Open cbromptondeltacontrols opened 3 hours ago
Here's a basic version of what I'm trying to do and its results:
#Get the Query
query = sc.queries.details(9504)
print(query)
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285754', 'status': '0', 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#Update the Query's Asset Filter
update_asset = ('asset', '=', '9')
edited_query = sc.queries.edit(9504,update_asset)
print(edited_query)
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285903', 'status': 0, 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#That Didn't Work
#Let's Try assetID instead
update_asset = ('assetID', '=', '9')
edited_query = sc.queries.edit(9504,update_asset)
print(edited_query)
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285953', 'status': 0, 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#still not updating the Filter but notice that the 'modifiedTime' field is updating so the HTTP PATCH request is successful.
#Using the logging library set to DEBUG i can confirm the PATCH to /rest/query/9504 is returning a 200 code.
Using
sc.queries.edit()
I'm unable to edit the filters. No error is produced. call returns "updated" object as expected with an updated 'modifiedTime'.To Reproduce Steps to reproduce the behavior:
query = sc.queries.details(123)
print(query)
updated_query = sc.queries.edit(123, ('assetID', '=', '150'))
Expected behavior I expect the assetID to updated to 150 however you will see it is not
Additional context I have tried using the filterNames as present in the query result such as 'asset' and 'repository' but I have also tried as they are present in the analysis section of the docs such as 'assetID' and 'repositoryIDs' neither of these work. If you require additional debug logging please provide me with instructions on how and I will.