[DASHBOARD] New API call in Operations Portal for IRTF to identify sites vulnerable to critical vulnerabilities
Following the discussions we had, please find below information regarding the implementation of a new Operations Portal API call to be used by IRTF to identify sites vulnerable to critical vulnerabilities.
The output should ideally be in CSV format and providing the following data:
tag - severity of CVE tagged in pakiti (eg EGI-Critical)
cve - CVE identificator
site - site name
host - host name
os - OS of host
arch - host architecture
last_report - time of last report from host The default (without any parameter) would be to provide hosts vulnerable to critical issues detected over the past 48 hours (and not fixed in the meantime).
Having parameters allowing to customise the query may be handy:
- history: customising the duration for checking the history of reports (default: 48 hours)
- severity: configuring the severity of tagged CVE (egi EGI-High or EGI-Critical, default: EGI-Critical)
This is similar to the output of a Pakiti call we are using (but that is lacking the consolidation with the mitigation/checks from nagios), and would allow us to easily integrate this with existing IRTF tooling.
- It needs a validation of the token + csirt Role
Complete Description : https://jira.egi.eu/browse/EGITCB-320