Skip to content
This repository was archived by the owner on Feb 13, 2025. It is now read-only.

Add nexpose collector. #1407

Merged
alienth merged 1 commit into from
Oct 22, 2015
Merged

Add nexpose collector. #1407

alienth merged 1 commit into from
Oct 22, 2015

Conversation

@alienth
Copy link
Contributor

@alienth alienth commented Oct 20, 2015

Looking for an initial review pass on this collector.

Collector is configured as follows:

[[Nexpose]]
Username = "nexposeacct"
Password = "nexposesucks"
Host = "nexposehost.blah.com"
Insecure = false

For each monitored asset, it sends metrics with the vuln count, malware count, risk score, exploit count, and last scan time (represented in seconds since last scan). The asset name is either the detected hostname, or the IP address of the host.

For each site, it sends nexpose.site metrics which are an aggregate of the aforementioned device metrics.

It also sends a nexpose.scan.running metric indicating if a scan is currently running on a site.

Note that not all of the defined functions are used at this time. They'll probably come in handy for other metrics, so I'd like to keep em in. I'll probably end up creating a generic Go package for nexpose and rip a lot of that stuff out of this collector.

👓 @kylebrandt @captncraig

@nickman
Copy link

nickman commented Oct 21, 2015

Very cool. Forwarding to my infosec group...
On Oct 20, 2015 19:23, "Jason Harvey" [email protected] wrote:

Looking for an initial review pass on this collector.

Collector is configured as follows:

[[Nexpose]]
Username = "nexposeacct"
Password = "nexposesucks"
Host = "nexposehost.blah.com"
Insecure = false

For each monitored asset, it sends metrics with the vuln count, malware
count, risk score, exploit count, and last scan time (represented in
seconds since last scan). The asset name is either the detected hostname,
or the IP address of the host.

For each site, it sends nexpose.site metrics which are an aggregate of
the aforementioned device metrics.

It also sends a nexpose.scan.running metric indicating if a scan is
currently running on a site.

[image: 👓] @kylebrandt https://github.com/kylebrandt

@captncraig https://github.com/captncraig

You can view, comment on, or merge this pull request online at:

#1407
Commit Summary

  • Add nexpose collector.

File Changes

Patch Links:


Reply to this email directly or view it on GitHub
#1407.

captncraig
captncraig reviewed Oct 21, 2015
View reviewed changes
cmd/scollector/collectors/nexpose.go Outdated
Copy link
Contributor

@captncraig captncraig Oct 21, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting the irony of even having an insecure option for a vulnerability tool. If insecure is false, you can just use http.DefaultClient.

@captncraig
Copy link
Contributor

captncraig commented Oct 21, 2015

For dealing with 2 versions of xml apis and the worst json api I've ever seen, I'd say it looks pretty good.

@alienth alienth force-pushed the nexpose branch 3 times, most recently from c2a14be to 70e4d2b Compare October 21, 2015 20:21
@alienth
Copy link
Contributor Author

alienth commented Oct 21, 2015

@captncraig Requested changes made. I've left the fixup commits separate to facilitate easy review. Will squash before merge.

@captncraig
Copy link
Contributor

captncraig commented Oct 21, 2015

@alienth I really like how you address individual issues with separate commits. Good call. Merge at will.

@alienth alienth force-pushed the nexpose branch 2 times, most recently from 40e9b80 to 695c721 Compare October 21, 2015 23:06
@alienth alienth merged commit e8d16d5 into bosun-monitor:master Oct 22, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alienth @nickman @captncraig