Tenable.sc
Tenable.sc Pack.#
This Integration is part of theUse the Tenable.sc integration to get a real-time, continuous assessment of your security posture so you can find and fix vulnerabilities faster.
All data in Tenable.sc is managed using group level permissions. If you have several groups, data (scans, scan results, assets, etc) can be viewable but not manageable. Users with Security Manager role can manage everything. These permissions come into play when multiple groups are in use.
It is important to know what data is manageable for the user in order to work with the integration.
This integration was integrated and tested with Tenable.sc v5.7.0.
Use cases
- Create and run scans.
- Launch and manage scan results and the found vulnerabilities.
- Create and view assets.
- View policies, repositories, credentials, users and more system information.
- View and real-time receiving of alerts.
Tenable.sc Playbook
Tenable.sc - Launch scan
Configure tenable.sc on Cortex XSOAR
To use the Tenable.sc integration in Cortex XSOAR, a user with administrative privileges is recommended.
- Navigate to Settings > Integrations > Servers & Services .
- Search for Tenable.sc.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Server URL (e.g. https://192.168.0.1)
- Username
- Trust any certificate (not secure)
- Use system proxy settings
- Fetch incidents
- First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year):
- Incident type
- Click Test to validate the URLs, token, and connection.
Fetched Incidents Data
For the first fetch, you can specify the time range to return alerts for. Subsequent fetches return alerts from Tenable.sc according to their last triggered time.
[ { "id": "1", "name": "bwu_alert1", "description": "", "lastTriggered": "1485891841", "triggerName": "sumip", "triggerOperator": ">=", "triggerValue": "5", "action": [ { "id": "1", "type": "ticket", "definition": { "assignee": { "id": "4", "username": "API17", "firstname": "API17", "lastname": "" }, "name": "Ticket opened by alert", "description": "", "notes": "" }, "status": "0", "users": [], "objectID": null } ], "query": { "id": "1648", "name": "Query for alert 'bwu_alert1' at 1463283903", "description": "" }, "owner": { "id": "4", "username": "API17", "firstname": "API17", "lastname": "" } }, { "id": "2", "name": "Test Alert", "description": "Maya test alert", "lastTriggered": "1543248911", "triggerName": "sumip", "triggerOperator": ">=", "triggerValue": "0", "action": [ { "id": "10", "type": "notification", "definition": { "message": "Event!", "users": [ { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" } ] }, "status": "0", "users": [ { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" } ], "objectID": null }, { "id": "11", "type": "ticket", "definition": { "assignee": { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" }, "name": "Ticket opened by alert", "description": "", "notes": "" }, "status": "0", "users": [], "objectID": null } ], "query": { "id": "12669", "name": "IP Summary", "description": "" }, "owner": { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" } }, { "id": "3", "name": "Test fetch", "description": "", "lastTriggered": "0", "triggerName": "sumport", "triggerOperator": ">=", "triggerValue": "1", "action": [ { "id": "5", "type": "ticket", "definition": { "assignee": { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" }, "name": "Ticket opened by alert", "description": "", "notes": "" }, "status": "0", "users": [], "objectID": null } ], "query": { "id": "13177", "name": "IPv4 Fixed Address: 11.0.0.2", "description": "" }, "owner": { "id": "53", "username": "API55", "firstname": "API55", "lastname": "" } } ]
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get a list of scans: tenable-sc-list-scans
- Initiate a scan: tenable-sc-launch-scan
- Get vulnerability information for a scan: tenable-sc-get-vulnerability
- Get the status of a scan: tenable-sc-get-scan-status
- Get a report with scan results: tenable-sc-get-scan-report
- Get a list of credentials: tenable-sc-list-credentials
- Get a list of scan policies: tenable-sc-list-policies
- Get a list of report definitions: tenable-sc-list-report-definitions
- Get a list of scan repositories: tenable-sc-list-repositories
- Get a list of scan zones: tenable-sc-list-zones
- Create a scan: tenable-sc-create-scan
- Delete a scan: tenable-sc-delete-scan
- List all assets: tenable-sc-list-assets
- Create an asset: tenable-sc-create-asset
- Get asset information: tenable-sc-get-asset
- Delete an asset: tenable-sc-delete-asset
- Get a list of alerts: tenable-sc-list-alerts
- Get alert information: tenable-sc-get-alert
- Get device information for a user: tenable-sc-get-device
- Get a list of users: tenable-sc-list-users
- Get licensing information: tenable-sc-get-system-licensing
- Get system information and diagnostics: tenable-sc-get-system-information
- Get device information: tenable-sc-get-device
- Get all scan results: tenable-sc-get-all-scan-results
1. Get a list of scans
Returns a list of existing Tenable.sc scans.
Base Command
tenable-sc-list-scans
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable scans. By default, returns both usable and manageable scans. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Scan.Name | string | Scan name. |
TenableSC.Scan.ID | number | Scan ID. |
TenableSC.Scan.Description | string | Scan description. |
TenableSC.Scan.Policy | string | Scan policy name. |
TenableSC.Scan.Group | string | Scan policy owner group name. |
TenableSC.Scan.Owner | string | Scan policy owner user name. |
Command Example
!tenable-sc-list-scans manageable=true
Context Example
{ "TenableSC": { "Scan": [ { "Group": "Full Access", "ID": "701", "Name": "Test55", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Group": "Full Access", "ID": "702", "Name": "Test55_2", "Owner": "API55", "Policy": "Full Scan" }, { "Group": "Full Access", "ID": "703", "Name": "test55_3", "Owner": "API55", "Policy": "Full Scan" }, { "Group": "Full Access", "ID": "1266", "Name": "my_test", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Group": "Full Access", "ID": "1267", "Name": "my_test", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Group": "Full Access", "ID": "1270", "Name": "test5", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Group": "Full Access", "ID": "1271", "Name": "my_test", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Group": "Full Access", "ID": "1274", "Name": "sfsa", "Owner": "API55", "Policy": "Basic_Disc" }, { "Description": "desc", "Group": "Full Access", "ID": "1275", "Name": "my_test_scan", "Owner": "API55", "Policy": "Basic Discovery Scan" }, { "Description": "desc", "Group": "Full Access", "ID": "1276", "Name": "my_test_scan_plug", "Owner": "API55", "Policy": "Basic Network Scan" }, ] } }
Human Readable Output
2. Initiate a scan
Launches an existing scan from Tenable.sc.
Base Command
tenable-sc-launch-scan
Input
Argument Name | Description | Required |
---|---|---|
scan_id | Scan ID (can be retrieved from the tenable-sc-list-scans command). | Required |
diagnostic_target | Valid IP/hostname of a specific target to scan. Must be provided with diagnosticPassword. | Optional |
diagnostic_password | Non empty string password. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanResults.Name | string | Scan name. |
TenableSC.ScanResults.ID | string | Scan Results ID. |
TenableSC.ScanResults.OwnerID | string | Scan owner ID. |
TenableSC.ScanResults.JobID | string | Job ID. |
TenableSC.ScanResults.Status | string | Scan status. |
Command Example
!tenable-sc-launch-scan scan_id=1275 diagnostic_target=10.0.0.1 diagnostic_password=mypass
Context Example
{ "TenableSC": { "ScanResults": { "ID": "3398", "JobID": "949739", "Name": "my_test_scan", "OwnerID": "53", "Status": "Queued" } } }
Human Readable Output
3. Get vulnerability information for a scan
Returns details about a vulnerability from a specified Tenable.sc scan.
Base Command
tenable-sc-get-vulnerability
Input
Argument Name | Description | Required |
---|---|---|
vulnerability_id | Vulnerability ID from the scan-report command. | Required |
scan_results_id | Scan results ID from the scan-report command. | Required |
limit | The number of objects to return in one response (maximum limit is 200). | Optional |
page | The page to return starting from 0. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanResults.ID | number | Scan results ID. |
TenableSC.ScanResults.Vulnerability.ID | number | Vulnerability plugin ID. |
TenableSC.ScanResults.Vulnerability.Name | string | Vulnerability name. |
TenableSC.ScanResults.Vulnerability.Description | string | Vulnerability description. |
TenableSC.ScanResults.Vulnerability.Type | string | Vulnerability type. |
TenableSC.ScanResults.Vulnerability.Severity | string | Vulnerability Severity. |
TenableSC.ScanResults.Vulnerability.Synopsis | string | Vulnerability Synopsis. |
TenableSC.ScanResults.Vulnerability.Solution | string | Vulnerability Solution. |
TenableSC.ScanResults.Vulnerability.Published | date | Vulnerability publish date. |
TenableSC.ScanResults.Vulnerability.CPE | string | Vulnerability CPE. |
TenableSC.ScanResults.Vulnerability.CVE | unknown | Vulnerability CVE. |
TenableSC.ScanResults.Vulnerability.ExploitAvailable | boolean | Vulnerability exploit available. |
TenableSC.ScanResults.Vulnerability.ExploitEase | string | Vulnerability exploit ease. |
TenableSC.ScanResults.Vulnerability.RiskFactor | string | Vulnerability risk factor. |
TenableSC.ScanResults.Vulnerability.CVSSBaseScore | number | Vulnerability CVSS base score. |
TenableSC.ScanResults.Vulnerability.CVSSTemporalScore | number | Vulnerability CVSS temporal score. |
TenableSC.ScanResults.Vulnerability.CVSSVector | string | Vulnerability CVSS vector. |
TenableSC.ScanResults.Vulnerability.PluginDetails | unknown | Vulnerability plugin details. |
CVE.ID | unknown | CVE ID. |
TenableSC.ScanResults.Vulnerability.Host.IP | string | Vulnerability Host IP. |
TenableSC.ScanResults.Vulnerability.Host.MAC | string | Vulnerability Host MAC. |
TenableSC.ScanResults.Vulnerability.Host.Port | number | Vulnerability Host Port. |
TenableSC.ScanResults.Vulnerability.Host.Protocol | string | Vulnerability Host Protocol. |
Command Example
!tenable-sc-get-vulnerability scan_results_id=3331 vulnerability_id=117672
Context Example
{ "CVE": [ { "ID": "CVE-2018-7584" }, { "ID": "CVE-2018-0737" }, { "ID": "CVE-2018-10546" }, { "ID": "CVE-2018-10547" }, { "ID": "CVE-2018-10548" }, { "ID": "CVE-2018-10549" }, { "ID": "CVE-2018-10545" }, { "ID": "CVE-2018-0732" }, { "ID": "CVE-2018-14851" }, { "ID": "CVE-2018-14883" }, { "ID": "CVE-2018-15132" } ], "TenableSC": { "ScanResults": { "ID": "3331", "Vulnerability": { "CPE": "cpe:/a:tenable:securitycenter", "CVE": [ "CVE-2018-7584", "CVE-2018-0737", "CVE-2018-10546", "CVE-2018-10547", "CVE-2018-10548", "CVE-2018-10549", "CVE-2018-10545", "CVE-2018-0732", "CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132" ], "CVSSBaseScore": "7.5", "CVSSTemporalScore": null, "CVSSVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "Description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "ExploitAvailable": "false", "ExploitEase": "", "ID": "117672", "Name": "Tenable SecurityCenter \u003c 5.7.1 Multiple Vulnerabilities (TNS-2018-12)", "PluginDetails": { "CheckType": "combined", "Family": "Misc.", "Modified": "2018-11-15T12:00:00Z", "Published": "2018-09-24T12:00:00Z" }, "Published": "2018-09-17T12:00:00Z", "RiskFactor": "High", "Severity": "High", "Solution": "Upgrade to Tenable SecurityCenter version 5.7.1 or later.", "Synopsis": "An application installed on the remote host is affected by multiple vulnerabilities.", "Type": "active" } } } }
Human Readable Output
4. Get the status of a scan
Returns the status of a specified scan in Tenable.sc.
