //Closed
grvit.substate = 5; //Cancled
grvit.close_notes = "Closed by System becouse CI Status was set to Retired";
grvit.update();
@cmcdevitt
cmcdevitt / SecurityCommonUtils.js
Last active November 20, 2018 19:26
Qualys Prevent IPv6 addressees from getting sent to the Scan Queue
//These ***two*** function have the same code that needs to be update
//getCINames: function(ciIdList) {}
//getIPMapForCIs: function(ciIdList, ipMap) {)
var nicIP = new GlideRecord("cmdb_ci_ip_address");
nicIP.addQuery("nic", "IN", nicIdList.join(","));
//CM The Default Qualys API does not accept IPv6 addresses. Only return IPv4
nicIP.addQuery("ip_version", 4); //<--Fix
nicIP.query();
@cmcdevitt
cmcdevitt / ui_action.txt
Created November 20, 2018 19:36
Prevent Submitter from approving own request
Create new UI Action with the name "Approve" (Insert and Stay)
Table: Approval [sysapproval_approver]
Order 50
Action Name approver
Same boxes Checeded as original approve
Plus Client checked
OnClick: onSubmit()
Condition: current.state == 'requested' && current.source_table == "sn_vul_change_approval" && current.sys_created_by == gs.getUserName()
Script:
function onSubmit() {
@cmcdevitt
cmcdevitt / jelly_example_one.xml
Created November 23, 2018 01:50
UI Page Jelly Example One
<?xml version="1.0" encoding="utf-8" ?>
<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">
<!-- NOTE the tag attributes VALUES must be wraped in a string: foo='bar' OR foo='${"bar"}' -->
<!-- JELLY set tag, Attributes "var,value" -->
<j:set var='jvar_somevar' value='100'/>
<!-- This is a comment -->
<p>This is html ${" and JEXL"} AND $[" SN JEXL!"]</p>
@cmcdevitt
cmcdevitt / ui_page_processing.js
Last active November 24, 2018 20:36
UI Page Processing Script Session Data
//<g:ui_form> and other g:ui_x components work with the Processing Script
//Processing script automaticaly accesseses the 'value' attrib of the 'name' html attrib
gs.info("CM***: " + hidden_one + " " + hidden_two + "***");
//GlideSession
var session = gs.getSession();
gs.info("CM***: Client IP " + session.getClientIP());
gs.info("CM***: URL " + session.getUrlOnStack());//Returns null / undefined?
//Send data in the Session
gs.info("CM***:" + session.getClientData('in_session_ui_page')); //See ui page
@cmcdevitt
cmcdevitt / parseVendorProduct.js
Created December 18, 2018 15:42
Parse Vulnerability Reference for Vendor and Product and them to custom fields on Third-Party
/*sn_vul_reference
Vulnerability Reference
Qualys Software Entry:
Vendor: oracle
Product: mysql
Note: V0.01 Prototype
Relys on u_product, u_vendor on sn_vul_third_party_entry
As it turns out a Qualys record can have more then one vendor and more then one product per QID...
@cmcdevitt
cmcdevitt / build_stack.js
Last active December 23, 2018 00:56
Task a set of numbers, calculate there percentage of 100, round them so they equal 100%
/*
Expect: {si: [26.44628,26,44628,50,"Business Impact"]}
1. Start with everything hidden
- Everyting starts with display:none
2. Loop though object and review one span at a time
-THEN display:inline-block
3. Set span length based on % from object
- width:20%
<span id="b1" class="bar-1" style="display:inline-block;width:20%;height:100%;
box-sizing:border-box;float:left;font-weight:bold;font-family:arial,sans-serif;padding:10px;background:#F7B334;">