From fc259cd5e00fba4b1d2a22cd517ee5063814a6ec Mon Sep 17 00:00:00 2001 From: rileydakota Date: Fri, 8 Mar 2024 20:49:38 -0500 Subject: [PATCH 1/2] fix: epss score dates invalid due to utc and limiting query by last_seen --- code/reporter/lambda_function.py | 6 +++--- code/reporter/slack_report.py | 16 ++++++++++++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/code/reporter/lambda_function.py b/code/reporter/lambda_function.py index d84e254..d0019f4 100644 --- a/code/reporter/lambda_function.py +++ b/code/reporter/lambda_function.py @@ -2,7 +2,7 @@ import pandas as pd import snowflake.connector import slack_report -from datetime import date +from datetime import date, timedelta from slack_sdk.webhook import WebhookClient TITLE_IGNORE = [ @@ -10,7 +10,7 @@ ] def get_epss_df(): - today = date.today() + today = date.today() - timedelta(days=1) d1 = today.strftime("%Y-%m-%d") return pd.read_csv( @@ -61,7 +61,7 @@ def get_nessus_vulns(snowflake_cur, kev_df, epss_df): and intersects them with both the kev and epss dataframes """ snowflake_cur.execute( - "select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE" + "select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE WHERE LAST_SEEN >= CURRENT_TIMESTAMP() - INTERVAL '72 hours'" ) df = snowflake_cur.fetch_pandas_all() df["CVE"] = df["CVE"].apply(lambda x: json.loads(x)) diff --git a/code/reporter/slack_report.py b/code/reporter/slack_report.py index 8e515eb..b8bcbc0 100644 --- a/code/reporter/slack_report.py +++ b/code/reporter/slack_report.py @@ -5,6 +5,7 @@ DividerBlock, SectionBlock, RichTextBlock, + RichTextLink, Message, ) from slackblocks.rich_text import RichTextSection, RichTextList, ListType, RichText @@ -67,6 +68,7 @@ def __form_blocks(self): elements=[ RichTextList( style=ListType.BULLET, + indent=1, elements=[ RichTextSection( elements=[ @@ -82,11 +84,16 @@ def __form_blocks(self): kev_vuln_block.elements.append( RichTextList( style=ListType.BULLET, + indent=1, elements=[ RichTextSection( elements=[ + RichTextLink( + text=f"{x.cve}", + url=f"https://www.cvedetails.com/cve/{x.cve}" + ), RichText( - text=f"{x.cve} present across {str(x.num_env)} AWS Accounts" + text=f" present across {str(x.num_env)} AWS Accounts" ) ] ) @@ -119,11 +126,16 @@ def __form_blocks(self): epss_vuln_block.elements.append( RichTextList( style=ListType.BULLET, + indent=1, elements=[ RichTextSection( elements=[ + RichTextLink( + text=f"{x.cve}", + url=f"https://www.cvedetails.com/cve/{x.cve}" + ), RichText( - text=f"{x.cve} present across {str(x.num_env)} AWS Accounts" + text=f" present across {str(x.num_env)} AWS Accounts" ) ] ) From 33bf0805c0670d55498d16b1506f40e8dcb27c72 Mon Sep 17 00:00:00 2001 From: rileydakota Date: Fri, 8 Mar 2024 20:59:22 -0500 Subject: [PATCH 2/2] fix: remove extra indent --- code/reporter/slack_report.py | 1 - 1 file changed, 1 deletion(-) diff --git a/code/reporter/slack_report.py b/code/reporter/slack_report.py index b8bcbc0..8912129 100644 --- a/code/reporter/slack_report.py +++ b/code/reporter/slack_report.py @@ -68,7 +68,6 @@ def __form_blocks(self): elements=[ RichTextList( style=ListType.BULLET, - indent=1, elements=[ RichTextSection( elements=[