search

packetchaos / navi

A Command-line tool which leverages the Tenable.io API to reduce the time it takes to get information that is common during remediation or a troubleshooting event
GNU General Public License v3.0
72 stars 26 forks source link

Upgrade navi to latest version & tags to agent group #41

Open DBorGe opened 9 months ago

DBorGe commented 9 months ago

Hi packetchaos,

great project you got here. really lovely and I'm happy to see that you took the use case of creating groups based on tags. However, I'm not sure yet how I can use it. I guess that maybe I'm in a wrong version.

How can I upgrade navi to latest version?

Also, for that use case and from my understand that you described in the following issue(https://github.com/packetchaos/navi/issues/37), I could create the tag via tenable.io, and then just run daily the following 2 instructions? 1st: navi update full 2nd: navi agent by tag --c "tag_category" --v "tag_value" --group "group to be created"

that would refresh the group everyday with the agents that have that tag, since the hosts with that tag can change daily as well, right.

packetchaos commented 8 months ago

To upgrade to the latest version you need to uninstall the current version. pip3 uninstall navi-pro

Then, reinstall navi: pip3 install navi-pro

The newest version of navi requires python 3.9, so be sure to upgrade python if you are on a earlier version.

The two commands you stated will update the tag, However, if an Agent changes Groups in the future this process won't remove it from the group. In order to ensure you have the latest data tagged you need to add a --remove option before you tag again.

  1. navi update full
  2. navi tag --c "tag_category" --v "tag_value" --remove byname
  3. navi tag --c "tag_category" --v "tag_value" --group "Group to be created"

This process will keep the Tag UUID intact for dashboarding, reporting and RBAC controls while keeping the tag up-to-date with the latest assets.

The --remove option requires the newest tag be updated in the navi.db, so if you test this out, be sure to update the database before trying to remove the newly created tag from any assets.

packetchaos commented 8 months ago

Also, "byname" is an undocumented key word. I will document it in the coming weeks. I didn't it until testing my response. :)

DBorGe commented 8 months ago

Hi packetchaos, thanks for the detailed info. I've tried uninstall and install again, however I only get this version:

Installing collected packages: navi-pro Successfully installed navi-pro-7.5.7

I've upgraded pip3 also. It should be version 7.5.26 right, not 7.5.7.

thanks

DBorGe commented 8 months ago

I've just run the following command:

pip3 index versions navi-pro

And got the following output:

WARNING: pip index is currently an experimental command. It may be removed/changed in a future release without prior warning.
navi-pro (7.5.7)
Available versions: 7.5.7, 7.5.4, 7.5.1, 7.4.1, 7.3.19, 7.3.17, 7.3.15, 7.3.14, 7.3.13, 7.3.12, 7.3.11, 7.3.10, 7.3.9, 7.2.4, 7.1.35, 7.1.33, 7.1.28, 7.1.26, 7.1.25, 7.1.20, 7.1.19, 7.1.18, 7.1.17, 7.1.16, 7.1.15, 7.1.13, 7.1.10, 7.1.9, 7.1.8, 7.1.7, 7.1.6, 7.1.5, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.0.2, 6.10.7

last available version is 7.5.7 under pip3. And doesn't have bytag option

DBorGe commented 8 months ago

cloning the repo and doing a pip3 install . did the trick.

however, when executing the bytag command I'm getting an error like the following one:

`navi agent bytag --c "agent" --v "notscanned" --group "agents-scan"

Group was found! Group ID is:233616

Retrieving agents from T.VM and comparing it to the navi database. Make sure you have updated recently in case nothing get's moved

Traceback (most recent call last): File "/opt/homebrew/bin/navi", line 8, in sys.exit(cli()) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1157, in call return self.main(args, kwargs) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1078, in main rv = self.invoke(ctx) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1688, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1688, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 1434, in invoke return ctx.invoke(self.callback, ctx.params) File "/opt/homebrew/lib/python3.10/site-packages/click/core.py", line 783, in invoke return __callback(args, **kwargs) File "/opt/homebrew/lib/python3.10/site-packages/navi/plugins/agents.py", line 218, in bytag if tag_uuid[0][0] in temp_agents: IndexError: list index out of range`

packetchaos commented 7 months ago

Interesting. This error is typically a permissions issue. The "indexError" is an unhandled exception to an empty agent group or a group the API user doesn't have access to.

I will see if I can reproduce the issue.