I'm trying to create a computed attribute to convert all Guardium test results from the Guardium severity to a CVSS style severity. Below are 2 examples of the same thing using different SQL statements and both are giving the error.
Error Creating New Computed Attribute - Invalid Expression Or expression includes not allowed charactersPlease help me formulate a working grdapi command to create this computed attribute.Looking at the Guardium KB article, I think all of my characters are approved.
https://www.ibm.com/docs/en/guardium/11.4?topic=reference-create-computed-attributegrdapi create_computed_attribute attributeLabel="Severity_Code" entityLabel="Test Result" expression="CASE WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CRITICAL')) THEN '1 CRITICAL' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MAJOR')) THEN '2 HIGH' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MINOR')) THEN '3 MEDIUM' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CAUTION')) THEN '4 LOW' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'INFO')) THEN '5 NONE' WHEN (RESULT_CVSS_INFO.CVSS_SCORE >= '9') THEN '1 CRITICAL' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE >= '7') AND (RESULT_CVSS_INFO.CVSS_SCORE < '9')) THEN '2 HIGH' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE >= '4') AND (RESULT_CVSS_INFO.CVSS_SCORE < '7')) THEN '3 MEDIUM' WHEN ((RESULT_CVSS_INFO.CVSS_SCORE > '0') AND (RESULT_CVSS_INFO.CVSS_SCORE < '4')) THEN '4 LOW' WHEN (RESULT_CVSS_INFO.CVSS_SCORE = '0') THEN '5 NONE' END"CASEWHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CRITICAL')) THEN '1 CRITICAL'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MAJOR')) THEN '2 HIGH'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MINOR')) THEN '3 MEDIUM'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CAUTION')) THEN '4 LOW'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'INFO')) THEN '5 NONE'WHEN (RESULT_CVSS_INFO.CVSS_SCORE >= '9') THEN '1 CRITICAL'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE >= '7') AND (RESULT_CVSS_INFO.CVSS_SCORE < '9')) THEN '2 HIGH'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE >= '4') AND (RESULT_CVSS_INFO.CVSS_SCORE < '7')) THEN '3 MEDIUM'WHEN ((RESULT_CVSS_INFO.CVSS_SCORE > '0') AND (RESULT_CVSS_INFO.CVSS_SCORE < '4')) THEN '4 LOW'WHEN (RESULT_CVSS_INFO.CVSS_SCORE = '0') THEN '5 NONE'grdapi create_computed_attribute attributeLabel="Severity_Code" entityLabel="Test Result" expression="IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CRITICAL')), '1 CRITICAL', IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MAJOR')), '2 HIGH', IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MINOR')), '3 MEDIUM', IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CAUTION')), '4 LOW', IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'INFO')), '5 NONE', IF((RESULT_CVSS_INFO.CVSS_SCORE >= '9'), '1 CRITICAL', IF(((RESULT_CVSS_INFO.CVSS_SCORE >= '7') AND (RESULT_CVSS_INFO.CVSS_SCORE < '9')), '2 HIGH', IF(((RESULT_CVSS_INFO.CVSS_SCORE >= '4') AND (RESULT_CVSS_INFO.CVSS_SCORE < '7')), '3 MEDIUM', IF(((RESULT_CVSS_INFO.CVSS_SCORE > '0') AND (RESULT_CVSS_INFO.CVSS_SCORE < '4')), '4 LOW', (IF((RESULT_CVSS_INFO.CVSS_SCORE = '0'), '5 NONE', '')))))))))))"IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CRITICAL')), '1 CRITICAL',IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MAJOR')), '2 HIGH',IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'MINOR')), '3 MEDIUM',IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'CAUTION')), '4 LOW',IF(((RESULT_CVSS_INFO.CVSS_SCORE IS NULL) AND (TEST_RESULT.SEVERITY = 'INFO')), '5 NONE',IF((RESULT_CVSS_INFO.CVSS_SCORE >= '9'), '1 CRITICAL',IF(((RESULT_CVSS_INFO.CVSS_SCORE >= '7') AND (RESULT_CVSS_INFO.CVSS_SCORE < '9')), '2 HIGH',IF(((RESULT_CVSS_INFO.CVSS_SCORE >= '4') AND (RESULT_CVSS_INFO.CVSS_SCORE < '7')), '3 MEDIUM',IF(((RESULT_CVSS_INFO.CVSS_SCORE > '0') AND (RESULT_CVSS_INFO.CVSS_SCORE < '4')), '4 LOW',IF((RESULT_CVSS_INFO.CVSS_SCORE = '0'), '5 NONE', ''))))))))))Background: This code finds any blank CVSS score in Guardium and assigns it a CVSS severity. It then identifies any Guardium tests with a populated CVSS score and assigns it to the corresponding CVSS severity instead of the Guardium defaults. I have a similar SQL statement to create the CVSS score when one is not populated in Guardium based on the new CVSS severity that we create above. IBM agreed in theory to the correlation between critical = critical, major = high, minor = medium, caution = low and info = none. This will help any organization who has to report their findings using CVSS severities.
Thank you so much for your time.
------------------------------
Walter York
------------------------------