Skip to content
This repository has been archived by the owner on May 3, 2020. It is now read-only.

User Defined Variables

Jump to bottom
BuffaloWill edited this page Mar 24, 2018 · 6 revisions

User Defined Variables give the ability to add global variables to a report. For example, say that you wanted the following network range to be shown through the report:

192.168.1.0/24

User Defined Objects are also available, which allow a more structured version of UDV's

There are two ways to add a UDV:

Adding a UDV Through the UI

Go to Report > Additional Features > Edit User Defined Variables and add

Name: ip_range

Value: 192.168.1.0/24

Save.

Go into your report template and add §ip_range§ where this range should appear. The ips will be inserted when the report is generated.

Adding a Global UDV variable in config.json

It is also possible to add a User Defined Variable into the config.json. This will save the effort of having to re-create the UDV through the UI and will be automatically added to each new report. To do this, edit config.json and edit the user_defined_variables value:

"user_defined_variables":["ip_range"]

Go to Report > Additional Features > Edit User Defined Variables and modify the value to the range of your choice:

Value: 192.168.1.0/24

Go into your report template and add §ip_range§ where this range should appear. The ips will be inserted when the report is generated.

Reserved UDVs

The following are reserved UDVs

  • Findings totals:

When the report is generated Serpico tallies the total number of critical, high, moderate, low, and informational findings depending on your scoring algorithm. This is useful for the report because you can add these totals to different sections (e.g. the executive summary) without having to calculate them yourself.

The UDVs are:

§total_tally§ : Total number of findings

§critical_tally§ : Total number of critical findings

§high_tally§ : Total number of high findings

§moderate_tally§ : Total number of moderate findings

§low_tally§ : Total number of low findings

§informational_tally§ : Total number of informational findings

DREAD

  • 40+ : critical
  • 30 - 40 : high
  • 20 - 30 : moderate
  • 10 - 20 : low
  • 0 - 10 : informational

CVSSv2 (total score used)

  • 7+ : high
  • 4 - 6.9 : moderate
  • 0 - 3.9 : low

CVSSv3 (total score used)

  • 9+ : critical
  • 7 - 8.9 : high
  • 4 - 6.9 : moderate
  • 0 - 3.9 : low

risk and riskmatrix

  • 4:critical
  • 3:high
  • 2:moderate
  • 1:low
  • 0:informational
Clone this wiki locally