Policies

The following methods allow for interaction into the Tenable Security Center Scan Policies API. These items are typically seen under the Scan Policies section of Tenable Security Center.

Methods available on sc.policies:

class ScanPolicyAPI(api: APISession)[source]
copy(id, name=None)[source]

Clones the specified scan policy

scan-policy: copy

Parameters:
  • id (int) – The unique identifier for the source policy to clone.

  • name (str, optional) – The name of the new policy.

Returns:

The scan policy resource record for the newly created policy.

Return type:

dict

Examples

>>> policy = sc.policies.copy(10001)
>>> pprint(policy)
create(**kw)[source]

Creates a new scan policy

scan-policy: create

Parameters:
  • name (str) – The Name of the new scan policy

  • audit_files (list, optional) – A list of audit files (by integer id) to be used for the scan policy.

  • description (str, optional) – An optional description for the policy

  • preferences (dict, optional) – A dictionary of settings that override the defaults within a policy template.

  • profile_name (str, optional) – The profile of the scan. Default is an empty string.

  • owner_id (int, optional) – Define who shall own the policy by that user’s integer identifier

  • tags (str, optional) – An optional tag identifier for the policy

  • template_id (int, optional) – The identifier of the policy template to use. If none is specified, the default id for the “Advanced Policy” will be used.

  • xccdf (bool, optional) – Should XCCDF results be generated? The default is False.

Returns:

The created scan policy resource.

Return type:

dict

Examples

An example advanced policy with all of the default preferences.

>>> sc.policies.create(
...     name='Example Advanced Policy')

An example policy where we want to modify

delete(id)[source]

Removes a configured scan policy.

scan-policy: delete

Parameters:

id (int) – The unique identifier for the policy to remove.

Returns:

The empty response from the API.

Return type:

str

Examples

>>> sc.policies.delete(10001)
details(id, fields=None)[source]

Retrieves the details for a specified policy.

scan-policy: details

Parameters:
  • id (int) – The unique identifier for the policy

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy details API doc.

Returns:

Details about the scan policy template

Return type:

dict

Examples

>>> policy = sc.policies.details(2)
>>> pprint(policy)
edit(id, **kw)[source]

Edits an existing scan policy

scan-policy: edit

Parameters:
  • id (int) – The unique identifier to the scan policy to edit

  • audit_files (list, optional) – A list of audit files (by integer id) to be used for the scan policy.

  • description (str, optional) – An optional description for the policy

  • name (str, optional) – The Name of the new scan policy

  • preferences (dict, optional) – A dictionary of settings that override the defaults within a policy template.

  • profile_name (str, optional) – The profile of the scan. Default is an empty string.

  • remove_prefs (list, optional) – A list of preferences to remove from the policy.

  • owner_id (int, optional) – Define who shall own the policy by that user’s integer identifier

  • tags (str, optional) – An optional tag identifier for the policy

  • template_id (int, optional) – The identifier of the policy template to use. If none is specified, the default id for the “Advanced Policy” will be used.

  • xccdf (bool, optional) – Should XCCDF results be generated? The default is False.

Returns:

The updated scan policy resource.

Return type:

dict

Examples

An example advanced policy with all of the default preferences.

>>> sc.policies.edit(10001,
...     name='Updated Example Advanced Policy')

To remove a preference, you would perform the following:

>>> sc.policies.edit(10001,
...     remove_prefs=['scan_malware'])
export_policy(id, fobj=None)[source]

Export the specified scan policy

scan-policy: export

Parameters:
  • id (int) – The unique identifier for the scan policy to export.

  • fobj (FileObject, optional) – The file-like object to write the resulting file into. If no file-like object is provided, a BytesIO objects with the downloaded file will be returned. Be aware that the default option of using a BytesIO object means that the file will be stored in memory, and it’s generally recommended to pass an actual file-object to write to instead.

Returns:

The file-like object with the resulting export.

Return type:

FileObject

Examples

>>> with open('example_policy.xml', 'wb') as fobj:
...     sc.policies.export_policy(1001, fobj)
import_policy(name, fobj, description=None, tags=None)[source]

Imports a scan policy into Tenable Security Center

scan-policy: import

Parameters:
  • name (str) – The name of the imported scan policy.

  • fobj (FileObject) – The file-like object containing the scan policy.

  • description (str, optional) – A description for the scan policy.

  • tags (str, optional) – A tag for the scan policy.

Returns:

An empty response from the API.

Return type:

str

Examples

>>> with open('example_policy.xml', 'rb') as fobj:
...     sc.policies.import_policy('Example Policy', fobj)
list(fields=None)[source]

Retrieved the list of Scan policies configured.

scan-policy: list

Parameters:

fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy list API doc.

Returns:

usable & manageable scan policies.

Return type:

dict

Examples

>>> policies = sc.policies.list()
>>> for policy in policies['manageable']:
...     pprint(policy)
share(id, *groups)[source]

Shares the policy with other user groups.

scan-policy: share

Parameters:
  • id (int) – The unique identifier for the scan policy to share.

  • *groups (int) – The list of user group ids to share the policy to.

Returns:

The updated scan policy resource.

Return type:

dict

Examples

Share the scan policy with groups 1, 2, and 3:

>>> sc.policies.share(10001, 1, 2, 3)
tags()[source]

Returns the list of unique tags associated to scan policies.

scan-policy: tags

Returns:

The list of unique tags

Return type:

list

Examples

>>> tags = sc.policies.tags()
>>> pprint(tags)
template_details(id, fields=None, remove_editor=True)[source]

Retrieves the details for a specified policy template.

scan-policy: template-details

Parameters:
  • id (int) – The unique identifier for the policy template

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy template details API doc.

  • remove_editor (bol, optional) – Should the response have the raw editor string removed? The default is yes.

Returns:

Details about the scan policy template

Return type:

dict

Examples

>>> template = sc.policies.template_details(2)
>>> pprint(template)
template_list(fields=None)[source]

Retrieved the list of scan policy templates.

scan-policy: template-list

Parameters:

fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy template list API doc.

Returns:

List of available policy templates

Return type:

list

Examples

>>> templates = sc.policies.template_list()
>>> for policy in templates:
...     pprint(policy)