SourceFireRuby

This is the official gem package for the Nexpose Cisco SourceFire Integration.

For assistance with using the gem, documentation, or issues, please email the Rapid7 support team at [email protected], including description of issues and log files.

Installation

Add this line to your application's Gemfile:

gem 'nexpose_sourcefire'

And then execute:

$ bundle

Or install it yourself as:

$ gem install nexpose_sourcefire

Configuration

  1. Please follow the SourceFire documentation to generate a PKCS12 certificate to use in the integration.

  2. Set up the necessary environment variables as detailed in the documentation, or use the provided configuration file nexpose_sourcefire.config.

In the configuration file the siteID and pkcs12 location values must be filled in.

Operation

The gem can be manually executed from within the 'bin' folder with the command:

 nexpose_sourcefire

Encryption Settings

The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.

Setting Custom Locations for Encryption Files

To set custom locations for the key and IV files, update the following values within the encryption.config file:

  • key_filename - The absolute path to where the key file will be created.
  • iv_file - The absolute path to where the IV file will be created.

To set a custom path after the integration has already executed, the files must be moved to the new location manually.

Encrypting the Configuration without running the Integration

The Nexpose SourceFire integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule.

The command to do so is: 

nexpose_sourcefire -e

or 

nexpose_sourcefire --encrypt_config

Development

After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sourcefire_ruby. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Changelog

0.2.2

User now has the option to configure the gem using a configuration file as well as with environment variables. Nexpose and Sourcefire options have been added to the configuration file.

Added an encryption configuration file. Usernames and passwords within the configuration file are now encrypted when the application runs.

Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.

Breaking change: Environment variables NEXPOSE_URL and SOURCEFIRE_ADDR have been renamed to NEXPOSE_ADDRESS and SOURCEFIRE_ADDRESS respectively.

0.2.1

Implemented batching of large datasets for uploading to Sourcefire.

0.2.0

Host OS information is now uploaded, if available.

0.1.0

Initial release.