Repositories

The following methods allow for interaction with the Tenable Security Center Repository API. These items are typically seen under the Repositories section of Tenable Security Center.

Methods available on sc.repositories:

class RepositoryAPI(api: APISession)[source]
accept_risk_rules(repository_id, **kwargs)[source]

Retrieves the accepted risk rules associated with the specified repository.

repository: accept rules

Parameters:
  • repository_id (int) – The numeric id of the repository.

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository accept risk rules API doc.

Returns:

List of the accepted risk rules that apply to the repo.

Return type:

list

Examples

>>> rules = sc.repositories.accept_risk_rules(1)
asset_intersections(repository_id, uuid=None, ip_address=None, dns=None)[source]

Retrieves the asset lists that a UUID, DNS address, or IP exists in.

repository: asst intersections

Parameters:
  • repository_id (int) – The numeric identifier of the repository to query.

  • dns (str) – The DNS name to query

  • ip_address (str) – The IP address to query

  • uuid (str) – The UUID to query.

Returns:

The list of assets matching the criteria.

Return type:

list

Examples

>>> assetlists = sc.repositories.asset_intersection(1,
...     ip='192.168.0.1')
create(**kwargs)[source]

Creates a new repository

repository: create

Parameters:
  • name (str) – The name for the respository.

  • allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6). If left unspecified, then it will default to the CIDR equivalent of “allow all” for that IP version. IPv4=0.0.0.0/0, IPv6=::/0.

  • description (str, optional) – A description for the repository.

  • format (str, optional) – The format of the repository. Valid choices are agent, IPv4, IPv6, and mobile. The default if unspecified is IPv4.

  • fulltext_search (bool, optional) – Should full-text searching be enabled? This option is used for IPv4, IPv6, and agent repository formats and determins whether the plugin output is trended along with the normalized data. If left unspecified, the default is set to False.

  • lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats and is defaulted to nothing if left unspecified.

  • nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format. If left unspecified, it will default to {'type': 'never'}.

  • mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository. If left unspecified, it will default to {'type': 'never'}.

  • orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.

  • preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.

  • remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.

  • remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.

  • remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance. If left unspecified then we will default to {'type': 'never'}.

  • repo_type (str, optional) – What type of repository is this? Valid choices are Local, Remote, and Offline. The default if unspecified is Local.

  • scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.

  • trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories. If not supplied, the default will be 0.

Returns:

The repository resource record for the newly created Repo.

Return type:

dict

Examples

Creating a new IPv4 Repository leveraging the defaults:

>>> repo = sc.repositories.create(name='Example IPv4')

Creating a new IPv4 Repository with 90 days of trending and linked to the first Organization:

>>> repo = sc.repositories.create(
...     name='Example Trending', trending=90, orgs=[1])

Creating an IPv6 repository:

>>> repo = sc.repositories.create(
...     name='Example IPv6', format='IPv6')

Creating an agent repository:

>>> repo = sc.repositories.create(
...     name='Example Agent', format='agent')

Creating an MDM repository for ActiveSync that will sync every day at 6am eastern:

>>> repo = sc.repositories.create(
...     name='Example ActiveSync', mdm_id=1, scanner_id=1,
...     format='mobile', orgs=[1],
...     mobile_sched={
...         'repeatRule': 'FREQ=DAILY;INTERVAL=1',
...         'start': 'TZID=America/New_York:20190212T060000',
...         'type': 'ical',
...     },
...     preferences={
...         'domain': 'AD_DOMAIN',
...         'domain_admin': 'DA_ACCOUNT_NAME',
...         'domain_controller': 'dc1.company.tld',
...         'password': 'DA_ACCOUNT_PASSWORD'
... })

Creating a new repository to remotely sync the downstream Tenable Security Center instance’s repository 1 to this host and institute trending for 90 days:

>>> repo = sc.repositories.create(
...     name='Example Remote Repo',
...     repo_type='Remote',
...     remote_ip='192.168.0.101',
...     remote_repo=1,
...     trending=90,
...     orgs=[1],
...     remote_sched={
...         'type': 'ical',
...         'start': 'TZID=America/NewYork:20190212T060000',
...         'repeatRule': 'FREQ=DAILY;INTERVAL=1'
... })
delete(repository_id)[source]

Remove the specified repository from Tenable Security Center

repository: delete

Parameters:

repository_id (int) – The numeric id of the repository to delete.

Returns:

Empty response string

Return type:

str

Examples

>>> sc.repositories.delete(1)
details(repository_id, fields=None)[source]

Retrieves the details for the specified repository.

repository: details

Parameters:
  • repository_id (int) – The numeric id of the repository.

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository details API doc.

Returns:

The repository resource record.

Return type:

dict

Examples

>>> repo = sc.repositories.details(1)
device_info(repository_id, dns=None, ip_address=None, uuid=None, fields=None)[source]

Retrieves the device information for the requested device on the associated repository.

repository: device info

repository: ip info

Parameters:
  • repository_id (int) – The numeric id for the repository to query.

  • dns (str) – The DNS name to query

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository device info API doc.

  • ip_address (str) – The IP address to query

  • uuid (str) – The UUID to query.

Returns:

The device resource.