Base Command
tenable-sc-get-scan-status
Input
Argument Name | Description | Required |
---|---|---|
scan_results_id | Scan results ID from the tenable-sc-launch-scan command. | Required |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanResults.Status | string | Scan status. |
TenableSC.ScanResults.Name | string | Scan name. |
TenableSC.ScanResults.Description | unknown | Scan description. |
TenableSC.ScanResults.ID | unknown | Scan results ID. |
Command Example
!tenable-sc-get-scan-status scan_results_id=3331
Context Example
{ "TenableSC": { "ScanResults": { "ID": "3331", "Name": "䏿–‡scan", "Status": "Completed" } } }
Human Readable Output
5. Get a report with scan results
Returns a single report with a Tenable.sc scan results.
Base Command
tenable-sc-get-scan-report
Input
Argument Name | Description | Required |
---|---|---|
scan_results_id | Scan results ID. | Required |
vulnerability_severity | Comma-separated list of severity values of vulnerabilities to retrieve. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanResults.ID | number | Scan results ID. |
TenableSC.ScanResults.Name | string | Scan name. |
TenableSC.ScanResults.Status | string | Scan status. |
TenableSC.ScanResults.ScannedIPs | number | Scan number of scanned IPs. |
TenableSC.ScanResults.StartTime | date | Scan start time. |
TenableSC.ScanResults.EndTime | date | Scan end time. |
TenableSC.ScanResults.Checks | number | Scan completed checks. |
TenableSC.ScanResults.RepositoryName | string | Scan repository name. |
TenableSC.ScanResults.Description | string | Scan description. |
TenableSC.ScanResults.Vulnerability.ID | number | Scan vulnerability ID. |
TenableSC.ScanResults.Vulnerability.Name | string | Scan vulnerability Name. |
TenableSC.ScanResults.Vulnerability.Family | string | Scan vulnerability family. |
TenableSC.ScanResults.Vulnerability.Severity | string | Scan vulnerability severity. |
TenableSC.ScanResults.Vulnerability.Total | number | Scan vulnerability total hosts. |
TenableSC.ScanResults.Policy | string | Scan policy. |
TenableSC.ScanResults.Group | string | Scan owner group name. |
TenableSC.ScanResults.Owner | string | Scan owner user name. |
TenableSC.ScanResults.Duration | number | Scan duration in minutes. |
TenableSC.ScanResults.ImportTime | date | Scan import time. |
Command Example
!tenable-sc-get-scan-report scan_results_id=3331 vulnerability_severity=High
Context Example
{ "TenableSC": { "ScanResults": { "Checks": "17155624", "Duration": 97.13333333333334, "EndTime": "2018-11-20T17:37:11Z", "Group": "Full Access", "ID": "3331", "ImportTime": "2018-11-20T17:37:15Z", "Name": "䏿–‡scan", "Owner": "API17", "Policy": "Basic Network Scan", "RepositoryName": "repo", "ScannedIPs": "172", "StartTime": "2018-11-20T16:00:03Z", "Status": "Completed", "Vulnerability": [ { "Description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "Family": "CentOS Local Security Checks", "ID": "106234", "Name": "CentOS 7 : bind (CESA-2018:0102)", "Severity": "High", "Total": "1" }, { "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided.\n\n* Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important)\n\n* Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important)\n\n* Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors.\n(CVE-2017-5754, Important)\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.\n\nThis update also fixes the following security issues and bugs :\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 3327131.", "Family": "CentOS Local Security Checks", "ID": "106353", "Name": "CentOS 7 : kernel (CESA-2018:0151) (Meltdown) (Spectre)", "Severity": "High", "Total": "1" }, { "Description": "An update for dhcp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.\n\nSecurity Fix(es) :\n\n* dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732)\n\n* dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues.", "Family": "CentOS Local Security Checks", "ID": "108338", "Name": "CentOS 7 : dhcp (CESA-2018:0483)", "Severity": "High", "Total": "1" }, { "Description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "Family": "CentOS Local Security Checks", "ID": "109371", "Name": "CentOS 7 : glibc (CESA-2018:0805)", "Severity": "High", "Total": "1" }, { "Description": "An update for dhcp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.\n\nSecurity Fix(es) :\n\n* A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.