Home

Awesome

graph-vuls-findings

This is a local/unmanaged integration that scans vulnerability reports from Vuls.io scans and ingests the findings into JupiterOne (J1).

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

Installing

Export the following environment variables (or store locally in a .env file):

export J1_ACCESS_TOKEN=<api_key>
export J1_ACCOUNT=<account_id>

J1_ACCOUNT should be your JupiterOne accountId, which can be found by running the query Find Account as a return a.accountId in the JupiterOne web console.

J1_ACCESS_TOKEN is a JupiterOne API key, which can be created in the JupiterOne console by going to the gear icon in the top-right, then clicking Users & Access, then click the key icon and create an API key.

Then run:

  1. yarn install

  2. vuls scan

  3. vuls report -format-json

  4. Find the artifact json file(s) created by Vuls. These are typically in a folder labeled /results/current/

  5. Within the /results/current/ directory, run cat {filename}.json | node ~/{yourClonedDirectory}/j1-ingest.js

  6. The newly created entities are of class Finding and can be found through the query Find vuls_finding.

The entity has the following properties:

Tests

We have included two sample Vuls json reports that were generated using the vuls report -format-json command. Feel free to use these to test the ingest process on a J1 test account by running cat test/awslinux.json | node j1-ingest.js