RiskSense

Overview


RiskSense is a cloud-based platform that provides vulnerability management and prioritization to measure and control cybersecurity risk.

Use Cases


The SOAR market is still an emerging market and is often used as an umbrella term that covers security operations, security incident response and threat intelligence. Many vendors, even market leaders like Splunk, are adding features and functionality to their existing solutions in the fight for market leadership. One major commonality between new SOAR vendors and vendors trying to make their existing solution fit into this market definition is the need to be able to ingest security centric data including threat intelligence to address the biggest use-case for SOAR i.e. security operations.

Gartner claims that organizations need to have a continuous adaptive risk and trust assessment (CARTA) strategy to make their investments in SOAR technology pay off. CARTA’s value is that it is continuous, and one element helps and informs other elements, allowing for continuous improvement in your organization’s ability to improve both security posture and digital resilience.

Configure RiskSense on Demisto


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for RiskSense.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • URL
    • API Key
    • Client Name
    • HTTP Request Timeout (Specify the time interval in seconds. All the RiskSense API calls would timeout if the response is not returned within the configured time interval).
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands


You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. risksense-get-hosts 2. risksense-get-host-detail 3. risksense-get-unique-cves 4. risksense-get-unique-open-findings 5. risksense-get-host-findings 6. risksense-get-apps 7. risksense-get-host-finding-detail 8. risksense-get-app-detail

1. risksense-get-hosts


Gets details of the supplied host. The host details can be searched based on input parameters like fieldname (Host Name, IP Address, Criticality, etc), operator (EXACT, IN, LIKE, BETWEEN), page, size, sort by and sort direction.

Base Command

risksense-get-hosts

Input
Argument NameDescriptionRequired
fieldnameThe RiskSense host attribute by which to filter the results. Can be 'Host Name', 'IP Address', or 'Criticality'. Apart from the available choices, you can provide the attributes supported by RiskSense API. Refer to the API /host/filter API to get the list of supported attributes. The uid of filter attributes must be provided here, for example, assessment_labels, asset_tags, cvss3BaseI, etc. If specified, 'value' argument is mandatory.Optional
operatorThe match operator should be applied for filtering the hosts based on 'fieldname' and 'value'. Can be 'EXACT' - filter records exactly matching the criteria; 'IN' - filter records matching any one of the comma-separated values; 'LIKE' - filter records with the value matching the specified pattern. All the records fieldname value contains the string provided in value; 'BETWEEN' - filter the records with fieldname value falling in the numerical/date range provided. This argument also accepts other operator values supported by the RiskSense API. Refer to the API documentation for the list of supported operators.Optional
excludeThe exclude flag that determines whether the returned records matches filter criteria or not. The default set is false. If set to True, host not matching the specified values are fetched.Optional
valueThe value of the host property mentioned in 'fieldname' to be considered for filter criteria.Optional
pageThe index of the page. The index is a numeric value starting with 0.Optional
sizeThe maximum number of records to fetch in one page.Optional
sort_byThe fieldname by which to sort the returned records.Optional
sort_directionThe sorting direction to apply to returned records.Optional
Context Output
PathTypeDescription
Host.HostnameStringThe hostname of the host.
Host.IDStringThe unique ID within the tool retrieving the host.
Host.IPStringThe IP address of the host.
Host.OSStringThe operating system of the host.
RiskSense.Host.IDNumberThe unique identifier of the host.
RiskSense.Host.ClientIDNumberThe client id of the host.
RiskSense.Host.GroupIDNumberThe ID of the group belonging to the host.
RiskSense.Host.GroupNameStringThe name of the group belonging to the host.
RiskSense.Host.Group.IDNumberThe ID of the group belonging to the host.
RiskSense.Host.Group.NameStringThe name of the group belonging to the host.
RiskSense.Host.Rs3NumberThe asset security score calculated by the RiskSense platform (includes vulnerability risk on related web applications).
RiskSense.Host.Xrs3StringThe asset security score calculated by the RiskSense platform (includes vulnerability risk on related web applications).
RiskSense.Host.CriticalityNumberThe asset importance using a scale of 1 (lowest importance) to 5 (highest importance).
RiskSense.Host.Tag.IDNumberThe ID of the tag.
RiskSense.Host.Tag.NameStringThe name of the tag.
RiskSense.Host.Tag.CategoryStringThe category of the tag.
RiskSense.Host.Tag.DescriptionStringThe description of the tag.
RiskSense.Host.Tag.CreatedStringThe time when the tag was created.
RiskSense.Host.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.Host.Tag.ColorStringThe color code of the tag.
RiskSense.Host.NetworkIDNumberThe Network ID of the host.
RiskSense.Host.NetworkNameStringThe name of the network used by the host.
RiskSense.Host.NetworkTypeStringThe type of the network used by the host.
RiskSense.Host.DiscoveredOnStringThe time when the host was discovered.
RiskSense.Host.LastFoundOnStringThe time when the host was last found.
RiskSense.Host.LastScanTimeStringThe last time when the host was last scanned.
RiskSense.Host.HostNameStringThe hostname of the host.
RiskSense.Host.IpAddressStringThe IP address of the host.
RiskSense.Host.PortNumbersStringThe list of ports that are currently bound.
RiskSense.Host.OS.NameStringThe operating system of the host.
RiskSense.Host.OS.FamilyStringThe family of the operating system of the host.
RiskSense.Host.OS.ClassStringThe class of the operating system of the host.
RiskSense.Host.OS.VendorStringThe vendor information of the operating system of the host.
RiskSense.Host.CMDB.OrderNumberThe CMDB order number of the host.
RiskSense.Host.CMDB.KeyStringThe CMDB key identifier of the host.
RiskSense.Host.CMDB.ValueStringThe CMDB value identifier of the host.
RiskSense.Host.CMDB.LabelStringThe CMDB label identifier of the host.
RiskSense.Host.ServicesStringThe name of the services which are used by the host.
RiskSense.Host.Note.UserIDStringThe User ID of the user who added a note for the host.
RiskSense.Host.Note.UserNameStringThe username of the user who added a note for the host.
RiskSense.Host.Note.NoteStringThe notes that are added by the user for the host.
RiskSense.Host.Note.DateStringThe time when the note was added by the user for the host.
RiskSense.Host.Source.NameStringThe name of the source associated with the host.
RiskSense.Host.Source.UuIDStringThe unique ID of the source associated with the host.
RiskSense.Host.Source.ScannerTypeStringThe type of scanner that discovered the host.
RiskSense.Host.Ticket.TicketNumberStringThe number of the ticket associated with the host.
RiskSense.Host.Ticket.TicketStatusStringThe status of the ticket associated with the host.
RiskSense.Host.Ticket.DeepLinkStringThe deeplink associated with the ticket associated with the host.
RiskSense.Host.Ticket.TypeStringThe type of the ticket associated with the host.
RiskSense.Host.Ticket.ConnectorNameStringThe connector name of the ticket associated with the host.
RiskSense.Host.Ticket.DetailedStatusStringThe detailed status of the ticket associated with the host.
RiskSense.Host.LastVulnTrendingOnStringThe time when the last vulnerability was trending on the host.
RiskSense.Host.LastThreatTrendingOnStringThe time when the last threat was trending on the host.
RiskSense.Host.OldestOpenFindingWithThreatDiscoveredOnStringThe timestamp when the oldest open finding with the threat was discovered.
RiskSense.Host.Xrs3dateStringThe time when the xrs3 is calculated by RiskSense platform.
RiskSense.Host.DiscoveredByRSStringThe flag that determines whether the host is discovered by the RiskSense platform or not.
RiskSense.Host.HrefStringThe deeplink pointing to the host details on RiskSense.
RiskSense.Host.TotalNumberThe number of total open findings of the host.
RiskSense.Host.CriticalNumberThe number of open findings of the host with critical severity.
RiskSense.Host.HighNumberThe number of open findings of the host with high severity.
RiskSense.Host.MediumNumberThe number of open findings of the host with medium severity.
RiskSense.Host.LowNumberThe number of open findings of the host with low severity.
RiskSense.Host.InfoNumberThe number of open findings of the host with info severity.
Ticket.IDStringThe ID of the ticket associated with the host.
Ticket.StateStringThe state of the ticket associated with the host.
Command Example
!risksense-get-hosts fieldname="Criticality" value="5" page="0" size="2" sort_by="Total Findings" sort_direction="Descending"
Context Example
{
"RiskSense.Host": [
{
"OldestOpenFindingWithThreatDiscoveredOn": "2017-09-14",
"HostName": "iz0.y2.gov",
"Group": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Note": [],
"Source": [
{
"ScannerType": null,
"Name": "QUALYS",
"UuID": "QUALYS_SCANNER"
}
],
"Critical": 48,
"Low": 34,
"IpAddress": "45.19.214.161",
"Xrs3": null,
"Medium": 209,
"Criticality": 5,
"LastVulnTrendingOn": "2020-03-15",
"ClientID": 747,
"GroupID": 7990,
"Xrs3date": null,
"DiscoveredByRS": false,
"Tag": [
{
"Category": "PEOPLE",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554,
"Description": ""
},
{
"Category": "LOCATION",
"Updated": "2019-04-24T21:37:06",
"Name": "Data_Center_2",
"Created": "2019-04-24T21:37:06",
"Color": "#dd8361",
"ID": 215552,
"Description": ""
}
],
"Services": "ssh, telnet, ftp",
"Ticket": [],
"NetworkID": 78038,
"Info": 0,
"DiscoveredOn": "2007-06-14",
"PortNumbers": "22, 21, 23",
"LastScanTime": "2007-06-14T21:14:04",
"GroupName": "Default Group",
"ID": 3570259,
"CMDB": [
{
"Value": "",
"Order": 1,
"Key": "busines_criticality",
"Label": "Asset Criticality"
},
{
"Value": "",
"Order": 2,
"Key": "os",
"Label": "Operating System"
},
{
"Value": "",
"Order": 3,
"Key": "manufacturer",
"Label": "Manufactured By"
},
{
"Value": "",
"Order": 4,
"Key": "model_id",
"Label": "Model"
},
{
"Value": "",
"Order": 5,
"Key": "location",
"Label": "Location"
},
{
"Value": "",
"Order": 6,
"Key": "managed_by",
"Label": "Managed By"
},
{
"Value": "",
"Order": 7,
"Key": "owned_by",
"Label": "Owned By"
},
{
"Value": "",
"Order": 8,
"Key": "supported_by",
"Label": "Supported By"
},
{
"Value": "",
"Order": 9,
"Key": "support_group",
"Label": "Support Group"
},
{
"Value": "",
"Order": 10,
"Key": "sys_updated_on",
"Label": "Last Scanned"
},
{
"Value": "",
"Order": 11,
"Key": "asset_tag",
"Label": "Asset tags"
},
{
"Value": "",
"Order": 12,
"Key": "mac_address",
"Label": "Mac Address"
},
{
"Value": "",
"Order": 16,
"Key": "sys_id",
"Label": "Unique Id"
},
{
"Value": "",
"Order": 18,
"Key": "cf_1",
"Label": "Mike Name 1"
},
{
"Value": "",
"Order": 19,
"Key": "cf_2",
"Label": "Custom Field 2"
},
{
"Value": "",
"Order": 20,
"Key": "cf_3",
"Label": "Custom Field 3"
},
{
"Value": "",
"Order": 21,
"Key": "cf_4",
"Label": "Custom Field 4"
},
{
"Value": "",
"Order": 22,
"Key": "cf_5",
"Label": "Custom Field 5"
},
{
"Value": "",
"Order": 23,
"Key": "cf_6",
"Label": "Custom Field 6"
},
{
"Value": "",
"Order": 24,
"Key": "cf_7",
"Label": "Custom Field 7"
},
{
"Value": "",
"Order": 25,
"Key": "cf_8",
"Label": "Custom Field 8"
},
{
"Value": "",
"Order": 26,
"Key": "cf_9",
"Label": "Custom Field 9"
},
{
"Value": "",
"Order": 29,
"Key": "cf_10",
"Label": "Custom Field 10"
},
{
"Value": "",
"Order": 13,
"Key": "Asset Compliance",
"Label": "Asset Compliance"
}
],
"LastThreatTrendingOn": "2020-03-15",
"OS": {
"Vendor": "Red Hat",
"Class": "Not Reported",
"Family": "Linux",
"Name": "Red Hat Enterprise Linux Server 6.1"
},
"High": 127,
"Href": "http://platform.risksense.com/api/v1/client/747/host/search?page=0&size=2&sort=findingsDistribution.total,desc",
"LastFoundOn": "2019-04-23",
"NetworkType": "IP",
"Total": 418,
"NetworkName": "IP Network",
"Rs3": 513
},
{
"OldestOpenFindingWithThreatDiscoveredOn": "2015-02-10",
"HostName": "ftpserver",
"Group": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Note": [],
"Source": [
{
"ScannerType": null,
"Name": "QUALYS",
"UuID": "QUALYS_SCANNER"
}
],
"Critical": 23,
"Low": 49,
"IpAddress": "34.17.197.127",
"Xrs3": null,
"Medium": 141,
"Criticality": 5,
"LastVulnTrendingOn": "2020-02-23",
"ClientID": 747,
"GroupID": 7990,
"Xrs3date": null,
"DiscoveredByRS": false,
"Tag": [
{
"Category": "PEOPLE",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554,
"Description": ""
},
{
"Category": "LOCATION",
"Updated": "2019-04-24T21:37:06",
"Name": "Data_Center_2",
"Created": "2019-04-24T21:37:06",
"Color": "#dd8361",
"ID": 215552,
"Description": ""
}
],
"Services": "ssh, ftps, unknown, ftp, unknown, unknown, unknown",
"Ticket": [],
"NetworkID": 78038,
"Info": 0,
"DiscoveredOn": "2006-12-06",
"PortNumbers": "990, 80, 55443, 22, 65443, 443",
"LastScanTime": "2006-12-06T17:08:05",
"GroupName": "Default Group",
"ID": 3571622,
"CMDB": [
{
"Value": "",
"Order": 1,
"Key": "busines_criticality",
"Label": "Asset Criticality"
},
{
"Value": "",
"Order": 2,
"Key": "os",
"Label": "Operating System"
},
{
"Value": "",
"Order": 3,
"Key": "manufacturer",
"Label": "Manufactured By"
},
{
"Value": "",
"Order": 4,
"Key": "model_id",
"Label": "Model"
},
{
"Value": "",
"Order": 5,
"Key": "location",
"Label": "Location"
},
{
"Value": "",
"Order": 6,
"Key": "managed_by",
"Label": "Managed By"
},
{
"Value": "",
"Order": 7,
"Key": "owned_by",
"Label": "Owned By"
},
{
"Value": "",
"Order": 8,
"Key": "supported_by",
"Label": "Supported By"
},
{
"Value": "",
"Order": 9,
"Key": "support_group",
"Label": "Support Group"
},
{
"Value": "",
"Order": 10,
"Key": "sys_updated_on",
"Label": "Last Scanned"
},
{
"Value": "",
"Order": 11,
"Key": "asset_tag",
"Label": "Asset tags"
},
{
"Value": "",
"Order": 12,
"Key": "mac_address",
"Label": "Mac Address"
},
{
"Value": "",
"Order": 16,
"Key": "sys_id",
"Label": "Unique Id"
},
{
"Value": "",
"Order": 18,
"Key": "cf_1",
"Label": "Mike Name 1"
},
{
"Value": "",
"Order": 19,
"Key": "cf_2",
"Label": "Custom Field 2"
},
{
"Value": "",
"Order": 20,
"Key": "cf_3",
"Label": "Custom Field 3"
},
{
"Value": "",
"Order": 21,
"Key": "cf_4",
"Label": "Custom Field 4"
},
{
"Value": "",
"Order": 22,
"Key": "cf_5",
"Label": "Custom Field 5"
},
{
"Value": "",
"Order": 23,
"Key": "cf_6",
"Label": "Custom Field 6"
},
{
"Value": "",
"Order": 24,
"Key": "cf_7",
"Label": "Custom Field 7"
},
{
"Value": "",
"Order": 25,
"Key": "cf_8",
"Label": "Custom Field 8"
},
{
"Value": "",
"Order": 26,
"Key": "cf_9",
"Label": "Custom Field 9"
},
{
"Value": "",
"Order": 29,
"Key": "cf_10",
"Label": "Custom Field 10"
},
{
"Value": "",
"Order": 13,
"Key": "Asset Compliance",
"Label": "Asset Compliance"
}
],
"LastThreatTrendingOn": "2020-02-23",
"OS": {
"Vendor": "Red Hat",
"Class": "Not Reported",
"Family": "Linux",
"Name": "Red Hat Enterprise Linux Server 5.4"
},
"High": 78,
"Href": "http://platform.risksense.com/api/v1/client/747/host/search?page=0&size=2&sort=findingsDistribution.total,desc",
"LastFoundOn": "2019-04-23",
"NetworkType": "IP",
"Total": 291,
"NetworkName": "IP Network",
"Rs3": 528
}
],
"Host": [
{
"IP": "45.19.214.161",
"Hostname": "iz0.y2.gov",
"OS": "Red Hat Enterprise Linux Server 6.1",
"ID": 3570259
},
{
"IP": "34.17.197.127",
"Hostname": "ftpserver",
"OS": "Red Hat Enterprise Linux Server 5.4",
"ID": 3571622
}
]
}
Human Readable Output

