search

packetchaos / navi

A Command-line tool which leverages the Tenable.io API to reduce the time it takes to get information that is common during remediation or a troubleshooting event
GNU General Public License v3.0
72 stars 26 forks source link

Tagging not working with navi pro #18

Closed azii90 closed 3 years ago

azii90 commented 3 years ago

Hi, We have recently tried navi pro on our tenable instance to create tags based on agent groups. It seems to be working fine for about 10-20 agents but when it is about 1k agents the tag it self in tenable is getting created but not assigned to any agents. attaching the shell output of the commands. Any assistance is greatly appreciated. navipro output.docx

packetchaos commented 3 years ago

Thank you for submitting this ticket. Unfortunately, this is a bug with the Tenable.io API. Let me explain.

For the majority of Tagging capabilities in Navi, I use the following API endpoint:

https://cloud.tenable.com/tags/assets/assignments

This endpoint takes an Asset UUID and allows for up to 2000 assets to be tagged at once. In cases over 2000, I chunk the request up into 2000 item chunks and push them through one chunk at a time.

However, the Agent Group endpoint below does not provide an Asset UUID, it only provides a Tenable UUID. A Tenable UUID can not be used in the Asset Assignment URI endpoint above.

https://cloud.tenable.com/scanners/scanner_id/agent-groups/group_id

This leaves Navi with the only options to use the Tenable UUID or the IP address in a Tag Rule. However, there can only be 500 Tag rules. So this limits the Tagging by Agent Group to 500 total Assets.

I'm working with Tenable to resolve this bug, but have not been successful thus far.

packetchaos commented 3 years ago

Update.

So while this will take some time for Tenable to resolve there is a new workaround.

You will need to use navi display scans to grab the scan ID for each Agent scan per group. Then you can use the new "Tag by scan ID" command.

`navi tag --c "Scan ID tag example" --v "Value for tag by scan id- XYZ" --scanid xyz

azii90 commented 3 years ago

Thanks, Let me give it a try.

Update.

So while this will take some time for Tenable to resolve there is a new workaround.

You will need to use navi display scans to grab the scan ID for each Agent scan per group. Then you can use the new "Tag by scan ID" command.

`navi tag --c "Scan ID tag example" --v "Value for tag by scan id- XYZ" --scanid xyz

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/packetchaos/navi/issues/18#issuecomment-803158367, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATH2LKPOETPEEJVZCPVTX4DTEPCPTANCNFSM4ZIS7GWA.

CONFIDENTIALITY NOTICE: This email and attached material are intended for the use of the individual or organization to whom they are addressed and may not be distributed, copied, or disclosed to other unauthorized persons. This material may contain confidential and/or personal information subject to the provisions of the Freedom of Information and Protection of Privacy Act, the Municipal Freedom of Information and Protection of Privacy Act, and/or the Personal Health Information Protection Act. If you receive this transmission in error, please notify me immediately and delete this message. Do not email, print, copy, distribute, or disclose this email or its contents further. Thank you for your co-operation and assistance.

azii90 commented 3 years ago

Hi, Your last workaround did wonders for us. Thanks

I was also wondering if there is a way to create Agent Groups using navi? We would like to create agent groups using the tags. Please let me know if this is possible.

packetchaos commented 3 years ago

I'm glad the workaround worked for you.

Navi, today can not create Agent groups or add agents to a group. However, I will add this to my backlog. I should be able to finish it in 2 to 4 weeks.

Currently, I'm working on making the db queries faster. :)

azii90 commented 3 years ago

Thanks Casey, Please keep me posted.

From: Casey Reid @.> Sent: Friday, March 26, 2021 12:36 PM To: packetchaos/navi @.> Cc: Azfar Siddiqui @.>; Author @.> Subject: Re: [packetchaos/navi] Tagging not working with navi pro (#18)

CAUTION: External to Humber. Verify sender and use caution with links and attachments. Report suspicious emails using the Phish Alert Button (PAB).

I'm glad the workaround worked for you.

Navi, today can not create Agent groups or add agents to a group. However, I will add this to my backlog. I should be able to finish it in 2 to 4 weeks.

Currently, I'm working on making the db queries faster. :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/packetchaos/navi/issues/18#issuecomment-808358756, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATH2LKNFCTX2ULWS5JRQATDTFSZW5ANCNFSM4ZIS7GWA.

CONFIDENTIALITY NOTICE: This email and attached material are intended for the use of the individual or organization to whom they are addressed and may not be distributed, copied, or disclosed to other unauthorized persons. This material may contain confidential and/or personal information subject to the provisions of the Freedom of Information and Protection of Privacy Act, the Municipal Freedom of Information and Protection of Privacy Act, and/or the Personal Health Information Protection Act. If you receive this transmission in error, please notify me immediately and delete this message. Do not email, print, copy, distribute, or disclose this email or its contents further. Thank you for your co-operation and assistance.