Return type:

dict

Examples

>>> host = sc.repositories.device_info(1, ip_address='192.168.0.1')
edit(repository_id, **kwargs)[source]

Updates an existing repository

repository: edit

Parameters:
  • repository_id (int) – The numeric id of the repository to edit.

  • allowed_ips (list, optional) – Allowed IPs will restrict incoming data being inserted into the repository to only the IPs that exist within the configured CIDR ranges. Accepts a list of CIDR strings based on the repository format (IPv4 or IPv6).

  • description (str, optional) – A description for the repository.

  • lce_correlation (list, optional) – What Log Correlation Engines (if any) should correlate against this repository. A list of configured LCE numeric IDs is supplied. This option is used on IPv4, IPv6, and agent formats.

  • name (str, optional) – The name for the repository.

  • nessus_sched (dict, optional) – This is the .Nessus file generation schedule for IPv4 and IPv6 repository formats. This option should only be used if there is a need to consume the Repository in a raw Nessus XML format.

  • mobile_sched (dict, optional) – When using the mobile repository format, this option will inform Tenable Security Center how often to perform the MDM synchronization into the repository.

  • orgs (list, optional) – A list of Organization IDs used to assign the repository to 1 or many organizations.

  • preferences (dict, optional) – When using a mobile repository type, this dictionary details the required preferences to inject into the backend scan needed to communicate to the MDM solution.

  • remote_ip (str, optional) – When the Remote repository type is used, this is the IP address of the Tenable Security Center instance that the repository will be pulled from.

  • remote_repo (int, optional) – When the Remote repository type is used, this is the numeric ID of the repository on the remote host that will be pulled.

  • remote_sched (dict, optional) – When the Remote repository type is used, this is the schedule dictionary that will inform Tenable Security Center how often to synchronize with the downstream Tenable Security Center instance.

  • scanner_id (int, optional) – When using the mobile repository format, we must specify the scanner from which to query the MDM source.

  • trending (int, optional) – How many days of trending snapshots should be created for this repository. This value is only used for IPv4, IPv6, and agent repositories.

Returns:

The repository resource record for the newly created Repo.

Return type:

dict

Examples

>>> repo = sc.repositories.edit(1, name='Example IPv4')
export_repository(repository_id, fobj)[source]

Exports the repository and writes the archive tarball into the file object passed.

repository: export

Parameters:
  • repository_id (int) – The numeric id associated to the repository.

  • fobj (FileObject) – The file-like object for the repository archive.

Returns:

The export response record.

Return type:

dict

Example

>>> with open('repo.tar.gz', 'wb') as archive:
...     sc.repositories.export_repository(1, archive)
import_repository(repository_id, fobj)[source]

Imports the repository archive for an offline repository.

repository: import

Parameters:
  • repository_id (int) – The numeric id associated to the offline repository.

  • fobj (FileObject) – The file-like object containing the repository archive.

Returns:

The import response record.

Return type:

dict

Example

>>> with open('repo.tar.gz', 'rb') as archive:
...     sc.repositories.import_repository(1, archive)
list(fields=None, repo_type=None)[source]

Retrieves a list of repositories.

repository: list

Parameters:
  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository list API doc.

  • repo_type (str, optional) – Restrict the response to a specific type of repository. If not set, then all repository types will be returned. Allowed types are All, Local, Remote, and Offline.

Returns:

List of repository definitions.

Return type:

list

Examples

Retrieve all of all of the repositories:

>>> repos = sc.repositories.list()

Retrieve all of the remote repositories:

>>> repos = sc.repositories.list(repo_type='Remote')
mobile_sync(repository_id)[source]

Initiates a MDM synchronization with the configured MDM source on the mobile repository specified.

repository: update mobile data

Parameters:

repository_id (int) – The numeric id for the mobile repository to run the sync.

Returns:

The sync response record.

Return type:

dict

Examples

>>> sc.repositories.mobile_sync(1)
recast_risk_rules(repository_id, **kwargs)[source]

Retrieves the recast risk rules associated with the specified repository.

repository: recast rules

Parameters:
  • repository_id (int) – The numeric id of the repository.

  • fields (list, optional) – The list of fields that are desired to be returned. For details on what fields are available, please refer to the details on the request within the repository recast risk rules API doc.

Returns:

List of the recast risk rules that apply to the repo.

Return type:

list

Examples

>>> rules = sc.repositories.recast_risk_rules(1)
remote_authorize(host, username, password)[source]

Authorized communication to a downstream Tenable Security Center instance with the provided username and password.

repository: authorize

Parameters:
  • host (str) – The downstream Tenable Security Center instance ip address.

  • username (str) – The username to authenticate with.

  • password (str)

Returns:

Empty response object

Return type:

str

Examples

>>> sc.repositories.remote_authorize(
...     '192.168.0.101', 'admin', 'password')
remote_fetch(host)[source]

Retrieves the list of repositories from the specified downstream Tenable Security Center instance.

repository: fetch remote

Parameters:

host (str) – The downstream Tenable Security Center instance ip address.

Returns:

The list of repositories on the downstream Tenable Security Center instance.

Return type:

list

remote_sync(repository_id)[source]

Initiates a remote synchronization with a downstream Tenable Security Center instance. This action can only be performed on an offline repository.

repository: sync

Parameters:

repository_id (int) – The numeric id for the remote repository.

Returns:

The sync response record.

Return type:

dict

Examples

>>> sc.repositories.remote_sync(1)