Recast Risks

The following methods allow for interaction into the Tenable Security Center Recast Risk API.

Methods available on sc.recast_risks:

class RecastRiskAPI(api: restfly.session.APISession)[source]
apply(risk_id, repo)[source]

Applies the recast risk rule for either all repositories, or the repository specified.

recast-risk: apply

Parameters

  • risk_id (int) – The identifier for the recast risk rule.

  • repo (int, optional) – A specific repository to apply the rule to. The default if not specified is all repositories (0).

Returns

Empty string response from the API.

Return type

str

Examples

>>> sc.recast_risks.apply(1)
create(plugin_id, repos, severity_id, **kwargs)[source]

Creates a new recast risk rule. Either ips, uuids, or asset_list must be specified.

recast-risk: create

Parameters

  • plugin_id (int) – The plugin to apply the recast risk rule to.

  • repos (list) – The list of repositories to apply this recast risk rule to.

  • severity_id (int) – The new severity that vulns matching this rule should be recast to. Valid values are: 0: Info, 1: Low, 2: Medium, 3: High, and 4: Critical.

  • asset_list (int, optional) – The asset list id to apply the recast risk rule to. Please note that asset_list, ips, and uuids are mutually exclusive.

  • comments (str, optional) – The comment associated to the recast risk rule.

  • ips (list, optional) – A list of IPs to apply the recast risk rule to. Please note that asset_list, ips, and uuids are mutually exclusive.

  • port (int, optional) – The port to restrict this recast risk rule to. The default is unrestricted.

  • protocol (int, optional) – The protocol to restrict the recast risk rule to. The default is unrestricted.

  • uuids (list, optional) – The agent uuids to apply the recast risk rule to. Please note that asset_list, ips, and uuids are mutually exclusive.

Returns

The newly created recast risk rule definition.

Return type

dict

Examples

Create a rule to recast 97737 on 2 IPs to informational.

>>> rule = sc.recast_risks.create(97737, [1], 0
...     ips=['192.168.0.101', '192.168.0.102'])
delete(risk_id)[source]

Removes the recast risk rule from Tenable Security Center

recast-risk: delete

Parameters

risk_id (int) – The identifier for the recast risk rule.

Returns

Empty string response from the API.

Return type

str

Examples

>>> sc.recast_risks.delete(1)
details(risk_id, fields=None)[source]

Retrieves the details of an recast risk rule.

recast-risk: details

Parameters

  • risk_id (int) – The identifier for the recast risk rule.

  • fields (list, optional) – A list of attributes to return for each recast risk rule.

Returns

The recast risk rule details.

Return type

dict

Examples

>>> rule = sc.recast_risks.details(1)
>>> pprint(rule)
list(repo_ids=None, plugin_id=None, port=None, org_ids=None, fields=None)[source]

Retrieves the list of recasted risk rules.

recast-risk: list

Parameters

  • fields (list, optional) – A list of attributes to return for each recast risk rule.

  • plugin_id (int, optional) – Plugin id to filter the response on.

  • port (int, optional) – Port number to filter the response on.

  • org_ids (list, optional) – List of organization ids to filter on.

  • repo_ids (list, optional) – List of repository ids to filter the response on.

Returns

A list of recast risk rules.

Return type

list

Examples

>>> for rule in sc.recast_risks.list():
...     pprint(rule)