Integration API

by | Feb 5, 2017 | Uncategorized | 0 comments

Faction includes two different API’s. One is REST based and will allow you to query and create just about anything that you can do via the web interface. You can write your one scripts to update findings, create assessments, or run reports.

The Second API is our Integration API and it is event triggered. This allows you to run custom code to integrate Faction into your existing systems like Jira or your own application inventory program. This post will discuss how you could integrate Faction into Jira to submit bugs directly to development teams for tracking.

INTEGRATION API WEB INTERFACE

Log into Faction as an administration and navigate to the Integration API page. It should look something like the following screenshot. On this page you can write custom python code that will execute when certain conditions happen inside of Faction. There are two boxes on the right of the screen. These inform you of the input arguments and output variables that are available to you. These are accessible from the ‘inputs’ variable and have a class type of VTKVPair. This is a simple key-value pair object that you can use. All outputs are expected to be Arrays of VTKVPairs. This might sound cumbersome at first but its really easy. Just keep reading.

ACCESSING INPUT VARIABLES:

Input variables are accessible as key-value pairs with the ‘key’ existing from the list of ‘Input Variables’ in the top right box of the page. For referrence here is the full set of variables that can be accessed on an Assessment Completed Event.

start
assessor
engagement
end
completed
remediation
appid
distro
appname
vulns[ vulnId, vulnName, severity, desc ]

 

To access the completed time of the assessment then you could write python code as follows.

compDate = inputs.get('completed')

Vulnerability data has a similar format but is an array of vulnerabilities for this assessment. You could access it as follows:

vs = inputs.get('vulns')
for v in vs:
   name=v.get('vulnName')
   desc=v.get('desc')

RETURNING VARIABLES TO FACTION

You can update the Faction database with external sources. These variables that are accepted back into Faction are defined in the Output Format Table. Below are the output variables for an Assessment Completed Event.

vulnId
tracking

These variables must be Key-Value pairs in an Array. To return an updated trackingId that would be from an external system you do something similar to the following code:

 array=VTArray()
 vs = inputs.get('vulns')
 
 for v in vs:
   track=VTKVPair()
   trackingID=YourFunction2GetData(v.get('vulnName'), v.get('desc'))
   track.put('vulnId', v.get('vulnId'))  #keep our current vulnerability id
   track.put('tracking', trackingID)  # update the Faction Vulnerability Tracking Id
   array.add(track) # add the keyvalue pairs to the output array

return array

PUT IT ALL TOGETHER

Lets tie faction into Jira so that when an assessment is complete we can submit all our vulnerabilities into Jira and update Faction with the Jira Ids. Below is our code:

from vtrack.pylib import VTKVPair
from vtrack.pylib import VTArray
from vtrack.pylib import VTIntegration
import sys
#we need to import external libraries
sys.path.append("C:\\Python27\\lib\\site-packages")
sys.path.append("C:\\tmp")
import requests
import json
import html2jira
import customPass; #this is a custom file that sets out Jira Password.

class API(VTIntegration):

def runit(self, inputs):
  array=VTArray()
  vs = inputs.get('vulns')
 
  for v in vs:
    h = html2jira.HTML2Jira() #import this file that converts HTML to Jira formating.
    h.ignore_links = True
    h.ignore_images = True
    track=VTKVPair()
    headers = {'Authorization': 'Basic ' + customPass.password,
                  'Content-Type': 'application/json'}

    r = requests.post("https://yourjira.atlassian.net/rest/api/2/issue/", data=json.dumps({
                    "fields": {
                    "project":
                    {
                         "key": "TI"
                    },
                    "summary": v.get('vulnName'),
                    "description": h.handle(v.get('desc')),
                    "issuetype": {
                       "name": "Bug"
                    }
                    }
              }), headers=headers)
 
    j = r.json()
    track.put('vulnId', v.get('vulnId'))
    track.put('tracking', 'JIRA-' + j.get('id'))
    array.add(track)
    print array

  return array

 

After finalizing an assessment our vulnerabilities are uploaded to Jira and formatted similar to how they exist in the report. Notice full vulnerability exploit steps and descriptions are added to the issues created in JIRA.

 

Now we can query for the vulnerability in Faction and find the Jira ID. 

Search by our Tracking Id in JIRA:

 

Reports are automatically updated the the external system’s tracking number as well.

Submit a Comment

Your email address will not be published.