feat: add falcon filtering for cve and score

hazcod · Jul 13, 2021 · 80a4e69 · 80a4e69
1 parent 1189896
commit 80a4e69
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -35,6 +35,10 @@ falcon:
   cloud_region: "eu-1"
   # skip vulnerabilities without available patches
   skip_no_mitigation: true
+  # what severity classes you want to skip
+  skip_severities: ["low"]
+  # minimum CVE base score to report
+  min_cve_base_score: 0
 
 # vmware workspace one
 ws1:

diff --git a/config/config.go b/config/config.go
@@ -26,6 +26,8 @@ type Config struct {
 		CloudRegion string `yaml:"cloud_region" env:"FALCON_CLOUD_REGION"`
 
 		SkipNoMitigation bool `yaml:"skip_no_mitigation" env:"FALCON_SKIP_NO_MITIGATION"`
+		SkipSeverities []string `yaml:"skip_severities" env:"FALCON_SKIP_SEVERITIES"`
+		MinCVEBaseScore int `yaml:"min_cve_base_score" env:"FALCON_MIN_CVE_BASE_SCORE"`
 	} `yaml:"falcon"`
 
 	WS1 struct {

diff --git a/pkg/falcon/extractor.go b/pkg/falcon/extractor.go
@@ -173,6 +173,31 @@ func GetMessages(config *config.Config, ctx context.Context) (results map[string
 			continue
 		}
 
+		if config.Falcon.MinCVEBaseScore > 0 {
+			if int(*vuln.Cve.BaseScore) < config.Falcon.MinCVEBaseScore {
+				logrus.WithField("cve_score", *vuln.Cve.BaseScore).Debug("skipping vulnerability")
+				continue
+			}
+		}
+
+		if len(config.Falcon.SkipSeverities) > 0 {
+			vulnSev := strings.ToLower(*vuln.Cve.Severity)
+			skip := false
+
+			for _, sev := range config.Falcon.SkipSeverities {
+				if strings.EqualFold(sev, vulnSev) {
+					logrus.WithField("severity", *vuln.Cve.Severity).Debug("skipping vulnerability")
+					skip = true
+					break
+				}
+			}
+
+			if skip { continue }
+		}
+
+		logrus.WithField("cve_score", *vuln.Cve.BaseScore).WithField("severity", *vuln.Cve.Severity).
+			Debug("adding vulnerability")
+
 		deviceFinding := UserDeviceFinding{
 			ProductName:         *vuln.App.ProductNameVersion,
 			CveID:               *vuln.Cve.ID,
@@ -181,8 +206,6 @@ func GetMessages(config *config.Config, ctx context.Context) (results map[string
 			TimestampFound:      *vuln.CreatedTimestamp,
 		}
 
-		logrus.Warnf("%+v", vuln.HostInfo.Tags)
-
 		if _, ok := devices[uniqueDeviceID]; !ok {
 			devices[uniqueDeviceID] = UserDevice{
 				MachineName: fmt.Sprintf(

diff --git a/pkg/overview/security/builder.go b/pkg/overview/security/builder.go
@@ -23,7 +23,7 @@ func BuildSecurityOverviewMessage(logger *logrus.Logger, config config.Config, f
 	var allWS1 []ws1.WS1Result
 	for _, w := range ws1Results { allWS1 = append(allWS1, w) }
 
-	logrus.Debugf("falcon: %d ws1: %d", len(allFalcon), len(allWS1))
+	logrus.Debugf("findings: falcon: %d ws1: %d", len(allFalcon), len(allWS1))
 
 	variables := struct {
 		Falcon []falcon.FalconResult