\n(CVE-2018-1111)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.", "Family": "CentOS Local Security Checks", "ID": "109814", "Name": "CentOS 7 : dhcp (CESA-2018:1453)", "Severity": "High", "Total": "1" }, { "Description": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es) :\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting these issues.", "Family": "CentOS Local Security Checks", "ID": "110204", "Name": "CentOS 7 : procps-ng (CESA-2018:1700)", "Severity": "High", "Total": "1" }, { "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)\n\n* kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431641", "Family": "CentOS Local Security Checks", "ID": "110245", "Name": "CentOS 7 : kernel (CESA-2018:1318)", "Severity": "High", "Total": "1" }, { "Description": "An update for yum-utils is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use.\n\nSecurity Fix(es) :\n\n* yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.", "Family": "CentOS Local Security Checks", "ID": "111615", "Name": "CentOS 7 : yum-utils (CESA-2018:2285)", "Severity": "High", "Total": "1" }, { "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.\n(CVE-2018-3620, CVE-2018-3646)\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.\n(CVE-2018-3693)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.\n(CVE-2018-5390)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)\n\n* kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693;\nand Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article :\n\nhttps://access.redhat.com/articles/3527791", "Family": "CentOS Local Security Checks", "ID": "111703", "Name": "CentOS 7 : kernel (CESA-2018:2384) (Foreshadow)", "Severity": "High", "Total": "1" }, { "Description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)", "Family": "CentOS Local Security Checks", "ID": "112020", "Name": "CentOS 7 : mariadb (CESA-2018:2439)", "Severity": "High", "Total": "1" }, { "Description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: processing of certain records when 'deny-answer-aliases' is in use may trigger an assert leading to a denial of service (CVE-2018-5740)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.", "Family": "CentOS Local Security Checks", "ID": "112164", "Name": "CentOS 7 : bind (CESA-2018:2570)", "Severity": "High", "Total": "1" }, { "Description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "Family": "Misc.", "ID": "117672", "Name": "Tenable SecurityCenter \u003c 5.7.1 Multiple Vulnerabilities (TNS-2018-12)", "Severity": "High", "Total": "2" }, { "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting this issue.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article :\n\nhttps://access.redhat.com/articles/3588731", "Family": "CentOS Local Security Checks", "ID": "117829", "Name": "CentOS 7 : kernel (CESA-2018:2748)", "Severity": "High", "Total": "1" }, { "Description": "Updated X.org server and driver packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es) :\n\n* libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "Family": "CentOS Local Security Checks", "ID": "118986", "Name": "CentOS 7 : freeglut / libX11 / libXcursor / libXfont / libXfont2 / libXres / libdrm / libepoxy / etc (CESA-2018:3059)", "Severity": "High", "Total": "1" }, { "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "Family": "CentOS Local Security Checks", "ID": "118990", "Name": "CentOS 7 : kernel (CESA-2018:3083)", "Severity": "High", "Total": "1" }, { "Description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997)\n\n* glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485)\n\n* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236)\n\n* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "Family": "CentOS Local Security Checks", "ID": "118992", "Name": "CentOS 7 : glibc (CESA-2018:3092)", "Severity": "High", "Total": "1" }, { "Description": "An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)\n\n* poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\n\n* libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733)\n\n* libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)\n\n* poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)\n\n* poppler: out of bounds read in pdfunite (CVE-2018-13988)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "Family": "CentOS Local Security Checks", "ID": "118995", "Name": "CentOS 7 : PackageKit / accountsservice / adwaita-icon-theme / appstream-data / at-spi2-atk / etc (CESA-2018:3140)", "Severity": "High", "Total": "1" }, { "Description": "An update for curl and nss-pem is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nThe nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module.\n\nSecurity Fix(es) :\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "Family": "CentOS Local Security Checks", "ID": "118996", "Name": "CentOS 7 : curl / nss-pem (CESA-2018:3157)", "Severity": "High", "Total": "1" } ] } } }
Human Readable Output
6. Get a list of credentials
Returns a list of Tenable.sc credentials.
