Skip to content
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.

Commit

Permalink
Merge pull request #6 from CMS-Enterprise/fix-query
Browse files Browse the repository at this point in the history
fix: epss score dates invalid due to utc and limiting query by last_seen
  • Loading branch information
rileydakota authored Apr 30, 2024
2 parents dbb5736 + 33bf080 commit 5b9ce6b
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
6 changes: 3 additions & 3 deletions code/reporter/lambda_function.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
import pandas as pd
import snowflake.connector
import slack_report
from datetime import date
from datetime import date, timedelta
from slack_sdk.webhook import WebhookClient

TITLE_IGNORE = [
'EC2.17 EC2 instances should not use multiple ENIs'
]

def get_epss_df():
today = date.today()
today = date.today() - timedelta(days=1)
d1 = today.strftime("%Y-%m-%d")

return pd.read_csv(
Expand Down Expand Up @@ -61,7 +61,7 @@ def get_nessus_vulns(snowflake_cur, kev_df, epss_df):
and intersects them with both the kev and epss dataframes
"""
snowflake_cur.execute(
"select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE"
"select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE WHERE LAST_SEEN >= CURRENT_TIMESTAMP() - INTERVAL '72 hours'"
)
df = snowflake_cur.fetch_pandas_all()
df["CVE"] = df["CVE"].apply(lambda x: json.loads(x))
Expand Down
15 changes: 13 additions & 2 deletions code/reporter/slack_report.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
DividerBlock,
SectionBlock,
RichTextBlock,
RichTextLink,
Message,
)
from slackblocks.rich_text import RichTextSection, RichTextList, ListType, RichText
Expand Down Expand Up @@ -82,11 +83,16 @@ def __form_blocks(self):
kev_vuln_block.elements.append(
RichTextList(
style=ListType.BULLET,
indent=1,
elements=[
RichTextSection(
elements=[
RichTextLink(
text=f"{x.cve}",
url=f"https://www.cvedetails.com/cve/{x.cve}"
),
RichText(
text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
text=f" present across {str(x.num_env)} AWS Accounts"
)
]
)
Expand Down Expand Up @@ -119,11 +125,16 @@ def __form_blocks(self):
epss_vuln_block.elements.append(
RichTextList(
style=ListType.BULLET,
indent=1,
elements=[
RichTextSection(
elements=[
RichTextLink(
text=f"{x.cve}",
url=f"https://www.cvedetails.com/cve/{x.cve}"
),
RichText(
text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
text=f" present across {str(x.num_env)} AWS Accounts"
)
]
)
Expand Down

0 comments on commit 5b9ce6b

Please sign in to comment.