Created
November 12, 2015 14:40
-
-
Save MSAdministrator/69bb4d19242c379904ca to your computer and use it in GitHub Desktop.
Get-QualysNotificationData
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#requires -Version 2 | |
function Get-NotificationData | |
{ | |
[cmdletbinding()] | |
param ( | |
[parameter(Mandatory = $true, | |
ValueFromPipeline = $true, | |
ValueFromPipelineByPropertyName = $true, | |
HelpMessage = 'Please enter a QID (Qualys ID) to search for')] | |
[ValidateCount(1,20)] | |
[ValidateNotNullOrEmpty()] | |
[string[]]$QID, | |
[parameter(Mandatory = $true, | |
ValueFromPipeline = $true, | |
ValueFromPipelineByPropertyName = $true, | |
HelpMessage = 'Please provide a crednetial obejct')] | |
[ValidateNotNullOrEmpty()] | |
[System.Management.Automation.CredentialAttribute()]$credential | |
) | |
<# | |
.SYNOPSIS | |
Get-NotificationData gathers and parses vulnerable hosts data into an object for email | |
notifications to their Business Unit Manager (Primary Point of Contact). | |
.DESCRIPTION | |
Get-NotificationData gathers vulnerable host information and relays that information to the | |
assets owner/Unit Manager (PPOC). The Function is layed out as such: | |
Import an XML file containing data about the Business Units within Qualys | |
Import an XML file containing data bout the Asset Groups within Qualys (only returns Unit Managers details) | |
Does an Asset Search for VulnerableHosts containing the requested QID | |
Downloads the Qualys KnowledgeBase data for that QID | |
Takes each VulnerableHost does the following: | |
Takes each Asset Group | |
Checks if the Asset Group is listed within the VulnerableHost information | |
Takes each Business Unit "Unit Manager" user role | |
Checks if a Asset Group user login is equal to the "Unit Manager" user login | |
Checks if the Asset Group User Login has a user role of "Unit Manager" | |
If all checks are made, it creates an object with the following info for each Vulnerable Host | |
(NOTE: This is the structure of the returned Object for reach "Vulnerable Host") | |
businessunitinfo | |
businessunit | |
userlogin | |
firstname | |
lastname | |
title | |
userrole | |
assetgroupinfo | |
userlogin | |
userrole | |
assetgrouptitle | |
ip | |
vulnerablehost | |
vulnhost | |
QualysKBInfo | |
} | |
.PARAMETER ip | |
Specify a single or a comma seperated list of IP addresses you are wanting to search | |
.PARAMETER assetgroup | |
Specifices a single or a comma seperated list of Asset Groups you are wanting to search | |
Default value is "All" | |
.PARAMETER Credential | |
Specifices a set of credentials used to query the QualysGuard API | |
.INPUTS | |
You can pipe PSCustomObjects that have an IP, QID, assetgroup property(ies) to Get-VulnerableHost | |
.EXAMPLE | |
C:\PS> Get-VulnerableHost -ip "128.206.14.92,128.206.14.95,128.206.12.57" -QID "105489" -credential $cred | |
.EXAMPLE | |
C:\PS> Get-VulnerableHost -assetgroup "DC Assets (DC)" -QID "105489" -credential $cred | |
.EXAMPLE | |
C:\PS> $custompsobject | Get-VulnerableHost -credential $cred | |
$custompsobject has two properties - IP and QID | |
#> | |
$vulnhostobject = @() | |
$ipaddresses = @() | |
$notificationData = @() | |
$vulnerableHostInfo = @() | |
$assetgroupinfo = @() | |
$results = @() | |
$vulnhost = @() | |
$assetgroup = @() | |
$businessunitinfo = @() | |
$assetgroupinfo = @() | |
#each of these XML files are generated every night or a set amount of time. | |
$businessunitinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\businessunitinfo.xml | |
$assetgroupinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\assetgroupinfo.xml | |
$vulnerableHostInfo = Get-VulnerableHost -assetgroup 'All' -QID $QID -credential $credential | |
$knowledgeBaseInfo = Get-KnowledgebaseInfo -QID $QID -credential $credential | |
Write-Debug "Vulnerable Host Count is: $($vulnerableHostInfo.count)" | |
foreach ($vulnhost in $vulnerableHostInfo) | |
{ | |
write-host "VulnerableHost IP: $($vulnhost.ipaddress)" | |
foreach ($assetgroup in $assetgroupinfo) | |
{ | |
for ($a = 0;$a -lt ($vulnhost.assetgroup).count;$a++) | |
{ | |
for ($b = 0;$b -lt ($assetgroup.assetgrouptitle).count;$b++) | |
{ | |
for ($u = 0; $u -le $($businessunitinfo.userlogin).count;$u++) | |
{ | |
if ($vulnhost.assetgroup[$a] -eq $assetgroup[$b].assetgrouptitle) | |
{ | |
if ($assetgroup[$b].userlogin -eq $businessunitinfo[$u].userlogin) | |
{ | |
if ($assetgroup[$b].userrole -eq 'Unit Manager') | |
{ | |
Write-Host "Vulnerable Host Asset Group: $($vulnhost.assetgroup[$a])" | |
Write-Host "Asset Group User Login: $($assetgroup[$b].userlogin)" | |
Write-Host "Asset Group User Role: $($assetgroup[$b].userrole)" | |
$props = @{ | |
businessunitinfo = @{ | |
businessunit = $businessunitinfo[$u].businessunit | |
userlogin = $businessunitinfo[$u].userlogin | |
firstname = $businessunitinfo[$u].firstname | |
lastname = $businessunitinfo[$u].lastname | |
title = $businessunitinfo[$u].title | |
email = $businessunitinfo[$u].email | |
userrole = $businessunitinfo[$u].userrole | |
assetgroupinfo = @{ | |
userlogin = $assetgroup[$b].userlogin | |
userrole = $assetgroup[$b].userrole | |
assetgrouptitle = $assetgroup[$b].assetgrouptitle | |
ip = $assetgroup[$b].ip | |
vulnerablehost = @{ | |
vulnhost = $vulnhost | |
} | |
} | |
} | |
QualysKBInfo = $knowledgeBaseInfo | |
} | |
$temphostobject = New-Object -TypeName PSObject -Property $props | |
$vulnhostobject += $temphostobject | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
return $vulnhostobject | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment