Policies

The following methods allow for interaction into the Tenable Security Center Scan Policies API. These items are typically seen under the Scan Policies section of Tenable Security Center.

Methods available on sc.policies:

class ScanPolicyAPI(api: restfly.session.APISession)[source]
copy(id, name=None)[source]

Clones the specified scan policy

scan-policy: copy

Parameters

  • id (int) – The unique identifier for the source policy to clone.

  • name (str, optional) – The name of the new policy.

Returns

The scan policy resource record for the newly created policy.

Return type

dict

Examples

>>> policy = sc.policies.copy(10001)
>>> pprint(policy)
create(**kw)[source]

Creates a new scan policy

scan-policy: create

Parameters

  • name (str) – The Name of the new scan policy

  • audit_files (list, optional) – A list of audit files (by integer id) to be used for the scan policy.

  • description (str, optional) – An optional description for the policy

  • preferences (dict, optional) – A dictionary of settings that override the defaults within a policy template.

  • profile_name (str, optional) – The profile of the scan. Default is an empty string.

  • owner_id (int, optional) – Define who shall own the policy by that user’s integer identifier

  • tags (str, optional) – An optional tag identifier for the policy

  • template_id (int, optional) – The identifier of the policy template to use. If none is specified, the default id for the “Advanced Policy” will be used.

  • xccdf (bool, optional) – Should XCCDF results be generated? The default is False.

Returns

The created scan policy resource.

Return type

dict

Examples

An example advanced policy with all of the default preferences.

>>> sc.policies.create(
...     name='Example Advanced Policy')

An example policy where we want to modify

delete(id)[source]

Removes a configured scan policy.

scan-policy: delete

Parameters

id (int) – The unique identifier for the policy to remove.

Returns

The empty response from the API.

Return type

str

Examples

>>> sc.policies.delete(10001)
details(id, fields=None)[source]

Retrieves the details for a specified policy.

scan-policy: details

Parameters

  • id (int) – The unique identifier for the policy

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy details API doc.

Returns

Details about the scan policy template

Return type

dict

Examples

>>> policy = sc.policies.details(2)
>>> pprint(policy)
edit(id, **kw)[source]

Edits an existing scan policy

scan-policy: edit

Parameters

  • id (int) – The unique identifier to the scan policy to edit

  • audit_files (list, optional) – A list of audit files (by integer id) to be used for the scan policy.

  • description (str, optional) – An optional description for the policy

  • name (str, optional) – The Name of the new scan policy

  • preferences (dict, optional) – A dictionary of settings that override the defaults within a policy template.

  • profile_name (str, optional) – The profile of the scan. Default is an empty string.

  • remove_prefs (list, optional) – A list of preferences to remove from the policy.

  • owner_id (int, optional) – Define who shall own the policy by that user’s integer identifier

  • tags (str, optional) – An optional tag identifier for the policy

  • template_id (int, optional) – The identifier of the policy template to use. If none is specified, the default id for the “Advanced Policy” will be used.

  • xccdf (bool, optional) – Should XCCDF results be generated? The default is False.

Returns

The updated scan policy resource.

Return type

dict

Examples

An example advanced policy with all of the default preferences.

>>> sc.policies.edit(10001,
...     name='Updated Example Advanced Policy')

To remove a preference, you would perform the following:

>>> sc.policies.edit(10001,
...     remove_prefs=['scan_malware'])
export_policy(id, fobj=None)[source]

Export the specified scan policy

scan-policy: export

Parameters

  • id (int) – The unique identifier for the scan policy to export.

  • fobj (FileObject, optional) – The file-like object to write the resulting file into. If no file-like object is provided, a BytesIO objects with the downloaded file will be returned. Be aware that the default option of using a BytesIO object means that the file will be stored in memory, and it’s generally recommended to pass an actual file-object to write to instead.

Returns

The file-like object with the resulting export.

Return type

FileObject

Examples

>>> with open('example_policy.xml', 'wb') as fobj:
...     sc.policies.export_policy(1001, fobj)
import_policy(name, fobj, description=None, tags=None)[source]

Imports a scan policy into Tenable Security Center

scan-policy: import

Parameters

  • name (str) – The name of the imported scan policy.

  • fobj (FileObject) – The file-like object containing the scan policy.

  • description (str, optional) – A description for the scan policy.

  • tags (str, optional) – A tag for the scan policy.

Returns

An empty response from the API.

Return type

str

Examples

>>> with open('example_policy.xml', 'rb') as fobj:
...     sc.policies.import_policy('Example Policy', fobj)
list(fields=None)[source]

Retrieved the list of Scan policies configured.

scan-policy: list

Parameters

fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy list API doc.

Returns

usable & manageable scan policies.

Return type

dict

Examples

>>> policies = sc.policies.list()
>>> for policy in policies['manageable']:
...     pprint(policy)
share(id, *groups)[source]

Shares the policy with other user groups.

scan-policy: share

Parameters

  • id (int) – The unique identifier for the scan policy to share.

  • *groups (int) – The list of user group ids to share the policy to.

Returns

The updated scan policy resource.

Return type

dict

Examples

Share the scan policy with groups 1, 2, and 3:

>>> sc.policies.share(10001, 1, 2, 3)
tags()[source]

Returns the list of unique tags associated to scan policies.

scan-policy: tags

Returns

The list of unique tags

Return type

list

Examples

>>> tags = sc.policies.tags()
>>> pprint(tags)
template_details(id, fields=None, remove_editor=True)[source]

Retrieves the details for a specified policy template.

scan-policy: template-details

Parameters

  • id (int) – The unique identifier for the policy template

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy template details API doc.

  • remove_editor (bol, optional) – Should the response have the raw editor string removed? The default is yes.

Returns

Details about the scan policy template

Return type

dict

Examples

>>> template = sc.policies.template_details(2)
>>> pprint(template)
template_list(fields=None)[source]

Retrieved the list of scan policy templates.

scan-policy: template-list

Parameters

fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the policy template list API doc.

Returns

List of available policy templates

Return type

list

Examples

>>> templates = sc.policies.template_list()
>>> for policy in templates:
...     pprint(policy)