Monday, June 25, 2012

NBE to Delimited Text

Code:
https://github.com/JasonMOliver/Java_Parsers/blob/master/VulnTable3.java

-----

I  have been working this week with a lot of data files from Security Center and found that it will only support .nessus V1 files at this point. In an effort to parse this data I fell back to using .nbe files as they are just a bit simpler to juice data out of at the command-line in a rush.

At the end of the day I needed some clean data to use in the block of results and this set of commands was the result of that.

grep 'results|' *.nbe | awk -F '|' '{print $3"|"$5"|"$6"|"$7}' | sed 's/\\n/ /g' > ParseInput.nbe

java VulnTable3 > input.csv

sed 's/Description :/|Description :/g' input.csv | sed 's/Solution :/|Solution :/g' | sed 's/Risk factor :/|Risk factor :/g' | sed 's/Plugin output :/|Plugin output :/g' | sed 's/|, /||Host(s) :/g' | sed 's/Public Exploit Available :/|Public Exploit Available :/g' | sed 's/CVE :/|CVE :/g' | sed 's/Other references :/|Other references :/g' | sed 's/|Plugin output :.*|/|/g' | sed 's/\/ CVSS Base Score :/|CVSS Base Score :/g' | sed 's/Risk factor :  Critical/Risk factor :  Critical|/g' | sed 's/Risk factor :  High/Risk factor :  High|/g' | sed 's/Risk factor :  Medium/Risk factor :  Medium|/g' | sed 's/Risk factor :  Low/Risk factor :  Low|/g' | sed 's/Risk factor :  None/Risk factor :  None|/g' | sed 's/|CVSS Base Score :/CVSS Base Score :/g' | sed 's/|Public Exploit Available :/Public Exploit Available :/g' | sed 's/|CVE :/CVE :/g' | sed 's/|Other references :/Other references :/g' | sed 's/||Host(s) :/|Host(s) :/g' > output.csv


After this you can import the file to Excel with | as the delimiter.

I am sure I will return to this and fix it, as I will be working with Security Center a lot more in the future but I felt this was worth a post if anything so I will not forget how I did this next time.

cheers

JSN 

1 comment:

  1. thats a lotta pipes, consider using sed with multiple '-e' switches a la sed -e 's/reg/ex/g' -e 's/another reg/ex/g'

    ReplyDelete