Public/Get-RiskSenseFinding.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
function Get-RiskSenseFinding {
    <#
    .SYNOPSIS
        Search for host findings.
    .DESCRIPTION
        List host findings (vulnerabilities) in a RiskSense client.
        Authority: User, Group Manager, Manager
    .EXAMPLE
        Get-RiskSenseFinding -ClientID 1 -Token 'secrettoken'
    #>


    [CmdletBinding()]
    param(
        # ClientID
        [Parameter(Mandatory)]
        [int]$ClientID,
        
        # RiskSense API Key
        [Parameter(Mandatory)]
        $Token
    )

    begin {
        $headers = Get-AuthHeader $Token
        $body = '{
            "filters": [
                {"field":"generic_state","exclusive":false,"operator":"EXACT","value":"Open"}
            ],
            "projection": "basic",
            "sort": [
              {
                "field": "id",
                "direction": "ASC"
              }
            ],
            "page": $page,
            "size": 1000
          }'

    }
    
    process {
        $page = 0
        do {
            $irmBody = $body.Replace('$page', $page)
            $result = Invoke-RestMethod -Uri "$uri/client/$ClientID/hostFinding/search" -Method Post -Body $irmBody -Headers $headers

            foreach ($finding in $result._embedded.hostFindings) {
                [PSCustomObject] @{
                    ID = $finding.id
                    ClientID = $ClientID
                    Title = $finding.title
                    Risk = $finding.Risk 
                    Severity = $finding.severity
                    xrs3Impact = $finding.xrs3Impact 
                    xrs3ImpactOnCategory = $finding.xrs3ImpactOnCategory
                    ScannerReported = $finding.ScannerReported
                    CVSSv2 = $finding.cvssv2
                    CVSSv3 = $finding.cvssv3
                    State = $finding.state 
                    GroupID = $finding.GroupId 
                    GroupIDs = $finding.GroupIds
                    PortID = $finding.portId
                    Hostname = $finding.hostname
                    IP = $finding.IP 
                    Criticality = $finding.Criticality 
                    IsExternal = $finding.IsExternal 
                    LastFoundOn = if ($finding.lastFoundOn) { Get-Date $finding.lastFoundOn } else { $null }
                    DiscoveredOn = if ($finding.discoveredOn) { Get-Date $finding.discoveredOn } else { $null }
                    ResolvedOn = if ($finding.resolvedOn) { Get-Date $finding.resolvedOn } else { $null }
                }
            }
            $page++
        } while ($result._links.next.href)
    }

    end {}
}