mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
This commit is contained in:
@@ -1,28 +1,159 @@
|
||||
# API Reference: Vulnerability remediation SLA tracking
|
||||
# API Reference: Vulnerability Remediation SLA Tracking
|
||||
|
||||
## API Details
|
||||
SLA tiers: Critical=24h, High=72h, Medium=30d, Low=90d, Tenable/Qualys API
|
||||
## Libraries Used
|
||||
|
||||
| Library | Purpose |
|
||||
|---------|---------|
|
||||
| `requests` | Fetch vulnerability data from scanner APIs |
|
||||
| `json` | Parse vulnerability and asset data |
|
||||
| `datetime` | Calculate SLA deadlines, time-to-remediation |
|
||||
| `csv` | Export SLA compliance reports |
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
pip install requests datetime
|
||||
pip install requests
|
||||
```
|
||||
|
||||
## Libraries
|
||||
## SLA Tiers
|
||||
|
||||
| Library | Use |
|
||||
|---------|-----|
|
||||
| `requests` | requests client/SDK |
|
||||
| `datetime` | datetime client/SDK |
|
||||
| Severity | CVSS Range | SLA Deadline | Description |
|
||||
|----------|------------|-------------|-------------|
|
||||
| Critical | 9.0 - 10.0 | 24 hours | Actively exploited or trivially exploitable |
|
||||
| High | 7.0 - 8.9 | 72 hours | Remote code execution, privilege escalation |
|
||||
| Medium | 4.0 - 6.9 | 30 days | Requires user interaction or local access |
|
||||
| Low | 0.1 - 3.9 | 90 days | Informational, minimal impact |
|
||||
|
||||
## Authentication
|
||||
## Core Operations
|
||||
|
||||
| Method | Header |
|
||||
|--------|--------|
|
||||
| Bearer Token | `Authorization: Bearer <token>` |
|
||||
| API Key | `X-API-Key: <key>` |
|
||||
### Define SLA Configuration
|
||||
```python
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
SLA_TIERS = {
|
||||
"critical": timedelta(hours=24),
|
||||
"high": timedelta(hours=72),
|
||||
"medium": timedelta(days=30),
|
||||
"low": timedelta(days=90),
|
||||
}
|
||||
|
||||
def get_sla_deadline(severity, discovery_date):
|
||||
tier = severity.lower()
|
||||
sla_window = SLA_TIERS.get(tier, timedelta(days=90))
|
||||
return discovery_date + sla_window
|
||||
```
|
||||
|
||||
### Calculate SLA Status for a Vulnerability
|
||||
```python
|
||||
def calculate_sla_status(vuln):
|
||||
discovery = datetime.fromisoformat(vuln["discovery_date"])
|
||||
deadline = get_sla_deadline(vuln["severity"], discovery)
|
||||
now = datetime.now()
|
||||
|
||||
if vuln.get("remediated_date"):
|
||||
remediated = datetime.fromisoformat(vuln["remediated_date"])
|
||||
return {
|
||||
"cve": vuln["cve"],
|
||||
"status": "remediated",
|
||||
"met_sla": remediated <= deadline,
|
||||
"time_to_remediate_hours": (remediated - discovery).total_seconds() / 3600,
|
||||
}
|
||||
|
||||
overdue = now > deadline
|
||||
hours_remaining = (deadline - now).total_seconds() / 3600 if not overdue else 0
|
||||
hours_overdue = (now - deadline).total_seconds() / 3600 if overdue else 0
|
||||
|
||||
return {
|
||||
"cve": vuln["cve"],
|
||||
"status": "overdue" if overdue else "open",
|
||||
"severity": vuln["severity"],
|
||||
"deadline": deadline.isoformat(),
|
||||
"hours_remaining": round(hours_remaining, 1),
|
||||
"hours_overdue": round(hours_overdue, 1),
|
||||
}
|
||||
```
|
||||
|
||||
### Fetch Vulnerabilities from Tenable
|
||||
```python
|
||||
import requests
|
||||
import os
|
||||
|
||||
TENABLE_URL = "https://cloud.tenable.com"
|
||||
headers = {
|
||||
"X-ApiKeys": f"accessKey={os.environ['TENABLE_ACCESS_KEY']};secretKey={os.environ['TENABLE_SECRET_KEY']}",
|
||||
}
|
||||
|
||||
def get_open_vulnerabilities():
|
||||
resp = requests.get(
|
||||
f"{TENABLE_URL}/workbenches/vulnerabilities",
|
||||
headers=headers,
|
||||
params={"date_range": 90, "filter.0.filter": "severity", "filter.0.value": "4,3"},
|
||||
timeout=60,
|
||||
)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("vulnerabilities", [])
|
||||
```
|
||||
|
||||
### Generate SLA Compliance Report
|
||||
```python
|
||||
def generate_sla_report(vulnerabilities):
|
||||
report = {
|
||||
"total": len(vulnerabilities),
|
||||
"by_status": {"open": 0, "overdue": 0, "remediated": 0},
|
||||
"by_severity": {"critical": 0, "high": 0, "medium": 0, "low": 0},
|
||||
"sla_compliance_rate": 0.0,
|
||||
"overdue_vulns": [],
|
||||
"mean_time_to_remediate": {},
|
||||
}
|
||||
|
||||
remediated_times = {"critical": [], "high": [], "medium": [], "low": []}
|
||||
|
||||
for vuln in vulnerabilities:
|
||||
status = calculate_sla_status(vuln)
|
||||
report["by_status"][status["status"]] += 1
|
||||
report["by_severity"][vuln["severity"].lower()] += 1
|
||||
|
||||
if status["status"] == "overdue":
|
||||
report["overdue_vulns"].append(status)
|
||||
if status["status"] == "remediated":
|
||||
sev = vuln["severity"].lower()
|
||||
remediated_times[sev].append(status["time_to_remediate_hours"])
|
||||
|
||||
total_with_deadline = report["by_status"]["remediated"] + report["by_status"]["overdue"]
|
||||
if total_with_deadline > 0:
|
||||
met_sla = sum(1 for v in vulnerabilities
|
||||
if calculate_sla_status(v).get("met_sla", False))
|
||||
report["sla_compliance_rate"] = round(met_sla / total_with_deadline * 100, 1)
|
||||
|
||||
for sev, times in remediated_times.items():
|
||||
if times:
|
||||
report["mean_time_to_remediate"][sev] = round(sum(times) / len(times), 1)
|
||||
|
||||
return report
|
||||
```
|
||||
|
||||
## Output Format
|
||||
|
||||
```json
|
||||
{"timestamp": "ISO-8601", "findings": [], "risk_level": "HIGH"}
|
||||
{
|
||||
"report_date": "2025-01-15",
|
||||
"total": 245,
|
||||
"by_status": {"open": 180, "overdue": 23, "remediated": 42},
|
||||
"by_severity": {"critical": 5, "high": 28, "medium": 112, "low": 100},
|
||||
"sla_compliance_rate": 87.5,
|
||||
"mean_time_to_remediate": {
|
||||
"critical": 18.5,
|
||||
"high": 52.3,
|
||||
"medium": 480.0,
|
||||
"low": 1200.0
|
||||
},
|
||||
"overdue_vulns": [
|
||||
{
|
||||
"cve": "CVE-2024-21887",
|
||||
"severity": "critical",
|
||||
"hours_overdue": 48.5,
|
||||
"deadline": "2025-01-13T10:00:00"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user