search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
343 stars 172 forks source link

Missing vulnerability data from tio.exports.vulns() #707

Closed kwwv closed 2 months ago

kwwv commented 1 year ago

Describe the bug We have been using the tio.exports.vulns(severity=['Critical', 'High', 'Medium']) endpoint in an automated fashion for months. Recently, I noticed assets and vulnerabilities are missing. Specifically, in the most recent export I see data for 165 assets; there should be 377 assets in that response. Did this endpoint change?

To Reproduce Here is the code I am using:

    vulns = tio.exports.vulns(severity=['Critical', 'High', 'Medium'])
    waiting = True
    while waiting:
        stat = t.tio.exports.status('vulns', vulns.uuid)
        if stat["status"] != "FINISHED":
            print("Export not finished -- waiting:")
            print(stat)
            time.sleep(60)
        else:
            for x in vulns:
                pprint(x)
aseemsavio commented 1 year ago

Hello, this behavior isn't controlled by pyTenable and seems to be an issue in the upstream API.

kwwv commented 1 year ago

Ok. I created an issue with Tenable.io support. So strange, our API responses are significantly different than two weeks ago.

mcarrenstellar commented 1 year ago

We have the same issue with tio.exports.vulns. We are unable to get any vulns with this method, even though many Agent discovered vulnerabilities are present in the Tenable.IO dashboard. We have been unable to get support from Tenable. Do you know how this method changed?

aseemsavio commented 1 year ago

@mcarrenstellar This method hasn't changed in a long time. Could you elaborate on "We are unable to get any vulns with this method"? - What filters are you passing? Did the API calls succeed without pyTenable? etc.

mcarrenstellar commented 1 year ago

@aseemsavio We are not using any filters except for "since" , we get an epoch timestamp representing the last time we ran our script. This is an example. We are able to get scan reports with largely the same method, but not vulnerabilities. We don't use the API directly, just PyTenable.

`from tenable.io import TenableIO access_key = "" secret_key = ""

start_time = 1684608030

tio = TenableIO(access_key, secret_key) print("###### QUERYING VULNS ######") for vuln in tio.exports.vulns(since=start_time): print(vuln)

for vuln in tio.exports.vulns(): print(vuln)`

sanchirico commented 1 year ago

@mcarrenstellar You need to wait for the export to finish, see the example code in the original issue

sanchirico commented 1 year ago

@aseemsavio This seems to be resolved now along with the asset export issue. @kwwv is no longer active, I'm working on the same project