Class: ServiceNowHelper
- Inherits:
-
BaseHelper
- Object
- BaseHelper
- ServiceNowHelper
- Defined in:
- lib/nexpose_ticketing/helpers/servicenow_helper.rb
Overview
Serves as the ServiceNow interface for creating/updating issues from vulnelrabilities found in Nexpose.
Instance Attribute Summary collapse
-
#log ⇒ Object
Returns the value of attribute log.
-
#transform ⇒ Object
Returns the value of attribute transform.
Attributes inherited from BaseHelper
Instance Method Summary collapse
-
#close_tickets(tickets) ⇒ Object
Sends ticket closure (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
-
#create_tickets(tickets) ⇒ Object
Sends a list of tickets (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
-
#get_ticket_identifier(nxid) ⇒ Object
Retrieves the unique ticket identifier for a particular NXID if one exists.
-
#initialize(service_data, options, mode) ⇒ ServiceNowHelper
constructor
A new instance of ServiceNowHelper.
-
#prepare_close_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose.
-
#prepare_create_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare tickets from the CSV of vulnerabilities exported from Nexpose.
-
#prepare_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepares a list of vulnerabilities into a list of JSON-formatted tickets (incidents) for ServiceNow.
-
#prepare_update_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare ticket updates from the CSV of vulnerabilities exported from Nexpose.
-
#send_ticket(ticket, url, limit) ⇒ Object
Post an individual JSON-formatted ticket to ServiceNow.
-
#update_tickets(tickets) ⇒ Object
Sends ticket updates (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
Methods inherited from BaseHelper
Constructor Details
#initialize(service_data, options, mode) ⇒ ServiceNowHelper
Returns a new instance of ServiceNowHelper.
15 16 17 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 15 def initialize(service_data, , mode) super(service_data, , mode) end |
Instance Attribute Details
#log ⇒ Object
Returns the value of attribute log.
14 15 16 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 14 def log @log end |
#transform ⇒ Object
Returns the value of attribute transform.
14 15 16 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 14 def transform @transform end |
Instance Method Details
#close_tickets(tickets) ⇒ Object
Sends ticket closure (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
-
Args :
-
tickets
- List of JSON-formatted ticket closures.
-
55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 55 def close_tickets(tickets) @metrics.closed tickets.count if tickets.nil? || tickets.empty? @log.('No tickets to close.') return end tickets.each do |ticket| send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit]) end end |
#create_tickets(tickets) ⇒ Object
Sends a list of tickets (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
-
Args :
-
tickets
- List of JSON-formatted ticket creates (new tickets).
-
25 26 27 28 29 30 31 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 25 def create_tickets(tickets) fail 'Ticket(s) cannot be empty' if tickets.nil? || tickets.empty? tickets.each do |ticket| send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit]) end end |
#get_ticket_identifier(nxid) ⇒ Object
Retrieves the unique ticket identifier for a particular NXID if one exists.
-
Args :
-
nxid
- NXID of the ticket to be updated.
-
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 72 def get_ticket_identifier(nxid) headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json' } #Get the address query = "incident.do?JSONv2&sysparm_query=active=true^u_nxid=#{nxid}" uri = URI.join(@service_data[:servicenow_url], '/') full_url = URI.join(uri, "/").to_s + query req = Net::HTTP::Get.new(full_url, headers) req.basic_auth @service_data[:username], @service_data[:password] resp = Net::HTTP.new(uri.host, uri.port) # Enable this line for debugging the https call. # resp.set_debug_output(@log) if uri.scheme == 'https' resp.use_ssl = true resp.verify_mode = OpenSSL::SSL::VERIFY_NONE end begin response = resp.request(req) rescue Exception => e @log.("Request failed for NXID #{nxid}.\n#{e}") end tickets = JSON.parse(response.body) records = tickets['records'] if records.count > 1 @log.("Found more than one result for NXID #{nxid}. Updating first result.") records.each { |r| @log.("NXID #{nxid} found with Rapid7 Identifier #{r['u_rpd_id']}") } elsif records.count == 0 @log.("No results found for NXID #{nxid}.") return nil end ticket_id = records.first['u_rpd_id'] @log.("Found ticket for NXID #{nxid} ID is: #{ticket_id}") if ticket_id.nil? @log.("ID is nil for ticket with NXID #{nxid}.") end ticket_id end |
#prepare_close_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose. This method currently only supports updating default mode tickets in ServiceNow.
-
Args :
-
vulnerability_list
- CSV of vulnerabilities within Nexpose.
-
-
Returns :
-
List of JSON-formated tickets for closing within ServiceNow.
-
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 273 def prepare_close_tickets(vulnerability_list, nexpose_identifier_id) @log.("Preparing ticket closures for mode #{@options[:ticket_mode]}.") tickets = [] @nxid = nil CSV.parse(vulnerability_list.chomp, headers: :first_row) do |row| @nxid = @mode_helper.get_nxid(nexpose_identifier_id, row) # 'state' 7 is the "Closed" state within ServiceNow. ticket_id = get_ticket_identifier(@nxid) @log.("Closing ticket with NXID: #{@nxid}.") ticket = { 'sysparm_action' => 'insert', 'u_rpd_id' => ticket_id, 'state' => '7' }.to_json tickets.push(ticket) end tickets end |
#prepare_create_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare tickets from the CSV of vulnerabilities exported from Nexpose. This method determines how to prepare the tickets (either by default or by IP address) based on config options.
