Repositories¶
The following methods allow for interaction with the Tenable Security Center Repository API. These items are typically seen under the Repositories section of Tenable Security Center.
Methods available on sc.repositories
:
- class RepositoryAPI(api: APISession)[source]¶
- accept_risk_rules(repository_id, **kwargs)[source]¶
Retrieves the accepted risk rules associated with the specified repository.
- Parameters:
- Returns:
List of the accepted risk rules that apply to the repo.
- Return type:
Examples
>>> rules = sc.repositories.accept_risk_rules(1)
- asset_intersections(repository_id, uuid=None, ip_address=None, dns=None)[source]¶
Retrieves the asset lists that a UUID, DNS address, or IP exists in.
repository: asst intersections
- Parameters:
- Returns:
The list of assets matching the criteria.
- Return type:
Examples
>>> assetlists = sc.repositories.asset_intersection(1, ... ip='192.168.0.1')
- create(**kwargs)[source]¶
Creates a new repository
- Parameters:
name (str) – The name for the respository.
allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6). If left unspecified, then it will default to the CIDR equivalent of “allow all” for that IP version. IPv4=0.0.0.0/0, IPv6=::/0.
description (str, optional) – A description for the repository.
format (str, optional) – The format of the repository. Valid choices are
agent
,IPv4
,IPv6
, andmobile
. The default if unspecified isIPv4
.fulltext_search (bool, optional) – Should full-text searching be enabled? This option is used for IPv4, IPv6, and agent repository formats and determins whether the plugin output is trended along with the normalized data. If left unspecified, the default is set to
False
.lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats and is defaulted to nothing if left unspecified.
nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format. If left unspecified, it will default to
{'type': 'never'}
.mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository. If left unspecified, it will default to
{'type': 'never'}
.orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.
preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.
remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.
remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.
remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance. If left unspecified then we will default to
{'type': 'never'}
.repo_type (str, optional) – What type of repository is this? Valid choices are
Local
,Remote
, andOffline
. The default if unspecified isLocal
.scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.
trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories. If not supplied, the default will be 0.
- Returns:
The repository resource record for the newly created Repo.
- Return type:
Examples
Creating a new IPv4 Repository leveraging the defaults:
>>> repo = sc.repositories.create(name='Example IPv4')
Creating a new IPv4 Repository with 90 days of trending and linked to the first Organization:
>>> repo = sc.repositories.create( ... name='Example Trending', trending=90, orgs=[1])
Creating an IPv6 repository:
>>> repo = sc.repositories.create( ... name='Example IPv6', format='IPv6')
Creating an agent repository:
>>> repo = sc.repositories.create( ... name='Example Agent', format='agent')
Creating an MDM repository for ActiveSync that will sync every day at 6am eastern:
>>> repo = sc.repositories.create( ... name='Example ActiveSync', mdm_id=1, scanner_id=1, ... format='mobile', orgs=[1], ... mobile_sched={ ... 'repeatRule': 'FREQ=DAILY;INTERVAL=1', ... 'start': 'TZID=America/New_York:20190212T060000', ... 'type': 'ical', ... }, ... preferences={ ... 'domain': 'AD_DOMAIN', ... 'domain_admin': 'DA_ACCOUNT_NAME', ... 'domain_controller': 'dc1.company.tld', ... 'password': 'DA_ACCOUNT_PASSWORD' ... })
Creating a new repository to remotely sync the downstream Tenable Security Center instance’s repository 1 to this host and institute trending for 90 days:
>>> repo = sc.repositories.create( ... name='Example Remote Repo', ... repo_type='Remote', ... remote_ip='192.168.0.101', ... remote_repo=1, ... trending=90, ... orgs=[1], ... remote_sched={ ... 'type': 'ical', ... 'start': 'TZID=America/NewYork:20190212T060000', ... 'repeatRule': 'FREQ=DAILY;INTERVAL=1' ... })
- delete(repository_id)[source]¶
Remove the specified repository from Tenable Security Center
- Parameters:
repository_id (int) – The numeric id of the repository to delete.
