Parsing Nessus Files

reveretts · January 26, 2017, 12:40pm

Hello,

I am very new to PowerShell and learning mostly through the Month of Lunches book, which is great. I am trying to come up with a simple script to help me parse multiple Nessus CSV files that total around 2GB to pull out the information I need. I am trying to get a count of findings based on risk level per individual IP. For example my $mediumhost variable should display “hostIP, # of medium findings”

Here is the code I have come up with. Please be gentle

# Prompt for path to CSV file to parse

$file = Read-Host -Prompt 'Input path to file'

# Import CSV file to variable

$all = import-csv $file

# Create variable for totals of all risk count

$lowall = $all | where {$_.risk -eq "low"}
$mediumall = $all | where {$_.risk -eq "medium"}
$highall = $all | where {$_.risk -eq "high"}
$criticalall = $all | where {$_.risk -eq "critical"}

# Create variable for risk count per host

$lowhost = $lowall | select host,risk | sort
$mediumhost = $mediumall | select host,risk | sort
$highhost = $highall | select host,risk | sort
$criticalhost = $criticalall | select host,risk | sort

skalizar · January 26, 2017, 1:53pm

What problem are you having? Nothing wrong is jumping out at me, except possibly a lack of output.

reveretts · January 26, 2017, 2:02pm

Currently the output of $mediumhost is showing

Host Risk

x.x.x.131 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.134 Medium
x.x.x.157 Medium

I would like it to display the following:

Host Risk

x.x.x.131 1
x.x.x.134 7
x.x.x.157 1

random-commandline · January 26, 2017, 2:25pm

# Prompt for path to CSV file to parse

$file = Read-Host -Prompt 'Input path to file'
# Import CSV file to variable
$all = import-csv $file

# Create variable for totals of all risk count
$lowall = $all | Where-Object {$_.risk -eq "low"} | Group-Object -Property Host |
Select-Object @{n='Host';exp={$_.Name}},@{n='Risk';exp={$_.Count}}

$mediumall = $all | Where-Object {$_.risk -eq "medium"} | Group-Object -Property Host |
Select-Object @{n='Host';exp={$_.Name}},@{n='Risk';exp={$_.Count}}

$highall = $all | Where-Object {$_.risk -eq "high"} | Group-Object -Property Host |
Select-Object @{n='Host';exp={$_.Name}},@{n='Risk';exp={$_.Count}}

$criticalall = $all | Where-Object {$_.risk -eq "critical"} | Group-Object -Property Host |
Select-Object @{n='Host';exp={$_.Name}},@{n='Risk';exp={$_.Count}}

$lowall
$mediumall
$highall
$criticalall