An API client for EdgeScan
Project description
An API client for Edgescan
Overview
Edgescan
Edgescan is a vulnerability management solution that allows you to identify both network and application layer vulnerabilities across a wide variety of systems.
Data model
Edgescan's data model includes:
- Assets: define which hosts to scan for vulnerabilities;
- Hosts: represent individual computer systems (physical or virtual); and
- Vulnerabilities: represent known attack vectors that may be exploited by an adversary;
- Licenses: are mapped to assets and store information such as which license is in use and when it expires.
API client
This API client is written in Python and includes a command line interface that you can use to list, count, and retrieve objects.
Features
You can use this package to:
- List, count, and retrieve assets, hosts, licenses, and vulnerabilities; and
- Export data from Edgescan in JSONL format
Disclaimers
- This package is not maintained by, or supported by Edgescan.
Warnings
- The latest version of all hosts, licenses, and vulnerabilities will be written to the system's temporary directory by default 1.
1. You can disable this behaviour by setting EDGESCAN_ENABLE_CACHE=false
Installation
To install using pip:
python3 -m pip install edgescan
To install from source (requires poetry):
git clone https://github.com/whitfieldsdad/edgescan-api-client.git
cd edgescan-api-client
make install
Environment variables
| Name | Description | Default | Required |
|---|---|---|---|
EDGESCAN_HOST |
Address of Edgescan API | live.edgescan.com | false |
EDGESCAN_API_KEY |
Edgescan API key | n/a | true |
EDGESCAN_ENABLE_CACHE |
Enable/disable caching to temporary directory. | n/a | false |
CONTAINER_IMAGE |
Name of the container image | edgescan-api-client | false |
CONTAINER_REGISTRY |
Container registry to which the container image will be released | localhost:5000 | false |
Testing
To run the unit tests and integration tests:
make test
Code coverage
After running the tests, you can generate code coverage reports by running:
make coverage
This will generate the following reports:
- HTML-formatted code coverage report:
coverage/html/index.html - JSON-formatted code coverage report:
coverage/json/coverage.json
Reading the HTML-formatted code coverage report
To read the HTML-formatted code coverage report in your default web browser, execute one of the following commands (depending on your operating system):
On Windows:
start coverage/html/index.html
On macOS:
open coverage/html/index.html
On Linux:
xdg-open coverage/html/index.html
Reading the JSON-formatted code coverage report
To read the JSON-formatted code coverage report through the command line, execute the following command:
On Windows:
type coverage/json/coverage.json | jq
On Linux or macOS:
cat coverage/json/coverage.json | jq
Docker
This repository includes a Dockerfile that you can use to build a container image providing the API client.
The image is based on python:3.9-slim-buster and invokes the command line interface for the Edgescan API client when the container is run.
Related Makefile targets:
container: alias forbuild-containerbuild-container: builds the container imageexport-container: exports the container image to a file namededgescan-api-client.tar.gzin the current directoryimport-container: imports the container image from a file namededgescan-api-client.tar.gzin the current directoryrelease-container: releases the container to the configured container registry
Related environment variables:
CONTAINER_IMAGE: the name of the container image (default:edgescan-api-client)CONTAINER_REGISTRY: the container registry to which the container image will be released (default:localhost:5000)
Building the container image
To build the container image:
make build-container
Exporting the container image to a file
To export the container image to a file named edgescan-api-client.tar.gz in the current directory:
make export-container
Importing the container image from a file
To import the container image from a file named edgescan-api-client.tar.gz in the current directory:
make import-container
Running the container
To run the container:
docker run --rm -it edgescan-api-client
Building the container
To build the container:
make build-container
Exporting the container to a file
To export the container to a file named edgescan-api-client.tar.gz:
$ make export-container
$ du -sh edgescan-api-client.tar.gz
176M edgescan-api-client.tar.gz
General usage
There are two different ways to interact with this module:
- Via the command line; or
- Via Python
Command line interface
Using poetry:
$ poetry run edgescan
Usage: edgescan [OPTIONS] COMMAND [ARGS]...
Options:
--edgescan-host TEXT
--edgescan-api-key TEXT
--help Show this message and exit.
Commands:
assets Query or count assets.
hosts Query or count hosts.
licenses Query or count licenses.
vulnerabilities Query or count vulnerabilities.
Search for assets
You can search for assets by:
- Asset ID;
- Name;
- Tag;
- Create time; and/or
- Update time
$ poetry run edgescan assets get-assets --help
Usage: edgescan assets get-assets [OPTIONS]
Search for assets.
Options:
--asset-ids TEXT
--names TEXT
--tags TEXT
--min-create-time TEXT
--max-create-time TEXT
--min-update-time TEXT
--max-update-time TEXT
--limit INTEGER
--help Show this message and exit.
Search for hosts
You can search for hosts by:
- Asset ID;
- Host ID;
- Location (i.e. by IP address or hostname);
- Status (i.e. whether they're "dead" or "alive");
- Create time; and/or
- Update time.
$ poetry run edgescan hosts get-hosts --help
Usage: edgescan hosts get-hosts [OPTIONS]
Search for hosts.
Options:
--asset-ids TEXT
--host-ids TEXT
--locations TEXT
--alive / --dead
--min-create-time TEXT
--max-create-time TEXT
--min-update-time TEXT
--max-update-time TEXT
--limit INTEGER
--help Show this message and exit.
