Skip to content
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.

fix: epss score dates invalid due to utc and limiting query by last_seen #6

Merged
merged 2 commits into from
Apr 30, 2024
Merged

fix: epss score dates invalid due to utc and limiting query by last_seen #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc259cd
fix: epss score dates invalid due to utc and limiting query by last_seen
rileydakota Mar 9, 2024
33bf080
fix: remove extra indent
rileydakota Mar 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions code/reporter/lambda_function.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
import pandas as pd
import snowflake.connector
import slack_report
from datetime import date
from datetime import date, timedelta
from slack_sdk.webhook import WebhookClient

TITLE_IGNORE = [
'EC2.17 EC2 instances should not use multiple ENIs'
]

def get_epss_df():
today = date.today()
today = date.today() - timedelta(days=1)
d1 = today.strftime("%Y-%m-%d")

return pd.read_csv(
Expand Down Expand Up @@ -61,7 +61,7 @@ def get_nessus_vulns(snowflake_cur, kev_df, epss_df):
and intersects them with both the kev and epss dataframes
"""
snowflake_cur.execute(
"select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE"
"select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE WHERE LAST_SEEN >= CURRENT_TIMESTAMP() - INTERVAL '72 hours'"
)
df = snowflake_cur.fetch_pandas_all()
df["CVE"] = df["CVE"].apply(lambda x: json.loads(x))
Expand Down
15 changes: 13 additions & 2 deletions code/reporter/slack_report.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
DividerBlock,
SectionBlock,
RichTextBlock,
RichTextLink,
Message,
)
from slackblocks.rich_text import RichTextSection, RichTextList, ListType, RichText
Expand Down Expand Up @@ -82,11 +83,16 @@ def __form_blocks(self):
kev_vuln_block.elements.append(
RichTextList(
style=ListType.BULLET,
indent=1,
elements=[
RichTextSection(
elements=[
RichTextLink(
text=f"{x.cve}",
url=f"https://www.cvedetails.com/cve/{x.cve}"
),
RichText(
text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
text=f" present across {str(x.num_env)} AWS Accounts"
)
]
)
Expand Down Expand Up @@ -119,11 +125,16 @@ def __form_blocks(self):
epss_vuln_block.elements.append(
RichTextList(
style=ListType.BULLET,
indent=1,
elements=[
RichTextSection(
elements=[
RichTextLink(
text=f"{x.cve}",
url=f"https://www.cvedetails.com/cve/{x.cve}"
),
RichText(
text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
text=f" present across {str(x.num_env)} AWS Accounts"
)
]
)
Expand Down