Merge pull request #6 from CMS-Enterprise/fix-query

fix: epss score dates invalid due to utc and limiting query by last_seen
CMS-Enterprise · Apr 30, 2024 · 5b9ce6b · 5b9ce6b
2 parents dbb5736 + 33bf080
commit 5b9ce6b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/code/reporter/lambda_function.py b/code/reporter/lambda_function.py
@@ -2,15 +2,15 @@
 import pandas as pd
 import snowflake.connector
 import slack_report
-from datetime import date
+from datetime import date, timedelta
 from slack_sdk.webhook import WebhookClient
 
 TITLE_IGNORE = [
  'EC2.17 EC2 instances should not use multiple ENIs'
 ]
 
 def get_epss_df():
- today = date.today()
+ today = date.today() - timedelta(days=1)
  d1 = today.strftime("%Y-%m-%d")
 
  return pd.read_csv(
@@ -61,7 +61,7 @@ def get_nessus_vulns(snowflake_cur, kev_df, epss_df):
  and intersects them with both the kev and epss dataframes
  """
  snowflake_cur.execute(
- "select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE"
+ "select ACCOUNTID, INSTANCEID, CVE from SEC_VW_IUSG_CUMULATIVE_VULNS_BATCAVE WHERE LAST_SEEN >= CURRENT_TIMESTAMP() - INTERVAL '72 hours'"
  )
  df = snowflake_cur.fetch_pandas_all()
  df["CVE"] = df["CVE"].apply(lambda x: json.loads(x))

diff --git a/code/reporter/slack_report.py b/code/reporter/slack_report.py
@@ -5,6 +5,7 @@
  DividerBlock,
  SectionBlock,
  RichTextBlock,
+ RichTextLink,
  Message,
 )
 from slackblocks.rich_text import RichTextSection, RichTextList, ListType, RichText
@@ -82,11 +83,16 @@ def __form_blocks(self):
  kev_vuln_block.elements.append(
  RichTextList(
  style=ListType.BULLET,
+ indent=1,
  elements=[
  RichTextSection(
  elements=[
+ RichTextLink(
+ text=f"{x.cve}",
+ url=f"https://www.cvedetails.com/cve/{x.cve}"
+ ),
  RichText(
- text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
+ text=f" present across {str(x.num_env)} AWS Accounts"
  )
  ]
  )
@@ -119,11 +125,16 @@ def __form_blocks(self):
  epss_vuln_block.elements.append(
  RichTextList(
  style=ListType.BULLET,
+ indent=1,
  elements=[
  RichTextSection(
  elements=[
+ RichTextLink(
+ text=f"{x.cve}",
+ url=f"https://www.cvedetails.com/cve/{x.cve}"
+ ),
  RichText(
- text=f"{x.cve} present across {str(x.num_env)} AWS Accounts"
+ text=f" present across {str(x.num_env)} AWS Accounts"
  )
  ]
  )