Total hosts found: 1969 Page: 0/984 Client: The Demo Client

RiskSense host(s) details:

RS3Host NameTotal FindingsCritical FindingsHigh FindingsMedium FindingsLow FindingsInfo FindingsIDOSTagsNotesCriticalityIP AddressNetworkGroup
513iz0.y2.gov418481272093403570259Red Hat Enterprise Linux Server 6.120545.19.214.161IP Network1
528ftpserver29123781414903571622Red Hat Enterprise Linux Server 5.420534.17.197.127IP Network1

2. risksense-get-host-detail


Gets in-depth details of a single host. This command accepts either hostname or host ID as an argument.

Base Command

risksense-get-host-detail

Input
Argument NameDescriptionRequired
host_idThe unique host ID of the host. The host ID is either known by RiskSense users or it can be searched in context output (RiskSense.Host.ID) or in the human-readable output of 'risksense-get-hosts' command.Optional
hostThe hostname of the host. The hostname is either known by RiskSense users or it can be searched in context output (RiskSense.Host.HostName) or in the human-readable output of 'risksense-get-hosts' command.Optional
Context Output
PathTypeDescription
Host.HostnameStringThe hostname of the host.
Host.IDStringThe unique ID within the tool retrieving the host.
Host.IPStringThe IP address of the host.
Host.OSStringThe operating system of the host.
RiskSense.Host.IDNumberThe unique identifier of the host.
RiskSense.Host.ClientIDNumberThe client ID of the host.
RiskSense.Host.GroupIDNumberThe ID of the group belonging to the host.
RiskSense.Host.GroupNameStringThe name of the group belonging to the host.
RiskSense.Host.Group.IDNumberThe ID of the group belonging to the host.
RiskSense.Host.Group.NameStringThe name of the group belonging to the host.
RiskSense.Host.Rs3NumberThe asset security score calculated by the RiskSense platform (includes vulnerability risk on related web applications).
RiskSense.Host.Xrs3StringThe asset security score calculated by RiskSense platform.
RiskSense.Host.CriticalityNumberThe asset importance using a scale of 1 (lowest importance) to 5 (highest importance).
RiskSense.Host.Tag.IDNumberThe ID of the tag.
RiskSense.Host.Tag.NameStringThe name of the tag.
RiskSense.Host.Tag.CategoryStringThe category of the tag.
RiskSense.Host.Tag.DescriptionStringThe description of the tag.
RiskSense.Host.Tag.CreatedStringThe time when the tag was created.
RiskSense.Host.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.Host.Tag.ColorStringThe color code of the tag.
RiskSense.Host.NetworkIDNumberThe network ID of the host.
RiskSense.Host.NetworkNameStringThe name of the network used by the host.
RiskSense.Host.NetworkTypeStringThe type of the network used by the host.
RiskSense.Host.DiscoveredOnStringThe time when the host was discovered.
RiskSense.Host.LastFoundOnStringThe time when the host was last found.
RiskSense.Host.LastScanTimeStringThe last time when the host was last scanned.
RiskSense.Host.HostNameStringThe hostname of the host.
RiskSense.Host.IpAddressStringThe IP address of the host.
RiskSense.Host.PortNumbersStringThe list of ports that are currently bound.
RiskSense.Host.OS.NameStringThe operating system of the host.
RiskSense.Host.OS.FamilyStringThe family of the operating system of the host.
RiskSense.Host.OS.ClassStringThe class of the operating system of the host.
RiskSense.Host.OS.VendorStringThe vendor information of the operating system of the host.
RiskSense.Host.CMDB.OrderNumberThe CMDB order number of the host.
RiskSense.Host.CMDB.KeyStringThe CMDB key identifier of the host.
RiskSense.Host.CMDB.ValueStringThe CMDB value identifier of the host.
RiskSense.Host.CMDB.LabelStringThe CMDB label identifier of the host.
RiskSense.Host.ServicesStringThe name of the services which are used by the host.
RiskSense.Host.Note.UserIDStringThe User ID of the user who added a note for the host.
RiskSense.Host.Note.UserNameStringThe username of the user who added a note for the host.
RiskSense.Host.Note.NoteStringThe notes that are added by the user for the host.
RiskSense.Host.Note.DateStringThe time when the note was added by the user for the host.
RiskSense.Host.Source.NameStringThe name of the source associated with the host.
RiskSense.Host.Source.UuIDStringThe unique ID of the source associated with the host.
RiskSense.Host.Source.ScannerTypeStringThe type of scanner that discovered the host.
RiskSense.Host.Ticket.TicketNumberStringThe number of the ticket associated with the host.
RiskSense.Host.Ticket.TicketStatusStringThe status of the ticket associated with the host.
RiskSense.Host.Ticket.DeepLinkStringThe deeplink of the ticket associated with the host.
RiskSense.Host.Ticket.TypeStringThe type of the ticket associated with the host.
RiskSense.Host.Ticket.ConnectorNameStringThe connector name of the ticket associated with the host.
RiskSense.Host.Ticket.DetailedStatusStringThe detailed status of the ticket associated with the host.
RiskSense.Host.LastVulnTrendingOnStringThe time when the last vulnerability was trending on the host.
RiskSense.Host.LastThreatTrendingOnStringThe time when the last threat was trending on the host.
RiskSense.Host.OldestOpenFindingWithThreatDiscoveredOnStringThe timestamp when the oldest open finding with the threat was discovered.
RiskSense.Host.Xrs3dateStringThe time when the xrs3 is calculated by RiskSense platform.
RiskSense.Host.DiscoveredByRSStringThe flag that determines whether the host is discovered by the RiskSense platform or not.
RiskSense.Host.HrefStringThe deeplink pointing to the host details on RiskSense.
RiskSense.Host.TotalNumberThe number of total open findings of the host.
RiskSense.Host.CriticalNumberThe number of open findings of the host with critical severity.
RiskSense.Host.HighNumberThe number of open findings of the host with high severity.
RiskSense.Host.MediumNumberThe number of open findings of the host with medium severity.
RiskSense.Host.LowNumberThe number of open findings of the host with low severity.
RiskSense.Host.InfoNumberThe number of open findings of the host with info severity.
Ticket.IDStringThe ID of the ticket associated with the host.
Ticket.StateStringThe state of the ticket associated with the host.
Command Example
!risksense-get-host-detail host=united-78c957c5
Context Example
{
"Host": [
{
"Hostname": "united-78c957c5",
"ID": 3571259,
"IP": "53.132.37.52",
"OS": "Windows 2008/7"
}
],
"RiskSense.Host": [
{
"CMDB": [
{
"Key": "busines_criticality",
"Label": "Asset Criticality",
"Order": 1,
"Value": ""
},
{
"Key": "os",
"Label": "Operating System",
"Order": 2,
"Value": ""
},
{
"Key": "manufacturer",
"Label": "Manufactured By",
"Order": 3,
"Value": ""
},
{
"Key": "model_id",
"Label": "Model",
"Order": 4,
"Value": ""
},
{
"Key": "location",
"Label": "Location",
"Order": 5,
"Value": ""
},
{
"Key": "managed_by",
"Label": "Managed By",
"Order": 6,
"Value": ""
},
{
"Key": "owned_by",
"Label": "Owned By",
"Order": 7,
"Value": ""
},
{
"Key": "supported_by",
"Label": "Supported By",
"Order": 8,
"Value": ""
},
{
"Key": "support_group",
"Label": "Support Group",
"Order": 9,
"Value": ""
},
{
"Key": "sys_updated_on",
"Label": "Last Scanned",
"Order": 10,
"Value": ""
},
{
"Key": "asset_tag",
"Label": "Asset tags",
"Order": 11,
"Value": ""
},
{
"Key": "mac_address",
"Label": "Mac Address",
"Order": 12,
"Value": ""
},
{
"Key": "sys_id",
"Label": "Unique Id",
"Order": 16,
"Value": ""
},
{
"Key": "cf_1",
"Label": "Mike Name 1",
"Order": 18,
"Value": ""
},
{
"Key": "cf_2",
"Label": "Custom Field 2",
"Order": 19,
"Value": ""
},
{
"Key": "cf_3",
"Label": "Custom Field 3",
"Order": 20,
"Value": ""
},
{
"Key": "cf_4",
"Label": "Custom Field 4",
"Order": 21,
"Value": ""
},
{
"Key": "cf_5",
"Label": "Custom Field 5",
"Order": 22,
"Value": ""
},
{
"Key": "cf_6",
"Label": "Custom Field 6",
"Order": 23,
"Value": ""
},
{
"Key": "cf_7",
"Label": "Custom Field 7",
"Order": 24,
"Value": ""
},
{
"Key": "cf_8",
"Label": "Custom Field 8",
"Order": 25,
"Value": ""
},
{
"Key": "cf_9",
"Label": "Custom Field 9",
"Order": 26,
"Value": ""
},
{
"Key": "cf_10",
"Label": "Custom Field 10",
"Order": 29,
"Value": ""
},
{
"Key": "Asset Compliance",
"Label": "Asset Compliance",
"Order": 13,
"Value": ""
}
],
"ClientID": 747,
"Critical": 2,
"Criticality": 3,
"DiscoveredByRS": false,
"DiscoveredOn": "2007-01-23",
"Group": [
{
"ID": 7990,
"Name": "Default Group"
},
{
"ID": 8002,
"Name": "BU2_Other_Devices"
}
],
"GroupID": 7990,
"GroupName": "Default Group",
"High": 0,
"HostName": "united-78c957c5",
"Href": "http://platform.risksense.com/api/v1/client/747/host/search?page=0&size=20&sort=id,asc",
"ID": 3571259,
"Info": 0,
"IpAddress": "53.132.37.52",
"LastFoundOn": "2019-11-01",
"LastScanTime": "2007-01-23T16:46:50",
"LastThreatTrendingOn": null,
"LastVulnTrendingOn": null,
"Low": 0,
"Medium": 0,
"NetworkID": 78038,
"NetworkName": "IP Network",
"NetworkType": "IP",
"Note": [
{
"Date": "2019-12-30T11:35:41",
"Note": "Testing note\n",
"UserID": 5969,
"UserName": "Ravindra Sojitra"
},
{
"Date": "2019-12-30T11:38:25",
"Note": "This is second note for testing",
"UserID": 5969,
"UserName": "Ravindra Sojitra"
}
],
"OS": {
"Class": "Not Reported",
"Family": "Windows",
"Name": "Windows 2008/7",
"Vendor": "Microsoft"
},
"OldestOpenFindingWithThreatDiscoveredOn": "2014-09-24",
"PortNumbers": "135, 1025, 1494, 80, 139, 3389, 5353, 445",
"Rs3": 409,
"Services": "msrpc-epmap, blackjack, microsoft-ds, ica, ms-wbt-server, www, netbios-ssn, VxWorks",
"Source": [
{
"Name": "QUALYS",
"ScannerType": null,
"UuID": "QUALYS_SCANNER"
}
],
"Tag": [
{
"Category": "LOCATION",
"Color": "#dd8361",
"Created": "2019-04-24T21:37:06",
"Description": "",
"ID": 215552,
"Name": "Data_Center_2",
"Updated": "2019-04-24T21:37:06"
},
{
"Category": "PEOPLE",
"Color": "#78a19b",
"Created": "2019-04-24T21:42:34",
"Description": "",
"ID": 215557,
"Name": "Windows_Server_Team_1",
"Updated": "2019-04-24T21:42:34"
},
{
"Category": "CUSTOM",
"Color": "#648d9f",
"Created": "2019-10-29T20:22:25",
"Description": "",
"ID": 229865,
"Name": "Dev_Servers",
"Updated": "2019-10-29T20:22:25"
},
{
"Category": "SCANNER",
"Color": "#648d9f",
"Created": "2019-12-30T11:27:57",
"Description": "",
"ID": 232940,
"Name": "Test Ticket for host",
"Updated": "2019-12-30T11:28:00"
}
],
"Ticket": [
{
"ConnectorName": "Test JIRA ",
"DeepLink": "https://risksense.atlassian.net/browse/JINT-525",
"DetailedStatus": "",
"TicketNumber": "JINT-525",
"TicketStatus": "To Do",
"Type": "JIRA"
}
],
"Total": 2,
"Xrs3": null,
"Xrs3date": null
}
],
"Ticket": [
{
"ID": "JINT-525",
"State": "To Do"
}
]
}
Human Readable Output

