Closed john-lowry closed 3 years ago
@john-lowrym can you check now as new version is released
@mvalliammal nope, still not getting it to upload. They are showing up under the "audits" section when I try to configure(). Here is copy/paste from an attempt:
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/file/upload", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cloud.tenable.com:443
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /file/upload HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 16384368b2c62d775e6c5157eb2fdf65 for https://cloud.tenable.com/file/upload
DEBUG:tenable.io.TenableIO:{"method": "GET", "url": "https://cloud.tenable.com/editor/scan/85141", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "GET /editor/scan/85141 HTTP/1.1" 200 79181
DEBUG:tenable.io.TenableIO:Request-UUID 0766351b7b5ff9af6e304a8fc0ce2cf6 for https://cloud.tenable.com/editor/scan/85141
DEBUG:tenable.io.TenableIO:{"method": "PUT", "url": "https://cloud.tenable.com/scans/85141", "params": {}, "body": {"settings": {"name": "DEV InfosecAWS 2", "description": "Test scan that actually does not run", "include_aggregate": true, "folder_id": 83935, "scanner_id": "00000000-0000-0000-0000-00000000000000000000000000001", "agent_group_id": ["4e3fade5-d391-4891-8164-2d16ca284902", "468892fb-c3f7-40b5-bb86-606025d4fc55"], "scan_time_window": 360, "enable_plugin_debugging": "no", "audit_trail": "none", "staggered_start_mins": "0", "wmi_netstat_scanner": "no", "ssh_netstat_scanner": "no", "allow_post_scan_editing": "yes", "enabled": false, "rrules": null, "timezone": null, "starttime": null, "filter_type": null, "filters": null, "emails": null, "sms": "", "acls": [{"permissions": 0, "owner": null, "display_name": null, "name": null, "uuid": null, "id": null, "type": "default"}, {"permissions": 128, "owner": 1, "display_name": "John Lowry", "name": "john.lowry@cambiahealth.com", "uuid": "57f5f9f5-d223-4fcb-9d0a-4a88a7417c08", "id": 5, "type": "user"}], "owner_id": 5}, "uuid": "523c833f-e434-a05f-5a52-0c0c2c160b7cd9c901634c382c2d", "compliance": {"current": {"custom": [], "feed": {}}}, "audits": {"compliance": {"current": {"custom": [{"category": "Unix", "file": "cmb_amzn_2.audit_3", "variables": {"file": "cmb_amzn_2.audit_3"}}]}}}}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "PUT /scans/85141 HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 4183e4e86112b89e6d01581bd1c04596 for https://cloud.tenable.com/scans/85141
DEBUG:tenable.io.TenableIO:{"method": "GET", "url": "https://cloud.tenable.com/editor/scan/85141", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "GET /editor/scan/85141 HTTP/1.1" 200 79181
DEBUG:tenable.io.TenableIO:Request-UUID e3195685d78e3633141de242571a96ca for https://cloud.tenable.com/editor/scan/85141
{'compliance': {'current': {'custom': [], 'feed': {}}},
'settings': {'acls': [{'display_name': None,
'id': None,
'name': None,
'owner': None,
'permissions': 0,
'type': 'default',
'uuid': None},
{'display_name': 'John Lowry',
'id': 5,
'name': 'john.lowry@cambiahealth.com',
'owner': 1,
'permissions': 128,
'type': 'user',
'uuid': '57f5f9f5-d223-4fcb-9d0a-4a88a7417c08'}],
'agent_group_id': ['4e3fade5-d391-4891-8164-2d16ca284902',
'468892fb-c3f7-40b5-bb86-606025d4fc55'],
'allow_post_scan_editing': 'yes',
'audit_trail': 'none',
'description': 'Test scan that actually does not run',
'emails': None,
'enable_plugin_debugging': 'no',
'enabled': False,
'filter_type': None,
'filters': None,
'folder_id': 83935,
'include_aggregate': True,
'name': 'DEV InfosecAWS 2',
'owner_id': 5,
'rrules': None,
'scan_time_window': 360,
'scanner_id': '00000000-0000-0000-0000-00000000000000000000000000001',
'sms': '',
'ssh_netstat_scanner': 'no',
'staggered_start_mins': '0',
'starttime': None,
'timezone': None,
'wmi_netstat_scanner': 'no'},
'uuid': '523c833f-e434-a05f-5a52-0c0c2c160b7cd9c901634c382c2d'}
What I am really trying to do is automate uploading compliance audits. There might be a better way in the API to do it, so feel free to poiint me there.
Found what I am trying to do here:
https://github.com/tenable/audit_scripts/blob/master/cli_scanning/tio_scan.py#L41
The format of the compliance dict matters.
{'custom': 'add':[{ all my stuff]}}
This might want to be documented better, but I don't think this is actually a bug at this point, going to close it.
File addition can be done by using the file upload, but that can be referenced with file_targets in the scan settings. Then directly if you mention the file name in the file_targets, it will pickup and run, We might add that
@john-lowry, In the scan, you can use the file_targets parameter and pass the file, and compliance object, then it works. That is added now in the master branch
Totally worked. However, how do I remove an audit?
@john-lowry ,
Thank you for letting us know it worked.
audit is depending on the parameter you pass in the kwargs and set in the scan['audit'], if you keep that as None, already existing audit might be going off,
compliance = None
tio.scans.configure(scan_id=scanId, compliance=compliance)
Something like this? It did not work, but maybe I am not quite grokking you.
@john-lowry ,
The field used in the settings is settings['audits'] which gets the value from 'compliance' as None if the scan ID is found , otherwise error. It had worked, please verify
Sorry, not quite following along. Where would someone set this as "None." I tried setting it with:
tio.scans.configure(scan_id=myScanId, compliance=None)
But that did nothing. audit=null
when I do this, but it does carry through to compliance at all.
@john-lowry Then please reopen the issue or create new issue. we need to ask that to be resolved, as this is what in current api
Describe the bug It looks like in tio.scans.configure() one can set "compliance" to dict of various audits, but that does not allow for the uploading of a .audit file. The tio.files.upload() would be a way to upload the file and then selecting that in configure() but that is now how it seems to work.
To Reproduce Steps to reproduce the behavior: `with open('cmb_amzn_2.audit') as fobj: file_id = tio.files.upload(fobj)
tio.scans.configure(scan_id=scanId, compliance={"compliance": file_id}) `
Expected behavior A clear way to select the audit file I wish to use in tio.scans.configure()
Additional context Looking for an easy way to upload custom audit files to various compliance scans.