Return string and integer vulnerability id in Connection#list_vulns(full = true) #217
Comments
|
Since there is no API in Nexpose that provides these IDs, it is not possible to implement it to any existing methods in the nexpose-client gem. Is this related to #210? If so, the discussion was directed to rapid7/nexpose_ticketing#8 to get the natural IDs into the output of the ticketing gem, which makes a lot more sense. |
|
Hi @gschneider-r7 , @JJCassidy-R7 - You can close this out. Was just hoping that this could be accomplished easier than my SQL query. Updating the ticket gem doesn't help the fact that I have many hundreds of tickets using the int version of the vulnid and we cannot update them for compliance reasons. |
|
Also like to point out that the gui uses these int values for pages like https://127.0.0.1:3780/vulnerability/vuln-summary.jsp?vulnid=29147&devid=27669 and I use this as a pointer for my tickets. This will also create a burden. |
|
IMO the easiest/fastest solution for right now is to have a daily or weekly dump of the |
I would like to see the option of providing the integer vulnerability id as output in the Connection class #list_vulns
Use Case: I need to pull the cvss_score from an array of vulnerability ids (int)
Justification: There is no known api method available to reference the integer to the string in the database.
Queries such as the below are costly when repeating many hundreds of times:
"select cvss_score from dim_vulnerability where vulnerability_id = '#{vuln_id}'"I believe this should update the APIObject VulnerabilityDetail
If possible, could you also add an integer option to Connection#vuln_details?
Thanks.
The text was updated successfully, but these errors were encountered: