Credentials not being attached to a newly created scan

[tejas619]

Hi,

I am running the below command using navi navi scan create <TARGET_IP> --scanner 210193 --cred decf3977-faf1-46f8-b84c-34ea1dd47f35 --policy 691

The scan gets created in Tenable.io. However, the credentials are not getting attached to the scan. Is there a way I can run navi in debug to take a look what's happening?

[packetchaos]

Not for this command. I went over the code and I can't figure out a scenario where this is possible.

When the '--cred' command is used navi calls out to tenable.io to validate the credential UUID and pulls down the credential name and credential type name which is required by the API for proper credential attachment. An incorrect UUID will throw an error.

Curious... Would you share the credential name? Maybe there is a Char that is causing an unknown error.

I can't seem to replicate the issue in any scenario I can think of. I either get an unhandled python error or a clear error that says the UUID is wrong.

As always, ensure you are using the latest version of navi which is current 6.8.1

[tejas619]

The credential name we have is GOTS Network TACAS

[packetchaos]

Okay. I was able to replicate it. This is a Tenable.io API issue. Credentials get added without a Policy ID, However, when you add a policy ID the credentials for some reason are ignored by the API.

I tried using the developer portal to test, and the credentials used were ignored; confirming the issue to be with the Tenable.io API.

I'm going to gather more evidence and submit a ticket to correct the issue.

I will keep this ticket open and will update it with the Tenable.io ticket number.

[tejas619]

Thanks for the update @packetchaos

[packetchaos]

Turns out this is a Navi issue. The API requires a custom-template when using a policy. A fix will be on pip in an hour.

[packetchaos]

Fix is released to Pip as 6.8.2