search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
346 stars 172 forks source link

Unable to edit Filters in a Query #842

Open cbromptondeltacontrols opened 3 hours ago

cbromptondeltacontrols commented 3 hours ago

Using sc.queries.edit() I'm unable to edit the filters. No error is produced. call returns "updated" object as expected with an updated 'modifiedTime'.

To Reproduce Steps to reproduce the behavior:

  1. Get the details of a saved query query = sc.queries.details(123)
  2. print(query)
  3. Update the Query filter updated_query = sc.queries.edit(123, ('assetID', '=', '150'))
  4. Compare query and updated_query.

Expected behavior I expect the assetID to updated to 150 however you will see it is not

Additional context I have tried using the filterNames as present in the query result such as 'asset' and 'repository' but I have also tried as they are present in the analysis section of the docs such as 'assetID' and 'repositoryIDs' neither of these work. If you require additional debug logging please provide me with instructions on how and I will.

cbromptondeltacontrols commented 2 hours ago

Here's a basic version of what I'm trying to do and its results:

#Get the Query 
query = sc.queries.details(9504)
print(query)
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285754', 'status': '0', 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#Update the Query's Asset Filter
update_asset = ('asset', '=', '9')
edited_query = sc.queries.edit(9504,update_asset)
print(edited_query)  
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285903', 'status': 0, 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#That Didn't Work
#Let's Try assetID instead

update_asset = ('assetID', '=', '9') 
edited_query = sc.queries.edit(9504,update_asset)
print(edited_query)
{'id': '9504', 'name': 'Test Query', 'description': '', 'tool': 'sumip', 'type': 'vuln', 'tags': '', 'context': '', 'browseColumns': '', 'browseSortColumn': '', 'browseSortDirection': 'ASC', 'createdTime': '1727280884', 'modifiedTime': '1727285953', 'status': 0, 'filters': [{'filterName': 'asset', 'operator': '=', 'value': {'id': '3', 'name': 'Windows Hosts', 'description': 'The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with SecurityCenter.', 'uuid': '2F8D3555-3148-4EB0-A0E5-E36DC6F3EE2F'}}, {'filterName': 'repository', 'operator': '=', 'value': [{'id': '5', 'name': 'PD-V4FW', 'description': '', 'type': 'Local', 'uuid': '2BF12C3B-5683-4ACC-AD98-55555269F5AD'}]}], 'groups': [], 'canUse': 'true', 'canManage': 'true', 'creator': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'owner': {'id': '7', 'username': 'REDACTED', 'firstname': 'REDACTED', 'lastname': 'REDACTED', 'uuid': '0515E0BC-71D4-4520-9552-F49AACF5DF64'}, 'ownerGroup': {'id': '0', 'name': 'Full Access', 'description': 'Full Access group'}, 'targetGroup': {'id': -1, 'name': '', 'description': ''}}
#still not updating the Filter but notice that the 'modifiedTime' field is updating so the HTTP PATCH request is successful. 
#Using the logging library set to DEBUG i can confirm the PATCH to /rest/query/9504 is returning a 200 code.