Class: ServiceNowHelper

Inherits:

BaseHelper

• Object
• BaseHelper
• ServiceNowHelper

Defined in:

lib/nexpose_ticketing/helpers/servicenow_helper.rb

Overview

Serves as the ServiceNow interface for creating/updating issues from vulnelrabilities found in Nexpose.

Instance Attribute Summary

• #log ⇒ Object

  Returns the value of attribute log.

• #transform ⇒ Object

  Returns the value of attribute transform.

Attributes inherited from BaseHelper

#options, #service_data

Instance Method Summary

• #close_tickets(tickets) ⇒ Object

  Sends ticket closure (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

• #create_tickets(tickets) ⇒ Object

  Sends a list of tickets (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

• #get_ticket_identifier(nxid) ⇒ Object

  Retrieves the unique ticket identifier for a particular NXID if one exists.

• #initialize(service_data, options, mode) ⇒ ServiceNowHelper constructor

  A new instance of ServiceNowHelper.

• #prepare_close_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

  Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose.

• #prepare_create_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

  Prepare tickets from the CSV of vulnerabilities exported from Nexpose.

• #prepare_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

  Prepares a list of vulnerabilities into a list of JSON-formatted tickets (incidents) for ServiceNow.

• #prepare_update_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

  Prepare ticket updates from the CSV of vulnerabilities exported from Nexpose.

• #send_ticket(ticket, url, limit) ⇒ Object

  Post an individual JSON-formatted ticket to ServiceNow.

• #update_tickets(tickets) ⇒ Object

  Sends ticket updates (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

Methods inherited from BaseHelper

#finish, #load_dependencies

Constructor Details

#initialize(service_data, options, mode) ⇒ ServiceNowHelper

Returns a new instance of ServiceNowHelper.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 15

def initialize(service_data, options, mode)
  super(service_data, options, mode)
end

Instance Attribute Details

#log ⇒ Object

Returns the value of attribute log.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 14

def log
  @log
end

#transform ⇒ Object

Returns the value of attribute transform.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 14

def transform
  @transform
end

Instance Method Details

#close_tickets(tickets) ⇒ Object

Sends ticket closure (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

• Args :

  • tickets - List of JSON-formatted ticket closures.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 55

def close_tickets(tickets)
  @metrics.closed tickets.count

  if tickets.nil? || tickets.empty?
    @log.log_message('No tickets to close.')
    return
  end
  tickets.each do |ticket|
    send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit])
  end
end

#create_tickets(tickets) ⇒ Object

Sends a list of tickets (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

• Args :

  • tickets - List of JSON-formatted ticket creates (new tickets).

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 25

def create_tickets(tickets)
  fail 'Ticket(s) cannot be empty' if tickets.nil? || tickets.empty?

  tickets.each do |ticket|
    send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit])
  end
end

#get_ticket_identifier(nxid) ⇒ Object

Retrieves the unique ticket identifier for a particular NXID if one exists.

• Args :

  • nxid - NXID of the ticket to be updated.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 72

def get_ticket_identifier(nxid)
  headers = { 'Content-Type' => 'application/json',
              'Accept' => 'application/json' }
 
  #Get the address
  query = "incident.do?JSONv2&sysparm_query=active=true^u_nxid=#{nxid}"
  uri = URI.join(@service_data[:servicenow_url], '/')
  full_url = URI.join(uri, "/").to_s + query
  req = Net::HTTP::Get.new(full_url, headers)
  req.basic_auth @service_data[:username], @service_data[:password]
  resp = Net::HTTP.new(uri.host, uri.port)

  # Enable this line for debugging the https call.
  # resp.set_debug_output(@log)

  if uri.scheme == 'https'
    resp.use_ssl = true 
    resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
  end
  
  begin
    response = resp.request(req)
  rescue Exception => e
    @log.log_error_message("Request failed for NXID #{nxid}.\n#{e}")
  end

  tickets = JSON.parse(response.body)
  records = tickets['records']
  if records.count > 1
    @log.log_error_message("Found more than one result for NXID #{nxid}. Updating first result.")
    records.each { |r| @log.log_error_message("NXID #{nxid} found with Rapid7 Identifier #{r['u_rpd_id']}") }
  elsif records.count == 0
    @log.log_error_message("No results found for NXID #{nxid}.")
    return nil
  end

  ticket_id = records.first['u_rpd_id']
  @log.log_message("Found ticket for NXID #{nxid} ID is: #{ticket_id}")
  if ticket_id.nil?
    @log.log_error_message("ID is nil for ticket with NXID #{nxid}.")
  end

  ticket_id
end

#prepare_close_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose. This method currently only supports updating default mode tickets in ServiceNow.

• Args :

  • vulnerability_list - CSV of vulnerabilities within Nexpose.

• Returns :

  • List of JSON-formated tickets for closing within ServiceNow.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 273

def prepare_close_tickets(vulnerability_list, nexpose_identifier_id)
  @log.log_message("Preparing ticket closures for mode #{@options[:ticket_mode]}.")
  tickets = []
  @nxid = nil
  CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
    @nxid = @mode_helper.get_nxid(nexpose_identifier_id, row)
    # 'state' 7 is the "Closed" state within ServiceNow.
    ticket_id = get_ticket_identifier(@nxid)
    @log.log_message("Closing ticket with NXID: #{@nxid}.")
    ticket = {
        'sysparm_action' => 'insert',
        'u_rpd_id' => ticket_id,
        'state' => '7'
    }.to_json
    tickets.push(ticket)
  end
  tickets
end

#prepare_create_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

Prepare tickets from the CSV of vulnerabilities exported from Nexpose. This method determines how to prepare the tickets (either by default or by IP address) based on config options.

• Args :

  • vulnerability_list - CSV of vulnerabilities within Nexpose.

• Returns :

  • List of JSON-formated tickets for creating within ServiceNow.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 163

def prepare_create_tickets(vulnerability_list, nexpose_identifier_id)
  prepare_tickets(vulnerability_list, nexpose_identifier_id)
end

#prepare_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

Prepares a list of vulnerabilities into a list of JSON-formatted tickets (incidents) for ServiceNow.

• Args :

  • vulnerability_list - CSV of vulnerabilities within Nexpose.

• Returns :

  • List of JSON-formated tickets for creating within ServiceNow.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 176

def prepare_tickets(vulnerability_list, nexpose_identifier_id)
  @metrics.start
  matching_fields = @mode_helper.get_matching_fields
  @ticket = Hash.new(-1)

  @log.log_message("Preparing tickets in #{options[:ticket_mode]} address.")
  tickets = []
  previous_row = nil
  description = nil
  action = 'insert' 
  
  CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
    if previous_row.nil?
      previous_row = row.dup
      nxid = @mode_helper.get_nxid(nexpose_identifier_id, row)

      action = if row['comparison'].nil? || row['comparison'] == 'New'
                 'insert'
               else
                 'update'
               end

      @ticket = {
        'sysparm_action' => action,
        'caller_id' => "#{@service_data[:username]}",
        'category' => 'Software',
        'impact' => '1',
        'urgency' => '1',
        'short_description' => @mode_helper.get_title(row),
        'work_notes' => "",
        'u_nxid' => nxid,
        'u_rpd_id' => nil
      }
      description = @mode_helper.get_description(nexpose_identifier_id, row)
    elsif matching_fields.any? { |x|  previous_row[x].nil? || previous_row[x] != row[x] }
      info = @mode_helper.get_field_info(matching_fields, previous_row)
      @log.log_message("Generated ticket with #{info}")

      @ticket['work_notes'] = @mode_helper.print_description(description)
      tickets.push(@ticket)
      
      previous_row = nil
      description = nil
      redo
    else
      unless row['comparison'].nil? || row['comparison'] == 'New'
        @ticket['sysparm_action'] = 'update'
      end
      description = @mode_helper.update_description(description, row)      
    end
  end

  unless @ticket.nil? || @ticket.empty?
    info = @mode_helper.get_field_info(matching_fields, previous_row)
    @log.log_message("Generated ticket with #{info}")
    @ticket['work_notes'] = @mode_helper.print_description(description) unless (@ticket.size == 0)
    tickets.push(@ticket)
  end
  @log.log_message("Generated <#{tickets.count.to_s}> tickets.")

  tickets.map do |t|
    if t['sysparm_action'] == 'update'
      t['sysparm_action'] = 'insert'
      t['u_rpd_id'] = get_ticket_identifier(t['u_nxid'])
      @metrics.updated
    else
      @metrics.created
    end

    t['u_rpd_id'] ||= SecureRandom.uuid
    t.to_json
  end
end

#prepare_update_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object

Prepare ticket updates from the CSV of vulnerabilities exported from Nexpose. The list of vulnerabilities are ordered depending on the ticketing mode and then by ticket_status, allowing the method to loop through and

display new, old, and same vulnerabilities in that order.

- +vulnerability_list+ -  CSV of vulnerabilities within Nexpose.

• Returns :

  • List of JSON-formated tickets for updating within ServiceNow.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 259

def prepare_update_tickets(vulnerability_list, nexpose_identifier_id)
  prepare_tickets(vulnerability_list, nexpose_identifier_id)
end

#send_ticket(ticket, url, limit) ⇒ Object

Post an individual JSON-formatted ticket to ServiceNow. If the response from the post is a 301/ 302 redirect, the method will attempt to resend the ticket to the response’s location for up to

limit

times (which starts at the redirect_limit config value and is decremented with each

redirect response.

• Args :

  • ticket - JSON-formatted ticket.

  • url - URL to post the ticket to.

  • limit - The amount of times to retry the send ticket request before failing.l

Raises:

• (ArgumentError)

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 127

def send_ticket(ticket, url, limit)
  raise ArgumentError, 'HTTP Redirect too deep' if limit == 0
  
  uri = URI.parse(url)
  headers = { 'Content-Type' => 'application/json',
              'Accept' => 'application/json' }
  req = Net::HTTP::Post.new(url, headers)
  req.basic_auth @service_data[:username], @service_data[:password]
  req.body = ticket

  resp = Net::HTTP.new(uri.host, uri.port)
  # Setting verbose_mode to 'Y' will debug the https call(s).
  resp.set_debug_output $stderr if @service_data[:verbose_mode] == 'Y'
  resp.use_ssl = true if uri.scheme == 'https'
  # Currently, we do not verify SSL certificates (in case the local servicenow instance uses
  # and unsigned or expired certificate)
  resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
  res = resp.start { |http| http.request(req) }
  case res
    when Net::HTTPSuccess then res
    when Net::HTTPRedirection then send_ticket(ticket, res['location'], limit - 1)
  else
    @log.log_message("Error in response: #{res['error']}")
    raise ArgumentError, res['error']
  end
end

#update_tickets(tickets) ⇒ Object

Sends ticket updates (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).

• Args :

  • tickets - List of JSON-formatted ticket updates.

# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 39

def update_tickets(tickets)
  if tickets.nil? || tickets.empty?
    @log.log_message('No tickets to update.')
    return
  end
  tickets.each do |ticket|
    send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit])
  end
end