Client: The Demo Client

Group Details:

Name: Default Group

Most Recently Identified Service(s):

msrpc-epmap, blackjack, microsoft-ds, ica, ms-wbt-server, www, netbios-ssn, VxWorks

Sources:

Scanner(s): QUALYS

Host Details:

NameIPRS3Discovered OnLast Found On
united-78c957c553.132.37.523512007-01-232007-01-23

Findings Distribution:

TotalCriticalHighMediumLowInfo
220000

Operating System:

NameVendorClassFamily
Windows 2008/7MicrosoftNot ReportedWindows

Tag(s) (4):

NameCategoryDescriptionCreatedUpdated
Data_Center_2LOCATION2019-04-24T21:37:062019-04-24T21:37:06
Windows_Server_Team_1PEOPLE2019-04-24T21:42:342019-04-24T21:42:34
Dev_ServersCUSTOM2019-10-29T20:22:252019-10-29T20:22:25
Test Ticket for hostSCANNER2019-12-30T11:27:572019-12-30T11:28:00

Ticket(s) (1):

Ticket NumberTicket StatusDeep LinkTypeConnector Name
JINT-525To Dohttps://risksense.atlassian.net/browse/JINT-525JIRATest JIRA

3. risksense-get-unique-cves


Looks up vulnerability details for the supplied host finding with its base score.

Base Command

risksense-get-unique-cves

Input
Argument NameDescriptionRequired
hostFindingIdThe unique host finding ID. The host finding ID is either known by RiskSense users or it can be found in the human-readable output or context data(RiskSense.HostFinding.ID) after executing 'risksense-get-host-findings' command.Required
Context Output
PathTypeDescription
RiskSense.UniqueVulnerabilities.CveStringCommon Vulnerabilities and Exposures name.
RiskSense.UniqueVulnerabilities.HostFindingIDStringThe unique ID of the host finding.
RiskSense.UniqueVulnerabilities.BaseScoreUnknownThe base score represents the severity of the risk (informational, low, medium, high, or critical).
RiskSense.UniqueVulnerabilities.ThreatCountNumberTotal number of threats found.
RiskSense.UniqueVulnerabilities.AttackVectorStringThe attack vectors are a path by which attackers can gain access to the network.
RiskSense.UniqueVulnerabilities.AccessComplexityStringThe access complexity describes conditions that are beyond the attacker's control that must exist in order to exploit the vulnerability.
RiskSense.UniqueVulnerabilities.AuthenticationStringThe authentication value represents attackers authorization to get network access.
RiskSense.UniqueVulnerabilities.ConfidentialityImpactStringThe confidentiality impact measures the potential impact on confidentiality of a successfully exploited misuse vulnerability.
RiskSense.UniqueVulnerabilities.IntegrityStringThe Integrity refers to the trust level and veracity of the information.
RiskSense.UniqueVulnerabilities.AvailabilityImpactStringThe availability refers to accessibility of network resources.
RiskSense.UniqueVulnerabilities.TrendingBooleanTrending is defined by RiskSense as vulnerabilities that are being actively abused by attackers in the wild based on activity in hacker forums, Twitter feeds, and analysis of 3rd party threat intelligence sources.
RiskSense.UniqueVulnerabilities.VulnLastTrendingOnStringThe last trending date of vulnerability.
CVE.IDStringCommon Vulnerabilities and Exposures ID.
CVE.DescriptionStringDescription about CVE.
CVE.CVSSStringThe CVSS represents the severity of the risk (informational, low, medium, high, critical).
Command Example
!risksense-get-unique-cves hostFindingId=115469504
Context Example
{
'RiskSense.UniqueVulnerabilities': [
{
'HostFindingID': '115469504',
'Cve': 'CVE-2007-0882',
'BaseScore': 10.0,
'ThreatCount': 5,
'AttackVector': 'Network',
'AccessComplexity': 'Low',
'Authentication': 'None',
'ConfidentialityImpact': 'Complete',
'Integrity': 'Complete',
'AvailabilityImpact': 'Complete',
'Trending': False,
'VulnLastTrendingOn': None
}
],
'CVE': [
{
'ID': 'CVE-2007-0882',
'CVSS': 10.0,
'Description': 'Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.'
}
]
}
Human Readable Output

Client: The Demo Client

Vulnerabilities found:

NameV2/ScoreAttack VectorAttack ComplexityAuthenticationConfidentiality ImpactIntegrity ImpactAvailability ImpactSummary
CVE-2007-088210.0NetworkLowNoneCompleteCompleteCompleteArgument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

4. risksense-get-unique-open-findings


Finds unique open host findings.The open findings can be searched based on input parameters like fieldname (Severity, Title, Source etc), operator (EXACT, IN, LIKE, BETWEEN), page and size.

Base Command

risksense-get-unique-open-findings

Input
Argument NameDescriptionRequired
fieldnameThe RiskSense host finding attribute that should be considered for filtering the results. The available choices are 'Title', 'Severity', and 'Source'. Apart from the available choices, one can provide the attributes supported by RiskSense API. Refer to the API /uniqueHostFinding/filter API to get the list of supported attributes. The uid of filter attributes must be provided here. e.g. assessment_labels, asset_tags, cvss3BaseI, etc. If specified, 'value' argument is mandatory.Optional
operatorThe match operator should be applied for filtering the hosts based on 'fieldname' and 'value'. Available options are 'EXACT' - filter records exactly matching the criteria; 'IN' - filter records matching any one of the comma-separated values; 'LIKE' - filter records with the value matching the specified pattern. All the records fieldname value contains the string provided in value; 'BETWEEN' - filter the records with fieldname value falling in the numerical/date range provided. This argument also accepts other operator values supported by the RiskSense API. Refer to the API documentation for the list of supported operators.Optional
valueThe value of the unique open finding property mentioned in 'fieldname' to be considered for filter criteria.Optional
excludeThe exclude flag that determines whether the returned records matches filter criteria or not. By default set to False.Optional
pageThe index of the page. The index is a numeric value and starting with 0.Optional
sizeThe maximum number of records to fetch in one page.Optional
sort_byThe fieldname that should be considered for sorting the returned records.Optional
sort_directionThe sorting direction to apply to returned records.Optional
Context Output
PathTypeDescription
RiskSense.UniqueHostFinding.TitleStringThe title of the unique host finding.
RiskSense.UniqueHostFinding.SeverityNumberSimilar to risk rating, the severity of a vulnerability conveys the potential threat.
RiskSense.UniqueHostFinding.HostCountNumberThe total number of hosts found in unique host finding.
RiskSense.UniqueHostFinding.SourceStringThe name of the source associated with the unique host finding.
RiskSense.UniqueHostFinding.SourceIDStringThe unique ID of the source.
RiskSense.UniqueHostFinding.HrefStringReference API link of the unique host finding search.
Command Example
!risksense-get-unique-open-findings fieldname=Source value=QUALYS sort_by=Severity sort_direction="Descending" size="3"
Context Example
{
"RiskSense.UniqueHostFinding": [
{
"Severity": 10,
"Title": "Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw",
"SourceID": "QUALYS38574",
"HostCount": 22,
"Source": "QUALYS",
"Href": "http://platform.risksense.com/api/v1/client/747/uniqueHostFinding/search?page=0&size=3&sort=severity,desc"
},
{
"Severity": 10,
"Title": "FreeBSD Telnetd Code Execution Vulnerability (FreeBSD-SA-11:08)",
"SourceID": "QUALYS119834",
"HostCount": 17,
"Source": "QUALYS",
"Href": "http://platform.risksense.com/api/v1/client/747/uniqueHostFinding/search?page=0&size=3&sort=severity,desc"
},
{
"Severity": 10,
"Title": "Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers",
"SourceID": "QUALYS91345",
"HostCount": 140,
"Source": "QUALYS",
"Href": "http://platform.risksense.com/api/v1/client/747/uniqueHostFinding/search?page=0&size=3&sort=severity,desc"
}
]
}
Human Readable Output

Total unique open findings: 3949 Page: 0/1316 Client: The Demo Client

Unique open finding(s) details:

TitleSeverityAsset CountSourceSource ID
Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw10.022QUALYSQUALYS38574
FreeBSD Telnetd Code Execution Vulnerability (FreeBSD-SA-11:08)10.017QUALYSQUALYS119834
Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers10.0140QUALYSQUALYS91345

5. risksense-get-host-findings


A detailed host finding view with the severity level. Displays vulnerability information like CVE, Threats associated with current findings and origin of findings.

