Auto catagorize based on CVSS score


#1

Is there a way to get dradis to auto catagorize the imported results based on CVSS score, such as those from nessus. im finding im having to identify every issue manually. this could be quite time consuming?


#2

Hi @leonteale,

If you click on “All Issues”, you can select and tag multiple findings in one go, which should save some time.

Currently there is no way to automatically tag a finding based on the CVSS score from Nessus in the Community Edition of Dradis. In Dradis Pro, you can define a Rule for the Rules Engine that does it (see example).

HTH,
Daniel


#3

@leonteale I’ve been thinking,

Probably you can do this with a script through rails runner or rails console:

irb> Issues.all.each do |issue|
  case issue.fields('CVSSv2').to_f
  when 10
    issue.tags << Tag.find_or_create_by(name: "!0000ff_Critical")
  when (7.0..9.9)
    issue.tags << Tag.find_or_create_by(name: "!00ff00_High")
  ...
  end
end