Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 severity mapping, ✨ defender performance improvement #10185

Merged
merged 4 commits into from
May 28, 2024
Merged

🐛 severity mapping, ✨ defender performance improvement #10185

merged 4 commits into from
May 28, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR parser labels May 13, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 13, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 0 findings
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on improving the reliability and robustness of the MSDefenderParser class, which is responsible for parsing and processing findings from Microsoft Defender security scans. The key changes include more efficient handling of machine information and ensuring that the severity of findings is properly classified. These improvements are important from an application security perspective, as they enhance the ability to accurately correlate vulnerability data with the corresponding machine information and prioritize remediation efforts based on the severity of the identified vulnerabilities.

Files Changed:

  • dojo/tools/ms_defender/parser.py: The changes in this file are related to the MSDefenderParser class, which is responsible for parsing and processing findings from Microsoft Defender security scans. The key changes include:

    1. Vulnerability and Machine Data Handling: The code was modified to store machine information in a dictionary (machines) instead of a list, allowing for more efficient lookup of machine data by the machineId when processing vulnerabilities.

    2. Severity Handling: The severity_check function was added to ensure that the severity of a finding is always one of the expected values ('Informational', 'Low', 'Medium', 'High', 'Critical'). If the severity value from the input data is not one of these, it is set to 'Informational'.

These changes are focused on improving the reliability and robustness of the parser, which is an important component for integrating security findings into a security management or vulnerability management system. The ability to accurately correlate vulnerability data with the corresponding machine information and properly classify the severity of findings are crucial for effective security analysis and prioritization of remediation efforts.

Powered by DryRun Security

@manuel-sommer manuel-sommer marked this pull request as ready for review May 23, 2024 12:05
mtesauro
mtesauro approved these changes May 26, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions github-actions bot removed the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label May 27, 2024
@blakeaowens blakeaowens merged commit cc0f278 into DefectDojo:bugfix May 28, 2024
123 checks passed
@manuel-sommer manuel-sommer deleted the improve_defender_performance branch May 28, 2024 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @grendel513 @mtesauro @Maffooch @blakeaowens