Base Command

risksense-get-host-findings

Input
Argument NameDescriptionRequired
fieldnameThe RiskSense host finding attribute that should be considered for filtering the results. The available choices are 'Title', 'IP Address', or 'Host Name'. In addition to the available choices, you can provide the attributes supported by RiskSense API. Refer to the API /hostFinding/filter API to get the list of supported attributes. The uid of filter attributes must be provided here. e.g. assessment_labels, asset_tags, cvss3BaseI, etc. If specified, 'value' argument is mandatory.Optional
operatorThe match operator should be applied for filtering the hosts based on 'fieldname' and 'value'. Available options are 'EXACT' (filter records exactly matching the criteria), 'IN' (filter records matching any one of the comma-separated values), or 'LIKE' (filter records with the value matching the specified pattern). All the records fieldname value contains the string provided in value; 'BETWEEN' - filter the records with fieldname value falling in the numerical/date range provided. This argument also accepts other operator values supported by the RiskSense API. Refer to the API documentation for the list of supported operators.Optional
excludeThe exclude flag that determines whether the returned records matches filter criteria or not. By default set to False.Optional
valueThe value of the 'fieldname' to be considered for filter criteria.Optional
pageThe index of the page. The index is numeric value starting with 0.Optional
sizeThe maximum number of records to fetch in one page.Optional
sort_byThe fieldname that should be considered for sorting the returned records.Optional
sort_directionThe sorting direction to apply to returned records.Optional
statusThe status of the host findings to be considered for returned records.Optional
Context Output
PathTypeDescription
RiskSense.HostFinding.IDStringThe unique ID of the host finding.
RiskSense.HostFinding.SourceStringHost discovered by the scanner.
RiskSense.HostFinding.SourceIDStringScanner ID of discovered scanner.
RiskSense.HostFinding.TitleStringThe title of the host finding.
RiskSense.HostFinding.PortNumberThe port number of the host finding.
RiskSense.HostFinding.GroupCountNumberThe total number of groups for host finding.
RiskSense.HostFinding.Group.IDNumberThe unique ID of the group associated with the host finding.
RiskSense.HostFinding.Group.NameStringThe name of the group associated with the host finding.
RiskSense.HostFinding.HostIDNumberThe unique ID of the host associated with the host finding.
RiskSense.HostFinding.HostNameStringThe hostname of the host associated with the host finding.
RiskSense.HostFinding.HostIpAddressStringThe IP address of the host associated with the host finding.
RiskSense.HostFinding.Host.CriticalityNumberThe criticality of the host associated with the host finding.
RiskSense.HostFinding.Host.ExternalbooleanWhether the identify of the host is external or internal.
RiskSense.HostFinding.Host.Port.IDNumberThe unique ID of the host(s) port associated with the host finding.
RiskSense.HostFinding.Host.Port.NumberNumberThe port number of the host associated with the host finding.
RiskSense.HostFinding.Host.Rs3NumberThe Asset Security Score calculated by the RiskSense platform (includes vulnerability risk on related web applications).
RiskSense.HostFinding.Network.IDNumberThe network ID of the host finding.
RiskSense.HostFinding.Network.NameStringThe name of the network used by the host finding.
RiskSense.HostFinding.Network.TypeStringThe type of the network used by the host finding.
RiskSense.HostFinding.Assessment.IDNumberThe assessment ID of the host finding.
RiskSense.HostFinding.Assessment.NameStringThe name of the assessment associated with the host finding.
RiskSense.HostFinding.Assessment.DateStringThe time when the assessment is created.
RiskSense.HostFinding.Vulnerability.CveStringThe name of the Common Vulnerabilities and Exposures associated with the host finding.
RiskSense.HostFinding.Vulnerability.BaseScoreNumberCVE Score.
RiskSense.HostFinding.Vulnerability.ThreatCountNumberThe total number of threats associated with the host finding.
RiskSense.HostFinding.Vulnerability.AttackVectorStringVector information in which the host was attacked.
RiskSense.HostFinding.Vulnerability.AccessComplexityStringComplexity level.
RiskSense.HostFinding.Vulnerability.AuthenticationStringAuthentication value represents attackers authorization to get network access.
RiskSense.HostFinding.Vulnerability.ConfidentialityImpactStringConfidentiality impact measures the potential impact on confidentiality of a successfully exploited misuse vulnerability.
RiskSense.HostFinding.Vulnerability.IntegrityStringIntegrity refers to the trustworthiness and veracity of information.
RiskSense.HostFinding.Vulnerability.AvailabilityImpactStringAvailability refers to accessibility of network resources.
RiskSense.HostFinding.Vulnerability.TrendingbooleanThis signifies whether the vulnerability (which is associated with the hostFinding) has been reported by our internal functions as being trending.
RiskSense.HostFinding.Vulnerability.VulnLastTrendingOnStringDate when last trending vulnerability was found.
RiskSense.HostFinding.ThreatCountNumberThe total number of threats.
RiskSense.HostFinding.Threat.TitleStringThe title of the threat.
RiskSense.HostFinding.Threat.CategoryStringThe threat category.
RiskSense.HostFinding.Threat.SeverityStringThe severity level of the threat.
RiskSense.HostFinding.Threat.DescriptionStringThe threat description.
RiskSense.HostFinding.Threat.CveUnknownThe Common Vulnerabilities and Exposures name of the threat.
RiskSense.HostFinding.Threat.SourceStringThe source of the threat.
RiskSense.HostFinding.Threat.PublishedStringThe time when the threat was published.
RiskSense.HostFinding.Threat.UpdatedStringThe time when the threat was last updated.
RiskSense.HostFinding.Threat.ThreatLastTrendingOnStringThe last time when threat was in trending.
RiskSense.HostFinding.Threat.TrendingbooleanWhether the threat is trending.
RiskSense.HostFinding.Patch.NameStringThe patch name of the host finding.
RiskSense.HostFinding.Patch.UrlStringThe patch URL of the host finding.
RiskSense.HostFinding.TagCountNumberThe total number of tags associated with host finding.
RiskSense.HostFinding.Tag.IDNumberThe tag identifier of the host finding.
RiskSense.HostFinding.Tag.NameStringThe tag name of the host finding.
RiskSense.HostFinding.Tag.CategoryStringThe tag category of the host finding.
RiskSense.HostFinding.Tag.DescriptionStringThe tag description of the host finding.
RiskSense.HostFinding.Tag.CreatedStringThe time when the tag was created.
RiskSense.HostFinding.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.HostFinding.Tag.ColorStringThe color of the tag.
RiskSense.HostFinding.TagAssetCountNumberThe total number of tag assets.
RiskSense.HostFinding.TagAsset.IDNumberThe ID of the tag asset.
RiskSense.HostFinding.TagAsset.NameStringThe name of the tag asset.
RiskSense.HostFinding.TagAsset.CategoryStringThe category of the tag asset.
RiskSense.HostFinding.TagAsset.DescriptionStringThe description of the tag asset.
RiskSense.HostFinding.TagAsset.CreatedStringThe date and time when tag asset was created.
RiskSense.HostFinding.TagAsset.UpdatedStringThe time when the tag asset was last updated.
RiskSense.HostFinding.TagAsset.ColorStringThe color name of the tag asset.
RiskSense.HostFinding.OutputStringThe output of the host finding.
RiskSense.HostFinding.SeverityNumberThe severity of the host finding.
RiskSense.HostFinding.SeverityDetail.CombinedNumberThe combined name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.OverriddenbooleanThe overridden name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.ScannerStringThe scanner of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.CvssV2NumberThe CVSS v2 value of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.CvssV3NumberThe CVSS v3 value of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.AggregatedNumberThe aggregated value of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.StateStringThe state of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.StateNameStringThe state name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.ExpirationDateStringThe time when the severity detail expired.
RiskSense.HostFinding.RiskRatingNumberThe risk rate of the host finding.
RiskSense.HostFinding.Xrs3ImpactStringThe impact of xrs3 for the host finding.
RiskSense.HostFinding.Xrs3ImpactOnCategoryStringThe category impact of xrs3 for the host finding.
RiskSense.HostFinding.LastFoundOnStringThe latest time when the particular host finding is found.
RiskSense.HostFinding.DiscoveredOnStringThe time when the host finding was discovered.
RiskSense.HostFinding.ResolvedOnStringThe time when the host finding was resolved.
RiskSense.HostFinding.ScannerNameStringThe name of the scanner of the host finding.
RiskSense.HostFinding.FindingTypeStringThe finding type of the host finding.
RiskSense.HostFinding.MachineIDStringThe machine ID of the host finding.
RiskSense.HostFinding.StatusEmbedded.StateStringThe current state of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StateNameStringThe state name of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StateDescriptionStringThe state description of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StatusbooleanThe status of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.DurationInDaysStringThe time duration (In days) of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.DueDateStringThe due date of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.ExpirationDateStringThe time when the status is expired associated with the host finding.
RiskSense.HostFinding.ManualFindingReportCountNumberThe total number of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.IDNumberThe ID of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.TitleStringThe title of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.LabelStringThe label of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.PiiStringThe PII number of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.SourceStringThe source of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.IsManualExploitbooleanWhether the manual finding report is an exploit.
RiskSense.HostFinding.ManualFindingReport.EaseOfExploitStringThe total number of manual finding reports associated with the host finding.
RiskSense.HostFinding.NoteCountNumberNumber of notes found for the host finding.
RiskSense.HostFinding.Note.DateStringThe time when the note was added by the user for the host finding.
RiskSense.HostFinding.Note.NoteStringThe notes that were added by the user for the host finding.
RiskSense.HostFinding.Note.UserIDNumberThe User ID of the user who added the note for the host finding.
RiskSense.HostFinding.Note.UserNameStringThe username of the user who added a note for the host finding.
RiskSense.HostFinding.Assignment.IDNumberThe unique ID of the assignment associated with the host finding.
RiskSense.HostFinding.Assignment.FirstNameStringThe first name of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.LastNameStringThe last name of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.ReceiveEmailsbooleanIndicates whether the email was received.
RiskSense.HostFinding.Assignment.EmailStringThe email address of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.UsernameStringThe username of the assigned user for the host finding.
RiskSense.HostFinding.ServicesStringThe name of the services for the host finding.
Ticket.IDStringThe ID of the ticket associated with the host finding.
Ticket.StateStringThe state of the ticket associated with the host finding.
Host.HostnameStringThe hostname of the host.
Host.IDStringThe unique ID within the tool retrieving the host.
Host.IPStringThe IP address of the host.
CVE.IDStringCommon Vulnerabilities and Exposures ID.
CVE.DescriptionStringDescription of the CVE.
CVE.CVSSStringThe CVSS represents the severity of the risk (informational, low, medium, high, critical).
RiskSense.HostFinding.Ticket.TicketNumberStringThe number of tickets associated with the host finding.