Base Command
tenable-sc-list-credentials
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable scan credentials. By default, returns both usable and manageable. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Credential.Name | string | Credential name. |
TenableSC.Credential.ID | number | Credential ID. |
TenableSC.Credential.Description | string | Credential description. |
TenableSC.Credential.Type | string | Credential type. |
TenableSC.Credential.Tag | string | Credential tag. |
TenableSC.Credential.Group | string | Credential owner group name. |
TenableSC.Credential.Owner | string | Credential owner user name. |
TenableSC.Credential.LastModified | date | Credential last modified time. |
Command Example
!tenable-sc-list-credentials
Context Example
{ "TenableSC": { "Credential": [ { "ID": "1", "LastModified": "2017-10-30T21:17:34Z", "Name": "asdfasdf", "Type": "windows" }, { "Group": "Full Access", "ID": "1000001", "LastModified": "2016-06-23T14:59:38Z", "Name": "cloris_windows_p1", "Type": "windows" }, { "Group": "Full Access", "ID": "1000002", "LastModified": "2017-04-06T10:32:54Z", "Name": "cred admin api30", "Type": "windows" }, { "Group": "Full Access", "ID": "1000003", "LastModified": "2017-04-19T14:04:21Z", "Name": "151", "Type": "windows" }, { "Group": "Full Access", "ID": "1000004", "LastModified": "2017-05-15T22:12:38Z", "Name": "TestSSH creds", "Type": "ssh" }, { "Group": "Full Access", "ID": "1000005", "LastModified": "2017-11-17T15:42:11Z", "Name": "Thycotic Test", "Type": "windows" }, { "Group": "Full Access", "ID": "1000006", "LastModified": "2018-05-10T20:11:27Z", "Name": "testAPI", "Tag": "testAPI", "Type": "windows" }, { "Group": "Full Access", "ID": "1000007", "LastModified": "2018-05-30T16:22:02Z", "Name": "Test", "Type": "database" }, { "Description": "asgasdg", "Group": "Full Access", "ID": "1000008", "LastModified": "2018-05-30T16:22:42Z", "Name": "awefawef", "Tag": "testAPI", "Type": "windows" }, { "Group": "Full Access", "ID": "1000009", "LastModified": "2018-05-30T16:23:00Z", "Name": "oracle", "Type": "database" }, { "Group": "Full Access", "ID": "1000010", "LastModified": "2018-05-30T16:23:18Z", "Name": "KerbTest", "Type": "windows" }, { "Group": "Full Access", "ID": "1000011", "LastModified": "2018-05-30T16:23:28Z", "Name": "snmpTest", "Type": "snmp" }, { "Group": "Full Access", "ID": "1000012", "LastModified": "2018-05-30T16:23:43Z", "Name": "lmhash", "Type": "windows" }, { "Group": "Full Access", "ID": "1000013", "LastModified": "2018-05-30T16:24:00Z", "Name": "ntlmhash", "Type": "windows" }, { "Group": "Full Access", "ID": "1000014", "LastModified": "2018-05-30T16:24:24Z", "Name": "thycoti_secret", "Type": "windows" }, { "Group": "Full Access", "ID": "1000015", "LastModified": "2018-05-30T16:24:56Z", "Name": "sshcert", "Type": "ssh" }, { "Group": "Full Access", "ID": "1000016", "LastModified": "2018-05-30T16:25:10Z", "Name": "sshpassword", "Type": "ssh" }, { "Group": "Full Access", "ID": "1000017", "LastModified": "2018-05-30T17:34:43Z", "Name": "SSHPublic Key", "Type": "ssh" }, { "Group": "Full Access", "ID": "1000018", "LastModified": "2018-11-06T19:34:13Z", "Name": "SymbolPassword Test", "Type": "windows" } ] } }
Human Readable Output
7. Get a list of scan policies
Returns a list of Tenable.sc scan policies.
