admin / Synapse-NetscanXi
publicNetwork Scanning, Vulnerability and Compliance Application
Synapse-NetscanXi / NetscanXiVersion13 / app / templates / index.html
49066 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 | <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>NetscanXi Version 13</title> <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}?v={{ static_ver }}"> <script> /* Apply saved theme before first paint to avoid a flash. */ (function(){ try { var t = localStorage.getItem("netscan-theme"); if (!t) t = window.matchMedia && window.matchMedia("(prefers-color-scheme: light)").matches ? "light" : "dark"; document.documentElement.setAttribute("data-theme", t); } catch(e) { document.documentElement.setAttribute("data-theme", "dark"); } })(); </script> </head> <body> <!-- v8: text banner replaces the logo image --> <div class="app-banner"> <div class="app-banner-title"> <span class="app-name">NetscanXi</span> <span class="version-badge">Version 13</span> </div> <div class="sub">Discovery · software · vulnerabilities · risk scoring · change detection</div> </div> <div class="topbar"> <div class="brand"> {% if auth_enabled and username %} <span class="whoami">👤 {{ username }} <span class="role-tag role-{{ role }}">{{ role }}</span></span> {% if tenant_scoped %}<span class="tenant-tag" title="Your data tenant">🏢 {{ tenant }}</span>{% endif %} {% endif %} {% if scheduler.enabled %} <div class="sched-note">⏱ Scheduled every {{ scheduler.interval_minutes }} min ({{ scheduler.profile }})</div> {% else %}<div class="sched-note">⏱ Scheduling off</div>{% endif %} </div> <div class="right toolbar"> <div class="global-search"> <input type="text" id="globalSearch" placeholder="🔍 Search assets, CVEs, software…" autocomplete="off" oninput="onGlobalSearch()" onfocus="onGlobalSearch()"> <div id="globalSearchResults" class="gs-results" style="display:none"></div> </div> <button class="theme-toggle" id="themeToggle" onclick="toggleTheme()" title="Switch light/dark mode"> <span id="themeIcon">☾</span> <span id="themeLabel">Dark</span> </button> {% if can_scan %}<button class="ghost" onclick="openSchedules()" title="Manage scheduled scans">⏱ Schedule</button>{% endif %} {% if auth_enabled and username %} {% if has_account %}<button class="ghost" onclick="openMfa()" title="Two-factor authentication">🔐 Security</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openUsers()" title="User administration">👥 User Admin</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openGroupsAdmin()" title="Create & manage asset groups">🗂 Asset Groups</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openIntegrations()" title="Service-desk integrations">🔗 Integrations</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openSonar()" title="Synapse Sonar vulnerability sync (send & pull)">📡 Synapse Sonar</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openCortex()" title="Send asset inventory to Synapse Cortex">🧠 Synapse Cortex</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openAdminSettings()" title="Admin settings & data retention">⚙ Admin</button>{% endif %} {% if is_tenant_admin %}<button class="ghost" onclick="openActivity()" title="Login & activity log">📋 Activity</button>{% endif %} <button class="ghost danger" onclick="location.href='{{ url_for('logout') }}'" title="Sign out">⎋ Logout</button> {% endif %} </div> </div> <div class="controls"> <input type="text" id="target" value="{{ default_target }}" placeholder="192.168.1.0/24 or 10.0.0.5"> <select id="profile"> {% for key, p in profiles.items() %} <option value="{{ key }}" {% if key == default_profile %}selected{% endif %}>{{ p.label }}</option> {% endfor %} </select> {% if can_scan %} <button id="scanBtn" onclick="startScan()">Scan</button> <button id="passiveBtn" class="ghost" onclick="startPassiveScan()" title="Passive scan: listen only, send no probes. Harvests assets the network already advertises (IP, MAC, vendor, hostname, advertised services). No ports, services or vulnerabilities.">Passive Scan</button> <label class="passive-dur" title="How long the passive scan listens for device self-announcements (mDNS/SSDP). 0-10 minutes; 0 reads only the ARP/neighbour cache.">Listen <input type="number" id="passive-minutes" min="0" max="10" step="1" value="1"> min</label> <button id="cancelBtn" class="danger" onclick="cancelScan()" style="display:none">Stop</button> {% else %} <span class="muted" style="font-size:13px">🔒 Read-only access — scanning requires an operator or admin role.</span> {% endif %} <button class="ghost" onclick="exportData('csv')">Export CSV</button> <button class="ghost" onclick="exportData('json')">Export JSON</button> <button class="ghost" onclick="exportData('pdf')" title="Branded PDF report">Export PDF</button> </div> <div class="scan-options" id="scanOptions"{% if not can_scan %} style="display:none"{% endif %}> <span class="so-label">Scan options:</span> <label><input type="checkbox" id="opt-ports" {% if default_options.ports %}checked{% endif %}> Ports</label> <label><input type="checkbox" id="opt-services" {% if default_options.services %}checked{% endif %}> Running services</label> <label><input type="checkbox" id="opt-os" {% if default_options.os %}checked{% endif %}> OS detection</label> <label><input type="checkbox" id="opt-docker" {% if default_options.docker %}checked{% endif %}> Docker hosts</label> <label title="v10r1: deep Docker scan — authenticated Engine API inventory (containers/images), per-image CVE scanning (Trivy/Grype) and a CIS Docker benchmark audit."><input type="checkbox" id="opt-docker-deep" {% if default_options.docker_deep %}checked{% endif %}> Deep Docker scan</label> <label><input type="checkbox" id="opt-vulns" {% if default_options.vulns %}checked{% endif %}> Vulnerabilities</label> <label title="v9.1: version + patch-aware CVE matching (vulners NSE). Identifies installed patch/build levels so CVEs are matched against the exact release, not just the distro version."><input type="checkbox" id="opt-patch" {% if default_options.patch_audit %}checked{% endif %}> Patch-aware vulns</label> <label title="Defensive: detects cleartext logins, exposed/unauthenticated services and weak TLS. Does NOT brute-force or capture credentials."><input type="checkbox" id="opt-creds" {% if default_options.creds %}checked{% endif %}> Credential exposure</label> <label title="Identify Domain Controllers and report AD auth/hardening posture (defensive enumeration; no password attacks)."><input type="checkbox" id="opt-ad" {% if default_options.ad_audit %}checked{% endif %}> AD / DC audit</label> <label title="Inspect TLS certificates for expiry and weak crypto."><input type="checkbox" id="opt-ssl" {% if default_options.ssl_certs %}checked{% endif %}> SSL/TLS certs</label> </div> <div class="status" id="status">Ready.</div> <div class="progress-wrap" id="progressWrap"> <div class="progress-meta"> <span id="scanStarted"></span> <span id="scanElapsed"></span> <span id="scanCurrentIp" class="scan-current-ip"></span> </div> <div class="progress-track"><div class="progress-fill" id="progressFill"></div> <div class="progress-label" id="progressLabel">0%</div></div> <div class="progress-phase" id="progressPhase"></div> </div> <!-- v9.1: dashboard customise bar (drag / pin / hide / reset) --> <div class="dash-toolbar" id="dashToolbar"> <span class="muted" style="font-size:12px">Dashboard:</span> <button class="ghost mini" id="dashEditBtn" onclick="toggleDashEdit()" title="Drag, pin or hide components">✎ Customise</button> <button class="ghost mini" onclick="resetDashLayout()" title="Restore default layout">↺ Reset layout</button> <span id="dashHidden" class="dash-hidden"></span> </div> <div id="dashGrid"> <!-- Summary cards --> <section class="dash-comp" data-comp="cards" id="comp-cards"> <div class="comp-handle"><span class="comp-title">📑 Summary</span> <span class="comp-ctl"><button class="pin-btn" onclick="pinComp('cards')" title="Pin to top">📌</button><button class="hide-btn" onclick="hideComp('cards')" title="Hide">✕</button></span></div> <div class="cards" id="cards"></div> </section> <!-- v10r1: Docker / container security summary (auto-hides when no Docker hosts) --> <section class="dash-comp" data-comp="docker" id="comp-docker"> <div class="comp-handle"><span class="comp-title">🐳 Docker & Containers</span> <span class="comp-ctl"><button class="pin-btn" onclick="pinComp('docker')" title="Pin to top">📌</button><button class="hide-btn" onclick="hideComp('docker')" title="Hide">✕</button></span></div> <div id="dockerSection" style="display:none"> <div class="cards" id="dockerCards"></div> </div> </section> <!-- v9.2: unified, customisable chart tiles (per-tile type / resize / reorder) --> <section class="dash-comp" data-comp="charts" id="comp-charts"> <div class="comp-handle"><span class="comp-title">📊 Interactive Charts</span> <span class="comp-ctl"><button class="pin-btn" onclick="pinComp('charts')" title="Pin to top">📌</button><button class="hide-btn" onclick="hideComp('charts')" title="Hide">✕</button></span></div> <div class="charts-bar"> <span class="muted" style="font-size:12px">Pick a chart type per tile · drag the ⠿ handle to rearrange · drag a tile's bottom-right corner to resize</span> <button class="ghost mini" onclick="resetCharts()" title="Restore default chart types, sizes and order">↺ Reset charts</button> </div> <div class="chart-grid" id="chartGrid"> <div class="chart-tile" data-chart="os"> <div class="ct-head"><span class="ct-title">🖥️ OS Distribution</span> <span class="ct-tools"><select class="ct-type" aria-label="OS chart type" onchange="setChartType('os',this.value)"></select> <span class="ct-drag" title="Drag to move">⠿</span></span></div> <div class="ct-body" id="ctBody-os"></div> </div> <div class="chart-tile" data-chart="sev"> <div class="ct-head"><span class="ct-title">🛑 Vulnerability Severity</span> <span class="ct-tools"><select class="ct-type" aria-label="Severity chart type" onchange="setChartType('sev',this.value)"></select> <span class="ct-drag" title="Drag to move">⠿</span></span></div> <div class="ct-body" id="ctBody-sev"></div> </div> <div class="chart-tile" data-chart="risk"> <div class="ct-head"><span class="ct-title">📈 Network Risk & Compliance</span> <span class="ct-tools"><select class="ct-type" aria-label="Risk chart type" onchange="setChartType('risk',this.value)"></select> <span class="ct-drag" title="Drag to move">⠿</span></span></div> <div class="ct-body" id="ctBody-risk"></div> </div> <div class="chart-tile" data-chart="comp"> <div class="ct-head"><span class="ct-title">📜 Regulatory Compliance</span> <span class="ct-tools"><select class="ct-type" aria-label="Compliance chart type" onchange="setChartType('comp',this.value)"></select> <span class="ct-drag" title="Drag to move">⠿</span></span></div> <div class="ct-body" id="ctBody-comp"></div> </div> </div> </section> <!-- Top vulns + changes --> <section class="dash-comp" data-comp="vulns" id="comp-vulns"> <div class="comp-handle"><span class="comp-title">🛑 Top Vulnerabilities & Changes</span> <span class="comp-ctl"><button class="pin-btn" onclick="pinComp('vulns')" title="Pin to top">📌</button><button class="hide-btn" onclick="hideComp('vulns')" title="Hide">✕</button></span></div> <div class="grid2"> <div class="panel"> <h2>🛑 Top 10 Vulnerabilities <span class="count" id="vulnCount"></span></h2> <div id="topVulns"><div class="muted">No scan data yet.</div></div> </div> <div class="panel"> <h2>🔔 Recent Changes <span class="count" id="changeCount"></span></h2> <div id="changes"><div class="muted">No previous scan to compare against.</div></div> </div> </div> </section> </div><!-- /dashGrid --> <div class="tabs"> <div class="tab active" data-tab="assets" onclick="switchTab('assets')">Assets</div> <div class="tab" data-tab="software" onclick="switchTab('software')">Software</div> <div class="tab" data-tab="compliance" onclick="switchTab('compliance')">Compliance</div> <div class="tab" data-tab="certs" onclick="switchTab('certs')">Certificates</div> <div class="tab" data-tab="ad" onclick="switchTab('ad')">Active Directory</div> <div class="tab" data-tab="history" onclick="switchTab('history')">Scan History</div> <div class="tab" data-tab="remediation" onclick="switchTab('remediation')">Remediation Tracking</div> <div class="tab" data-tab="more" onclick="switchTab('more')">Patch and Remedy</div> </div> <div id="tab-assets"> <div class="tablewrap"> <div class="tabletop"> <input type="text" id="filter" placeholder="🔎 filter by asset ID, IP, host, OS, port, service, vuln…" oninput="renderSorted()" style="flex:1 1 260px"> <span class="muted" id="assetCount"></span> </div> <div class="bulk-actions" id="bulkActions" style="display:none"> <span id="bulkCount" class="muted"></span> <button class="ghost mini" onclick="bulkExport('csv')">Export selected (CSV)</button> <button class="ghost mini" onclick="bulkExport('json')">Export selected (JSON)</button> {% if can_scan %}<button class="ghost mini" onclick="bulkRescan()">Re-scan selected</button>{% endif %} <button class="ghost mini" onclick="clearSelection()">Clear selection</button> </div> <table id="results"> <thead><tr> <th style="width:28px"><input type="checkbox" id="selectAll" onclick="toggleSelectAll(this)" title="Select all visible"></th> <th style="width:24px"></th> <th data-key="asset_id">Asset ID</th> <th data-key="ip">IP</th> <th data-key="hostname">Hostname</th> <th data-key="device_type">Type</th> <th data-key="os">OS</th> <th data-key="software">Software</th> <th data-key="ports">Ports</th> <th data-key="risk">Risk</th> <th data-key="vuln_count">Vulns</th> <th>Groups</th> </tr></thead> <tbody id="tbody"></tbody> </table> </div> </div> <div id="tab-software" style="display:none"> <div class="tablewrap"> <div class="tabletop"> <input type="text" id="softwareFilter" placeholder="🔎 filter software, version, host…" oninput="renderSoftware()" style="flex:1 1 260px"> <span class="muted" id="softwareCount"></span> </div> <table id="softwareTable"> <thead><tr> <th data-skey="host">Host</th><th data-skey="name">Application / Software</th> <th data-skey="version">Version</th> <th data-skey="service">Service</th><th data-skey="port">Port</th> </tr></thead> <tbody id="softwareBody"></tbody> </table> </div> </div> <div id="tab-compliance" style="display:none"> <div class="tablewrap"> <div class="tabletop"> <input type="text" id="complianceFilter" placeholder="🔎 filter host, status…" oninput="renderCompliance()" style="flex:1 1 260px"> <span class="muted" id="complianceHostCount"></span> </div> <table id="complianceTable"> <thead><tr> <th>Asset ID</th><th>Host</th><th>Status</th> <th>PCI DSS</th><th>GDPR</th><th>ISO 27001</th><th>SOC 2</th><th>HIPAA</th><th>Cyber Essentials</th><th>NIST CSF</th><th>NCSC CAF</th> <th>Findings</th><th>Export</th> </tr></thead> <tbody id="complianceBody"></tbody> </table> </div> </div> <div id="tab-certs" style="display:none"> <div class="tablewrap"> <div class="tabletop"> <input type="text" id="certsFilter" placeholder="🔎 filter host, subject, issuer, status…" oninput="renderCerts()" style="flex:1 1 260px"> <span class="muted" id="certsCount"></span> </div> <table id="certsTable"> <thead><tr> <th data-ckey="ip">Host</th><th data-ckey="port">Port</th> <th data-ckey="subject">Subject</th><th data-ckey="issuer">Issuer</th> <th data-ckey="not_after">Expires</th><th data-ckey="days_left">Days left</th> <th data-ckey="status">Status</th> </tr></thead> <tbody id="certsBody"></tbody> </table> </div> </div> <div id="tab-ad" style="display:none"> <div class="tablewrap"> <div class="tabletop"><span class="muted" id="adCount"></span></div> <div id="adList"><div class="muted">No Active Directory data yet. Run a scan with “AD / DC audit” enabled.</div></div> </div> </div> <div id="tab-history" style="display:none"> <div class="panel"><div id="history"><div class="muted">Loading…</div></div></div> </div> <div id="tab-remediation" style="display:none"> <div class="tablewrap"> <div class="tabletop"> <input type="text" id="remFilter" placeholder="🔎 filter asset, title, status, assignee…" oninput="renderRemediation()" style="flex:1 1 240px"> <select id="remStatusFilter" onchange="renderRemediation()"> <option value="">All statuses</option> <option value="open">Open</option> <option value="in_progress">In progress</option> <option value="blocked">Blocked</option> <option value="resolved">Resolved</option> </select> <span class="muted" id="remCount"></span> {% if can_scan %} <button id="remBulkDel" class="ghost danger-x" onclick="bulkDeleteRemediation()" disabled style="margin-left:auto">🗑 Delete selected</button> {% endif %} </div> <p class="muted" style="font-size:12px;margin:2px 0 10px">Track remediation activities against each asset. Items are <b>tenant-separated</b> — you only see and manage remediation for your own tenant's assets.</p> {% if can_scan %} <div class="adduser rem-form"> <select id="rem-asset" title="Asset (from the latest scan)" style="min-width:200px"></select> <input type="text" id="rem-title" placeholder="Remediation task (e.g. Patch OpenSSL CVE-2024-…)" style="flex:1 1 240px"> <select id="rem-priority" title="Priority"> <option value="low">Low</option> <option value="medium" selected>Medium</option> <option value="high">High</option> <option value="critical">Critical</option> </select> <input type="text" id="rem-assignee" placeholder="Assignee" style="width:130px"> <input type="date" id="rem-due" title="Due date"> <button onclick="addRemediation()">Add</button> </div> {% endif %} <table id="remediationTable"> <thead><tr> {% if can_scan %}<th style="width:28px"><input type="checkbox" id="remSelectAll" onclick="remToggleAll(this)" title="Select all"></th>{% endif %} <th>Asset ID</th><th>IP</th><th>Task</th><th>Priority</th><th>Status</th> <th>Assignee</th><th>Due</th><th>Comments</th><th>Updated</th><th></th> </tr></thead> <tbody id="remediationBody"></tbody> </table> <div id="remediationMsg" class="muted" style="margin-top:8px"></div> </div> </div> <div id="tab-more" style="display:none"> <div class="panel"> <h3 style="margin:0 0 4px">🔧 Patch and Remedy</h3> <p class="muted" style="font-size:12px;margin:2px 0 12px"> Apply <b>operating-system updates and upgrades</b> to scanned assets over SSH (apt / dnf / yum / zypper / apk auto-detected). Optionally update Docker images instead. Every run <b>automatically creates and updates a Remediation Tracking item</b> per asset, and credentials are entered per run and <b>never stored</b>. </p> {% if can_scan %} <div class="patch-grid" style="display:grid;gap:14px;max-width:700px"> <div> <label class="muted" style="font-size:12px">Patch type</label> <div style="margin-top:4px"> <select id="patch-type" onchange="onPatchTypeChange()"> <option value="os">Operating system (SSH updates & upgrades)</option> <option value="docker">Docker images</option> </select> </div> </div> <div> <label class="muted" style="font-size:12px">Target</label> <div style="display:flex;gap:8px;flex-wrap:wrap;align-items:center;margin-top:4px"> <select id="patch-mode" onchange="onPatchModeChange()"> <option value="asset">Single asset</option> <option value="group">Asset group</option> <option value="all">All assets in scope</option> </select> <select id="patch-asset" style="min-width:260px"></select> <select id="patch-group" style="min-width:200px;display:none"></select> </div> </div> <!-- OS (SSH) credentials --> <div id="patch-os-creds"> <label class="muted" style="font-size:12px">SSH credentials</label> <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:4px"> <input type="text" id="patch-ssh-user" placeholder="SSH username" autocomplete="off" style="width:160px"> <input type="password" id="patch-ssh-pass" placeholder="SSH password" autocomplete="new-password" style="width:180px"> <input type="number" id="patch-ssh-port" placeholder="Port" value="22" style="width:80px"> <input type="password" id="patch-sudo-pass" placeholder="sudo password (if different)" autocomplete="new-password" style="width:200px"> </div> <div style="display:flex;gap:18px;flex-wrap:wrap;align-items:center;margin-top:8px"> <label style="font-size:13px"><input type="checkbox" id="patch-distupgrade"> Full distribution upgrade <span class="muted" title="apt full-upgrade / dnf upgrade incl. kernels. Heavier; may pull new dependencies.">(dist-upgrade)</span></label> <label style="font-size:13px"><input type="checkbox" id="patch-simulate"> Simulate only <span class="muted" title="Run the package manager in dry-run/simulate mode - reports what would change without applying it.">(no changes)</span></label> </div> <div class="muted" style="font-size:11px;margin-top:4px;color:var(--warn)"> 🔒 SSH and sudo credentials are <b>never stored or logged</b> — used only for this single patch run, then discarded. </div> </div> <!-- Docker registry credentials --> <div id="patch-docker-creds" style="display:none"> <label class="muted" style="font-size:12px">Registry credentials <span title="Only needed to pull private images. Used for this patch run only.">(optional)</span></label> <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:4px"> <input type="text" id="patch-reg-user" placeholder="Registry username" autocomplete="off" style="width:180px"> <input type="password" id="patch-reg-pass" placeholder="Registry password / token" autocomplete="new-password" style="width:200px"> <input type="text" id="patch-reg-server" placeholder="Registry host (blank = Docker Hub)" style="width:220px"> </div> <div style="display:flex;gap:18px;flex-wrap:wrap;align-items:center;margin-top:8px"> <label style="font-size:13px"><input type="checkbox" id="patch-recreate"> Recreate containers after pull <span class="muted" title="Experimental: stop, remove and recreate each container onto the new image.">(experimental)</span></label> </div> <div class="muted" style="font-size:11px;margin-top:4px;color:var(--warn)"> 🔒 Credentials are <b>never stored or logged</b> — used only for this single patch run, then discarded. </div> </div> <div style="display:flex;gap:10px;flex-wrap:wrap"> <button class="ghost" onclick="patchPreview()">Preview (dry run)</button> <button onclick="patchRun()">Patch now</button> <a class="ghost" style="align-self:center" onclick="switchTab('remediation')">View Remediation Tracking →</a> </div> </div> <div id="patchResult" style="margin-top:14px"></div> {% else %} <p class="muted">You need the <b>operator</b> role to run patching.</p> {% endif %} </div> </div> {% if is_tenant_admin and auth_enabled %} <!-- User management modal (admin only) --> <div id="usersModal" class="modal" style="display:none"> <div class="modal-box"> <div class="modal-head"> <h2 style="margin:0">👥 User Management</h2> <button class="ghost" onclick="closeUsers()">Close</button> </div> <div id="usersList" class="users-list"><div class="muted">Loading…</div></div> <h3>Add user</h3> <div class="adduser"> <input type="text" id="nu-username" placeholder="Username"> <input type="password" id="nu-password" placeholder="Password (≥ 8 chars)"> <select id="nu-role"> <option value="viewer">viewer</option> <option value="operator">operator</option> <option value="admin">admin</option> </select> <input type="text" id="nu-tenant" placeholder="Tenant (default)" list="tenant-options" style="width:130px"> <datalist id="tenant-options"></datalist> <label class="mfa-toggle" title="Require this user to set up an authenticator app"> <input type="checkbox" id="nu-mfa"> Require MFA </label> <button onclick="createUser()">Add</button> </div> <div id="usersMsg" class="muted" style="margin-top:8px"></div> </div> </div> {% endif %} <!-- MFA / security modal (any logged-in account holder) --> {% if has_account %} <div id="mfaModal" class="modal" style="display:none"> <div class="modal-box"> <div class="modal-head"> <h2 style="margin:0">🔐 Account Security</h2> <button class="ghost" onclick="closeMfa()">Close</button> </div> <!-- v8-r2: self-service change password --> <h3 style="margin:4px 0 6px">Change your password</h3> <div class="adduser"> <input type="password" id="cp-current" placeholder="Current password" autocomplete="current-password"> <input type="password" id="cp-new" placeholder="New password (≥ 8 chars)" autocomplete="new-password"> <input type="password" id="cp-confirm" placeholder="Confirm new password" autocomplete="new-password"> <button onclick="changeMyPassword()">Update password</button> </div> <div id="cpMsg" class="muted" style="margin:6px 0 14px"></div> <h3 style="margin:4px 0 6px">🔑 Two-Factor Authentication</h3> <div id="mfaStatus" class="muted">Loading…</div> <!-- Enrollment flow --> <div id="mfaEnroll" style="display:none"> <p class="muted" style="font-size:13px">Scan this QR code with an authenticator app (Google Authenticator, Authy, 1Password…), then enter the 6-digit code to confirm.</p> <div style="text-align:center"> <img id="mfaQr" alt="MFA QR code" style="width:200px;height:200px;background:#fff;border-radius:8px;padding:6px"> </div> <div class="muted" style="font-size:11px;text-align:center;margin:6px 0"> Can't scan? Secret: <code id="mfaSecret"></code> </div> <div class="adduser" style="justify-content:center"> <input type="text" id="mfaConfirmCode" placeholder="123456" inputmode="numeric" style="width:120px"> <button onclick="confirmMfa()">Confirm & enable</button> </div> </div> <!-- Backup codes (shown once) --> <div id="mfaBackup" style="display:none"> <p style="font-size:13px"><b>Save these backup codes</b> — each works once if you lose your authenticator. They won't be shown again.</p> <pre id="mfaBackupCodes" class="backup-codes"></pre> </div> <!-- Manage (already enrolled) --> <div id="mfaManage" style="display:none"> <div class="adduser"> <button onclick="regenBackup()">Regenerate backup codes</button> <button class="danger" id="mfaDisableBtn" onclick="disableMfa()">Disable MFA</button> </div> </div> <div id="mfaMsg" class="muted" style="margin-top:8px"></div> </div> </div> {% endif %} {% if is_tenant_admin and auth_enabled %} <!-- v8: Activity / audit log modal (admin only) --> <div id="activityModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(760px,94vw)"> <div class="modal-head"> <h2 style="margin:0">📋 Login & Activity Log</h2> <button class="ghost" onclick="closeActivity()">Close</button> </div> <div class="tabletop" style="padding:0 0 10px"> <input type="text" id="activityFilter" placeholder="🔎 filter user, action, detail…" oninput="renderActivity()" style="flex:1 1 220px"> <select id="activityTenant" onchange="loadActivity()" style="padding:6px 10px"></select> <button class="ghost" onclick="loadActivity()">Refresh</button> </div> <table id="activityTable"> <thead><tr> <th>When</th><th>User</th><th>Tenant</th><th>Action</th><th>Detail</th><th>Client IP</th> </tr></thead> <tbody id="activityBody"><tr><td colspan="6" class="muted">Loading…</td></tr></tbody> </table> <div id="activityMsg" class="muted" style="margin-top:8px"></div> </div> </div> {% endif %} <!-- Schedule management modal (operator+) --> <div id="schedulesModal" class="modal" style="display:none"> <div class="modal-box"> <div class="modal-head"> <h2 style="margin:0">⏱ Scheduled Scans</h2> <button class="ghost" onclick="closeSchedules()">Close</button> </div> <div id="schedulesList" class="users-list"><div class="muted">Loading…</div></div> <h3>Add schedule</h3> <div class="adduser"> <input type="text" id="ns-name" placeholder="Name (e.g. Nightly)"> <input type="text" id="ns-target" placeholder="Target (blank = auto /24)"> <select id="ns-profile"> {% for key, p in profiles.items() %} <option value="{{ key }}" {% if key == default_profile %}selected{% endif %}>{{ key }}</option> {% endfor %} </select> <select id="ns-scantype" title="Active probes hosts; Passive only listens."> <option value="active" selected>Active scan</option> <option value="passive">Passive scan</option> </select> </div> <!-- v9: day + time scheduling --> <div class="sched-when"> <div class="sched-days"> <span class="so-label">Run on days:</span> <label><input type="checkbox" class="ns-day" value="0"> Mon</label> <label><input type="checkbox" class="ns-day" value="1"> Tue</label> <label><input type="checkbox" class="ns-day" value="2"> Wed</label> <label><input type="checkbox" class="ns-day" value="3"> Thu</label> <label><input type="checkbox" class="ns-day" value="4"> Fri</label> <label><input type="checkbox" class="ns-day" value="5"> Sat</label> <label><input type="checkbox" class="ns-day" value="6"> Sun</label> </div> <div class="sched-time"> <span class="so-label">At time:</span> <input type="number" id="ns-hour" min="0" max="23" placeholder="HH" style="width:64px"> <span>:</span> <input type="number" id="ns-minute" min="0" max="59" placeholder="MM" style="width:64px"> <span class="muted" style="font-size:11px">(local time, 24h)</span> </div> <div class="sched-interval"> <span class="so-label">or every</span> <input type="number" id="ns-interval" min="1" placeholder="N minutes" style="width:120px"> <span class="muted" style="font-size:11px">(used when no days are ticked)</span> </div> <div class="sched-opts"> <label style="font-size:12px"><input type="checkbox" id="ns-creds"> Credential exposure</label> <label style="font-size:12px"><input type="checkbox" id="ns-ad"> AD / DC audit</label> <label style="font-size:12px"><input type="checkbox" id="ns-ssl"> SSL/TLS certs</label> <button onclick="createSchedule()">Add</button> </div> </div> <div id="schedulesMsg" class="muted" style="margin-top:8px"></div> </div> </div> {% if is_tenant_admin and auth_enabled %} <!-- v9.1: Service-desk integrations modal (tenant_admin+) --> <div id="integrationsModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(780px,94vw)"> <div class="modal-head"> <h2 style="margin:0">🔗 Service-Desk Integrations</h2> <button class="ghost" onclick="closeIntegrations()">Close</button> </div> <p class="muted" style="font-size:12px;margin:2px 0 10px">Connect Jira, ServiceNow or Zendesk so you can open a ticket for any CVE finding straight from the asset detail view.</p> <div id="integrationsList" class="users-list"><div class="muted">Loading…</div></div> <h3>Add integration</h3> <div class="adduser integ-form"> <select id="ni-platform" onchange="integHints()"> <option value="jira">Jira</option> <option value="servicenow">ServiceNow</option> <option value="zendesk">Zendesk</option> <option value="cortex">Synapse Cortex</option> </select> <input type="text" id="ni-name" placeholder="Name (e.g. Security Jira)"> <input type="text" id="ni-url" placeholder="Base URL (https://acme.atlassian.net)" style="width:240px"> <input type="text" id="ni-user" placeholder="Auth user / email"> <input type="password" id="ni-secret" placeholder="API token / password"> <input type="text" id="ni-project" placeholder="Project / table / group" style="width:150px"> <button onclick="createIntegration()">Add</button> </div> <div id="integHint" class="muted" style="font-size:11px;margin-top:6px"></div> <div id="integrationsMsg" class="muted" style="margin-top:8px"></div> </div> </div> <!-- v13: Synapse Sonar sync (tenant_admin+) - PUSH config + PULL API --> <div id="sonarModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(680px,94vw)"> <div class="modal-head"> <h2 style="margin:0">📡 Synapse Sonar</h2> <button class="ghost" onclick="closeSonar()">Close</button> </div> <p class="muted" style="font-size:12px;margin:2px 0 12px">Two-way vulnerability sync with Synapse Sonar. <b>Push</b> sends findings to Sonar; the <b>Pull API</b> lets Sonar fetch findings from this NetscanXi instance.</p> <!-- PUSH: NetscanXi -> Sonar --> <h3 style="margin:4px 0 6px">⬆ Send to Synapse Sonar (push)</h3> <p class="muted" style="font-size:12px;margin:2px 0 10px">Findings are POSTed to <code><API URL>/api/ingest/vulnerabilities</code> using the API key Sonar issued for this instance.</p> <div class="retention-grid"> <label>API URL <input type="text" id="sonar-url" placeholder="https://sonar.corp.internal:3000" style="width:100%;max-width:380px"> </label> <label>API Key <input type="password" id="sonar-key" placeholder="nsx_sensor_… (leave blank to keep existing)" style="width:100%;max-width:380px"> <span id="sonar-key-state" class="muted" style="font-size:11px"></span> </label> <label class="mfa-toggle"><input type="checkbox" id="sonar-enabled"> Enable sending vulnerability data to Synapse Sonar</label> <label class="mfa-toggle"><input type="checkbox" id="sonar-verify" checked> Verify TLS certificate (uncheck for self-signed Sonar)</label> </div> <div class="adduser" style="margin-top:12px"> <button onclick="saveSonar()">Save</button> <button class="ghost" onclick="testSonar()" title="Verify the API URL and key reach Synapse Sonar">🔌 Test Connection</button> <button class="ghost" onclick="pushSonar()" title="Send the latest scan's findings now">Send latest scan now</button> <span id="sonar-result" style="font-weight:600;margin-left:6px"></span> </div> <div id="sonarMsg" class="muted" style="margin-top:8px"></div> <!-- PULL: Sonar <- NetscanXi --> <h3 style="margin:20px 0 6px;border-top:1px solid var(--border,#333);padding-top:16px">⬇ Sonar Pull API (this NetscanXi's API)</h3> <p class="muted" style="font-size:12px;margin:2px 0 10px">This API <b>originates from NetscanXi</b>. Generate a key, then paste the Endpoint URL + key into Synapse Sonar's <b>NetscanXi</b> integration card so Sonar can actively sync findings from here.</p> <div class="retention-grid"> <label>Endpoint URL (paste into Synapse Sonar) <span style="display:flex;gap:6px;align-items:center"> <input type="text" id="outbound-url" readonly onfocus="this.select()" style="width:100%;max-width:340px;font-family:monospace"> <button class="ghost" style="font-size:11px" onclick="copyText('outbound-url')">Copy</button> </span> </label> <label>API Key <span id="outbound-key-state" class="muted" style="font-size:11px"></span> <span style="display:flex;gap:6px;align-items:center"> <input type="text" id="outbound-key" readonly onfocus="this.select()" placeholder="Generate a key to reveal it once" style="width:100%;max-width:340px;font-family:monospace"> <button class="ghost" style="font-size:11px" onclick="copyText('outbound-key')">Copy</button> </span> <span class="muted" style="font-size:11px">Shown once at generation. Store it now — it can't be retrieved later.</span> </label> <label class="mfa-toggle"><input type="checkbox" id="outbound-enabled" onchange="toggleOutbound(this.checked)"> Enable the pull API (Sonar can fetch findings)</label> </div> <div class="adduser" style="margin-top:12px"> <button onclick="genOutboundKey()" id="outbound-gen-btn">Generate API key</button> <button class="ghost danger-x" onclick="revokeOutbound()" title="Invalidate the key and disable the pull API">Revoke</button> </div> <div id="outboundMsg" class="muted" style="margin-top:8px"></div> </div> </div> <!-- v13: Synapse Cortex asset feed (tenant_admin+) - PUSH only, no pull direction --> <div id="cortexModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(680px,94vw)"> <div class="modal-head"> <h2 style="margin:0">🧠 Synapse Cortex</h2> <button class="ghost" onclick="closeCortex()">Close</button> </div> <p class="muted" style="font-size:12px;margin:2px 0 12px">Send this instance's discovered asset inventory (asset ID, MAC, IP, device type, OS, software) to Synapse Cortex so its CMDB stays in sync with NetscanXi.</p> <h3 style="margin:4px 0 6px">⬆ Send to Synapse Cortex (push)</h3> <p class="muted" style="font-size:12px;margin:2px 0 10px">Assets are POSTed to <code><API URL>/api/ingest/assets</code> using the API key generated in Cortex's Admin → Integrations page.</p> <div class="retention-grid"> <label>API URL <input type="text" id="cortex-url" placeholder="https://cortex.corp.internal:8000" style="width:100%;max-width:380px"> </label> <label>API Key <input type="password" id="cortex-key" placeholder="leave blank to keep existing" style="width:100%;max-width:380px"> <span id="cortex-key-state" class="muted" style="font-size:11px"></span> </label> <label class="mfa-toggle"><input type="checkbox" id="cortex-enabled"> Enable sending asset data to Synapse Cortex</label> <label class="mfa-toggle"><input type="checkbox" id="cortex-verify" checked> Verify TLS certificate (uncheck for self-signed Cortex)</label> </div> <div class="adduser" style="margin-top:12px"> <button onclick="saveCortex()">Save</button> <button class="ghost" onclick="testCortex()" title="Verify the API URL and key reach Synapse Cortex">🔌 Test Connection</button> <button class="ghost" onclick="pushCortex()" title="Send the latest scan's asset inventory now">Send latest scan now</button> <span id="cortex-result" style="font-weight:600;margin-left:6px"></span> </div> <div id="cortexMsg" class="muted" style="margin-top:8px"></div> <h3 style="margin:20px 0 6px;border-top:1px solid var(--border,#333);padding-top:16px">🎫 Tickets in Synapse Cortex</h3> <p class="muted" style="font-size:12px;margin:2px 0 10px">Tickets are created on demand, one at a time: open the <b>Remediation Tracking</b> tab and click <b>🧠 Cortex Ticket</b> on an item. Only the items you choose are sent — a ticket is created once per remediation item (matched by a stable reference id) and left alone on later sends, so work already done on it in Cortex is never overwritten.</p> </div> </div> <!-- v9.1: Admin settings / data-retention modal (tenant_admin+) --> <div id="adminModal" class="modal" style="display:none"> <div class="modal-box"> <div class="modal-head"> <h2 style="margin:0">⚙ Admin Settings</h2> <button class="ghost" onclick="closeAdminSettings()">Close</button> </div> <h3 style="margin:4px 0 6px">🗄 Data Retention Policy</h3> <p class="muted" style="font-size:12px;margin:2px 0 10px">Automatically prune old scan data to control database growth. The asset registry and audit log are always preserved. <span id="retScanCount"></span></p> <div class="retention-grid"> <label>Delete scans older than <input type="number" id="ret-age" min="0" placeholder="0" style="width:90px"> days <span class="muted" style="font-size:11px">(0 = no age limit)</span> </label> <label>Keep at most <input type="number" id="ret-scans" min="0" placeholder="0" style="width:90px"> most-recent scans <span class="muted" style="font-size:11px">(0 = unlimited)</span> </label> <label class="mfa-toggle"><input type="checkbox" id="ret-auto"> Apply this policy automatically after every scan</label> </div> <div class="adduser" style="margin-top:10px"> <button onclick="saveRetention(false)">Save policy</button> <button class="ghost" onclick="saveRetention(true)" title="Save and immediately purge matching old scans">Save & purge now</button> </div> <div id="adminMsg" class="muted" style="margin-top:8px"></div> </div> </div> <!-- v12: Asset Groups admin modal (tenant_admin+) --> <div id="groupsAdminModal" class="modal" style="display:none"> <div class="modal-box"> <div class="modal-head"> <h2 style="margin:0">🗂 Asset Groups</h2> <button class="ghost" onclick="closeGroupsAdmin()">Close</button> </div> <p class="muted" style="font-size:12px;margin:2px 0 10px">Create groups to organise assets (e.g. by site, owner or function). Groups are tenant-separated. Assign assets to groups from the <b>Groups</b> column on the Assets tab.</p> <div id="groupsAdminList" class="users-list"><div class="muted">Loading…</div></div> <h3>Add group</h3> <div class="adduser"> <input type="text" id="ng-name" placeholder="Group name (e.g. London DC)"> <input type="text" id="ng-desc" placeholder="Description (optional)" style="flex:1 1 200px"> <button onclick="createGroup()">Add</button> </div> <div id="groupsAdminMsg" class="muted" style="margin-top:8px"></div> </div> </div> {% endif %} <!-- v13: Vulnerability -> Cortex ticket picker (operator+) --> <div id="vulnTicketModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(680px,94vw)"> <div class="modal-head"> <h2 style="margin:0">🎫 Create Synapse Cortex ticket</h2> <button class="ghost" onclick="closeVulnTicket()">Close</button> </div> <p id="vt-context" class="muted" style="font-size:12px;margin:2px 0 10px"></p> <div class="adduser" style="margin-bottom:8px"> <button class="ghost" onclick="vtToggleAll(true)">Select all</button> <button class="ghost" onclick="vtToggleAll(false)">Select none</button> <span id="vt-count" class="muted" style="font-size:12px;margin-left:6px"></span> </div> <div id="vt-list" style="max-height:46vh;overflow:auto;border:1px solid var(--border,#333);border-radius:6px;padding:4px 8px"></div> <div class="adduser" style="margin-top:12px"> <button onclick="submitVulnTicket()">📡 Send to Cortex</button> <span id="vt-result" style="font-weight:600;margin-left:6px"></span> </div> <div id="vt-msg" class="muted" style="margin-top:8px"></div> </div> </div> <!-- v9.1: CVE lifecycle modal (operator+) --> <div id="lifecycleModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(520px,94vw)"> <div class="modal-head"> <h2 style="margin:0">🔄 Finding Lifecycle</h2> <button class="ghost" onclick="closeLifecycle()">Close</button> </div> <div id="lcContext" class="muted" style="font-size:13px;margin-bottom:10px"></div> <div class="lc-states"> <button class="lc-btn open" onclick="setLifecycle('open')">Open</button> <button class="lc-btn remediated" onclick="setLifecycle('remediated')">✅ Remediated</button> <button class="lc-btn accepted_risk" onclick="setLifecycle('accepted_risk')">⚠ Accepted Risk</button> <button class="lc-btn false_positive" onclick="setLifecycle('false_positive')">🚫 False Positive</button> </div> <textarea id="lcNote" placeholder="Optional note (rationale, ticket ref…)" rows="2" style="width:100%;margin-top:10px"></textarea> <label class="mfa-toggle" style="margin-top:6px"><input type="checkbox" id="lcAllAssets"> Apply to this CVE on all assets (tenant-wide)</label> <div id="lcTicket" style="margin-top:10px"></div> <div id="lifecycleMsg" class="muted" style="margin-top:8px"></div> </div> </div> <!-- v12: per-asset group assignment (operator+) --> <div id="assetGroupsModal" class="modal" style="display:none"> <div class="modal-box" style="width:min(460px,94vw)"> <div class="modal-head"> <h2 style="margin:0">🗂 Asset Groups</h2> <button class="ghost" onclick="closeAssetGroups()">Close</button> </div> <div id="agContext" class="muted" style="font-size:13px;margin-bottom:10px"></div> <div id="agList" class="ag-list"><div class="muted">Loading…</div></div> <div class="adduser" style="margin-top:12px"> <button onclick="saveAssetGroups()">Save</button> <span id="assetGroupsMsg" class="muted"></span> </div> </div> </div> <script>window.NETSCAN_IS_ADMIN = {{ 'true' if (is_admin and auth_enabled) else 'false' }}; window.NETSCAN_IS_TENANT_ADMIN = {{ 'true' if (is_tenant_admin and auth_enabled) else 'false' }}; window.NETSCAN_CAN_SCAN = {{ 'true' if can_scan else 'false' }}; window.NETSCAN_HAS_ACCOUNT = {{ 'true' if has_account else 'false' }}; window.NETSCAN_MUST_ENROLL = {{ 'true' if must_enroll else 'false' }};</script> <script src="{{ url_for('static', filename='app.js') }}?v={{ static_ver }}"></script> </body> </html> |