16. 07. 2024 Beatrice Dall'Omo Blue Team, Red Team, SEC4U

Automate business processes with APIs: python-gvm

Have you already read this blog post Adding soar features to the soc part 1 vulnerability management? If not, you have to! It explains the SOAR features leveraged by the Würth Phoenix SOC and how we implement Vulnerability Management process. 

In this article, I will take a step back focusing on what happens before the Vulnerability Management process presented. That is, the Vulnerability Assessment.

In particular, I will go through the process of adding, configuring targets for the vulnerability scans and of launching the monthly scans for the public perimeters communicated by our SOC customers. All these actions happen on Greenbone, the world’s most trusted provider of open source vulnerability management. They have been automated through the usage of Greenbone Vulnerability Management Python Library (python-gvm) that lets you remotely control both the Greenbone Enterprise Appliance installations and the Community Edition even though with some limitations.

Greenbone Vulnerability Management Python Library

You can find all the information about installation, usage and API documentation here, while the source code of the python library is available on GitHub

Python-gvm can be installed in three ways, using pip, poetry or pipenv, depending on the workflow that needs to be implemented or on the skills of the developer. According to our process and needs, we are using python-gvm through poetry, a tool for dependency management and packaging in python. With poetry we were able to implement three different modules to be launched as standalone where the first one launches vulnerability scans, the second one updates data (of targets and tasks) on the Greenbone machine, and the other one saves the reports related to the last scans launched. With the coordination of the execution of these three scripts, we have managed to obtain periodic monthly scans on up-to-date data of our SOC customers along with the related reports. In the following paragraphs I will focus on these three modules.

Launch scan 

When executed, it launches vulnerability scans on the already configured tasks for each SOC customer. Each task is linked to a target referring to the IP addresses or subnets that have to be analysed. The following is an example of the configuration of a task to perform a Greenbone scan for a target.

Fig.1: Creation of a new task
Fig.2: Creation of a new target

Greenbone allows you to choose among several customisations about the type of scan, the results obtained or the port list that has to be tested. They depend on the needs or on the type of machines you want to analyse, for example.

Having all configured, by clicking on the “play” icon the scan starts.

Fig.3: Greenbone task view

The launch scan module simply starts the tasks such that only one of them is running at a specific time. This allows for no overlapping of scans and for a better organisation of the available resources.

Update data

It is a module that executes once a month before the previous module so before starting the new vulnerability scans for the current month. It updates customers’ data about public perimeters to scan since they could change overtime, maintaining Greenbone targets and related task up-to-date.

Fig.4: Greenbone target view

Save latest reports

This module saves the reports provided by Greenbone and related to the last scan executed once it is finished both in PDF and in CSV format. 

Fig.5: Download report after vulnerability scan

The PDF format offers a more visual report of the results obtained than the CSV format. These reports will be then processed to provide data for the next steps of the Vulnerability Management process.

Takeaways

Greenbone’s user interface allows the user to perform all the actions that we have automated through the usage of the python APIs, so schedule scans, change targets and the related tasks or manually download the reports once a scan is finished. 

On the other hand, by using API capabilities Greenbone appliances can be further configured more granularly by interacting directly with the underlying protocols and removing the limitation that could be faced using the web interface. It gives you all the powers of additional python libraries to be employed in further processes. Finally, APIs allow the automation of processes in your organisation more easily, optimise business operations, reduce errors and increase the overall productivity.

Beatrice Dall'Omo

Beatrice Dall'Omo

Red Team & Offensive Security Specialist | Cybersecurity Team | Würth Phoenix

Author

Beatrice Dall'Omo

Red Team & Offensive Security Specialist | Cybersecurity Team | Würth Phoenix

Latest posts by Beatrice Dall'Omo

16. 11. 2023 Red Team, SEC4U
Don’t Do Without EPSS: Vulnerability Prioritization
13. 06. 2023 Red Team, SEC4U
What We Know about the MOVEit Transfer 0-day
17. 03. 2023 Red Team, SEC4U
How to Set Up an Effective Phishing Campaign
02. 01. 2023 Red Team, SEC4U
Focus on the noPac Attack
See All

Related Content

Tags: , , , , ,

14. 06. 2024 DevOps, NetEye

Automating the Full NetEye Release Procedure

One of the first issues we added more than 2 years ago to our DevOps backlog was automating the infrastructure preparation and release of NetEye, but we postponed it for a long time because it was too big to do. Read More
30. 12. 2023 Atlassian, Service Management

Get Your Agile and Integrated Procurement Cycle

How to survive managing the IT asset purchase cycle in your company with just a few key elements that ensure a just-in-time approach and decreased waiting time What are the goals and benefits of automating the procurement process? Sooner or Read More
19. 12. 2023 Atlassian, Development, Service Management

Reduce Your “Oh S***! It’s Monday…!😓” Mood with Helpful Jira Automation

How to leverage some Jira features to lighten the workload through automation, replacing manual tasks of low added value that can be frustrating and tedious for those performing them Introduction: What's the idea behind how to live better Mondays? How Read More
16. 11. 2023 Red Team, SEC4U

Don’t Do Without EPSS: Vulnerability Prioritization

Image from https://www.first.org/epss/ During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors Read More
09. 10. 2023 Log-SIEM, Machine Learning, NetEye

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Can We Improve the Search Experience? (Part 2) 

In my previous blog post, we saw how it's possible to index some documents that we created by crawling our NetEye User Guide, then applying the ELSER model in Elasticsearch to create a bag of words for searching that takes Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive