Repositories¶
The following methods allow for interaction with the Tenable Security Center Repository API. These items are typically seen under the Repositories section of Tenable Security Center.
Methods available on sc.repositories:
- class RepositoryAPI(api: restfly.session.APISession)[source]¶
- accept_risk_rules(repository_id, **kwargs)[source]¶
Retrieves the accepted risk rules associated with the specified repository.
- Parameters
- Returns
List of the accepted risk rules that apply to the repo.
- Return type
Examples
>>> rules = sc.repositories.accept_risk_rules(1)
- asset_intersections(repository_id, uuid=None, ip_address=None, dns=None)[source]¶
Retrieves the asset lists that a UUID, DNS address, or IP exists in.
repository: asst intersections
- Parameters
- Returns
The list of assets matching the criteria.
- Return type
Examples
>>> assetlists = sc.repositories.asset_intersection(1, ... ip='192.168.0.1')
- create(**kwargs)[source]¶
Creates a new repository
- Parameters
name (str) – The name for the respository.
allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6). If left unspecified, then it will default to the CIDR equivalent of “allow all” for that IP version. IPv4=0.0.0.0/0, IPv6=::/0.
description (str, optional) – A description for the repository.
format (str, optional) – The format of the repository. Valid choices are
agent,IPv4,IPv6, andmobile. The default if unspecified isIPv4.fulltext_search (bool, optional) – Should full-text searching be enabled? This option is used for IPv4, IPv6, and agent repository formats and determins whether the plugin output is trended along with the normalized data. If left unspecified, the default is set to
False.lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats and is defaulted to nothing if left unspecified.
nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format. If left unspecified, it will default to
{'type': 'never'}.mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository. If left unspecified, it will default to
{'type': 'never'}.orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.
preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.
remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.
remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.
remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance. If left unspecified then we will default to
{'type': 'never'}.repo_type (str, optional) – What type of repository is this? Valid choices are
Local,Remote, andOffline. The default if unspecified isLocal.scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.
trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories. If not supplied, the default will be 0.
- Returns
The repository resource record for the newly created Repo.
- Return type
Examples
Creating a new IPv4 Repository leveraging the defaults:
>>> repo = sc.repositories.create(name='Example IPv4')
Creating a new IPv4 Repository with 90 days of trending and linked to the first Organization:
>>> repo = sc.repositories.create( ... name='Example Trending', trending=90, orgs=[1])
Creating an IPv6 repository:
>>> repo = sc.repositories.create( ... name='Example IPv6', format='IPv6')
Creating an agent repository:
>>> repo = sc.repositories.create( ... name='Example Agent', format='agent')
Creating an MDM repository for ActiveSync that will sync every day at 6am eastern:
>>> repo = sc.repositories.create( ... name='Example ActiveSync', mdm_id=1, scanner_id=1, ... format='mobile', orgs=[1], ... mobile_sched={ ... 'repeatRule': 'FREQ=DAILY;INTERVAL=1', ... 'start': 'TZID=America/New_York:20190212T060000', ... 'type': 'ical', ... }, ... preferences={ ... 'domain': 'AD_DOMAIN', ... 'domain_admin': 'DA_ACCOUNT_NAME', ... 'domain_controller': 'dc1.company.tld', ... 'password': 'DA_ACCOUNT_PASSWORD' ... })
Creating a new repository to remotely sync the downstream Tenable Security Center instance’s repository 1 to this host and institute trending for 90 days:
>>> repo = sc.repositories.create( ... name='Example Remote Repo', ... repo_type='Remote', ... remote_ip='192.168.0.101', ... remote_repo=1, ... trending=90, ... orgs=[1], ... remote_sched={ ... 'type': 'ical', ... 'start': 'TZID=America/NewYork:20190212T060000', ... 'repeatRule': 'FREQ=DAILY;INTERVAL=1' ... })
- delete(repository_id)[source]¶
Remove the specified repository from Tenable Security Center
- Parameters
repository_id (int) – The numeric id of the repository to delete.
- Returns
Empty response string
- Return type
Examples
>>> sc.repositories.delete(1)
- details(repository_id, fields=None)[source]¶
Retrieves the details for the specified repository.
- Parameters
- Returns
The repository resource record.
- Return type
Examples
>>> repo = sc.repositories.details(1)
- device_info(repository_id, dns=None, ip_address=None, uuid=None, fields=None)[source]¶
Retrieves the device information for the requested device on the associated repository.
- Parameters
repository_id (int) – The numeric id for the repository to query.
dns (str) – The DNS name to query
fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository device info API doc.
ip_address (str) – The IP address to query
uuid (str) – The UUID to query.
- Returns
The device resource.
- Return type
Examples
>>> host = sc.repositories.device_info(1, ip_address='192.168.0.1')
- edit(repository_id, **kwargs)[source]¶
Updates an existing repository
- Parameters
repository_id (int) – The numeric id of the repository to edit.
allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6).
description (str, optional) – A description for the repository.
lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats.
name (str, optional) – The name for the repository.
nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format.
mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository.
orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.
preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.
remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.
remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.
remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance.
scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.
trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories.
- Returns
The repository resource record for the newly created Repo.
- Return type
Examples
>>> repo = sc.repositories.edit(1, name='Example IPv4')
- export_repository(repository_id, fobj)[source]¶
Exports the repository and writes the archive tarball into the file object passed.
- Parameters
repository_id (int) – The numeric id associated to the repository.
fobj (FileObject) – The file-like object for the repository archive.
- Returns
The export response record.
- Return type
Example
>>> with open('repo.tar.gz', 'wb') as archive: ... sc.repositories.export_repository(1, archive)
- import_repository(repository_id, fobj)[source]¶
Imports the repository archive for an offline repository.
- Parameters
repository_id (int) – The numeric id associated to the offline repository.
fobj (FileObject) – The file-like object containing the repository archive.
- Returns
The import response record.
- Return type
Example
>>> with open('repo.tar.gz', 'rb') as archive: ... sc.repositories.import_repository(1, archive)
- list(fields=None, repo_type=None)[source]¶
Retrieves a list of repositories.
- Parameters
fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository list API doc.
repo_type (str, optional) – Restrict the response to a specific type of repository. If not set, then all repository types will be returned. Allowed types are
All,Local,Remote, andOffline.
- Returns
List of repository definitions.
- Return type
Examples
Retrieve all of all of the repositories:
>>> repos = sc.repositories.list()
Retrieve all of the remote repositories:
>>> repos = sc.repositories.list(repo_type='Remote')
- mobile_sync(repository_id)[source]¶
Initiates a MDM synchronization with the configured MDM source on the mobile repository specified.
repository: update mobile data
- Parameters
repository_id (int) – The numeric id for the mobile repository to run the sync.
- Returns
The sync response record.
- Return type
Examples
>>> sc.repositories.mobile_sync(1)
- recast_risk_rules(repository_id, **kwargs)[source]¶
Retrieves the recast risk rules associated with the specified repository.
- Parameters
- Returns
List of the recast risk rules that apply to the repo.
- Return type
Examples
>>> rules = sc.repositories.recast_risk_rules(1)
- remote_authorize(host, username, password)[source]¶
Authorized communication to a downstream Tenable Security Center instance with the provided username and password.
- Parameters
- Returns
Empty response object
- Return type
Examples
>>> sc.repositories.remote_authorize( ... '192.168.0.101', 'admin', 'password')
- remote_fetch(host)[source]¶
Retrieves the list of repositories from the specified downstream Tenable Security Center instance.
- remote_sync(repository_id)[source]¶
Initiates a remote synchronization with a downstream Tenable Security Center instance. This action can only be performed on an offline repository.
- Parameters
repository_id (int) – The numeric id for the remote repository.
- Returns
The sync response record.
- Return type
Examples
>>> sc.repositories.remote_sync(1)