-
Args :
-
vulnerability_list
- CSV of vulnerabilities within Nexpose.
-
-
Returns :
-
List of JSON-formated tickets for creating within ServiceNow.
-
163 164 165 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 163 def prepare_create_tickets(vulnerability_list, nexpose_identifier_id) prepare_tickets(vulnerability_list, nexpose_identifier_id) end |
#prepare_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepares a list of vulnerabilities into a list of JSON-formatted tickets (incidents) for ServiceNow.
-
Args :
-
vulnerability_list
- CSV of vulnerabilities within Nexpose.
-
-
Returns :
-
List of JSON-formated tickets for creating within ServiceNow.
-
176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 176 def prepare_tickets(vulnerability_list, nexpose_identifier_id) @metrics.start matching_fields = @mode_helper.get_matching_fields @ticket = Hash.new(-1) @log.("Preparing tickets in #{[:ticket_mode]} address.") tickets = [] previous_row = nil description = nil action = 'insert' CSV.parse(vulnerability_list.chomp, headers: :first_row) do |row| if previous_row.nil? previous_row = row.dup nxid = @mode_helper.get_nxid(nexpose_identifier_id, row) action = if row['comparison'].nil? || row['comparison'] == 'New' 'insert' else 'update' end @ticket = { 'sysparm_action' => action, 'caller_id' => "#{@service_data[:username]}", 'category' => 'Software', 'impact' => '1', 'urgency' => '1', 'short_description' => @mode_helper.get_title(row), 'work_notes' => "", 'u_nxid' => nxid, 'u_rpd_id' => nil } description = @mode_helper.get_description(nexpose_identifier_id, row) elsif matching_fields.any? { |x| previous_row[x].nil? || previous_row[x] != row[x] } info = @mode_helper.get_field_info(matching_fields, previous_row) @log.("Generated ticket with #{info}") @ticket['work_notes'] = @mode_helper.print_description(description) tickets.push(@ticket) previous_row = nil description = nil redo else unless row['comparison'].nil? || row['comparison'] == 'New' @ticket['sysparm_action'] = 'update' end description = @mode_helper.update_description(description, row) end end unless @ticket.nil? || @ticket.empty? info = @mode_helper.get_field_info(matching_fields, previous_row) @log.("Generated ticket with #{info}") @ticket['work_notes'] = @mode_helper.print_description(description) unless (@ticket.size == 0) tickets.push(@ticket) end @log.("Generated <#{tickets.count.to_s}> tickets.") tickets.map do |t| if t['sysparm_action'] == 'update' t['sysparm_action'] = 'insert' t['u_rpd_id'] = get_ticket_identifier(t['u_nxid']) @metrics.updated else @metrics.created end t['u_rpd_id'] ||= SecureRandom.uuid t.to_json end end |
#prepare_update_tickets(vulnerability_list, nexpose_identifier_id) ⇒ Object
Prepare ticket updates from the CSV of vulnerabilities exported from Nexpose. The list of vulnerabilities are ordered depending on the ticketing mode and then by ticket_status, allowing the method to loop through and
display new, old, and same vulnerabilities in that order.
- +vulnerability_list+ - CSV of vulnerabilities within Nexpose.
-
Returns :
-
List of JSON-formated tickets for updating within ServiceNow.
-
259 260 261 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 259 def prepare_update_tickets(vulnerability_list, nexpose_identifier_id) prepare_tickets(vulnerability_list, nexpose_identifier_id) end |
#send_ticket(ticket, url, limit) ⇒ Object
Post an individual JSON-formatted ticket to ServiceNow. If the response from the post is a 301/ 302 redirect, the method will attempt to resend the ticket to the response’s location for up to
- limit
-
times (which starts at the redirect_limit config value and is decremented with each
redirect response.
-
Args :
-
ticket
- JSON-formatted ticket. -
url
- URL to post the ticket to. -
limit
- The amount of times to retry the send ticket request before failing.l
-
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 127 def send_ticket(ticket, url, limit) raise ArgumentError, 'HTTP Redirect too deep' if limit == 0 uri = URI.parse(url) headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json' } req = Net::HTTP::Post.new(url, headers) req.basic_auth @service_data[:username], @service_data[:password] req.body = ticket resp = Net::HTTP.new(uri.host, uri.port) # Setting verbose_mode to 'Y' will debug the https call(s). resp.set_debug_output $stderr if @service_data[:verbose_mode] == 'Y' resp.use_ssl = true if uri.scheme == 'https' # Currently, we do not verify SSL certificates (in case the local servicenow instance uses # and unsigned or expired certificate) resp.verify_mode = OpenSSL::SSL::VERIFY_NONE res = resp.start { |http| http.request(req) } case res when Net::HTTPSuccess then res when Net::HTTPRedirection then send_ticket(ticket, res['location'], limit - 1) else @log.("Error in response: #{res['error']}") raise ArgumentError, res['error'] end end |
#update_tickets(tickets) ⇒ Object
Sends ticket updates (in JSON format) to ServiceNow individually (each ticket in the list as a separate HTTP post).
-
Args :
-
tickets
- List of JSON-formatted ticket updates.
-
39 40 41 42 43 44 45 46 47 |
# File 'lib/nexpose_ticketing/helpers/servicenow_helper.rb', line 39 def update_tickets(tickets) if tickets.nil? || tickets.empty? @log.('No tickets to update.') return end tickets.each do |ticket| send_ticket(ticket, @service_data[:servicenow_url], @service_data[:redirect_limit]) end end |