Asset Lists¶
The following methods allow for interaction into the Tenable Security Center Assets API. These items are typically seen under the Assets section of Tenable Security Center.
Methods available on sc.asset_lists
:
- class AssetListAPI(api: restfly.session.APISession)[source]¶
- create(name, list_type, **kw)[source]¶
Creates an asset-list.
- Parameters
name (str) – The name for the asset list to create.
list_type (str) – The type of list to create. Supported values are
combination
,dnsname
,dnsnameupload
,dynamic
,ldapquery
,static
,staticeventfilter
,staticvulnfilter
,templates
,upload
,watchlist
,watchlisteventfilter
, andwatchlistupload
.combinations (tuple, optional) – An asset combination tuple. For further information refer to the asset combination logic described at
tenable.sc.analysis
.data_fields (list, optional) – A list of data fields as required for a given asset list type. Each item within the list should be formatted in the following way:
{'fieldName': 'name', 'fieldValue': 'value'}
description (str, optional) – The description for the asset list being created.
dn (str, optional) – The base DN to use for an LDAP query. Must also provide a
search_string
and anldap_id
.dns_names (list, optional) – When defining a DNS asset list, use this attribute to provide the list of DNS addresses.
exclude_managed_ips (bool, optional) – Determines whether or not managed IPs should be excluded from the asset list.
filters (list, optional) – A list of filter tuples to use when defining filtered asset list types. Follows the same format as filters within the rest of pyTenable.
fobj (FileObject, optional) – A file-like object to use when uploading an asset list.
ips (list, optional) – A list of IP Addresses, CIDRs, and/or IP Address ranges to use for the purposes of a static asset list.
lce_id (int, optional) – When defining a event-based asset list, which LCE should be used to generate the asset list query.
ldap_id (int, optional) – The numeric identifier pertaining to the LDAP server to use for an LDAP query. must also provide a
dn
and asearch_string
.prep (bool, optional) – Should asset preparation be run after the list is created? If unspecified, the default action is
True
.rules (tuple, optional) –
For a dynamic asset list, the tuple definition of the rules to determine what Ips are associated to this asset list. Rules follow a similar pattern to the asset combination logic and are written in a way to follow the same visual methodology as the UI.
For example, a simple dynamic ruleset may look like:
('any', ('dns', 'contains', 'svc.company.tld'), ('dns', 'contains', 'prod.company.tld'))
Which would match all assets with either svc.company.tld or prod.company.tld in their DNS names. Rule gropups can be nested as well, by supplying a new group tuple instead of a rule:
('any', ('dns', 'contains', 'svc.company.tld'), ('dns', 'contains', 'prod.company.tld'), ('any', ('ip', 'contains', '192.168.140'), ('ip', 'contains', '192.168.141')))
In this example we have nested another group requiring that the ip may contain either of the values in addition to any of the DNS rules.
It’s also possible to constrain the rule to a specific plugin or plugins as well by adding a 4th element in a rule tuple. Defining them would look like so:
# Singular Plugin ID ('plugintext', 'contains', 'credentialed', 19506) # Multiple Plugin IDs ('plugintext', 'contains', 'stuff', [19506, 10180])
Available rules are
dns
,exploitAvailable
,exploitFrameworks
,firstseen
,mac
,os
,ip
,uuid
,lastseen
,netbioshost
,netbiosworkgroup
,pluginid
,plugintext
,port
,severity
,sshv1
,sshv2
,tcpport
,udpport
, andxref
.Available operators are
contains
,eq
,lt
,lte
,ne
,gt
,gte
,regex
,pcre
.Group alauses are either
any
orall
. Any is a logical or. All is a logical and.
scan_id (int, optional) – When defining an “individual” source_type, the numeric id of the scan instance to base the query upon.
search_string (str, optional) – The search string to use as part of an LDAP Query. Must also provide a
dn
and anldap_id
.sort_dir (str, optional) – When defining a filtered asset list type, determines the direction of the sort to use. This field must be passed when defining a sort_field.
sort_field (str, optional) – When defining a filtered asset list type, determines what field to sort the resulting query on.
source_type (str, optional) – The source of the data to query from when defining a filtered asset list type.
start_offset (int, optional) – The start offset of the filter to use when defining a filtered asset list type.
tags (str, optional) – A tag to associate to the asset list.
template (int, optional) – The numeric id of the template to use.
tool (str, optional) – When specifying filtered asset list types, the analysis tool to use for determining what IPs should be included within the asset list.
view (str, optional) – When the source_type is “individual”, the view defined what subset of the data to use.
- Returns
The newly created asset-list.
- Return type
Examples
>>> asset-list = sc.asset_lists.create()
- delete(id)[source]¶
Removes a asset-list.
- Parameters
id (int) – The numeric identifier for the asset-list to remove.
- Returns
The deletion response dict
- Return type
Examples
>>> sc.asset_lists.delete(1)
- details(id, org_id=None, fields=None)[source]¶
Returns the details for a specific asset-list.
- Parameters
- Returns
The details of asset id.
- Return type
Examples
>>> asset_id_details = sc.asset_lists.details(1,1) >>> pprint(asset_id_details)
- edit(id, **kw)[source]¶
Edits an asset-list.