RiskSense.HostFinding.Ticket.TicketStatusStringThe status of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.DeepLinkStringThe deeplink associated with the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.TypeStringThe type of ticket associated with the host finding.
RiskSense.HostFinding.Ticket.ConnectorNameStringThe connector name of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.DetailedStatusStringThe detailed status of the ticket associated with the host finding.
RiskSense.HostFinding.GroupIDNumberThe unique ID of the group associated with the host finding.
RiskSense.HostFinding.GroupNameStringThe name of the group associated with the host finding.
Command Example
!risksense-get-host-findings fieldname="Host Name" value=loz.xg.mil sort_by="Risk Rating" sort_direction="Descending" size="2"
Context Example
{
"Host": [
{
"IP": "116.145.139.179",
"Hostname": "loz.xg.mil",
"ID": 3569982
},
{
"IP": "116.145.139.179",
"Hostname": "loz.xg.mil",
"ID": 3569982
}
],
"CVE": [
{
"ID": "CVE-2007-0882",
"CVSS": 10,
"Description": "Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \"-f\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account."
},
{
"ID": "CVE-2011-4862",
"CVSS": 10,
"Description": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
}
],
"RiskSense.HostFinding": [
{
"ResolvedOn": "2019-06-12",
"Group": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Network": {
"Type": "IP",
"ID": 78038,
"Name": "IP Network"
},
"StatusEmbedded": {
"Status": false,
"StateDescription": "Finding was approved in risk acceptance workflow",
"StateName": "RA Approved",
"State": "ACCEPTED",
"ExpirationDate": "",
"DurationInDays": "3246",
"DueDate": "2019-12-01T00:00:00"
},
"Title": "Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw",
"TagAsset": [
{
"Category": "Location",
"Updated": "2019-06-19T19:23:08",
"Name": "Data_Center_1",
"Created": "2019-04-24T21:35:12",
"Color": "#dd8361",
"ID": 215551
},
{
"Category": "People",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554
}
],
"GroupCount": 1,
"Note": [
{
"Date": "2019-04-24T23:00:57.973",
"Note": "These devices are to be decommissioned soon",
"UserID": 2425,
"UserName": "Ryan Riley"
}
],
"Source": "QUALYS",
"SeverityDetail": {
"CvssV3": null,
"CvssV2": 10,
"Scanner": "5",
"Overridden": false,
"StateName": null,
"State": null,
"ExpirationDate": "",
"Aggregated": 10,
"Combined": 10
},
"Assessment": [
{
"Date": "2019-04-23",
"ID": 67442,
"Name": "First Assessment"
}
],
"TagCount": 5,
"Severity": 10,
"RiskRating": 10,
"SourceID": "QUALYS38574",
"Assignment": [],
"HostName": "loz.xg.mil",
"Xrs3ImpactOnCategory": null,
"TagAssetCount": 2,
"Host": {
"Rs3": 644,
"External": true,
"Criticality": 5,
"Port": [
{
"ID": 42841210,
"Number": 21
},
{
"ID": 42841323,
"Number": 22
},
{
"ID": 42841347,
"Number": 23
},
{
"ID": 42841183,
"Number": 25
},
{
"ID": 42841178,
"Number": 111
},
{
"ID": 42841312,
"Number": 123
},
{
"ID": 42841336,
"Number": 587
},
{
"ID": 42841279,
"Number": 852
},
{
"ID": 42841222,
"Number": 6112
},
{
"ID": 42841168,
"Number": 7100
},
{
"ID": 42841236,
"Number": 8005
},
{
"ID": 42841197,
"Number": 8007
},
{
"ID": 42841329,
"Number": 32771
},
{
"ID": 42841246,
"Number": 32772
},
{
"ID": 42841259,
"Number": 32775
},
{
"ID": 42841269,
"Number": 32776
},
{
"ID": 42841361,
"Number": 32777
},
{
"ID": 42841370,
"Number": 32778
},
{
"ID": 42841172,
"Number": 32779
}
]
},
"Services": "",
"Ticket": [],
"ThreatCount": 5,
"Xrs3Impact": null,
"DiscoveredOn": "2010-07-22",
"HostID": 3569982,
"NoteCount": 1,
"Vulnerability": [
{
"Trending": false,
"AttackVector": "Network",
"VulnLastTrendingOn": null,
"BaseScore": 10,
"AvailabilityImpact": "Complete",
"Authentication": "None",
"AccessComplexity": "Low",
"ConfidentialityImpact": "Complete",
"Cve": "CVE-2007-0882",
"Integrity": "Complete",
"ThreatCount": 5
}
],
"Patch": [],
"Threat": [
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-13T15:32:52",
"Trending": false,
"Severity": null,
"Title": "Sun Solaris Telnet Remote Authentication Bypass Vulnerability",
"Source": "METASPLOIT",
"Published": "2007-02-17T00:00:00",
"Cve": "CVE-2007-0882",
"Description": "This module exploits the argument injection vulnerability\n in the telnet daemon (in.telnetd) of Solaris 10 and 11."
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:54:43",
"Trending": false,
"Severity": null,
"Title": "Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",
"Source": "EXPLOIT DB",
"Published": "2010-06-22T00:00:00",
"Cve": "CVE-2007-0882",
"Description": "Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)"
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:54:43",
"Trending": false,
"Severity": null,
"Title": "Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)",
"Source": "EXPLOIT DB",
"Published": "2007-02-12T00:00:00",
"Cve": "CVE-2007-0882",
"Description": "Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)"
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:54:43",
"Trending": false,
"Severity": null,
"Title": "SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass",
"Source": "EXPLOIT DB",
"Published": "2007-02-11T00:00:00",
"Cve": "CVE-2007-0882",
"Description": "SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass"
},
{
"Category": "Worm",
"ThreatLastTrendingOn": null,
"Updated": "2019-08-16T15:50:12",
"Trending": false,
"Severity": null,
"Title": "Solaris.Wanuk.Worm",
"Source": "SYMANTEC",
"Published": "2007-02-28T00:00:00",
"Cve": "CVE-2007-0882",
"Description": ""
}
],
"Output": "Detected service telnet and os SOLARIS 9-11",
"ID": 115469505,
"ManualFindingReport": [],
"HostIpAddress": "116.145.139.179",
"ManualFindingReportCount": 0,
"FindingType": "Auth/Unauthenticated",
"Tag": [
{
"Category": "Location",
"Updated": "2019-06-19T19:23:08",
"Name": "Data_Center_1",
"Created": "2019-04-24T21:35:12",
"Color": "#dd8361",
"ID": 215551,
"Description": ""
},
{
"Category": "People",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554,
"Description": ""
},
{
"Category": "Project",
"Updated": "2019-10-31T03:40:55",
"Name": "PCI Assets",
"Created": "2019-08-28T18:50:30",
"Color": "#648d9f",
"ID": 225750,
"Description": ""
},
{
"Category": "Custom",
"Updated": "2019-11-19T23:40:40",
"Name": "CVSS_Sev_Crit_Test",
"Created": "2019-11-19T23:40:40",
"Color": "#648d9f",
"ID": 230966,
"Description": "CVSS Crits"
},
{
"Category": "Custom",
"Updated": "2019-11-19T23:41:36",
"Name": "RR_Crit_Test",
"Created": "2019-11-19T23:41:36",
"Color": "#648d9f",
"ID": 230967,
"Description": "Risk Rating Crit Test"
}
],
"LastFoundOn": "2010-07-22",
"MachineID": "",
"Port": null,
"ScannerName": "QUALYS"
},
{
"ResolvedOn": "2019-06-12",
"Group": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Network": {
"Type": "IP",
"ID": 78038,
"Name": "IP Network"
},
"StatusEmbedded": {
"Status": false,
"StateDescription": "Finding was approved in risk acceptance workflow",
"StateName": "RA Approved",
"State": "ACCEPTED",
"ExpirationDate": "",
"DurationInDays": "2690",
"DueDate": "2019-12-01T00:00:00"
},
"Title": "FreeBSD Telnetd Code Execution Vulnerability (FreeBSD-SA-11:08)",
"TagAsset": [
{
"Category": "Location",
"Updated": "2019-06-19T19:23:08",
"Name": "Data_Center_1",
"Created": "2019-04-24T21:35:12",
"Color": "#dd8361",
"ID": 215551
},
{
"Category": "People",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554
}
],
"GroupCount": 1,
"Note": [],
"Source": "QUALYS",
"SeverityDetail": {
"CvssV3": null,
"CvssV2": 10,
"Scanner": "4",
"Overridden": false,
"StateName": null,
"State": null,
"ExpirationDate": "",
"Aggregated": 10,
"Combined": 8
},
"Assessment": [
{
"Date": "2019-04-23",
"ID": 67442,
"Name": "First Assessment"
}
],
"TagCount": 5,
"Severity": 8,
"RiskRating": 10,
"SourceID": "QUALYS119834",
"Assignment": [],
"HostName": "loz.xg.mil",
"Xrs3ImpactOnCategory": null,
"TagAssetCount": 2,
"Host": {
"Rs3": 644,
"External": true,
"Criticality": 5,
"Port": [
{
"ID": 42841210,
"Number": 21
},
{
"ID": 42841323,
"Number": 22
},
{
"ID": 42841347,
"Number": 23
},
{
"ID": 42841183,
"Number": 25
},
{
"ID": 42841178,
"Number": 111
},
{
"ID": 42841312,
"Number": 123
},
{
"ID": 42841336,
"Number": 587
},
{
"ID": 42841279,
"Number": 852
},
{
"ID": 42841222,
"Number": 6112
},
{
"ID": 42841168,
"Number": 7100
},
{
"ID": 42841236,
"Number": 8005
},
{
"ID": 42841197,
"Number": 8007
},
{
"ID": 42841329,
"Number": 32771
},
{
"ID": 42841246,
"Number": 32772
},
{
"ID": 42841259,
"Number": 32775
},
{
"ID": 42841269,
"Number": 32776
},
{
"ID": 42841361,
"Number": 32777
},
{
"ID": 42841370,
"Number": 32778
},
{
"ID": 42841172,
"Number": 32779
}
]
},
"Services": "",
"Ticket": [],
"ThreatCount": 6,
"Xrs3Impact": null,
"DiscoveredOn": "2012-01-29",
"HostID": 3569982,
"NoteCount": 0,
"Vulnerability": [
{
"Trending": false,
"AttackVector": "Network",
"VulnLastTrendingOn": null,
"BaseScore": 10,
"AvailabilityImpact": "Complete",
"Authentication": "None",
"AccessComplexity": "Low",
"ConfidentialityImpact": "Complete",
"Cve": "CVE-2011-4862",
"Integrity": "Complete",
"ThreatCount": 6
}
],
"Patch": [],
"Threat": [
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:49:42",
"Trending": false,
"Severity": null,
"Title": "TelnetD encrypt_keyid - Function Pointer Overwrite",
"Source": "EXPLOIT DB",
"Published": "2011-12-26T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "TelnetD encrypt_keyid - Function Pointer Overwrite"
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:49:44",
"Trending": false,
"Severity": null,
"Title": "Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit)",
"Source": "EXPLOIT DB",
"Published": "2012-01-14T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit)"
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-29T16:00:18",
"Trending": false,
"Severity": null,
"Title": "Telnet Service Encryption Key ID Overflow Detection",
"Source": "METASPLOIT",
"Published": "2011-12-27T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd)"
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-13T15:32:41",
"Trending": false,
"Severity": null,
"Title": "Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow",
"Source": "METASPLOIT",
"Published": "2011-12-27T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "This module exploits a buffer overflow in the encryption option handler of the\n Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions\n use NetKit-derived telnet daemons, so this flaw only applies to a small subset of\n Linux systems running telnetd."
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-13T15:32:40",
"Trending": false,
"Severity": null,
"Title": "FreeBSD Telnet Service Encryption Key ID Buffer Overflow",
"Source": "METASPLOIT",
"Published": "2011-12-27T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "This module exploits a buffer overflow in the encryption option handler of the\n FreeBSD telnet service."
},
{
"Category": "Exploit",
"ThreatLastTrendingOn": null,
"Updated": "2020-02-08T07:49:41",
"Trending": false,
"Severity": null,
"Title": "FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)",
"Source": "EXPLOIT DB",
"Published": "2012-01-14T00:00:00",
"Cve": "CVE-2011-4862",
"Description": "FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)"
}
],
"Output": "Remote encryption-supported telnet server is potentially affected by "FreeBSD Telnetd Code Execution Vulnerability"",
"ID": 115469517,
"ManualFindingReport": [],
"HostIpAddress": "116.145.139.179",
"ManualFindingReportCount": 0,
"FindingType": "Auth/Unauthenticated",
"Tag": [
{
"Category": "Location",
"Updated": "2019-06-19T19:23:08",
"Name": "Data_Center_1",
"Created": "2019-04-24T21:35:12",
"Color": "#dd8361",
"ID": 215551,
"Description": ""
},
{
"Category": "People",
"Updated": "2019-04-24T21:39:59",
"Name": "Linux_Team_2",
"Created": "2019-04-24T21:39:59",
"Color": "#78a19b",
"ID": 215554,
"Description": ""
},
{
"Category": "Project",
"Updated": "2019-10-31T03:40:55",
"Name": "PCI Assets",
"Created": "2019-08-28T18:50:30",
"Color": "#648d9f",
"ID": 225750,
"Description": ""
},
{
"Category": "Custom",
"Updated": "2019-11-19T23:40:40",
"Name": "CVSS_Sev_Crit_Test",
"Created": "2019-11-19T23:40:40",
"Color": "#648d9f",
"ID": 230966,
"Description": "CVSS Crits"
},
{
"Category": "Custom",
"Updated": "2019-11-19T23:41:36",
"Name": "RR_Crit_Test",
"Created": "2019-11-19T23:41:36",
"Color": "#648d9f",
"ID": 230967,
"Description": "Risk Rating Crit Test"
}
],
"LastFoundOn": "2012-01-29",
"MachineID": "",
"Port": null,
"ScannerName": "QUALYS"
}
]
}
Human Readable Output