Base Command
tenable-sc-list-policies
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable scan policies. By default, returns both usable and manageable. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanPolicy.Name | string | Scan policy name. |
TenableSC.ScanPolicy.ID | number | Scan policy ID. |
TenableSC.ScanPolicy.Description | string | Scan policy description. |
TenableSC.ScanPolicy.Tag | string | Scan policy tag. |
TenableSC.ScanPolicy.Group | string | Scan policy owner group name. |
TenableSC.ScanPolicy.Owner | string | Scan policy owner user name. |
TenableSC.ScanPolicy.LastModified | date | Scan policy last modified time. |
TenableSC.ScanPolicy.Type | string | Scan policy type. |
Command Example
!tenable-sc-list-policies
Context Example
{ "TenableSC": { "ScanPolicy": [ { "Group": "Full Access", "ID": "1000001", "LastModified": "2016-05-04T11:35:27Z", "Name": "MV Scan Policy", "Owner": "API7", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000002", "LastModified": "2016-05-04T11:35:58Z", "Name": "Web Application Tests", "Owner": "API7", "Type": "Web Application Tests" }, { "Group": "Full Access", "ID": "1000003", "LastModified": "2016-05-04T11:36:25Z", "Name": "Basic Network Scan", "Owner": "API7", "Type": "Basic Network Scan" }, { "Group": "Full Access", "ID": "1000004", "LastModified": "2016-06-23T14:41:08Z", "Name": "Windows Malware Scan", "Owner": "API17", "Type": "Malware Scan" }, { "Group": "Full Access", "ID": "1000005", "LastModified": "2017-03-25T03:28:13Z", "Name": "Compliance Test SC Host", "Owner": "tenable", "Type": "Policy Compliance Auditing" }, { "Group": "Full Access", "ID": "1000006", "LastModified": "2017-04-04T13:05:25Z", "Name": "Maiware Scan", "Owner": "API30", "Type": "Malware Scan" }, { "Group": "Full Access", "ID": "1000008", "LastModified": "2017-04-24T18:12:39Z", "Name": "Basic Discovery Scan", "Owner": "API33", "Type": "Host Discovery" }, { "Group": "Full Access", "ID": "1000009", "LastModified": "2017-05-17T00:43:07Z", "Name": "Test Citrix", "Owner": "API34", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000010", "LastModified": "2017-05-17T00:44:20Z", "Name": "test juniper", "Owner": "API34", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000011", "LastModified": "2017-05-17T00:45:02Z", "Name": "test vmware", "Owner": "API34", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000012", "LastModified": "2017-05-17T23:49:02Z", "Name": "Test PaloAlto Template", "Owner": "API34", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000014", "LastModified": "2017-09-20T16:41:40Z", "Name": "Full Scan", "Owner": "tenable", "Type": "Basic Network Scan" }, { "Group": "Full Access", "ID": "1000015", "LastModified": "2017-10-17T08:05:13Z", "Name": "cisco_compliance", "Owner": "API32", "Type": "Advanced Scan" }, { "Group": "Full Access", "ID": "1000125", "LastModified": "2018-02-15T15:52:22Z", "Name": "test_9845771654157357", "Owner": "API61", "Type": "Basic Network Scan" }, { "Group": "Full Access", "ID": "1000165", "LastModified": "2018-04-10T19:23:00Z", "Name": "Test CIS", "Owner": "example.gmail.com", "Type": "Policy Compliance Auditing" }, { "Group": "Full Access", "ID": "1000568", "LastModified": "2018-08-27T06:37:46Z", "Name": "Basic_Disc", "Owner": "API25", "Type": "Basic Network Scan" }, { "Group": "Full Access", "ID": "1000619", "LastModified": "2018-11-06T19:35:24Z", "Name": "Symbol Password tests", "Owner": "hammackj", "Type": "Advanced Scan" } ] } }
Human Readable Output
8. Get a list of report definitions
Returns a list of Tenable.sc report definitions.
