Skip to content

SoteriaSoftwareLLC/cyrinae-portfolio-manager-scripts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

193 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CYRINAE Portfolio Manager Scripts

CYRINAE = Cyber Risk Integrated Automation Engine

CYRINAE

What this is For

This repo is for Python, Pandas and other libraries to do higher level processing of cyber compliance, hygiene, and security data.

This is used for testing python and pandas processing on larger CSV type datasets exported from OpenRMF Professional by Soteria Software.

We leverage the APIs in the Automation Repo and combine them here to do higher level features and calculations using your OpenRMF® Professional data.

CYRINAE is the all encompassing solution of the following items:

  • OpenRMF Professional
  • Elastic AI Service Provider Interface (SPI)
  • Elastic SIEM SPI
  • Slack SPI
  • Email SPI
  • Portfolio Manager (currently under development)

How this is Used

This repo has scripts to call APIs with examples as well. It is organized by topic and area of cyber compliance, hygiene, and security. It also has example .csv files exported from data in OpenRMF Professional. And it has higher level python scripts to call the OpenRMF Professional external API and process information.

The scripts is the best place to start to see the main ideas around risk profiling, POAM prioritization, overview PDFs and more.

Available Scripts

The scripts available are below. And we have other ones copied from our GH public automation repo at https://github.com/SoteriaSoftwareLLC/openrmfpro-automation/ to show how you use them to do higher level work.

Most of the scripts below you pass in the root URL, your OpenRMF® Professional application key, the token, and then your systemKey. See comments in the scripts if more is required.

Script Description
System Package Overview PDF Creates a PDF for main points in your system package
System Package POAM Raw Severity PDF Creates a PDF for your POAM risk data based on raw severity of items
System Package POAM Residual Risk PDF Creates a PDF for your POAM risk data based on your residual risk of items
Risk Profiler PDF Create a PDF using the thresholds in the settings file to run a risk profiler on all your system package data
CMMC Score (WIP) Calculate your pass/fail and score for CMMC 2.0 Level 1, 2 or 3 -- still a work in progress
Golden Baseline Mathematically discover what the actual baseline is across your infrastructure, and isolate the outliers.
POAM Prioritizing Optimization, weighted scoring algorithms, categorical data handling of POAM items to show greatest impact for prioritizing work.
Pre-Assessment Checker Check that you are ready for assessment with high level checks across all your compliance data and vulnerabilities.
Ghost Assets Find if there are assets in your listing across hardware, checklists, and ports/protocols/services that are not related to devices in your system package.
Quarantine Testing Based on settings, find devices that meet certain criteria that warrant investigating for quarantine.
Patch CVE Listing Show your open patch vulnerabilities with CVE data matching the CVEs listed in patch descriptions (if any) with scores. Generate CVE main CSV data first.
Patch KEV Listing Show your open patch vulnerabilities with KEV data matching the CVEs listed in patch descriptions (if any) with dates. Download KEV data first.
Patch CVE & KEV Listing Show your open patch vulnerabilities with CVE and KEV data matching the CVE IDs listed in patch descriptions (if any) with dates. Generate CVE main CSV data and download KEV data first.
Container Scan CVE Listing Show your open container scan vulnerabilities with CVE data matching the CVE IDs listed in patch descriptions (if any) with scores.
Container Scan KEV Listing Show your open container scan vulnerabilities with KEV data matching the CVE IDs listed in patch descriptions (if any) with dates.
Container Scan CVE & KEV Listing Show your open container scan vulnerabilities with CVE and KEV data matching the CVE IDs listed in patch descriptions (if any) with dates.

About

Python, Pandas and other libraries to do higher level processing of cyber compliance, hygiene, and security data for CYRINAE using OpenRMF Professional data

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages