search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
354 stars 173 forks source link

Tenable.sc create policies not working for template id 25 (advanced agent scan). #688

Closed huubverheyen closed 1 year ago

huubverheyen commented 1 year ago

Describe the bug When creating a policy, using the parameters name and template_id, template id 25 (Advanced Agent Scan) returns an error. For other template id's it works as intended.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://pytenable.readthedocs.io/en/stable/api/sc/policies.html
  2. Call the "create" method / function
  3. Do use the parameters name and template_id. Template id 25 to be specific
  4. See error "TypeError: preference:staggered_start_mins:value is of type int. Expected str"

Expected behavior Create a TenableSC policy with the provided name and template_id (25 --> Advanced agent scan)

System Information (please complete the following information):

6illess commented 1 year ago

Hi, any update on this please?

SteveMcGrath commented 1 year ago

@huubverheyen apologies for the delay, have you tried recasting the value of staggered_start_mins as a string?

huubverheyen commented 1 year ago

@SteveMcGrath thanks for the reply! I'm not sure what you mean with the staggered_start_mins value. Is this a parameter in PyTenable/policies that I'm overlooking?

SteveMcGrath commented 1 year ago

can you please paste an example of the code thats throwing the error?

huubverheyen commented 1 year ago

You can copy paste the following basic code to see it yourself: if __name__ == '__main__': tenablesc = TenableSC(host="xxxxxxxxx", access_key="xxxxxxxxx", secret_key="xxxxxxxxx") tenablesc.policies.create(name="test_policy_template_id", template_id=25)

You can try it as well with other template id's. those just works as intended. For example: 1 - Advanced scan 2 - Host Discovery 3 - Basic Network Scan 7 - Policy compliance auditing 12 - PCI Quarterly External Scan

6illess commented 1 year ago

@SteveMcGrath any update on this issue? If it's not related to pyTenable but to the Tenable SC API, please let us know so we can open up a support case.

SteveMcGrath commented 1 year ago

The staggared_start_mins template preference is being returned as an int, not as a string as the API expects it to be posted.

>>> from tenable.sc import TenableSC
>>> sc = TenableSC()
>>> sc.policies.create(name='Test Agent Policy', template_id=25)
Traceback (most recent call last):
  File "<input>", line 1, in <module>
    sc.policies.create(name='Test Agent Policy', template_id=25)
  File "/Users/steve/Dropbox/Repositories/python_modules/pytenable/tenable/sc/policies.py", line 280, in create
    policy = self._constructor(**kw)
  File "/Users/steve/Dropbox/Repositories/python_modules/pytenable/tenable/sc/policies.py", line 46, in _constructor
    self._check('preference:{}:value'.format(key),
  File "/Users/steve/Dropbox/Repositories/python_modules/pytenable/tenable/base/endpoint.py", line 85, in _check
    return check(name=name,
  File "/Users/steve/.pyenv/versions/3.9.9/envs/pytenable/lib/python3.9/site-packages/restfly/utils.py", line 530, in check
    obj = validate_expected_type(
  File "/Users/steve/.pyenv/versions/3.9.9/envs/pytenable/lib/python3.9/site-packages/restfly/utils.py", line 463, in validate_expected_type
    raise TypeError((
TypeError: preference:staggered_start_mins:value is of type int.  Expected str
>>> x = sc.policies.template_details(25)
>>> x
{'id': '25', 'name': 'Advanced Agent Scan', 'description': 'Configure an agent scan without using any recommendations.', 'createdTime': '1678753739', 'modifiedTime': '
1680184500', 'templateModTime': '1679589656', 'templatePubTime': '1632330651', 'templateDefModTime': '1679589656', 'agent': 'true', 'credentials': {}, 'preferences': {
'wmi_netstat_scanner': 'yes', 'ssh_netstat_scanner': 'yes', 'report_paranoia': 'Normal', 'thorough_tests': 'no', 'av_grace_period': '0', 'request_windows_domain_info':
 'no', 'samr_enumeration': 'yes', 'adsi_query': 'yes', 'wmi_query': 'yes', 'rid_brute_forcing': 'no', 'enum_domain_users_start_uid': '1000', 'enum_domain_users_end_uid
': '1200', 'enum_local_users_start_uid': '1000', 'enum_local_users_end_uid': '1200', 'scan_malware': 'no', 'disable_dns_resolution': 'no', 'win_known_bad_hashes': '',
'win_known_good_hashes': '', 'host_whitelist': '', 'enable_file_scanning': 'no', 'enable_filescan_systemroot': 'no', 'enable_filescan_programfiles': 'no', 'enable_file
scan_programfilesx86': 'no', 'enable_filescan_programdata': 'no', 'enable_filescan_userprofiles': 'no', 'filescan_custom_dir': '', 'yarascan_rules_file': '', 'report_v
erbosity': 'Normal', 'report_superseded_patches': 'yes', 'silent_dependencies': 'yes', 'custom_find_filepath_exclusions': '', 'custom_find_filesystem_exclusions': '',
'custom_find_filepath_inclusions': '', 'windows_search_filepath_exclusions': '', 'windows_search_filepath_inclusions': '', 'always_report_ssh_cmds': 'no', 'enable_plug
in_list': 'no', 'staggered_start_mins': 0}}
>>>

