Class Index | File Index

Classes


Class Scan

The Scan class provides methods for defining and storing vulnerabilities detected on enterprise assets. It depends on several other classes, including the Asset class, the Scanner class, and the Vuln class. In general, a vulnerability scanner will perform a scan of an enterprise asset checking all ports on that asset for known vulnerabilities. The entire result set of that scan will be placed in a file or table which is then processed by a Collector. The process followed is usually to construct a Scanner object which describes the vulnerability scanner, then a Scan object which describes the scan that took place and an Asset object that describes the asset that was scanned. Then, a Vuln object is created for each detected vulnerability, attached to the Scan, and stored in the database. It is also possible for the vulnerability scanner to perform a 'partial' scan which means that only specific ports are scanned. In this case, the scan data will not replace the entire set of vulnerability information known for an assset, but only for those ports which were scanned. The class accepts a pre-defined set of vulnerability attributes:


Defined in: vuln.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
Scan(properties)
Constructs an instance of the Scan class which represents a single vulnerability scan of a single asset.
Field Summary
Field Attributes Field Name and Description
 
The set of vulnerabilities that were found on the Asset.
Method Summary
Method Attributes Method Name and Description
 
attachAsset(asset)
This method attaches an Asset object to the current scan.
 
attachScanner(scanner)
This method attaches a Scanner object to the Scan.
 
attachVuln(vuln)
This method attaches a newly-detected vulnerability to an Asset through the associated Scan.
 
save()
This method saves the Scan object in the Sentinel database.
Class Detail
Scan(properties)
Constructs an instance of the Scan class which represents a single vulnerability scan of a single asset.
Author: Novell Engineering.
// In initialize() method:
instance.CONFIG.scanner = new Scanner({});
// In preParse() method:
instance.CONFIG.currentScan = new Scan({"Type":"FULL","Start":new Date(),"Scanner":instance.CONFIG.scanner});
// In parse() method:
// parse input and determine asset and vulnerabilities
instance.CONFIG.currentScan.attachAsset(this.asset1);
instance.CONFIG.currentScan.attachVuln(this.vuln1);
// in postParse() method:
if (instance.CONFIG.readyToSend) {  // readyToSend is not a template var; you would have to create and maintain it
  instance.CONFIG.currentScan.save();
}
Parameters:
{Object} properties
Set of pre-defined properties used to initialize this object
See:
Vuln
Scanner
Asset
Field Detail
{Vuln[]} Vulns
The set of vulnerabilities that were found on the Asset. Typically the scan output will list the discovered vulnerabilities; construct a new Vuln object out of each one and attach it to this scan. In general you should not add Vulns to this object directly; instead use Scan.attachVuln().
Method Detail
{Boolean} attachAsset(asset)
This method attaches an Asset object to the current scan. You must also associated vulnerabilities with the asset by adding them to the scan.
var myAsset = new Asset({"IPv4":rec.IPaddr});
var thisScan = new Scan({"Start":new Date()});
thisScan.attachAsset(myAsset);
// See Scan class for a full example
Parameters:
{Asset} asset
The Asset object representing the system that was scanned
Returns:
{Boolean} Result

{Boolean} attachScanner(scanner)
This method attaches a Scanner object to the Scan. This is used as meta-information to help describe how the vulnerabilities on a specific asset were discovered.
var myscanner = new Scanner({"Tenable":"Nessus","Product":"Nessus"});
var thisScan = new Scan({"Start":new Date()});
thisScan.attachScanner(myscanner);
// See Scan class for a full example
Parameters:
{Scanner} scanner
The Scanner object to associated with this scan
Returns:
{Boolean} result

{Boolean} attachVuln(vuln)
This method attaches a newly-detected vulnerability to an Asset through the associated Scan. Use this method as often as necessary to add multiple vulnerabilities to a single Asset.
var myVuln = new Vuln({"VulnID":rec.vulnid,"Port":rec.tgtport,"HostOS":"Windows"});
var thisScan = new Scan({"Start":new Date()});
thisScan.attachVuln(myVuln);
// See Scan class for a full example
Parameters:
{Vuln} vuln
The Vulnerability object representing a specific detected vulnerability on the target asset
Returns:
{Boolean} Result

{Boolean} save()
This method saves the Scan object in the Sentinel database. You must have previously created the Scan object and attached a Scanner, Asset, and at least one Vuln. Note that this method will attempt to convert the Start and End times for the Scan into the event source's timezone, according to the rec.s_TimeZone attribute. If the last record that you read before calling this method does not have the TimeZone set, or it is set to something other than the timezone in which the scan time is set, you must manually set rec.s_TimeZone as appropriate.
var thisScan = new Scan({"Start":new Date(),"Scanner":instance.CONFIG.scanner,"Asset":currentAsset});
thisScan.save();
// See Scan class for a full example
Returns:
{Boolean} Result

©2008
Documentation generated by JsDoc Toolkit 2.0.2 on Thu Oct 07 2010 07:23:17 GMT-0400 (EDT)