Total host findings: 16 Page: 0/7 Client: The Demo Client

Host finding(s) details:

IDHost NameIP AddressTitleRiskThreatsRS3CriticalitySeverityGroupsStateTagsAsset TagsNoteManual Finding Report Count
115469505loz.xg.mil116.145.139.179Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw10.05644510.01ACCEPTED5210
115469517loz.xg.mil116.145.139.179FreeBSD Telnetd Code Execution Vulnerability (FreeBSD-SA-11:08)10.0664458.01ACCEPTED5200

6. risksense-get-apps


Looks up the application details. The application details can be searched based on input parameters like fieldname (Name, Network, Address), operator (EXACT, IN, LIKE, BETWEEN), page, size, sort by and sort direction.

Base Command

risksense-get-apps

Input
Argument NameDescriptionRequired
fieldnameThe RiskSense application attribute that should be considered for filtering the results. The available choices are 'Name', 'Network', or 'Address'. Apart from the available choices, one can provide the attributes supported by RiskSense API. Refer to the API /application/filter API to get the list of supported attributes. The uid of filter attributes must be provided here. e.g. assessment_labels, asset_tags, cvss3BaseI, etc. If specified, 'value' argument is mandatory.Optional
operatorThe match operator should be applied for filtering the hosts based on 'fieldname' and 'value'. Available options are 'EXACT' (filter records exactly matching the criteria), 'IN' (filter records matching any one of the comma-separated values), or 'LIKE' (filter records with the value matching the specified pattern). All the records fieldname value contains the string provided in value; 'BETWEEN' - filter the records with fieldname value falling in the numerical/date range provided. This argument also accepts other operator values supported by the RiskSense API. Refer to the API documentation for the list of supported operators.Optional
valueThe value of the apps property mentioned in 'fieldname' to be considered for filter criteria.Optional
excludeThe exclude flag that determines whether the returned records matches filter criteria or not. The default is "false".Optional
pageThe index of the page. The index is a numeric value and starting with 0.Optional
sizeThe maximum number of records to fetch in one page.Optional
sort_byThe fieldname that should be considered for sorting the returned records.Optional
sort_directionThe sorting direction to apply to returned records.Optional
Context Output
PathTypeDescription
RiskSense.Application.IDNumberThe unique ID within the tool retrieving the application.
RiskSense.Application.GroupIDNumberThe group ID of the application.
RiskSense.Application.GroupNameStringThe group name of the application.
RiskSense.Application.Group.IDNumberThe ID of the group belonging to the Application.
RiskSense.Application.Group.NameStringThe name of the group belonging to the Application.
RiskSense.Application.Network.IDNumberThe network ID of the application.
RiskSense.Application.Network.NameStringThe network name of the application.
RiskSense.Application.Network.TypeStringThe network type of the application.
RiskSense.Application.ClientIDNumberThe client ID of the application.
RiskSense.Application.HostIDNumberThe host ID of the application.
RiskSense.Application.UriStringThe reference URI of the application.
RiskSense.Application.NameStringThe name of the application.
RiskSense.Application.DescriptionStringThe detailed description of the application.
RiskSense.Application.NoteCountNumberThe total number of notes found in the application.
RiskSense.Application.DiscoveredOnStringThe time when the application was discovered.
RiskSense.Application.LastFoundOnStringThe time when the application was last found.
RiskSense.Application.TotalNumberThe total number of open findings of the application.
RiskSense.Application.CriticalNumberThe number of open findings of the application with critical severity.
RiskSense.Application.HighNumberThe number of open findings of the application with high severity.
RiskSense.Application.MediumNumberThe number of open findings of the application with medium severity.
RiskSense.Application.LowNumberThe number of open findings of the application with low severity.
RiskSense.Application.InfoNumberThe number of open findings of the application with info severity.
RiskSense.Application.Icon.TypeStringThe type of icon of the application.
RiskSense.Application.Icon.OverlayTextStringThe overlay text of the icon of the application.
RiskSense.Application.TagCountNumberThe total number of tags of the application.
RiskSense.Application.UrlCountNumberThe total number of URLs of the application.
RiskSense.Application.HrefStringThe deeplink pointing to the application details on RiskSense.
RiskSense.Application.CMDB.ManufacturedByStringThe name of the manufacturer in the configuration management DB (CMDB) from application details.
RiskSense.Application.CMDB.ModelStringThe CMDB model name of the application.
RiskSense.Application.CMDB.MacAddressStringThe CMDB MAC address of the application.
RiskSense.Application.CMDB.LocationStringThe CMDB location of the application.
RiskSense.Application.CMDB.ManagedByStringThe CMDB entity name that managed the application.
RiskSense.Application.CMDB.OwnedByStringThe CMDB entity name that owned the application.
RiskSense.Application.CMDB.SupportedByStringThe CMDB entity name that supported the application
RiskSense.Application.CMDB.SupportGroupStringThe CMDB supporting group of the application.
RiskSense.Application.CMDB.SysIDStringThe CMDB system ID of the application.
RiskSense.Application.CMDB.OperatingSystemStringThe CMDB operating system of the application.
RiskSense.Application.CMDB.LastScanDateStringThe CMDB last scan date of the application.
RiskSense.Application.CMDB.FerpaComplianceAssetBooleanThe Family Educational Rights and Privacy Act.
RiskSense.Application.CMDB.HipaaComplianceAssetBooleanHealth Insurance Portability and Accountability Act.
RiskSense.Application.CMDB.PciComplianceAssetStringThe Payment Card Industry (PCI) Council continues to make changes to ensure that their standards are up to date with emerging threats and changes in the market.
RiskSense.Application.Ticket.TicketNumberStringThe number of the ticket associated with the application.
RiskSense.Application.Ticket.TicketStatusStringThe status of the ticket associated with the application.
RiskSense.Application.Ticket.TypeStringThe type of ticket associated with the application.
RiskSense.Application.Ticket.ConnectorNameStringThe connector name of the ticket associated with the application.
RiskSense.Application.Ticket.DetailedStatusStringThe detailed status of ticket associated with the application.
RiskSense.Application.Ticket.DeepLinkStringThe deeplink associated with the ticket associated with the application.
RiskSense.Application.Source.NameStringThe name of the source associated with the application.
RiskSense.Application.Source.UuIDStringThe unique ID of the source associated with the application.
RiskSense.Application.Source.ScannerTypeStringThe type of scanner of the source associated with the application..
RiskSense.Application.Note.UserIDStringThe user ID of the user who added a note for the application.
RiskSense.Application.Note.UserNameStringThe username of the user who added a note for the application.
RiskSense.Application.Note.NoteStringThe notes that were added by the user for the application.
RiskSense.Application.Note.DateStringThe time when the note was added by the user for the application.
RiskSense.Application.Tag.IDNumberThe ID of the tag.
RiskSense.Application.Tag.NameStringThe name of the tag.
RiskSense.Application.Tag.CategoryStringThe category of the tag.
RiskSense.Application.Tag.DescriptionStringThe description of the tag.
RiskSense.Application.Tag.CreatedStringThe time when the tag was created.
RiskSense.Application.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.Application.Tag.ColorStringThe color code of the tag of the application.
Ticket.IDStringThe ID of the ticket associated with the application.
Ticket.StateStringThe state of the ticket associated with the application.
Command Example
!risksense-get-apps fieldname=Network value=App-data sort_by="Total Findings" sort_direction="Descending" size="3"
Context Example
{
"RiskSense.Application": [
{
"Network": {
"Type": "IP",
"ID": 91502,
"Name": "App-data"
},
"Note": [
{
"Date": "2020-01-28T12:21:06",
"Note": "Hiiii",
"UserID": 5969,
"UserName": "Ravindra Sojitra"
}
],
"Source": [
{
"ScannerType": "SAST",
"Name": "VERACODESAST",
"UuID": "VERACODESAST"
}
],
"Critical": 2,
"Low": 21,
"TagCount": 0,
"Medium": 281,
"Description": null,
"ClientID": 747,
"GroupID": 7990,
"Tag": [],
"Groups": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Ticket": [],
"Icon": [
{
"Type": "VERACODESAST",
"OverlayText": null
},
{
"Type": "OWASP",
"OverlayText": "A1"
},
{
"Type": "OWASP",
"OverlayText": "A3"
},
{
"Type": "OWASP",
"OverlayText": "A2"
},
{
"Type": "WASC",
"OverlayText": "SQL Injection"
},
{
"Type": "WASC",
"OverlayText": "HTTP Response Splitting"
},
{
"Type": "WASC",
"OverlayText": "OS Commanding"
},
{
"Type": "WASC",
"OverlayText": "URl Redirector Abuse"
},
{
"Type": "WASC",
"OverlayText": "HTTP Request Splitting"
},
{
"Type": "WASC",
"OverlayText": "Brute Force"
},
{
"Type": "WASC",
"OverlayText": "Session Fixation"
}
],
"Info": 1,
"DiscoveredOn": "2019-06-11",
"HostID": null,
"Name": "RS TestApp 1",
"NoteCount": 1,
"Uri": "RS TestApp 1",
"GroupName": "Default Group",
"ID": 19391,
"CMDB": {
"MacAddress": null,
"SupportGroup": null,
"SysID": null,
"HipaaComplianceAsset": false,
"OperatingSystem": null,
"ManufacturedBy": null,
"ManagedBy": null,
"Location": null,
"OwnedBy": null,
"Model": null,
"LastScanDate": "2019-06-11",
"FerpaComplianceAsset": false,
"SupportedBy": null,
"PciComplianceAsset": false
},
"UrlCount": 74,
"High": 20,
"Href": "http://platform.risksense.com/api/v1/client/747/application/search?page=0&size=3&sort=findingsDistribution.total,desc",
"LastFoundOn": "2019-06-11",
"Total": 325
},
{
"Network": {
"Type": "IP",
"ID": 91502,
"Name": "App-data"
},
"Note": [],
"Source": [
{
"ScannerType": "DAST",
"Name": "HPWEBINSPECT",
"UuID": "HPWEBINSPECT"
}
],
"Critical": 19,
"Low": 157,
"TagCount": 0,
"Medium": 8,
"Description": null,
"ClientID": 747,
"GroupID": 7990,
"Tag": [],
"Groups": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Ticket": [],
"Icon": [
{
"Type": "WEBINSPECT",
"OverlayText": null
},
{
"Type": "OWASP",
"OverlayText": "A6"
},
{
"Type": "OWASP",
"OverlayText": "A5"
},
{
"Type": "OWASP",
"OverlayText": "A1"
},
{
"Type": "OWASP",
"OverlayText": "A2"
},
{
"Type": "OWASP",
"OverlayText": "A3"
},
{
"Type": "OWASP",
"OverlayText": "A7"
},
{
"Type": "WASC",
"OverlayText": "Directory Indexing"
},
{
"Type": "WASC",
"OverlayText": "Information Leakage"
},
{
"Type": "WASC",
"OverlayText": "Path Traversal"
},
{
"Type": "WASC",
"OverlayText": "Predictable Resource Location"
},
{
"Type": "WASC",
"OverlayText": "Insufficient Authentication"
},
{
"Type": "WASC",
"OverlayText": "Insufficient Authorization"
},
{
"Type": "WASC",
"OverlayText": "LDAP Injection"
},
{
"Type": "WASC",
"OverlayText": "Cross-site Request Forgery"
},
{
"Type": "WASC",
"OverlayText": "Cross-site Scripting"
},
{
"Type": "WASC",
"OverlayText": "OS Commanding"
},
{
"Type": "WASC",
"OverlayText": "Improper Output Handling"
},
{
"Type": "WASC",
"OverlayText": "Buffer Overflow"
}
],
"Info": 0,
"DiscoveredOn": "2019-06-12",
"HostID": null,
"Name": "http://zero.webappsecurity.com:80",
"NoteCount": 0,
"Uri": "http://zero.webappsecurity.com:80",
"GroupName": "Default Group",
"ID": 19396,
"CMDB": {
"MacAddress": null,
"SupportGroup": null,
"SysID": null,
"HipaaComplianceAsset": false,
"OperatingSystem": null,
"ManufacturedBy": null,
"ManagedBy": null,
"Location": null,
"OwnedBy": null,
"Model": null,
"LastScanDate": null,
"FerpaComplianceAsset": false,
"SupportedBy": null,
"PciComplianceAsset": false
},
"UrlCount": 152,
"High": 0,
"Href": "http://platform.risksense.com/api/v1/client/747/application/search?page=0&size=3&sort=findingsDistribution.total,desc",
"LastFoundOn": "2019-06-11",
"Total": 184
},
{
"Network": {
"Type": "IP",
"ID": 91502,
"Name": "App-data"
},
"Note": [],
"Source": [
{
"ScannerType": "DAST",
"Name": "IBMAPPSCANENTERPRISE",
"UuID": "IBMAPPSCANENTERPRISE"
}
],
"Critical": 28,
"Low": 13,
"TagCount": 0,
"Medium": 0,
"Description": null,
"ClientID": 747,
"GroupID": 7990,
"Tag": [],
"Groups": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Ticket": [],
"Icon": [
{
"Type": "IBM_APP_SCANNER",
"OverlayText": null
}
],
"Info": 0,
"DiscoveredOn": "2019-06-12",
"HostID": null,
"Name": "https:/test.thatcompany.com",
"NoteCount": 0,
"Uri": "https:/test.thatcompany.com",
"GroupName": "Default Group",
"ID": 19395,
"CMDB": {
"MacAddress": null,
"SupportGroup": null,
"SysID": null,
"HipaaComplianceAsset": false,
"OperatingSystem": null,
"ManufacturedBy": null,
"ManagedBy": null,
"Location": null,
"OwnedBy": null,
"Model": null,
"LastScanDate": null,
"FerpaComplianceAsset": false,
"SupportedBy": null,
"PciComplianceAsset": false
},
"UrlCount": 33,
"High": 0,
"Href": "http://platform.risksense.com/api/v1/client/747/application/search?page=0&size=3&sort=findingsDistribution.total,desc",
"LastFoundOn": "2019-06-11",
"Total": 41
}
]
}
Human Readable Output

Total applications: 7 Page: 0/2 Client: The Demo Client

RiskSense application(s) details:

IDAddressNameNetworkTotal FindingsCritical FindingsHigh FindingsMedium FindingsLow FindingsInfo FindingsGroupsURLsTagsNotes
19391RS TestApp 1RS TestApp 1App-data32522028121117401
19396http://zero.webappsecurity.com:80http://zero.webappsecurity.com:80App-data18419081570115200
19395https:/test.thatcompany.comhttps:/test.thatcompany.comApp-data41280013013300

7. risksense-get-host-finding-detail


Gets in-depth details of a single host finding. The command accepts the host finding ID as an argument.