As you can see above from my poking about in the interpreter, the error that your seeing, as well as the last value in the template thats the issue:

The easiest way to correct this is to simply pass it with the expected type:

>>> sc.policies.create(name='Test Agent Policy', template_id=25, preferences={'staggered_start_mins': '0'})
{'id': '1002369', 'name': 'Test Agent Policy', 'description': '', 'tags': '', 'createdTime': '1683635373', 'modifiedTime': '1683635373', 'generateXCCDFResults': 'false
', 'context': '', 'auditFiles': [], 'preferences': {'adsi_query': 'yes', 'always_report_ssh_cmds': 'no', 'av_grace_period': '0', 'custom_find_filepath_exclusions': '',
 'custom_find_filepath_inclusions': '', 'custom_find_filesystem_exclusions': '', 'disable_dns_resolution': 'no', 'enable_file_scanning': 'no', 'enable_filescan_program
data': 'no', 'enable_filescan_programfiles': 'no', 'enable_filescan_programfilesx86': 'no', 'enable_filescan_systemroot': 'no', 'enable_filescan_userprofiles': 'no', '
enable_plugin_list': 'no', 'enum_domain_users_end_uid': '1200', 'enum_domain_users_start_uid': '1000', 'enum_local_users_end_uid': '1200', 'enum_local_users_start_uid'
: '1000', 'filescan_custom_dir': '', 'host_whitelist': '', 'report_paranoia': 'Normal', 'report_superseded_patches': 'yes', 'report_verbosity': 'Normal', 'request_wind
ows_domain_info': 'no', 'rid_brute_forcing': 'no', 'samr_enumeration': 'yes', 'scan_malware': 'no', 'silent_dependencies': 'yes', 'ssh_netstat_scanner': 'yes', 'stagge
red_start_mins': '0', 'thorough_tests': 'no', 'win_known_bad_hashes': '', 'win_known_good_hashes': '', 'windows_search_filepath_exclusions': '', 'windows_search_filepa
th_inclusions': '', 'wmi_netstat_scanner': 'yes', 'wmi_query': 'yes', 'yarascan_rules_file': ''}, 'families': [], 'status': '0', 'groups': [], 'canUse': 'true', 'canMa
nage': 'true', 'uuid': 'E01EBB76-877D-48DF-939D-B2E3C7189607', 'creator': {'id': '1', 'username': 'smcgrath@tenable.com', 'firstname': 'Steven', 'lastname': 'McGrath',
 'uuid': 'B55E8BC2-D6AE-4472-864D-8A13D98679D4'}, 'owner': {'id': '1', 'username': 'smcgrath@tenable.com', 'firstname': 'Steven', 'lastname': 'McGrath', 'uuid': 'B55E8
BC2-D6AE-4472-864D-8A13D98679D4'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'descrip
tion': ''}, 'policyTemplate': {'id': '25', 'name': 'Advanced Agent Scan', 'description': 'Configure an agent scan without using any recommendations.', 'agent': 'true'}
}
>>>
huubverheyen commented 1 year ago

Hi @SteveMcGrath, this indeed worked. Thank you for your help and clear explanation! :)