- Parameters
id (int) – The numeric id of the asset list to edit.
combinations (tuple, optional) – An asset combination tuple. For further information refer to the asset combination logic described at
tenable.sc.analysis
.data_fields (list, optional) – A list of data fields as required for a given asset list type. Each item within the list should be formatted in the following way:
{'fieldName': 'name', 'fieldValue': 'value'}
description (str, optional) – The description for the asset list being created.
dn (str, optional) – The base DN to use for an LDAP query. Must also provide a
search_string
and anldap_id
.dns_names (list, optional) – When defining a DNS asset list, use this attribute to provide the list of DNS addresses.
exclude_managed_ips (bool, optional) – Determines whether or not managed IPs should be excluded from the asset list.
filters (list, optional) – A list of filter tuples to use when defining filtered asset list types. Follows the same format as filters within the rest of pyTenable.
fobj (FileObject, optional) – A file-like object to use when uploading an asset list.
ips (list, optional) – A list of IP Addresses, CIDRs, and/or IP Address ranges to use for the purposes of a static asset list.
lce_id (int, optional) – When defining a event-based asset list, which LCE should be used to generate the asset list query.
ldap_id (int, optional) – The numeric identifier pertaining to the LDAP server to use for an LDAP query. must also provide a
dn
and asearch_string
.name (str, optional) – The name for the asset list to create.
prep (bool, optional) – Should asset preparation be run after the list is created? If unspecified, the default action is
True
.rules (tuple, optional) – For a dynamic asset list, the tuple definition of the rules to determine what Ips are associated to this asset list. Rules follow a similar pattern to the asset combination logic and are written in a way to follow the same visual methodology as the UI.
scan_id (int, optional) – When defining an “individual” source_type, the numeric id of the scan instance to base the query upon.
search_string (str, optional) – The search string to use as part of an LDAP Query. Must also provide a
dn
and anldap_id
.sort_dir (str, optional) – When defining a filtered asset list type, determines the direction of the sort to use. This field must be passed when defining a sort_field.
sort_field (str, optional) – When defining a filtered asset list type, determines what field to sort the resulting query on.
source_type (str, optional) – The source of the data to query from when defining a filtered asset list type.
start_offset (int, optional) – The start offset of the filter to use when defining a filtered asset list type.
tags (str, optional) – A tag to associate to the asset list.
template (int, optional) – The numeric id of the template to use.
tool (str, optional) – When specifying filtered asset list types, the analysis tool to use for determining what IPs should be included within the asset list.
type (str, optional) – The type of list to create. Supported values are
combination
,dnsname
,dnsnameupload
,dynamic
,ldapquery
,static
,staticeventfilter
,staticvulnfilter
,templates
,upload
,watchlist
,watchlisteventfilter
, andwatchlistupload
.view (str, optional) – When the source_type is “individual”, the view defined what subset of the data to use.
- Returns
The newly updated asset-list.
- Return type
Examples
>>> asset-list = sc.asset_lists.edit()
- export_definition(id, fobj=None)[source]¶
Exports an asset list definition and stored the data in the file-like object that was passed.
- Parameters
id (int) – The numeric identifier for the asset list to export.
fobj (FileObject) – The file-like object to store the asset list XML definition.
- Returns
The file-like object containing the XML definition.
- Return type
FileObject
Examples
>>> with open('example.xml', 'wb') as fobj: ... sc.asset_lists.export_definition(1, fobj)
- import_definition(fobj, name=None)[source]¶
Imports an asset list definition from an asset list definition XML file.
- Parameters
name (str) – The name of the asset definition to create.
fobj (FileObject) – The file-like object containing the XML definition.
- Returns
The created asset list from the import.
- Return type
Examples
>>> with open('example.xml', 'rb') as fobj: ... sc.asset_lists.import_definition('Example', fobj)
- ldap_query(ldap_id, dn, search_string)[source]¶
Performs a LDAP test query on the specified LDAP service configured.
- Parameters
- Returns
The LDAP response.
- Return type
Examples
>>> resp = sc.asset_lists.ldap_query(1, 'domain.com', '*')
- list(fields=None)[source]¶
Retrieves the list of asset list definitions.
- Parameters
fields (list, optional) – A list of attributes to return for each asset-list.
- Returns
A list of asset-list resources.
- Return type
Examples
>>> for asset-list in sc.asset_lists.list(): ... pprint(asset-list)
- refresh(id, org_id, *repos)[source]¶
Initiates an on-demand recalculation of the asset list. Note this endpoint requires being logged in as an admin user.
- Parameters
- Returns
Response of the items that the asset list is associated to.
- Return type
Examples
Perform the refresh against a single repo:
>>> sc.asset_lists.refresh(1, 1, 1)
Perform the refresh against many repos:
>>> sc.asset_lists.refresh(1, 1, 1, 2, 3)
- share(id, *groups)[source]¶
Shares the specified asset list to another user group.
- Parameters
- Returns
The updated asset-list resource.
- Return type
Examples
>>> sc.asset_lists.share(1, group_1, group_2)