vulnerability-management
1
总安装量
1
周安装量
#48572
全站排名
安装命令
npx skills add https://github.com/sherifeldeeb/agentskills --skill vulnerability-management
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
Vulnerability Management Skill
Manage the complete vulnerability lifecycle from discovery to remediation with scan processing, risk prioritization, and tracking capabilities.
Capabilities
- Scan Processing: Parse vulnerability scan results (Nessus, Qualys, generic CSV)
- Risk Prioritization: Score and prioritize vulnerabilities by risk
- Remediation Tracking: Track remediation progress with SLAs
- Exception Management: Document risk acceptances and exceptions
- Reporting: Generate executive and technical vulnerability reports
- Metrics: Track vulnerability management KPIs
Quick Start
from vuln_utils import VulnerabilityScanner, RemediationTracker, VulnMetrics
# Process scan results
scanner = VulnerabilityScanner()
scanner.add_finding('CVE-2024-1234', 'Critical', 'SERVER-01', 'Remote code execution')
scanner.add_finding('CVE-2024-5678', 'High', 'SERVER-02', 'SQL injection')
# Track remediation
tracker = RemediationTracker()
tracker.add_vulnerability('CVE-2024-1234', 'Critical', 'SERVER-01')
tracker.assign('CVE-2024-1234', 'admin-team', due_date='2024-02-01')
tracker.mark_remediated('CVE-2024-1234', 'Patched')
# Generate report
print(scanner.generate_report())
Usage
Scan Processing
Parse and normalize vulnerability scan results.
Example:
from vuln_utils import VulnerabilityScanner
scanner = VulnerabilityScanner()
# Add findings manually
scanner.add_finding(
cve_id='CVE-2024-1234',
severity='Critical',
affected_host='SERVER-01',
description='Remote code execution in Apache',
cvss_score=9.8,
solution='Update to version 2.4.55'
)
scanner.add_finding(
cve_id='CVE-2024-5678',
severity='High',
affected_host='SERVER-02',
description='SQL injection vulnerability',
cvss_score=8.2,
solution='Apply security patch KB12345'
)
# Parse from CSV
scanner.import_csv('scan_results.csv')
# Parse Nessus CSV export
scanner.import_nessus_csv('nessus_export.csv')
# Get summary
print(scanner.get_summary())
# Filter by severity
critical = scanner.get_by_severity('Critical')
high = scanner.get_by_severity('High')
# Get unique CVEs
cves = scanner.get_unique_cves()
# Generate report
print(scanner.generate_report())
print(scanner.generate_executive_summary())
Risk Prioritization
Prioritize vulnerabilities based on multiple risk factors.
Example:
from vuln_utils import RiskPrioritizer
prioritizer = RiskPrioritizer()
# Add vulnerabilities with context
prioritizer.add_vulnerability(
cve_id='CVE-2024-1234',
cvss_score=9.8,
affected_host='SERVER-01',
asset_criticality='high',
exploit_available=True,
internet_facing=True
)
prioritizer.add_vulnerability(
cve_id='CVE-2024-5678',
cvss_score=8.2,
affected_host='SERVER-02',
asset_criticality='medium',
exploit_available=False,
internet_facing=False
)
# Calculate risk scores
prioritizer.calculate_risk_scores()
# Get prioritized list
prioritized = prioritizer.get_prioritized_list()
for vuln in prioritized:
print(f"{vuln['cve_id']}: Risk Score {vuln['risk_score']}")
# Get top N by risk
top_10 = prioritizer.get_top_n(10)
# Generate risk report
print(prioritizer.generate_risk_report())
Remediation Tracking
Track vulnerability remediation progress.
Example:
from vuln_utils import RemediationTracker
tracker = RemediationTracker()
# Add vulnerabilities to track
tracker.add_vulnerability(
cve_id='CVE-2024-1234',
severity='Critical',
affected_host='SERVER-01',
sla_days=7 # Critical = 7 days
)
tracker.add_vulnerability(
cve_id='CVE-2024-5678',
severity='High',
affected_host='SERVER-02',
sla_days=30 # High = 30 days
)
# Assign to teams
tracker.assign('CVE-2024-1234', 'infrastructure-team', due_date='2024-02-01')
tracker.assign('CVE-2024-5678', 'application-team', due_date='2024-02-15')
# Update status
tracker.update_status('CVE-2024-1234', 'in_progress', notes='Patch scheduled for maintenance window')
# Mark as remediated
tracker.mark_remediated('CVE-2024-1234', method='Patched to version 2.4.55')
# Check SLA compliance
overdue = tracker.get_overdue()
at_risk = tracker.get_at_risk(days=3) # Due within 3 days
# Generate status report
print(tracker.generate_status_report())
Exception Management
Document risk acceptances and exceptions.