Base Command

risksense-get-host-finding-detail

Input
Argument NameDescriptionRequired
hostfinding_idThe unique host finding ID. The host finding ID is either known by RiskSense users or it can be found in the human-readable output or context data(RiskSense.HostFinding.ID) after executing 'risksense-get-host-findings' command.Required
Context Output
PathTypeDescription
RiskSense.HostFinding.IDStringThe unique ID of the host finding.
RiskSense.HostFinding.SourceStringHost discovered by the scanner.
RiskSense.HostFinding.SourceIDStringScanner ID of the discovered scanner.
RiskSense.HostFinding.TitleStringThe title of the host finding.
RiskSense.HostFinding.PortNumberThe port number of the host finding.
RiskSense.HostFinding.GroupCountNumberThe total number of groups for the host finding.
RiskSense.HostFinding.Group.IDNumberThe unique ID of the group associated with the host finding.
RiskSense.HostFinding.Group.NameStringThe name of the group associated with the host finding.
RiskSense.HostFinding.GroupIDNumberThe unique ID of the group associated with the host finding.
RiskSense.HostFinding.GroupNameStringThe name of the group associated with the host finding.
RiskSense.HostFinding.HostIDNumberThe unique ID of the host associated with the host finding.
RiskSense.HostFinding.HostNameStringThe hostname of the host associated with the host finding.
RiskSense.HostFinding.HostIpAddressStringThe IP address of the host associated with the host finding.
RiskSense.HostFinding.Host.CriticalityNumberThe criticality of the host associated with the host finding.
RiskSense.HostFinding.Host.ExternalbooleanWhether the host is external.
RiskSense.HostFinding.Host.Port.IDNumberThe unique ID of the host(s) port associated with the host finding.
RiskSense.HostFinding.Host.Port.NumberNumberThe port number of the host associated with the host finding.
RiskSense.HostFinding.Host.Rs3NumberThe Asset Security Score calculated by the RiskSense platform (includes vulnerability risk on related web applications).
RiskSense.HostFinding.Network.IDNumberThe network ID of the host finding.
RiskSense.HostFinding.Network.NameStringThe name of the network used by the host finding.
RiskSense.HostFinding.Network.TypeStringThe type of the network used by the host finding.
RiskSense.HostFinding.Assessment.IDNumberThe assessment ID of the host finding.
RiskSense.HostFinding.Assessment.NameStringThe name of the assessment associated with the host finding.
RiskSense.HostFinding.Assessment.DateStringThe time when the assessment is created.
RiskSense.HostFinding.Vulnerability.CveStringThe name of the Common Vulnerabilities and Exposures associated with the host finding.
RiskSense.HostFinding.Vulnerability.BaseScoreNumberCVE Score.
RiskSense.HostFinding.Vulnerability.ThreatCountNumberThe total number of threats associated with the host finding.
RiskSense.HostFinding.Vulnerability.AttackVectorStringVector information in which the host finding was attacked.
RiskSense.HostFinding.Vulnerability.AccessComplexityStringComplexity level.
RiskSense.HostFinding.Vulnerability.AuthenticationStringAuthentication value represents attackers authorization to get network access.
RiskSense.HostFinding.Vulnerability.ConfidentialityImpactStringConfidentiality impact measures the potential impact on the confidentiality of a successfully exploited misuse vulnerability.
RiskSense.HostFinding.Vulnerability.IntegrityStringIntegrity refers to the level of trust and veracity of the information.
RiskSense.HostFinding.Vulnerability.AvailabilityImpactStringAvailability refers to accessibility of network resources.
RiskSense.HostFinding.Vulnerability.TrendingbooleanWhether the vulnerability (which is associated with the hostFinding) has been reported by our internal functions as being trending.
RiskSense.HostFinding.Vulnerability.VulnLastTrendingOnStringDate when the last trending vulnerability was found.
RiskSense.HostFinding.ThreatCountNumberThe total number of threats.
RiskSense.HostFinding.Threat.TitleStringThe title of the threat.
RiskSense.HostFinding.Threat.CategoryStringThe category of the threat.
RiskSense.HostFinding.Threat.SeverityStringThe severity level of the threat.
RiskSense.HostFinding.Threat.DescriptionStringThe threat description.
RiskSense.HostFinding.Threat.CveUnknownThe Common Vulnerabilities and Exposures name of the threat.
RiskSense.HostFinding.Threat.SourceStringThe source of the threat.
RiskSense.HostFinding.Threat.PublishedStringThe time when threat was published.
RiskSense.HostFinding.Threat.UpdatedStringThe time when the threat was last updated.
RiskSense.HostFinding.Threat.ThreatLastTrendingOnStringThe last time when the threat was trending.
RiskSense.HostFinding.Threat.TrendingbooleanWhether the threat is trending.
RiskSense.HostFinding.Patch.NameStringThe patch name of the host finding.
RiskSense.HostFinding.Patch.UrlStringThe patch URL of the host finding.
RiskSense.HostFinding.TagCountNumberThe total number of tags associated with host finding.
RiskSense.HostFinding.Tag.IDNumberThe tag identifier of the host finding.
RiskSense.HostFinding.Tag.NameStringThe tag name of the host finding.
RiskSense.HostFinding.Tag.CategoryStringThe tag category of the host finding.
RiskSense.HostFinding.Tag.DescriptionStringThe tag description of the host finding.
RiskSense.HostFinding.Tag.CreatedStringThe time when the tag was created.
RiskSense.HostFinding.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.HostFinding.Tag.ColorStringThe color of the tag.
RiskSense.HostFinding.TagAssetCountNumberThe total number of tag assets.
RiskSense.HostFinding.TagAsset.IDNumberThe ID of the tag asset.
RiskSense.HostFinding.TagAsset.NameStringThe name of the tag asset.
RiskSense.HostFinding.TagAsset.CategoryStringThe category of the tag asset.
RiskSense.HostFinding.TagAsset.DescriptionStringThe description of the tag asset.
RiskSense.HostFinding.TagAsset.CreatedStringThe time and date when the tag asset was created.
RiskSense.HostFinding.TagAsset.UpdatedStringThe time when the tag asset was last updated.
RiskSense.HostFinding.TagAsset.ColorStringThe color name of the tag asset.
RiskSense.HostFinding.OutputStringThe output of the host finding.
RiskSense.HostFinding.SeverityNumberThe severity of the host finding.
RiskSense.HostFinding.SeverityDetail.CombinedNumberThe combined name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.OverriddenbooleanThe overridden name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.ScannerStringThe scanner of severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.CvssV2NumberThe CVSS v2 value of severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.CvssV3NumberThe CVSS v3 value of severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.AggregatedNumberThe aggregated value of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.StateStringThe state of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.StateNameStringThe state name of the severity detail for the host finding.
RiskSense.HostFinding.SeverityDetail.ExpirationDateStringThe time when the severity detail expired.
RiskSense.HostFinding.RiskRatingNumberThe risk rate of the host finding.
RiskSense.HostFinding.Xrs3ImpactStringThe impact of xrs3 for the host finding.
RiskSense.HostFinding.Xrs3ImpactOnCategoryStringThe category impact of xrs3 for the host finding.
RiskSense.HostFinding.LastFoundOnStringThe latest time when the particular host finding was found.
RiskSense.HostFinding.DiscoveredOnStringThe time when the host finding was discovered.
RiskSense.HostFinding.ResolvedOnStringThe time when the host finding was resolved.
RiskSense.HostFinding.ScannerNameStringThe name of the scanner of the host finding.
RiskSense.HostFinding.FindingTypeStringThe finding type of the host finding.
RiskSense.HostFinding.MachineIDStringThe machine ID of the host finding.
RiskSense.HostFinding.StatusEmbedded.StateStringThe current state of the embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StateNameStringThe state name of the embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StateDescriptionStringThe state description of the embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.StatusbooleanThe status of the embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.DurationInDaysStringThe time duration (in days) of the embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.DueDateStringThe due date of embedded status associated with the host finding.
RiskSense.HostFinding.StatusEmbedded.ExpirationDateStringThe time when status is expired associated with the host finding.
RiskSense.HostFinding.ManualFindingReportCountNumberThe total number of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.IDNumberThe ID of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.TitleStringThe title of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.LabelStringThe label of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.PiiStringThe pii number of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.SourceStringThe source of manual finding reports associated with the host finding.
RiskSense.HostFinding.ManualFindingReport.IsManualExploitbooleanTo check whether manual finding report is exploit or not.
RiskSense.HostFinding.ManualFindingReport.EaseOfExploitStringThe total number of manual finding reports associated with the host finding.
RiskSense.HostFinding.NoteCountNumberNumber of notes found.
RiskSense.HostFinding.Note.DateStringThe time when the note was added by the user for the host finding.
RiskSense.HostFinding.Note.NoteStringThe notes that are added by the user for the host finding.
RiskSense.HostFinding.Note.UserIDNumberThe User ID of the user who added a note for the host finding.
RiskSense.HostFinding.Note.UserNameStringThe username of the user who added a note for the host finding.
RiskSense.HostFinding.Assignment.IDNumberThe unique ID of the assignment associated with the host finding.
RiskSense.HostFinding.Assignment.FirstNameStringThe first name of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.LastNameStringThe last name of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.ReceiveEmailsbooleanIndicates whether email is received or not.
RiskSense.HostFinding.Assignment.EmailStringThe email of the assigned user for the host finding.
RiskSense.HostFinding.Assignment.UsernameStringThe username of the assigned user for the host finding.
RiskSense.HostFinding.ServicesStringThe name of the services for the host finding.
Ticket.IDStringThe ID of the ticket associated with the host finding.
Ticket.StateStringThe state of the ticket associated with the host finding.
Host.HostnameStringThe hostname of the host.
Host.IDStringThe unique ID within the tool retrieving the host.
Host.IPStringThe IP address of the host.
CVE.IDStringCommon Vulnerabilities and Exposures ID.
CVE.DescriptionStringDescription about the CVE.
CVE.CVSSStringThe CVSS represents the severity of the risk (informational, low, medium, high, critical).
RiskSense.HostFinding.Ticket.TicketNumberStringThe number of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.TicketStatusStringThe status of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.DeepLinkStringThe deeplink associated with the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.TypeStringThe type of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.ConnectorNameStringThe connector name of the ticket associated with the host finding.
RiskSense.HostFinding.Ticket.DetailedStatusStringThe detailed status of the ticket associated with the host finding.
Command Example
!risksense-get-host-finding-detail hostfinding_id=115469504
Context Example
{
"RiskSense.HostFinding": [
{
"HostID": 3569980,
"HostName": "lmd.ql.nl",
"HostIpAddress": "31.207.62.145",
"ID": 115469504,
"Source": "QUALYS",
"SourceID": "QUALYS38574",
"Title": "Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw",
"Port": null,
"GroupCount": 1,
"Group": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Host": {
"Criticality": 5,
"External": true,
"Port": [
{
"ID": 42841324,
"Number": 21
},
{
"ID": 42841352,
"Number": 22
},
{
"ID": 42841261,
"Number": 23
},
{
"ID": 42841311,
"Number": 25
},
{
"ID": 42841250,
"Number": 111
},
{
"ID": 42841211,
"Number": 123
},
{
"ID": 42841239,
"Number": 587
},
{
"ID": 42841345,
"Number": 852
},
{
"ID": 42841176,
"Number": 4045
},
{
"ID": 42841331,
"Number": 6112
},
{
"ID": 42841226,
"Number": 6481
},
{
"ID": 42841297,
"Number": 7100
},
{
"ID": 42841170,
"Number": 8400
},
{
"ID": 42841182,
"Number": 8402
},
{
"ID": 42841359,
"Number": 32771
},
{
"ID": 42841189,
"Number": 32772
},
{
"ID": 42841340,
"Number": 32775
},
{
"ID": 42841196,
"Number": 32776
},
{
"ID": 42841476,
"Number": 32777
},
{
"ID": 42841287,
"Number": 32778
},
{
"ID": 42841363,
"Number": 32780
},
{
"ID": 42841302,
"Number": 32794
}
],
"Rs3": 600
},
"Network": {
"ID": 78038,
"Name": "IP Network",
"Type": "IP"
},
"Assessment": [
{
"ID": 67442,
"Name": "First Assessment",
"Date": "2019-04-23"
}
],
"Vulnerability": [
{
"Cve": "CVE-2007-0882",
"BaseScore": 10,
"ThreatCount": 5,
"AttackVector": "Network",
"AccessComplexity": "Low",
"Authentication": "None",
"ConfidentialityImpact": "Complete",
"Integrity": "Complete",
"AvailabilityImpact": "Complete",
"Trending": false,
"VulnLastTrendingOn": null
}
],
"ThreatCount": 5,
"Threat": [
{
"Title": "Sun Solaris Telnet Remote Authentication Bypass Vulnerability",
"Category": "Exploit",
"Severity": null,
"Description": "This module exploits the argument injection vulnerability\n in the telnet daemon (in.telnetd) of Solaris 10 and 11.",
"Cve": "CVE-2007-0882",
"Source": "METASPLOIT",
"Published": "2007-02-17T00:00:00",
"Updated": "2020-02-13T15:32:52",
"ThreatLastTrendingOn": null,
"Trending": false
},
{
"Title": "Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",
"Category": "Exploit",
"Severity": null,
"Description": "Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",
"Cve": "CVE-2007-0882",
"Source": "EXPLOIT DB",
"Published": "2010-06-22T00:00:00",
"Updated": "2020-02-08T07:54:43",
"ThreatLastTrendingOn": null,
"Trending": false
},
{
"Title": "Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)",
"Category": "Exploit",
"Severity": null,
"Description": "Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)",
"Cve": "CVE-2007-0882",
"Source": "EXPLOIT DB",
"Published": "2007-02-12T00:00:00",
"Updated": "2020-02-08T07:54:43",
"ThreatLastTrendingOn": null,
"Trending": false
},
{
"Title": "SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass",
"Category": "Exploit",
"Severity": null,
"Description": "SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass",
"Cve": "CVE-2007-0882",
"Source": "EXPLOIT DB",
"Published": "2007-02-11T00:00:00",
"Updated": "2020-02-08T07:54:43",
"ThreatLastTrendingOn": null,
"Trending": false
},
{
"Title": "Solaris.Wanuk.Worm",
"Category": "Worm",
"Severity": null,
"Description": "",
"Cve": "CVE-2007-0882",
"Source": "SYMANTEC",
"Published": "2007-02-28T00:00:00",
"Updated": "2019-08-16T15:50:12",
"ThreatLastTrendingOn": null,
"Trending": false
}
],
"Patch": [],
"TagCount": 5,
"Tag": [
{
"ID": 215551,
"Name": "Data_Center_1",
"Category": "Location",
"Description": "",
"Created": "2019-04-24T21:35:12",
"Updated": "2019-06-19T19:23:08",
"Color": "#dd8361"
},
{
"ID": 215554,
"Name": "Linux_Team_2",
"Category": "People",
"Description": "",
"Created": "2019-04-24T21:39:59",
"Updated": "2019-04-24T21:39:59",
"Color": "#78a19b"
},
{
"ID": 225750,
"Name": "PCI Assets",
"Category": "Project",
"Description": "",
"Created": "2019-08-28T18:50:30",
"Updated": "2019-10-31T03:40:55",
"Color": "#648d9f"
},
{
"ID": 230966,
"Name": "CVSS_Sev_Crit_Test",
"Category": "Custom",
"Description": "CVSS Crits",
"Created": "2019-11-19T23:40:40",
"Updated": "2019-11-19T23:40:40",
"Color": "#648d9f"
},
{
"ID": 230967,
"Name": "RR_Crit_Test",
"Category": "Custom",
"Description": "Risk Rating Crit Test",
"Created": "2019-11-19T23:41:36",
"Updated": "2019-11-19T23:41:36",
"Color": "#648d9f"
}
],
"TagAssetCount": 2,
"TagAsset": [
{
"ID": 215551,
"Name": "Data_Center_1",
"Category": "Location",
"Created": "2019-04-24T21:35:12",
"Updated": "2019-06-19T19:23:08",
"Color": "#dd8361"
},
{
"ID": 215554,
"Name": "Linux_Team_2",
"Category": "People",
"Created": "2019-04-24T21:39:59",
"Updated": "2019-04-24T21:39:59",
"Color": "#78a19b"
}
],
"Output": "Detected service telnet and os SOLARIS 9-11",
"Severity": 10,
"SeverityDetail": {
"Combined": 10,
"Overridden": false,
"Scanner": "5",
"CvssV2": 10,
"CvssV3": null,
"Aggregated": 10,
"State": null,
"StateName": null,
"ExpirationDate": ""
},
"RiskRating": 10,
"Xrs3Impact": null,
"Xrs3ImpactOnCategory": null,
"LastFoundOn": "2010-07-22",
"DiscoveredOn": "2010-07-22",
"ResolvedOn": "2019-06-12",
"ScannerName": "QUALYS",
"FindingType": "Auth/Unauthenticated",
"MachineID": "",
"StatusEmbedded": {
"State": "ACCEPTED",
"StateName": "RA Approved",
"StateDescription": "Finding was approved in risk acceptance workflow",
"Status": false,
"DurationInDays": "3246",
"DueDate": "2019-12-01T00:00:00",
"ExpirationDate": ""
},
"ManualFindingReportCount": 0,
"ManualFindingReport": [],
"NoteCount": 0,
"Note": [],
"Assignment": [],
"Services": "",
"Ticket": []
}
],
"Host": [
{
"ID": 3569980,
"Hostname": "lmd.ql.nl",
"IP": "31.207.62.145"
}
],
"CVE": [
{
"ID": "CVE-2007-0882",
"CVSS": 10,
"Description": "Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \"-f\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account."
}
]
}
Human Readable Output

Client: The Demo Client

Group Details:

Name: Default Group

Host Finding Details:

Host NameIp AddressNetworkSourceRisk RatingTitle
lmd.ql.nl31.207.62.145IP NetworkQUALYS10.0Solaris 10 and Solaris 11 (SolarisExpress) Remote Access Telnet Daemon Flaw

Threat(s) (5):

TitleCategorySourceCVEsPublishedUpdated
Sun Solaris Telnet Remote Authentication Bypass VulnerabilityExploitMETASPLOITCVE-2007-08822007-02-17T00:00:002020-02-13T15:32:52
Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)ExploitEXPLOIT DBCVE-2007-08822010-06-22T00:00:002020-02-08T07:54:43
Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)ExploitEXPLOIT DBCVE-2007-08822007-02-12T00:00:002020-02-08T07:54:43
SunOS 5.10/5.11 in.TelnetD - Remote Authentication BypassExploitEXPLOIT DBCVE-2007-08822007-02-11T00:00:002020-02-08T07:54:43
Solaris.Wanuk.WormWormSYMANTECCVE-2007-08822007-02-28T00:00:002019-08-16T15:50:12

Vulnerabilities (1):

NameV2/ScoreThreat CountAttack VectorAccess ComplexityAuthentication
CVE-2007-088210.05NetworkLowNone

Status:

StateCurrent StateDescriptionDurationDue Date
ACCEPTEDRA ApprovedFinding was approved in risk acceptance workflow3246 day(s)2019-12-01T00:00:00

Tag(s) (5):

NameCategoryCreatedUpdated
Data_Center_1Location2019-04-24T21:35:122019-06-19T19:23:08
Linux_Team_2People2019-04-24T21:39:592019-04-24T21:39:59
PCI AssetsProject2019-08-28T18:50:302019-10-31T03:40:55
CVSS_Sev_Crit_TestCustom2019-11-19T23:40:402019-11-19T23:40:40
RR_Crit_TestCustom2019-11-19T23:41:362019-11-19T23:41:36

Manual Finding Report(s) (0):

No entries.

Ticket(s) (0):

No entries.

Assessment(s) (1):

NameDate
First Assessment2019-04-23

Host Finding Description:

Solaris 10 and 11 hosts are vulnerable to a telnet daemon flaw.

The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins.

Telnet poses a risk because data transferred between clients may not be encrypted. Telnet is also a frequent target for port scanners.

8. risksense-get-app-detail


Gets in-depth details of a single application. The command accepts an application ID as an argument.

Base Command

risksense-get-app-detail

Input
Argument NameDescriptionRequired
application_idThe application ID is unique for the application. The application ID is either known by RiskSense users or it can be searched in context output (RiskSense.Application.ID) or in the human-readable output of 'risksense-get-apps' command.Required
Context Output
PathTypeDescription
RiskSense.Application.IDNumberThe unique ID within the tool retrieving the application.
RiskSense.Application.GroupIDNumberThe group ID of the application.
RiskSense.Application.GroupNameStringThe group name of the application.
RiskSense.Application.Group.IDNumberThe ID of the group belonging to the Application.
RiskSense.Application.Group.NameStringThe name of the group belonging to the Application.
RiskSense.Application.Network.IDNumberThe network ID of the application.
RiskSense.Application.Network.NameStringThe network name of the application.
RiskSense.Application.Network.TypeStringThe network type of the application.
RiskSense.Application.ClientIDNumberThe client ID of the application.
RiskSense.Application.HostIDNumberThe host ID of the application.
RiskSense.Application.UriStringThe reference URI of the application.
RiskSense.Application.NameStringThe name of the application.
RiskSense.Application.DescriptionStringThe detailed description of the application.
RiskSense.Application.NoteCountNumberThe total number of notes found in the application.
RiskSense.Application.DiscoveredOnStringThe time when the application was discovered.
RiskSense.Application.LastFoundOnStringThe time when the application was last found.
RiskSense.Application.TotalNumberThe total number of open findings of the application.
RiskSense.Application.CriticalNumberThe number of open findings of the application with critical severity.
RiskSense.Application.HighNumberThe number of open findings of the application with high severity.
RiskSense.Application.MediumNumberThe number of open findings of the application with medium severity.
RiskSense.Application.LowNumberThe number of open findings of the application with low severity.
RiskSense.Application.InfoNumberThe number of open findings of the application with info severity.
RiskSense.Application.Icon.TypeStringThe icon type of the application.
RiskSense.Application.Icon.OverlayTextStringThe overlay text of the icon of the application.
RiskSense.Application.TagCountNumberThe total number of tags of the application.
RiskSense.Application.UrlCountNumberThe total number of URLs of the application.
RiskSense.Application.HrefStringThe deeplink pointing to the application details on RiskSense.
RiskSense.Application.CMDB.ManufacturedByStringThe name of the manufacturer in configuration management DB (CMDB) from application details.
RiskSense.Application.CMDB.ModelStringThe CMDB model name of the application.
RiskSense.Application.CMDB.MacAddressStringThe CMDB MAC Address of the application.
RiskSense.Application.CMDB.LocationStringThe CMDB location of the application.
RiskSense.Application.CMDB.ManagedByStringThe CMDB entity name that managed the application.
RiskSense.Application.CMDB.OwnedByStringThe CMDB entity name that owned the application.
RiskSense.Application.CMDB.SupportedByStringThe CMDB entity name that supported the application
RiskSense.Application.CMDB.SupportGroupStringThe CMDB supporting group of the application.
RiskSense.Application.CMDB.SysIDStringThe CMDB system ID of the application.
RiskSense.Application.CMDB.OperatingSystemStringThe CMDB Operating system of the application.
RiskSense.Application.CMDB.LastScanDateStringThe CMDB last scan date of the application.
RiskSense.Application.CMDB.FerpaComplianceAssetBooleanThe Family Educational Rights and Privacy Act.
RiskSense.Application.CMDB.HipaaComplianceAssetBooleanHealth Insurance Portability and Accountability Act.
RiskSense.Application.CMDB.PciComplianceAssetStringThe Payment Card Industry (PCI) Council continues to make changes to ensure that their standards are up to date with emerging threats and changes in the market.
RiskSense.Application.Ticket.TicketNumberStringThe number of the ticket associated with the application.
RiskSense.Application.Ticket.TicketStatusStringThe status of the ticket associated with the application.
RiskSense.Application.Ticket.TypeStringThe type of the ticket associated with the application.
RiskSense.Application.Ticket.ConnectorNameStringThe connector name of the ticket associated with the application.
RiskSense.Application.Ticket.DetailedStatusStringThe detailed status of ticket associated with the application.
RiskSense.Application.Ticket.DeepLinkStringThe deeplink associated with the ticket associated with the application.
RiskSense.Application.Source.NameStringThe name of the source associated with the application.
RiskSense.Application.Source.UuIDStringThe unique ID of the source associated with the application.
RiskSense.Application.Source.ScannerTypeStringThe type of scanner of the source associated with the application..
RiskSense.Application.Note.UserIDStringThe user ID of the user who added a note for the application.
RiskSense.Application.Note.UserNameStringThe username of the user who added a note for the application.
RiskSense.Application.Note.NoteStringThe notes that are added by the user for the application.
RiskSense.Application.Note.DateStringThe time when the note was added by the user for the application.
RiskSense.Application.Tag.IDNumberThe ID of the tag.
RiskSense.Application.Tag.NameStringThe name of the tag.
RiskSense.Application.Tag.CategoryStringThe category of the tag.
RiskSense.Application.Tag.DescriptionStringThe description of the tag.
RiskSense.Application.Tag.CreatedStringThe time when the tag was created.
RiskSense.Application.Tag.UpdatedStringThe time when the tag was last updated.
RiskSense.Application.Tag.ColorStringThe color code of the tag of the application.
Ticket.IDStringThe ID of the ticket associated with the application.
Ticket.StateStringThe state of the ticket associated with the application.
Command Example

!risksense-get-app-detail application_id=19394

Context Example
{
"RiskSense.Application": [
{
"Network": {
"Type": "IP",
"ID": 91502,
"Name": "App-data"
},
"Note": [
{
"Date": "2020-01-15T23:16:12",
"Note": "Add note to app",
"UserID": 2222,
"UserName": "Natalia Donaldson"
},
{
"Date": "2020-01-15T23:26:43",
"Note": "Add note to app",
"UserID": 2222,
"UserName": "Natalia Donaldson"
},
{
"Date": "2020-01-17T05:00:12",
"Note": "Add note to app",
"UserID": 2222,
"UserName": "Natalia Donaldson"
}
],
"Source": [
{
"ScannerType": "DAST",
"Name": "IBMAPPSCANENTERPRISE",
"UuID": "IBMAPPSCANENTERPRISE"
}
],
"Critical": 0,
"Low": 15,
"TagCount": 1,
"Medium": 0,
"Description": null,
"ClientID": 747,
"GroupID": 7990,
"Tag": [
{
"Category": "Project",
"Updated": "2020-01-17T23:59:22",
"Name": "PCI Orch Test ",
"Created": "2020-01-17T23:59:22",
"Color": "#af3a29",
"ID": 234039,
"Description": "PCI Orch Test"
}
],
"Groups": [
{
"ID": 7990,
"Name": "Default Group"
}
],
"Ticket": [],
"Icon": [
{
"Type": "IBM_APP_SCANNER",
"OverlayText": null
}
],
"Info": 0,
"DiscoveredOn": "2019-06-12",
"HostID": null,
"Name": "https://freebirddemo.dev.ccs.thatcompany.net",
"NoteCount": 3,
"Uri": "https://freebirddemo.dev.ccs.thatcompany.net",
"GroupName": "Default Group",
"ID": 19394,
"CMDB": {
"MacAddress": null,
"SupportGroup": null,
"SysID": null,
"HipaaComplianceAsset": false,
"OperatingSystem": null,
"ManufacturedBy": null,
"ManagedBy": null,
"Location": null,
"OwnedBy": null,
"Model": null,
"LastScanDate": null,
"FerpaComplianceAsset": false,
"SupportedBy": null,
"PciComplianceAsset": false
},
"UrlCount": 15,
"High": 0,
"Href": "http://platform.risksense.com/api/v1/client/747/application/search?page=0&size=20&sort=id,asc",
"LastFoundOn": "2019-06-11",
"Total": 15
}
]
}
Human Readable Output

Client: The Demo Client

Group Details:

Name: Default Group

Sources:

Scanner(s): IBMAPPSCANENTERPRISE

Application Details:

AddressNameNetwork NameNetwork TypeDiscovered OnLast Found On
https://freebirddemo.dev.ccs.thatcompany.nethttps://freebirddemo.dev.ccs.thatcompany.netApp-dataIP2019-06-122019-06-11

Findings Distribution:

TotalCriticalHighMediumLowInfo
15000150

Tag(s) (1):

NameCategoryDescriptionCreatedUpdated
PCI Orch TestProjectPCI Orch Test2020-01-17T23:59:222020-01-17T23:59:22

Ticket(s) (0):

No entries.

8. risksense-apply-tag


Apply the new or existing tag to the asset, creates a new tag if it does not exist in RiskSense.

Base Command

risksense-apply-tag

Input
Argument NameDescriptionRequired
tagnameTag name which applies to the asset(s).Required
assettypeType of asset available in RiskSense to apply the tag. Apart from the available choices, you can provide the asset type supported by RiskSense API.Required
propagate_to_all_findingsIf the given argument is set to true, then it applies the tag to assets as well as findings of assets. Note - It only works if the tag with the given name does not exist.Optional
fieldnameThe RiskSense asset attribute by which to filter the assets to apply the tag. It can be an attribute of Host, Application, Host Finding, Application Finding. If specified, the 'value' argument is mandatory.Optional
operatorThe match operator should be applied for filtering the assets to apply the tag based on 'fieldname' and 'value'. Can be 'EXACT' - filter records exactly matching the criteria; 'IN' - filter records matching any one of the comma-separated values; 'LIKE' - filter records with the value matching the specified pattern. All the records fieldname value contains the string provided in value; 'BETWEEN' - filter the records with fieldname value falling in the numerical/date range provided. This argument also accepts other operator values supported by the RiskSense API. Refer to the API documentation for the list of supported operators.Optional
excludeThe exclude flag that determines whether to apply the tag on assets matches filter criteria or not. Default set to false. If set to true, tag applied on an asset not matching the specified values.Optional
valueThe value of the asset property mentioned in 'fieldname' to be considered for filter criteria.Optional
Context Output
PathTypeDescription
RiskSense.TagAssociation.TagNameStringName of the tag.
RiskSense.TagAssociation.AssociationIDNumberTag association ID.
RiskSense.TagAssociation.CreatedStringThe time when the tag was associated.
Command Example

!risksense-apply-tag tagname="Test" assettype="host"

Context Example
{
"RiskSense.TagAssociation":
{
"AssociationID": 2542063,
"Created": "2020-04-29T08:46:54",
"TagName": "Test"
}
}
Human Readable Output

Test tag applied to given asset(s).