From b40d1fd571e4bd888142b87297cd7eac4273e144 Mon Sep 17 00:00:00 2001
From: Shivers123 <89097232+Shivers123@users.noreply.github.com>
Date: Tue, 2 Jul 2024 16:03:01 -0700
Subject: [PATCH] Create Host_CVE_Lookup

This script will run lacework CLI command to find all sub-accounts
It will then run lacework CLI command looking for CVE noted in code and save findings to output csv file

jq is needed
---
 Host_CVE_Lookup | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 Host_CVE_Lookup

diff --git a/Host_CVE_Lookup b/Host_CVE_Lookup
new file mode 100644
index 0000000..93301a7
--- /dev/null
+++ b/Host_CVE_Lookup
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Define the CSV file to save findings
+csv_file="findings.csv"
+
+# Write CSV header
+echo "subaccount,hostname,internalIp,InstanceId,severity,status,vulnId" > "$csv_file"
+
+# Get the list of sub-accounts
+sub_accounts=$(lacework account list | tail -n +3)
+
+# Loop through each sub-account and run the command
+while read -r sub_account; do
+  # Trim leading and trailing whitespace
+  sub_account=$(echo $sub_account | xargs)
+  if [[ -n "$sub_account" ]]; then
+    echo "Running command for sub-account: $sub_account"
+    json_output=$(lacework vulnerability host list-hosts CVE-2024-6387 --subaccount "$sub_account" --json)
+    
+    if [[ "$json_output" != "null" ]]; then
+      # Extract data using jq and append to CSV
+      echo "$json_output" | jq -r --arg subaccount "$sub_account" '.[] | "\($subaccount),\(.machineTags.Hostname),\(.machineTags.InternalIp),\(.machineTags.InstanceId),\(.severity),\(.status),\(.vulnId)"' >> "$csv_file"
+    fi
+  fi
+done <<< "$sub_accounts"
+
+echo "Findings have been saved to $csv_file"