Example:
from vuln_utils import ExceptionManager
exceptions = ExceptionManager()
# Create exception request
exceptions.create_exception(
cve_id='CVE-2024-9999',
affected_host='LEGACY-SERVER',
reason='System scheduled for decommission in 90 days',
compensating_controls='Network isolated, enhanced monitoring',
requested_by='john.smith',
expiration_date='2024-04-15'
)
# Approve exception
exceptions.approve_exception(
cve_id='CVE-2024-9999',
approved_by='security.manager',
notes='Approved with condition of weekly review'
)
# Check for expired exceptions
expired = exceptions.get_expired()
# Generate exception report
print(exceptions.generate_report())
Vulnerability Metrics
Track vulnerability management KPIs.
Example:
from vuln_utils import VulnMetrics
metrics = VulnMetrics()
# Add historical data
metrics.add_scan_result({
'date': '2024-01-15',
'critical': 5,
'high': 20,
'medium': 50,
'low': 100
})
metrics.add_remediation_record({
'cve_id': 'CVE-2024-1234',
'severity': 'Critical',
'detected_at': '2024-01-10',
'remediated_at': '2024-01-15'
})
# Calculate metrics
print(f"MTTR (Critical): {metrics.calculate_mttr('Critical'):.1f} days")
print(f"SLA Compliance: {metrics.calculate_sla_compliance():.1f}%")
print(f"Remediation Rate: {metrics.calculate_remediation_rate():.1f}%")
# Get trending data
trend = metrics.get_vulnerability_trend(days=90)
# Generate metrics report
print(metrics.generate_report())
Asset-Based Views
View vulnerabilities by asset.
Example:
from vuln_utils import AssetVulnerabilityView
view = AssetVulnerabilityView()
# Add asset vulnerability data
view.add_asset_vulnerability('SERVER-01', 'CVE-2024-1234', 'Critical')
view.add_asset_vulnerability('SERVER-01', 'CVE-2024-5678', 'High')
view.add_asset_vulnerability('SERVER-02', 'CVE-2024-9999', 'Medium')
# Set asset metadata
view.set_asset_criticality('SERVER-01', 'high')
view.set_asset_criticality('SERVER-02', 'medium')
# Get asset risk summary
summary = view.get_asset_summary('SERVER-01')
# Get highest risk assets
risky_assets = view.get_highest_risk_assets(limit=10)
# Generate asset report
print(view.generate_asset_report('SERVER-01'))
Configuration
Environment Variables
| Variable | Description | Required | Default |
|---|---|---|---|
VULN_SLA_CRITICAL |
SLA days for Critical | No | 7 |
VULN_SLA_HIGH |
SLA days for High | No | 30 |
VULN_SLA_MEDIUM |
SLA days for Medium | No | 90 |
VULN_SLA_LOW |
SLA days for Low | No | 180 |
Default SLAs
| Severity | Default SLA |
|---|---|
| Critical | 7 days |
| High | 30 days |
| Medium | 90 days |
| Low | 180 days |
Limitations
- No Scanner Integration: Manual import required
- No Auto-Discovery: Assets must be defined manually
- Local Storage: Data stored in memory only
Troubleshooting
Invalid CVSS Score
CVSS scores must be between 0.0 and 10.0:
# Valid
scanner.add_finding('CVE-2024-1234', 'Critical', 'SERVER-01', cvss_score=9.8)
# Invalid
scanner.add_finding('CVE-2024-1234', 'Critical', 'SERVER-01', cvss_score=15.0) # Error!
SLA Calculation Issues
Ensure dates are in correct format:
# Correct format
tracker.assign('CVE-2024-1234', 'team', due_date='2024-02-01')
# Incorrect format
tracker.assign('CVE-2024-1234', 'team', due_date='02/01/2024') # May fail