Tag assets by CISA Known Exploits Released April 7th.
I’m sitting here eating my lunch and reading the Cybersecurity News; a good habit I have picked up over the years. One of my favorite weekly if not daily readings is from CISA.gov.
Today I came across the alert that CISA added 5 new Known Exploits:
Since I just launched “navi services” which use navi to deploy advanced tagging concepts. I decided to “Time box” a proof of concept on tagging your assets with these CVES, making it easier to report and take action.
I thought to myself: can I write an article and a Docker container making this serious issue easier for Tenable.io customers to find and take action?
Turns out, navi makes it so easy I can!
Take a look at the new project on Github and Dockerhub.
Okay so what is the trick?
Navi has a built in tagging functionality that uses the Tenable API tag assignments endpoint and a SQLite database to tag all assets by the CVEs found on the asset. Below is an example of how easy it is:
navi tag --c "{Your category name}" --v "{Your value name}" --cve "{CVE ID}"Docker command
docker run -d -e access_key="your Access Key" -e secret_key="your secret Key" packetchaos/cisa_recent_exploits Show me the code
from os import system as cmd
import sys
import time
import requests
start = time.time()
access_key = str(sys.argv[1])
secret_key = str(sys.argv[2])
url = "https://cloud.tenable.com"
# Replace 'access_key and secret_key with your keys
cmd('navi keys --a "{}" --s "{}"'.format(access_key, secret_key))
# Update the navi database for tagging on vulns
cmd('navi update full')
# April 7th release - https://www.cisa.gov/news-events/alerts/2023/04/07/cisa-adds-five-known-exploited-vulnerabilities-catalog
cve_list = ['CVE-2021-27876', 'CVE-2021-27877', 'CVE-2021-27878', 'CVE-2019-1388', 'CVE-2023-26083']
def grab_headers():
return {'Content-type': 'application/json', 'user-agent': 'Navi-SS-Scan_tags', 'X-ApiKeys': 'accessKey=' + access_key + ';secretKey=' + secret_key}
# Tag assets by New CVEs released by CISA
for cve in cve_list:
cmd('navi tag --c "CISA Known Exploits" --v "Released April 7th {}" --cve "{}"'.format(cve, cve))
finish = time.time()
total = finish - start
mins = total/60
print("The Script took {} seconds or {} minutes".format(total, mins))I hope this helped you get faster and better visibility to these Risks!