Count active vs. inactive hosts
You can count active hosts like this:
$ poetry run edgescan hosts count-hosts --alive
123
And inactive hosts like this:
$ poetry run edgescan hosts count-hosts --dead
456
Count hosts by OS type
You can count hosts by OS type like this:
$ poetry run edgescan hosts count-hosts --group-by os_type | jq
Search for vulnerabilities
You can search for vulnerabilities by:
- Vulnerability ID;
- CVE ID;
- Asset ID;
- Host ID;
- Location (i.e. by IP address or hostname);
- Status (i.e. whether the host is "dead" or "alive");
- Layer (i.e. "app" layer or "network" layer);
- Create time;
- Update time
$ poetry run edgescan vulnerabilities get-vulnerabilities --help
Usage: edgescan vulnerabilities get-vulnerabilities [OPTIONS]
List vulnerabilities.
Options:
--vulnerability-ids TEXT
--cve-ids TEXT
--asset-ids TEXT
--host-ids TEXT
--locations TEXT
--alive / --dead
--include-application-layer-vulnerabilities / --exclude-application-layer-vulnerabilities
--include-network-layer-vulnerabilities / --exclude-network-layer-vulnerabilities
--min-create-time TEXT
--max-create-time TEXT
--min-update-time TEXT
--max-update-time TEXT
--limit INTEGER
--help Show this message and exit.
Count vulnerabilities by name
You can count vulnerabilities by name like this:
poetry run edgescan vulnerabilities count-vulnerabilities --group-by name | jq
Count vulnerabilities by location
You can count vulnerabilities by location (i.e. by IP address or hostname) like this:
poetry run edgescan vulnerabilities count-vulnerabilities --group-by location | jq
Count vulnerabilities by layer (i.e. "application" layer or "network" layer)
You can count vulnerabilities by layer (i.e. "application" layer or "network" layer) like this:
poetry run edgescan vulnerabilities count-vulnerabilities --group-by layer | jq
Search for licenses
You can search for licenses by:
- License ID;
- License name; and/or
- Whether the license is expired.
$ poetry run edgescan licenses get-licenses --help
Usage: edgescan licenses get-licenses [OPTIONS]
List licenses.
Options:
--license-ids TEXT
--license-names TEXT
--expired / --not-expired
--limit INTEGER
--help Show this message and exit.
Python
Search for assets
To look up all assets and list their names:
from edgescan import Client
api = Client()
assets = api.iter_assets()
names = {asset['name'] for asset in assets}
print(', '.join(sorted(names)))
Search for hosts
To look up all active hosts and list their locations (i.e. IP addresses and hostnames):
from edgescan import Client
api = Client()
locations = set()
for host in api.iter_hosts(alive=True):
locations |= {host['location']} | set(host['hostnames'])
print(', '.join(sorted(locations)))
To look up all active hosts and their OS versions:
from edgescan import Client
api = Client()
os_versions = {host['os_name'] for host in api.iter_hosts(alive=True) if host['os_name']}
print(', '.join(sorted(os_versions)))
To count active hosts by OS type and OS version:
from edgescan import Client
from collections import OrderedDict
import edgescan.platforms
import collections
import json
api = Client()
tally = collections.defaultdict(lambda: collections.defaultdict(int))
for host in api.iter_hosts(alive=True):
os_version = host['os_name']
if os_version:
os_type = edgescan.platforms.parse_os_type(os_version)
tally[os_type][os_version] += 1
#: Sort by rate of occurrence.
tally = OrderedDict(sorted(tally.items(), key=lambda e: e[1], reverse=True))
print(json.dumps(tally, indent=4))
Search for licenses
To search for licenses and list their names:
from edgescan import Client
api = Client()
names = {row['name'] for row in api.iter_licenses()}
print(', '.join(sorted(names)))
Search for vulnerabilities
To count vulnerabilities on active hosts:
from edgescan import Client
api = Client()
total = api.count_vulnerabilities(host_is_alive=True)
print(total)
To count vulnerabilities on active hosts by CVE ID:
from edgescan import Client
from collections import OrderedDict
import collections
import json
api = Client()
tally = collections.defaultdict(int)
for vulnerability in api.iter_vulnerabilities(host_is_alive=True):
for cve_id in vulnerability['cves']:
tally[cve_id] += 1
#: Sort by rate of occurrence.
tally = OrderedDict(sorted(tally.items(), key=lambda e: e[1], reverse=True))
print(json.dumps(tally, indent=4))
Data export
You can export all assets, licenses, hosts, and vulnerabilities as follows:
./scripts/export-all-jsonl.sh
You can provide a custom output directory using the EDGESCAN_OUTPUT_DIRECTORY environment variable:
EDGESCAN_OUTPUT_DIRECTORY=/tmp/edgescan/data ./scripts/export-all-jsonl.sh && du -sh $EDGESCAN_OUTPUT_DIRECTORY/*
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file edgescan-2.3.1.tar.gz.
File metadata
- Download URL: edgescan-2.3.1.tar.gz
- Upload date:
- Size: 22.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.10 Darwin/21.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b0295c7d947e29d01cc9656e73252986259ceb98929537665f973f5bfa51ca9c |
|
| MD5 | 80505a4c9fba606a901bc358b859960a |
|
| BLAKE2b-256 | e6e6013f0e011f81a0649314eff0a5ff41c5c1ec11fe49de1517d8ec086213c2 |
File details
Details for the file edgescan-2.3.1-py3-none-any.whl.
File metadata
- Download URL: edgescan-2.3.1-py3-none-any.whl
- Upload date:
- Size: 26.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.10 Darwin/21.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2de26b088bc0a7181a03a78969daa41be9dcbb25d748ab46cc33a848e2cdf776 |
|
| MD5 | 77f3787aa2fe9830b2ec483516880e42 |
|
| BLAKE2b-256 | 08f6b039ecdd000b704c639455a463cd1328c73d6a743fdc1e9eae8eb0796a22 |
