AnsweredAssumed Answered

Asset Tags using Groovy or asset search

Question asked by Brian Humphrey on Jun 18, 2019
Latest reply on Jun 24, 2019 by Jake VanMast

I've been writing a lot of tags but I'm getting stuck on trying to create a tag for my overdue vulnerabilities. Maybe someone can point me in the right direction here using Groovy or asset search. Here is what I'm trying to accomplish:

  • I'm attempting to create asset tags for any vulnerability that has passed our configured due date for critical, high, medium, and low.
  • All of my VM remediation tickets reflect the correct due dates, past dues vulns, etc
  • I can query the "past due vulnerabilities" from asset view with these queries:
    • Critical past due - (lastFullScan > now-7d OR lastCheckedIn > now-1d) AND vulnerabilities: (firstFound < now-14d AND vulnerability.severity: "5")

    • High Past due - (lastFullScan > now-7d OR lastCheckedIn > now-1d) AND vulnerabilities: (firstFound < now-30d AND vulnerability.severity: "4")
    • Medium Past due - (lastFullScan > now-7d OR lastCheckedIn > now-1d) AND vulnerabilities: (firstFound < now-60d AND vulnerability.severity: "3")
    • Low Past due - (lastFullScan > now-7d OR lastCheckedIn > now-1d) AND vulnerabilities: (firstFound < now-120d AND vulnerability.severity: "2")
  • I have been trying to create custom tags via groovy scripts, but I don't know what sytax to use to pull back this information.
    • if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
      return asset.XXX <--- Is there a data dictionary somewhere that would tell me what I need to use here?
  • I have successfully created custom dashboards and widgets with the queries listed above, but have been unsuccessful with the tagging.

 

Any help at all would be greatly appreciated

 

Thanks!

Outcomes