Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support "urgent tickets" queries #27

Merged
merged 6 commits into from
Apr 13, 2022
Merged

Support "urgent tickets" queries #27

merged 6 commits into from
Apr 13, 2022

Conversation

dav3r
Copy link
Member

@dav3r dav3r commented Apr 8, 2022

🗣 Description

This PR updates some queries that are used to create CSVs containing open or recently-closed tickets. It allows for a new faux severity called "urgent", which includes tickets that meet at least one of the following criteria:

  • KEV (Known Exploited Vulnerability) = true
  • Critical (severity = 4)
  • High (severity = 3)

In addition, I also added the KEV flag and ticket severity to the CSV output.

During my testing, I encountered a pre-existing bug, so I fixed that in 0b0336e.

💭 Motivation and context

This PR resolves cisagov/cyhy-system#48.
This PR covers part of the work requested in cisagov/cyhy-system#34.

🧪 Testing

I used this updated code to generate new "urgent tickets" CSVs (for both open and closed tickets) using my test data and verified that the output looked as expected.

I also tested my code by generating the existing CSVs (for critical-severity tickets and high-severity tickets) and the urgent tickets CSVs, using Production data and verified that the output looked as expected. There were no unexpected changes to the existing CSVs (which will continue to be used by the CyHy Dashboard).

To generate my testing CSVs, I wrote some test code similar to this.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

dav3r added 3 commits April 8, 2022 15:42
@dav3r
Fix bug affecting tickets that have never been in a report
0b0336e 
The previous code would throw an error.
@dav3r
Update ticket queries to support "urgent" tickets
413aa4e 
"urgent" tickets are defined as meeting at least one of the following criteria:
* KEV (Known Exploited Vulnerability) = true
* Critical (severity = 4)
* High (severity = 3)
@dav3r
Add KEV and severity fields to CSVs
3ed15d1
@dav3r dav3r added the improvement This issue or pull request will add new or improve existing functionality label Apr 8, 2022
@dav3r dav3r self-assigned this Apr 8, 2022
@dav3r dav3r requested review from mcdonnnj, felddy and jsf9k April 8, 2022 20:16
This was referenced Apr 11, 2022
Merged
Merged
@mcdonnnj
Copy link
Member

@dav3r Would you manually run black against this source file and push that update? The formatting is inconsistent (and in one case offensive to my eyes).

@dav3r
Copy link
Member Author

dav3r commented Apr 13, 2022

@dav3r Would you manually run black against this source file and push that update? The formatting is inconsistent (and in one case offensive to my eyes).

@mcdonnnj No problem- done in ecbabc2. Command used was:

black -t py27 ./cybex_queries.py

mcdonnnj
mcdonnnj approved these changes Apr 13, 2022
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had suggestions for sorting the keys in the dictionaries used in the find() calls but otherwise LGTM.

dav3r and others added 2 commits April 13, 2022 14:12
@dav3r @mcdonnnj
Sort query keys alphabetically
1938b64 
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@dav3r @mcdonnnj
Sort query keys alphabetically
9d8ea32 
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@dav3r dav3r merged commit 20521a4 into develop Apr 13, 2022
@dav3r dav3r deleted the improvement/urgent-tickets-queries branch April 13, 2022 18:48
This was referenced May 2, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@felddy felddy Awaiting requested review from felddy

Assignees

@dav3r dav3r

Labels
improvement This issue or pull request will add new or improve existing functionality
Projects
No open projects
BOD 22-01
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create two new queries to include critical, high, and KEVs for urgent tickets
3 participants
@dav3r @mcdonnnj @jsf9k