Asset Lists¶
The following methods allow for interaction into the Tenable Security Center Assets API. These items are typically seen under the Assets section of Tenable Security Center.
Methods available on sc.asset_lists
:
- class AssetListAPI(api: APISession)[source]¶
- create(name, list_type, **kw)[source]¶
Creates an asset-list.
- Parameters:
name (str) – The name for the asset list to create.
list_type (str) – The type of list to create. Supported values are
combination
,dnsname
,dnsnameupload
,dynamic
,ldapquery
,static
,staticeventfilter
,staticvulnfilter
,templates
,upload
,watchlist
,watchlisteventfilter
, andwatchlistupload
.combinations (tuple, optional) – An asset combination tuple. For further information refer to the asset combination logic described at
tenable.sc.analysis
.data_fields (list, optional) – A list of data fields as required for a given asset list type. Each item within the list should be formatted in the following way:
{'fieldName': 'name', 'fieldValue': 'value'}
description (str, optional) – The description for the asset list being created.
dn (str, optional) – The base DN to use for an LDAP query. Must also provide a
search_string
and anldap_id
.dns_names (list, optional) – When defining a DNS asset list, use this attribute to provide the list of DNS addresses.
exclude_managed_ips (bool, optional) – Determines whether or not managed IPs should be excluded from the asset list.
filters (list, optional) – A list of filter tuples to use when defining filtered asset list types. Follows the same format as filters within the rest of pyTenable.
fobj (FileObject, optional) – A file-like object to use when uploading an asset list.
ips (list, optional) – A list of IP Addresses, CIDRs, and/or IP Address ranges to use for the purposes of a static asset list.
lce_id (int, optional) – When defining a event-based asset list, which LCE should be used to generate the asset list query.
ldap_id (int, optional) – The numeric identifier pertaining to the LDAP server to use for an LDAP query. must also provide a
dn
and asearch_string
.prep (bool, optional) – Should asset preparation be run after the list is created? If unspecified, the default action is
True
.rules (tuple, optional) –
For a dynamic asset list, the tuple definition of the rules to determine what Ips are associated to this asset list. Rules follow a similar pattern to the asset combination logic and are written in a way to follow the same visual methodology as the UI.
For example, a simple dynamic ruleset may look like:
('any', ('dns', 'contains', 'svc.company.tld'), ('dns', 'contains', 'prod.company.tld'))
Which would match all assets with either svc.company.tld or prod.company.tld in their DNS names. Rule gropups can be nested as well, by supplying a new group tuple instead of a rule:
('any', ('dns', 'contains', 'svc.company.tld'), ('dns', 'contains', 'prod.company.tld'), ('any', ('ip', 'contains', '192.168.140'), ('ip', 'contains', '192.168.141')))
In this example we have nested another group requiring that the ip may contain either of the values in addition to any of the DNS rules.
It’s also possible to constrain the rule to a specific plugin or plugins as well by adding a 4th element in a rule tuple. Defining them would look like so:
# Singular Plugin ID ('plugintext', 'contains', 'credentialed', 19506) # Multiple Plugin IDs ('plugintext', 'contains', 'stuff', [19506, 10180])
Available rules are
dns
,exploitAvailable
,exploitFrameworks
,firstseen
,mac
,os
,ip
,uuid
,lastseen
,netbioshost
,netbiosworkgroup
,pluginid
,plugintext
,port
,severity
,sshv1
,sshv2
,tcpport
,udpport
, andxref
.Available operators are
contains
,eq
,lt
,lte
,ne
,gt
,gte
,regex
,pcre
.Group alauses are either
any
orall
. Any is a logical or. All is a logical and.
scan_id (int, optional) – When defining an “individual” source_type, the numeric id of the scan instance to base the query upon.
search_string (str, optional) – The search string to use as part of an LDAP Query. Must also provide a
dn
and anldap_id
.sort_dir (str, optional) – When defining a filtered asset list type, determines the direction of the sort to use. This field must be passed when defining a sort_field.
sort_field (str, optional) – When defining a filtered asset list type, determines what field to sort the resulting query on.
source_type (str, optional) – The source of the data to query from when defining a filtered asset list type.
start_offset (int, optional) – The start offset of the filter to use when defining a filtered asset list type.
tags (str, optional) – A tag to associate to the asset list.
template (int, optional) – The numeric id of the template to use.
tool (str, optional) – When specifying filtered asset list types, the analysis tool to use for determining what IPs should be included within the asset list.
view (str, optional) – When the source_type is “individual”, the view defined what subset of the data to use.
- Returns:
The newly created asset-list.
- Return type:
Examples
>>> asset-list = sc.asset_lists.create()
- delete(id)[source]¶
Removes a asset-list.
- Parameters:
id (int) – The numeric identifier for the asset-list to remove.
- Returns:
The deletion response dict
- Return type:
Examples
>>> sc.asset_lists.delete(1)
- details(id, org_id=None, fields=None)[source]¶
Returns the details for a specific asset-list.
- Parameters:
- Returns:
The details of asset id.
- Return type:
Examples
>>> asset_id_details = sc.asset_lists.details(1,1) >>> pprint(asset_id_details)
- edit(id, **kw)[source]¶
Edits an asset-list.
- Parameters:
id (int) – The numeric id of the asset list to edit.
combinations (tuple, optional) – An asset combination tuple. For further information refer to the asset combination logic described at
tenable.sc.analysis
.data_fields (list, optional) – A list of data fields as required for a given asset list type. Each item within the list should be formatted in the following way:
{'fieldName': 'name', 'fieldValue': 'value'}
description (str, optional) – The description for the asset list being created.
dn (str, optional) – The base DN to use for an LDAP query. Must also provide a
search_string
and anldap_id
.dns_names (list, optional) – When defining a DNS asset list, use this attribute to provide the list of DNS addresses.
exclude_managed_ips (bool, optional) – Determines whether or not managed IPs should be excluded from the asset list.
filters (list, optional) – A list of filter tuples to use when defining filtered asset list types. Follows the same format as filters within the rest of pyTenable.
fobj (FileObject, optional) – A file-like object to use when uploading an asset list.
ips (list, optional) – A list of IP Addresses, CIDRs, and/or IP Address ranges to use for the purposes of a static asset list.
lce_id (int, optional) – When defining a event-based asset list, which LCE should be used to generate the asset list query.
ldap_id (int, optional) – The numeric identifier pertaining to the LDAP server to use for an LDAP query. must also provide a
dn
and asearch_string
.name (str, optional) – The name for the asset list to create.
prep (bool, optional) – Should asset preparation be run after the list is created? If unspecified, the default action is
True
.rules (tuple, optional) – For a dynamic asset list, the tuple definition of the rules to determine what Ips are associated to this asset list. Rules follow a similar pattern to the asset combination logic and are written in a way to follow the same visual methodology as the UI.
scan_id (int, optional) – When defining an “individual” source_type, the numeric id of the scan instance to base the query upon.
search_string (str, optional) – The search string to use as part of an LDAP Query. Must also provide a
dn
and anldap_id
.sort_dir (str, optional) – When defining a filtered asset list type, determines the direction of the sort to use. This field must be passed when defining a sort_field.
sort_field (str, optional) – When defining a filtered asset list type, determines what field to sort the resulting query on.
source_type (str, optional) – The source of the data to query from when defining a filtered asset list type.
start_offset (int, optional) – The start offset of the filter to use when defining a filtered asset list type.
tags (str, optional) – A tag to associate to the asset list.
template (int, optional) – The numeric id of the template to use.
tool (str, optional) – When specifying filtered asset list types, the analysis tool to use for determining what IPs should be included within the asset list.
type (str, optional) – The type of list to create. Supported values are
combination
,dnsname
,dnsnameupload
,dynamic
,ldapquery
,static
,staticeventfilter
,staticvulnfilter
,templates
,upload
,watchlist
,watchlisteventfilter
, andwatchlistupload
.view (str, optional) – When the source_type is “individual”, the view defined what subset of the data to use.
- Returns:
The newly updated asset-list.
- Return type:
Examples
>>> asset-list = sc.asset_lists.edit()
- export_definition(id, fobj=None)[source]¶
Exports an asset list definition and stored the data in the file-like object that was passed.
- Parameters:
id (int) – The numeric identifier for the asset list to export.
fobj (FileObject) – The file-like object to store the asset list XML definition.
- Returns:
The file-like object containing the XML definition.
- Return type:
FileObject
Examples
>>> with open('example.xml', 'wb') as fobj: ... sc.asset_lists.export_definition(1, fobj)
- import_definition(fobj, name=None)[source]¶
Imports an asset list definition from an asset list definition XML file.
- Parameters:
name (str) – The name of the asset definition to create.
fobj (FileObject) – The file-like object containing the XML definition.
- Returns:
The created asset list from the import.
- Return type:
Examples
>>> with open('example.xml', 'rb') as fobj: ... sc.asset_lists.import_definition('Example', fobj)
- ldap_query(ldap_id, dn, search_string)[source]¶
Performs a LDAP test query on the specified LDAP service configured.
- Parameters:
- Returns:
The LDAP response.
- Return type:
Examples
>>> resp = sc.asset_lists.ldap_query(1, 'domain.com', '*')
- list(fields=None)[source]¶
Retrieves the list of asset list definitions.
- Parameters:
fields (list, optional) – A list of attributes to return for each asset-list.
- Returns:
A list of asset-list resources.
- Return type:
Examples
>>> for asset-list in sc.asset_lists.list(): ... pprint(asset-list)
- refresh(id, org_id, *repos)[source]¶
Initiates an on-demand recalculation of the asset list. Note this endpoint requires being logged in as an admin user.
- Parameters:
- Returns:
Response of the items that the asset list is associated to.
- Return type:
Examples
Perform the refresh against a single repo:
>>> sc.asset_lists.refresh(1, 1, 1)
Perform the refresh against many repos:
>>> sc.asset_lists.refresh(1, 1, 1, 2, 3)
- share(id, *groups)[source]¶
Shares the specified asset list to another user group.
- Parameters:
- Returns:
The updated asset-list resource.
- Return type:
Examples
>>> sc.asset_lists.share(1, group_1, group_2)