- Returns:
Empty response string
- Return type:
Examples
>>> sc.repositories.delete(1)
- details(repository_id, fields=None)[source]¶
Retrieves the details for the specified repository.
- Parameters:
- Returns:
The repository resource record.
- Return type:
Examples
>>> repo = sc.repositories.details(1)
- device_info(repository_id, dns=None, ip_address=None, uuid=None, fields=None)[source]¶
Retrieves the device information for the requested device on the associated repository.
- Parameters:
repository_id (int) – The numeric id for the repository to query.
dns (str) – The DNS name to query
fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository device info API doc.
ip_address (str) – The IP address to query
uuid (str) – The UUID to query.
- Returns:
The device resource.
- Return type:
Examples
>>> host = sc.repositories.device_info(1, ip_address='192.168.0.1')
- edit(repository_id, **kwargs)[source]¶
Updates an existing repository
- Parameters:
repository_id (int) – The numeric id of the repository to edit.
allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6).
description (str, optional) – A description for the repository.
lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats.
name (str, optional) – The name for the repository.
nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format.
mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository.
orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.
preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.
remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.
remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.
remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance.
scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.
trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories.
- Returns:
The repository resource record for the newly created Repo.
- Return type:
Examples
>>> repo = sc.repositories.edit(1, name='Example IPv4')
- export_repository(repository_id, fobj)[source]¶
Exports the repository and writes the archive tarball into the file object passed.
- Parameters:
repository_id (int) – The numeric id associated to the repository.
fobj (FileObject) – The file-like object for the repository archive.
- Returns:
The export response record.
- Return type:
Example
>>> with open('repo.tar.gz', 'wb') as archive: ... sc.repositories.export_repository(1, archive)
- import_repository(repository_id, fobj)[source]¶
Imports the repository archive for an offline repository.
- Parameters:
repository_id (int) – The numeric id associated to the offline repository.
fobj (FileObject) – The file-like object containing the repository archive.
- Returns:
The import response record.
- Return type:
Example
>>> with open('repo.tar.gz', 'rb') as archive: ... sc.repositories.import_repository(1, archive)
- list(fields=None, repo_type=None)[source]¶
Retrieves a list of repositories.
- Parameters:
fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository list API doc.
repo_type (str, optional) – Restrict the response to a specific type of repository. If not set, then all repository types will be returned. Allowed types are
All
,Local
,Remote
, andOffline
.
- Returns:
List of repository definitions.
- Return type:
Examples
Retrieve all of all of the repositories:
>>> repos = sc.repositories.list()
Retrieve all of the remote repositories:
>>> repos = sc.repositories.list(repo_type='Remote')
- mobile_sync(repository_id)[source]¶
Initiates a MDM synchronization with the configured MDM source on the mobile repository specified.
repository: update mobile data
- Parameters:
repository_id (int) – The numeric id for the mobile repository to run the sync.
- Returns:
The sync response record.
- Return type:
Examples
>>> sc.repositories.mobile_sync(1)
- recast_risk_rules(repository_id, **kwargs)[source]¶
Retrieves the recast risk rules associated with the specified repository.
- Parameters:
- Returns:
List of the recast risk rules that apply to the repo.
- Return type:
Examples
>>> rules = sc.repositories.recast_risk_rules(1)
- remote_authorize(host, username, password)[source]¶
Authorized communication to a downstream Tenable Security Center instance with the provided username and password.
- Parameters:
- Returns:
Empty response object
- Return type:
Examples
>>> sc.repositories.remote_authorize( ... '192.168.0.101', 'admin', 'password')
- remote_fetch(host)[source]¶
Retrieves the list of repositories from the specified downstream Tenable Security Center instance.
- remote_sync(repository_id)[source]¶
Initiates a remote synchronization with a downstream Tenable Security Center instance. This action can only be performed on an offline repository.
- Parameters:
repository_id (int) – The numeric id for the remote repository.
- Returns:
The sync response record.
- Return type:
Examples
>>> sc.repositories.remote_sync(1)