Common Themes¶

Tenable Security Center CRUD within pyTenable¶

pyTenable allows for the ability to leverage both the naturalized inputs as well as passing the raw parameters within the same structure. In some cases this doesn’t seem immediately obvious, however allows for the ability to pass parameters that either haven’t yet been, or in some cases, may never be interpreted by the library.

For example, in the alerts API, you could pass the snake_cased always_exec_on_trigger or you could pass what the API endpoint itself expects, which is executeOnEveryTrigger. The snake-cased version expects a boolean value, which will be converted into the string value that camelCased variant expects. You’ll see this behavior a lot throughout the library, and is intended to allow you to sidestep most things should you need to. For example, in the alerts API again, you may not want to pass a trigger as trigger=('sumip', '>=', '100') and instead pass as the parameters that are to be written into the JSON request: triggerName='sumip', triggerOperator='>=', triggerValue='100'. Both of these methods will produce the same JSON request, and the the option is yours to use the right way for the job.

Along these same lines, its possible to see how the JSON documents are being constructed by simply looking at the _constructor methods for each APIEndpoint class. If pyTenable is getting in your way, you can almost always sidestep it and pass the exact dictionary you wish to pass on to the API.

Schedule Dictionaries¶

A dictionary detailing the repeating schedule within Tenable Security Center. This dictionary consists of 1 or 3 parameters, depending on the type of schedule. In all of the definitions except ical, a single parameter of type is passed with lone of the following values: ical, never, rollover, and template. If no document is specified, then the default of never is assumed. For repeating scans, you’ll have to use the type of ical and also specify the start and repeatRule parameters as well. The start parameter is an iCal DateTime Form #3 formatted string specifying the date and time in which to start the repeating event. The repeatRule parameter is an iCal Recurrence Rule formatted string.

Example Never Declaration:

{'type': 'never'}

Example daily event starting at 9am Eastern

{
    'type': 'ical',
    'start': 'TZID=America/New_York:20190214T090000',
    'repeatRule': 'FREQ=DAILY;INTERVAL=1'
}

Example weekly event every Saturday at 8:30pm Eastern

{
    'type': 'ical',
    'start': 'TZID=America/New_York:20190214T203000',
    'repeatRule': 'FREQ=WEEKLY;BYDAY=SA;INTERVAL=1'
}

There are detailed instructions in the RFC documentation on how to construct these recurrence rules. Further there are some packages out there to aid in converting more human-readable text into recurrence rules, such as the recurrent package for example.