from securitycenter import SecurityCenter5 fails for py3

Question

from securitycenter import SecurityCenter5 fails for py3

Closed this issue 7 years ago · 9 comments

neo4u commented 7 years ago

from securitycenter import SecurityCenter5 fails for python3. Any reasons why?

Answer 1 · 2017-04-13T22:33:32.000Z

False alarm. This was due to pip3 installation issue.

Answer 2 · 2017-04-14T04:09:17.000Z

Great to hear it. I hadn't gotten around to looking at it yet. I admit I mostly still code in python 2.7

Answer 3 · 2017-04-15T00:41:30.000Z

Yeah. I realized that and made some changes. Hey so while you're online I thought I'd ask. Is there anything in this repo that download's scan results in a JSON format? I see the current implementation only downloads the .nessus files. Is that the most efficient way to download the scan results?

Answer 4 · 2017-04-15T00:44:23.000Z

Python 2.7 or 3.5 this is the only project out there doing this. So good job. 👍

Answer 5 · 2017-04-15T04:22:42.000Z

What's the use case for downloading everything? Wouldn't make more sense to only pull what your specifically looking for from the aggregate?

Answer 6 · 2017-04-16T05:53:41.000Z

I am trying to import each host and its vulnerabilities. But I said "all data" to mean that I'm trying to replicate the database onto a different DB Server to keep store historic information and create a Vuln-Intel server and only store up to 3 months of historic data on the Nessus SecurityCenters for performance.

Answer 7 · 2017-04-16T05:54:57.000Z

Is there any method in the currently implementation ...Perhaps someway to use the analysis method to get each asset and its vulnerabilities?

Answer 8 · 2017-04-17T14:56:38.000Z

so the repositories will naturally keep state. the only thing in the repositories that grow is the snapshots. Those are only used for trendlines. if your trying to keep the SC dataset down, I'd recommend you either disable the snapshotting, or set the snapshotting to NOT do full test searching. I know it sounds counter-intuitive, but trust me.

As for a method to get each asset & it's vulns...you'd likely be handling everything via the 'vulndetails' tool.

Answer 9 · 2017-04-17T16:49:35.000Z

Thank you so much for the advise. I would like to contribute to this project whenever possible. I will raise pull requests whenever I do so, mostly towards supporting python3. Some of the places the library has been changed to only support python3 and some its only python2 so since python2 is going to be phased out, I thought it might be easier to just stick to python3.

Also, my team at work is going to copy the logic of this repo out into a ruby gem, with an open source license. Hope that is okay with you.

Last thing, I don't see the 'vulndetails' tool in the SC5 API documentation. Is that a SC4 thing or is this piece of information missing from the documentation? Where did you find it for your reference?