Migration 010 + model updates that prep VulnCheck to merge Nessus
findings with existing Wazuh-sourced vulnerabilities on the same
(cve_id, asset_id) row instead of creating parallel duplicates.
Schema (alembic/versions/010_add_nessus_integration.py):
- vulnerabilities.sources JSON list of scanners that detected
this finding, e.g. ["wazuh","nessus"]
- vulnerabilities.nessus_plugin_id Nessus plugin ID for the finding
- vulnerabilities.nessus_finding_uuid stable per-finding identifier
- vulnerabilities.first_detected_by which scanner first reported it
- vulnerabilities.cve_id widened 20 -> 50 chars so non-CVE Nessus
findings can be stored as
NESSUS-PLUGIN-{plugin_id} pseudo-CVEs
- assets.nessus_host_uuid pin Nessus host after first match
- scan_schedules.scanner_type wazuh|nessus, default wazuh for
backwards compat
- Backfill: every existing vuln sources = ["wazuh"],
first_detected_by = wazuh
Model helpers:
- Vulnerability.source_list / cross_confirmed / is_pseudo_cve properties
- Vulnerability.add_source(name) / remove_source(name) (no commit)
- Asset.nessus_host_uuid column
- ScanSchedule.scanner_type column
No behaviour change yet — Phase 2 will add the NessusClient + sync
function that actually populate these fields.
vulncheck
ec81ec609f