search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
345 stars 172 forks source link

Cannot upload a custom compliance audit file #394

Closed john-lowry closed 3 years ago

john-lowry commented 3 years ago

Describe the bug It looks like in tio.scans.configure() one can set "compliance" to dict of various audits, but that does not allow for the uploading of a .audit file. The tio.files.upload() would be a way to upload the file and then selecting that in configure() but that is now how it seems to work.

To Reproduce Steps to reproduce the behavior: `with open('cmb_amzn_2.audit') as fobj: file_id = tio.files.upload(fobj)

tio.scans.configure(scan_id=scanId, compliance={"compliance": file_id}) `

Expected behavior A clear way to select the audit file I wish to use in tio.scans.configure()

Additional context Looking for an easy way to upload custom audit files to various compliance scans.

mvalliammal commented 3 years ago

@john-lowrym can you check now as new version is released

john-lowry commented 3 years ago

@mvalliammal nope, still not getting it to upload. They are showing up under the "audits" section when I try to configure(). Here is copy/paste from an attempt:

DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/file/upload", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cloud.tenable.com:443
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /file/upload HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 16384368b2c62d775e6c5157eb2fdf65 for https://cloud.tenable.com/file/upload
DEBUG:tenable.io.TenableIO:{"method": "GET", "url": "https://cloud.tenable.com/editor/scan/85141", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "GET /editor/scan/85141 HTTP/1.1" 200 79181
DEBUG:tenable.io.TenableIO:Request-UUID 0766351b7b5ff9af6e304a8fc0ce2cf6 for https://cloud.tenable.com/editor/scan/85141
DEBUG:tenable.io.TenableIO:{"method": "PUT", "url": "https://cloud.tenable.com/scans/85141", "params": {}, "body": {"settings": {"name": "DEV InfosecAWS 2", "description": "Test scan that actually does not run", "include_aggregate": true, "folder_id": 83935, "scanner_id": "00000000-0000-0000-0000-00000000000000000000000000001", "agent_group_id": ["4e3fade5-d391-4891-8164-2d16ca284902", "468892fb-c3f7-40b5-bb86-606025d4fc55"], "scan_time_window": 360, "enable_plugin_debugging": "no", "audit_trail": "none", "staggered_start_mins": "0", "wmi_netstat_scanner": "no", "ssh_netstat_scanner": "no", "allow_post_scan_editing": "yes", "enabled": false, "rrules": null, "timezone": null, "starttime": null, "filter_type": null, "filters": null, "emails": null, "sms": "", "acls": [{"permissions": 0, "owner": null, "display_name": null, "name": null, "uuid": null, "id": null, "type": "default"}, {"permissions": 128, "owner": 1, "display_name": "John Lowry", "name": "john.lowry@cambiahealth.com", "uuid": "57f5f9f5-d223-4fcb-9d0a-4a88a7417c08", "id": 5, "type": "user"}], "owner_id": 5}, "uuid": "523c833f-e434-a05f-5a52-0c0c2c160b7cd9c901634c382c2d", "compliance": {"current": {"custom": [], "feed": {}}}, "audits": {"compliance": {"current": {"custom": [{"category": "Unix", "file": "cmb_amzn_2.audit_3", "variables": {"file": "cmb_amzn_2.audit_3"}}]}}}}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "PUT /scans/85141 HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 4183e4e86112b89e6d01581bd1c04596 for https://cloud.tenable.com/scans/85141
DEBUG:tenable.io.TenableIO:{"method": "GET", "url": "https://cloud.tenable.com/editor/scan/85141", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "GET /editor/scan/85141 HTTP/1.1" 200 79181
DEBUG:tenable.io.TenableIO:Request-UUID e3195685d78e3633141de242571a96ca for https://cloud.tenable.com/editor/scan/85141
{'compliance': {'current': {'custom': [], 'feed': {}}},
 'settings': {'acls': [{'display_name': None,
                        'id': None,
                        'name': None,
                        'owner': None,
                        'permissions': 0,
                        'type': 'default',
                        'uuid': None},
                       {'display_name': 'John Lowry',
                        'id': 5,
                        'name': 'john.lowry@cambiahealth.com',
                        'owner': 1,
                        'permissions': 128,
                        'type': 'user',
                        'uuid': '57f5f9f5-d223-4fcb-9d0a-4a88a7417c08'}],
              'agent_group_id': ['4e3fade5-d391-4891-8164-2d16ca284902',
                                 '468892fb-c3f7-40b5-bb86-606025d4fc55'],
              'allow_post_scan_editing': 'yes',
              'audit_trail': 'none',
              'description': 'Test scan that actually does not run',
              'emails': None,
              'enable_plugin_debugging': 'no',
              'enabled': False,
              'filter_type': None,
              'filters': None,
              'folder_id': 83935,
              'include_aggregate': True,
              'name': 'DEV InfosecAWS 2',
              'owner_id': 5,
              'rrules': None,
              'scan_time_window': 360,
              'scanner_id': '00000000-0000-0000-0000-00000000000000000000000000001',
              'sms': '',
              'ssh_netstat_scanner': 'no',
              'staggered_start_mins': '0',
              'starttime': None,
              'timezone': None,
              'wmi_netstat_scanner': 'no'},
 'uuid': '523c833f-e434-a05f-5a52-0c0c2c160b7cd9c901634c382c2d'}
john-lowry commented 3 years ago

What I am really trying to do is automate uploading compliance audits. There might be a better way in the API to do it, so feel free to poiint me there.

john-lowry commented 3 years ago

Found what I am trying to do here:

https://github.com/tenable/audit_scripts/blob/master/cli_scanning/tio_scan.py#L41

The format of the compliance dict matters. 

{'custom': 'add':[{ all my stuff]}}
john-lowry commented 3 years ago

This might want to be documented better, but I don't think this is actually a bug at this point, going to close it.

mvalliammal commented 3 years ago

File addition can be done by using the file upload, but that can be referenced with file_targets in the scan settings. Then directly if you mention the file name in the file_targets, it will pickup and run, We might add that

mvalliammal commented 3 years ago

@john-lowry, In the scan, you can use the file_targets parameter and pass the file, and compliance object, then it works. That is added now in the master branch

john-lowry commented 3 years ago

Totally worked. However, how do I remove an audit?

mvalliammal commented 3 years ago

@john-lowry ,

Thank you for letting us know it worked.

audit is depending on the parameter you pass in the kwargs and set in the scan['audit'], if you keep that as None, already existing audit might be going off,

john-lowry commented 3 years ago 
compliance = None
tio.scans.configure(scan_id=scanId, compliance=compliance)

Something like this? It did not work, but maybe I am not quite grokking you.

valliammal commented 3 years ago

@john-lowry ,

The field used in the settings is settings['audits'] which gets the value from 'compliance' as None if the scan ID is found , otherwise error. It had worked, please verify

john-lowry commented 3 years ago

Sorry, not quite following along. Where would someone set this as "None." I tried setting it with:

tio.scans.configure(scan_id=myScanId, compliance=None)

But that did nothing. audit=null when I do this, but it does carry through to compliance at all.

mvalliammal commented 3 years ago

@john-lowry Then please reopen the issue or create new issue. we need to ask that to be resolved, as this is what in current api