Credentials

The following methods allow for interaction into the Tenable Vulnerability Management credentials API endpoints.

Methods available on tio.credentials:

class CredentialsAPI(api: APISession)[source]
create(cred_name, cred_type, description=None, permissions=None, **settings)[source]

Creates a new managed credential.

credentials: create

Parameters:
  • cred_name (str) – The name of the credential.

  • cred_type (str) – The type of credential to create. For a list of values refer to the output of the types() method.

  • description (str, optional) – A description for the credential.

  • permissions (list, optional) –

    A list of permissions (in either tuple or native dict format) detailing whom is allowed to use or edit this credential set. For the dictionary format, refer to the API docs. The tuple format uses the customary (type, perm, uuid) format.

    Examples

    • ('user', 32, user_uuid)

    • ('group', 32, group_uuid)

    • ('user', 'use', user_uuid)

  • **settings (dict, optional) – Additional keywords passed will be added to the settings dict within the API call. As this dataset can be highly variable, it will not be validated and simply passed as-is.

Returns:

The UUID of the newly created credential.

Return type:

str

Examples

>>> group_id = '00000000-0000-0000-0000-000000000000'
>>> tio.credentials.create('SSH Account', 'SSH',
...     permissions=[('group', 'use', group_id)],
...     username='user1',
...     password='sekretsquirrel',
...     escalation_account='root',
...     escalation_password='sudopassword',
...     elevate_privileges_with='sudo',
...     bin_directory='/usr/bin',
...     custom_password_prompt='')
delete(id)[source]

Deletes the specified credential.

credentials: delete

Parameters:

id (str) – The UUID of the credential to retrieve.

Returns:

The status of the action.

Return type:

bool

Examples

>>> cred_uuid = '00000000-0000-0000-0000-000000000000'
>>> cred = tio.credentials.delete(cred_uuid)
details(id)[source]

Retrieves the details of the specified credential.

credentials: details

Parameters:

id (str) – The UUID of the credential to retrieve.

Returns:

The resource record for the credential.

Return type:

dict

Examples

>>> cred_uuid = '00000000-0000-0000-0000-000000000000'
>>> cred = tio.credentials.details(cred_uuid)
edit(cred_uuid, cred_name=None, description=None, permissions=None, ad_hoc=None, **settings)[source]

Creates a new managed credential.

credentials: create

Parameters:
  • ad_hoc (bool, optional) – Determines whether the credential is managed (False) or an embedded credential in a scan or policy (True).

  • cred_name (str, optional) – The name of the credential.

  • description (str, optional) – A description for the credential.

  • permissions (list, optional) –

    A list of permissions (in either tuple or native dict format) detailing whom is allowed to use or edit this credential set. For the dictionary format, refer to the API docs. The tuple format uses the customary (type, perm, uuid) format.

    Examples

    • ('user', 32, user_uuid)

    • ('group', 32, group_uuid)

    • ('user', 'use', user_uuid)

  • **settings (dict, optional) – Additional keywords passed will be added to the settings dict within the API call. As this dataset can be highly variable, it will not be validated and simply passed as-is.

Returns:

The status of the update process.

Return type:

bool

Examples

>>> cred_uuid = '00000000-0000-0000-0000-000000000000'
>>> tio.credentials.edit(cred_uuid,
...     password='sekretsquirrel',
...     escalation_password='sudopassword')
list(*filters, **kw)[source]

Get the listing of configured credentials from Tenable Vulnerability Management.

credentials: list

Parameters:
  • *filters (tuple, optional) –

    Filters are tuples in the form of (‘NAME’, ‘OPERATOR’, ‘VALUE’). Multiple filters can be used and will filter down the data being returned from the API.

    Examples

    • ('name', 'eq', 'example')

    As the filters may change and sortable fields may change over time, it’s highly recommended that you look at the output of the tio.filters.networks_filters() endpoint to get more details.

  • filter_type (str, optional) – The filter_type operator determines how the filters are combined together. and will inform the API that all of the filter conditions must be met for an access group to be returned, whereas or would mean that if any of the conditions are met, the access group record will be returned.

  • limit (int, optional) – The number of records to retrieve. Default is 50

  • offset (int, optional) – The starting record to retrieve. Default is 0.

  • owner_uuid (str, optional) – The UUID of the scan owner. If specified it will limit the responses to credentials assigned to scans owned by the specified user UUID.

  • sort (tuple, optional) – A tuple of tuples identifying the the field and sort order of the field.

  • wildcard (str, optional) – A string to pattern match against all available fields returned.

  • wildcard_fields (list, optional) – A list of fields to optionally restrict the wild-card matching to.

Returns:

An iterator that handles the page management of the requested records.

Return type:

CredentialsIterator

Examples

>>> for cred in tio.credentials.list():
...     pprint(cred)
types()[source]

Lists all of the available credential types.

credentials: list-types

Returns:

A list of the available credential types and definitions.

Return type:

list

Examples

>>> cred_types = tio.credentials.types()
upload(fobj: BinaryIO, file_type: str)[source]

Uploads a file for use with a managed credential.

credentials: upload

Parameters:
  • fobj (FileObject) – The file object intended to be uploaded into Tenable Vulnerability Management.

  • file_type (string) – File type of the credential being uploaded.

Returns:

The fileuploaded attribute

Return type:

str

Examples

>>>     with open("hello.pem", "rb") as file:
...            response = tio.credentials.upload(file, "pem")
...
...     print(response)