This is the official gem package for the Ruby Nexpose Ticketing engine.
To share your scripts, or to discuss different approaches, please visit the Rapid7 forums for Nexpose: https://community.rapid7.com/community/nexpose
For assistance with using the gem please email the Rapid7 integrations support team at [email protected].
To use the JIRA implementation please follow these steps:
- Edit the jira.config file under the gem config folder and add the necessary data.
- Edit the ticket_service.config under the gem config folder and add the necessary data.
- Run the nexpose_jira file under the bin folder. If installed with Gem 'console> nexpose_jira' should suffice.
Note: Gem is usually installed under
- Windows: C:\Ruby<version>\lib\ruby\gems\version\gems
- Linux: /var/lib/gems/<version>/gems/ Please refer to your particular Ruby documentation for actual installation folder.
A logger is also implemented by default, and the log can be found under the log folder; please refer to the log file in case of an error.
This package is currently a work in progress. Currently there's only a JIRA implementation, with more on the works.
To develop your own implementation for Ticketing service 'foo':
- Create a helper class that implements the following methods:
- create_ticket(tickets) - This method should implement the transport class for the 'foo' service (https, smtp, SOAP, etc).
- prepare_tickets(tickets) - This method will call the selected preparation type: default or ip.
- prepare_tickets_default(vulnerability_list) - This method will take the vulnerability_list in CSV format and transform it into 'foo' accepted data (JSON, XML, etc) per vulnerability.
- prepare_tickets_by_ip(vulnerability_list) - This method will take the vulnerability_list in CSV format and transform it into 'food' accepted data (JSON, XML, etc) collapsing all vulnerabilities by IP.
- Create your 'foo' caller under bin. See the file 'jira' for reference.
Please see jira_helper.rb under helpers for an helper example, and two_vulns_report.csv under the test folder for a sample CSV report.
We welcome contributions to this package. We ask only that pull requests and patches adhere to our coding standards.
- Favor returning classes over key-value maps. Classes tend to be easier for users to manipulate and use.
- Unless otherwise noted, code should adhere to the Ruby Style Guide: https://github.com/bbatsov/ruby-style-guide
- Use YARDoc comment style to improve the API documentation of the gem.