KDI Importer issue #145
Description
I'm trying to run the KDI generic transformed script.
My csv has the following fields:
artifact,date,fixedVersion,installedVersion,Vuln Description,resource,CVSS,severity,CVE,Vuln Name
I have edited default_meta as follows
| Kenna Item - DON'T EDIT THESE VALUES | Associated Source File Column | Required | Description | Object Type | |
|---|---|---|---|---|---|
| date_format | %d/%m/%Y | yes if dates in data | Script Only - used to format dates google ruby strftime for more info on format syntax | ||
| locator | hostname | no | Script only - field used to deduplication prior to upload - should match kenna locator syntax | Asset | |
| file | one value per Asset is required | column name in CSV pointing to (string) path of affected file | Asset | ||
| ip_address | IP Address | one value per Asset is required | column name in CSV pointing to (string) IP of internal facing asset | Asset | |
| mac_address | one value per Asset is required | column name in CSV pointing to (mac format-regex) MAC address asset | Asset | ||
| hostname | artifact | one value per Asset is required | column name in CSV pointing to (string) host name/domain name of affected asset | Asset | |
| ec2 | one value per Asset is required | column name in CSV pointing to (string) Amazon EC2 instance id or name | Asset | ||
| netbios | one value per Asset is required | column name in CSV pointing to(string) netbios name | Asset | ||
| url | one value per Asset is required | column name in CSV pointing to (string) URL pointing to asset | Asset | ||
| fqdn | one value per Asset is required | column name in CSV pointing to (string) fqdn of asset | Asset | ||
| external_id | one value per Asset is required | column name in CSV pointing to (string) ExtID of asset | Asset | ||
| database | one value per Asset is required | column name in CSV pointing to (string) Name of db | Asset | ||
| application | artifact | yes | column name in CSV pointing to (string) ID/app Name - label assigned to asset | Asset | |
| tags | "Product Line,Product Business Unit,Product Division,Finder Type" | no | (string) comma separated list of columns with strings that correspond to tags on an asset - no spaces | Asset Meta | |
| tag_prefix | "AppID:,Prod_BU:,Prod_Div:,Find_type:" | no | comma separated list of prefixes which corresponds to list in tag. Number and order of elements should match tags exactly. | ||
| owner | no | column name in CSV pointing to (string) Some string that identifies an owner of an asset | Asset Meta | ||
| os | no | column name in CSV pointing to (string) Operating system of asset | Asset Meta | ||
| os_version | no | column name in CSV pointing to (string) OS version | Asset Meta | ||
| priority | no | column name in CSV pointing to (Integer) Priority of asset (int 1 to 10).Adjusts asset score. nil for default to 10 | Asset Meta | ||
| scanner_source | static | yes | declares scanner_type data as static (listed in this file) or column (pulled from the csv source file) | ||
| scanner_type | Pen Test | yes | (string) - official name of scan type - should be the same across files where appropriate can be static or pulled from column as directed in scanner_source | Vulnerability & Vuln Def | |
| scanner_id | Issue ID | no | column name in CSV pointing to (string) - Vuln ID as defined by the scanner | Vulnerability & Vuln Def | |
| details | no | column name in CSV pointing to (string) - Details about vuln specific to single host | Vulnerability | ||
| created | no | column name in CSV pointing to (string) - Date vuln created | Vulnerability | ||
| scanner_score | CVSS | no | column name in CSV pointing to (Integer) - scanner score used for scoring appsec vulns - informational for network vulns - translate to int 1-10 using score_map if needed | Vulnerability | |
| score_map | "{""High"":""8"",""Critical"":""10"",""Medium"":""6"",""Low"":""3""}" | no | hash of translation scanner score values to kenna range of 1-10 if needed based on column in scanner_score | ||
| last_fixed | no | column name in CSV pointing to (string) - Last fixed date | Vulnerability | ||
| last_seen | no | column name in CSV pointing to (string) Date it was closed | Vulnerability | ||
| status | Current Status | no | "column name in CSV pointing to (string) default to ""open"" if inbound reports will only include open vulns" | Vulnerability | |
| status_map | "{ ""Impact Statement Pending"" : ""open"", ""Closed"" : ""closed"", ""New"" : ""open"", ""Remediation Plan Pending"" : ""open"", ""Remedy in Progress"" : ""open""}" | no | Script Only - hash of translation... scanner status to Kenna status mappings if needed | ||
| closed | required if status is closed | column name in CSV pointing to (string) Date it was closed | Vulnerability | ||
| port | Port | no | column name in CSV pointing to (Integer) Port if associated with vuln | Vulnerability | |
| cve_id | CVE | yes | column name in CSV pointing to (string) CVEs - note that this can be a comma-delimited list format CVE-000-0000 | Vuln Def | |
| wasc_id | no | column name in CSV pointing to (string) WASC - note that this can be a comma-delimited list - format WASC-00 | Vuln Def | ||
| cwe_id | no | column name in CSV pointing to (string) CWE - note that this can be a comma-delimited list - format CWE-000 | Vuln Def | ||
| name | Vuln Name | yes | "column name in CSV pointing to (string) Name/title of Vuln will be displayed as vuln name if no cve | cwe or wasc" | Vuln Def |
| description | Vuln Description | yes | column name in CSV pointing to (string) Description | Vuln Def | |
| solution | Vuln Recommendation | no | column name in CSV pointing to (string) Solution | Vuln Def |
However, on execution fails:
[~]$ ruby csv_KDI_json.rb vuln_parsed.csv has_header? default_meta.csv skip_autoclose? output.json assets_only? domain_suffix?
Traceback (most recent call last):
3: from csv_KDI_json.rb:223:in '<main>'
2: from /usr/share/ruby/csv.rb:1319:in 'parse'
1: from /usr/share/ruby/csv.rb:1764:in 'each'
csv_KDI_json.rb:231:in 'block in <main>': no implicit conversion of String into Integer (TypeError)