# CVE Resolution Tool for NinjaOne

Queries NinjaOne's REST API to aggregate CVE/vulnerability data across all organizations and prioritize remediation efforts.

## Setup

1. Copy config example and add your NinjaOne API credentials:
   ```bash
   cp config.example.py config.py
   ```

2. Get API credentials from NinjaOne:
   - Go to Administration > Apps > API
   - Create a new API application (Client Credentials grant type)
   - Copy the Client ID and Client Secret

3. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```

## Usage

```bash
python ninjaone.py
```

## NinjaOne API Endpoints Used

| Endpoint | Description |
|----------|-------------|
| `GET /api/v2/organizations` | List all organizations |
| `GET /api/v2/devices-detailed` | List all devices with details |
| `GET /api/v2/device/{id}/software` | Device software inventory |
| `GET /api/v2/queries/os-patches` | OS patches report |
| `GET /api/v2/queries/software-patches` | Third-party software patches |
| `GET /api/v2/vulnerability/scan-groups` | Vulnerability scan data |

## Output

Generates a prioritized CVE remediation report showing:
- Summary across all organizations
- Patches grouped by CVSS severity (Critical/High/Medium/Low)
- Critical items requiring immediate attention
- Affected device counts

## Resources

- [NinjaOne API Docs](https://app.ninjarmm.com/apidocs/)
- [NinjaOne API Reference](https://app.ninjarmm.com/apidocs-beta/core-resources)
- [Postman Collection](https://www.postman.com/ninjaone/ninjaone-api-workspace/collection/8gh1ujj/ninjaone-public-api-2-0)