Base Command
tenable-sc-list-report-definitions
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable reports. By default, returns both usable and manageable. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ReportDefinition.Name | string | Report definition name. |
TenableSC.ReportDefinition.ID | number | Report definition ID. |
TenableSC.ReportDefinition.Description | string | Report definition description. |
TenableSC.ReportDefinition.Type | string | Report definition type. |
TenableSC.ReportDefinition.Group | string | Report definition owner group name. |
TenableSC.ReportDefinition.Owner | string | Report definition owner user name. |
Command Example
!tenable-sc-list-report-definitions manageable=true
Context Example
{ "TenableSC": { "ReportDefinition": [ { "Group": "Full Access", "ID": "439", "Name": "Monthly Executive Report", "Owner": "API55", "Type": "pdf" }, { "Group": "Full Access", "ID": "440", "Name": "Remediation Instructions by Host Report", "Owner": "API55", "Type": "pdf" }, { "Group": "Full Access", "ID": "438", "Name": "Critical and Exploitable Vulnerabilities Report", "Owner": "API55", "Type": "pdf" } ] } }
Human Readable Output
9. Get a list of scan repositories
Returns a list of Tenable.sc scan repositories.
Base Command
tenable-sc-list-repositories
Input
There is no input for this command.
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanRepository.Name | string | Scan repository name. |
TenableSC.ScanRepository.ID | number | Scan repository ID. |
TenableSC.ScanRepository.Description | string | Scan repository. |
Command Example
!tenable-sc-list-repositories
Context Example
{ "TenableSC": { "ScanRepository": [ { "ID": "1", "Name": "repo" }, { "ID": "2", "Name": "Offline Repo" }, { "ID": "3", "Name": "agent_repo" } ] } }
Human Readable Output
10. Get a list of scan zones
Returns a list of Tenable.sc scan zones.
Base Command
tenable-sc-list-zones
Input
There is no input for this command.
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanZone.Name | string | Scan zone name. |
TenableSC.ScanZone.ID | number | Scan zone ID. |
TenableSC.ScanZone.Description | string | Scan zone description. |
TenableSC.ScanZone.IPList | unknown | Scan zone IP list. |
TenableSC.ScanZone.ActiveScanners | number | Scan zone active scanners. |
Command Example
!tenable-sc-list-zones
Context Example
{ "TenableSC": { "ScanZone": { "ID": 0, "Name": "All Zones" } } }
Human Readable Output
11. Create a scan
Creates a scan on Tenable.sc.
Base Command
tenable-sc-create-scan
Input
Argument Name | Description | Required |
---|---|---|
name | Scan name. | Required |
policy_id | Policy ID (can be retrieved from the tenable-sc-list-policies command). | Required |
description | Scan description. | Optional |
repository_id | Scan Repository ID (can be retrieved from the tenable- sc-list-repositories command). | Required |
zone_id | Scan zone ID (default is all zones) (can be retrieved from the tenable-sc-list-zones command). | Optional |
schedule | Schedule for the scan. | Optional |
asset_ids | Either all assets or a comma-separated list of asset IDs to scan (can be retrieved from the tenable-sc-list-assets command). | Optional |
scan_virtual_hosts | Whether to include virtual hosts, default is false. | Optional |
ip_list | Comma-separated list of IPs to scan, e.g., 10.0.0.1,10.0.0.2. | Optional |
report_ids | Comma separated list of report definition IDs to create post-scan, can be retrieved from list-report-definitions command. | Optional |
credentials | Comma-separated credentials IDs to use (can be retrieved from the tenable-sc-list-credentials command). | Optional |
timeout_action | Scan timeout action, default is import. | Optional |
max_scan_time | Maximum scan run time in hours, default is 1. | Optional |
dhcp_tracking | Track hosts which have been issued new IP address, (e.g. DHCP). | Optional |
rollover_type | Scan rollover type. | Optional |
dependent_id | Dependent scan ID in case of a dependent schedule, can be retrieved from list-scans command. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Scan.ID | string | Scan ID. |
TenableSC.Scan.CreatorID | string | Scan's creator ID. |
TenableSC.Scan.Name | string | Scan name. |
TenableSC.Scan.Type | string | Scan type. |
TenableSC.Scan.CreatedTime | date | Scan creation time. |
TenableSC.Scan.OwnerName | string | Scan owner username. |
TenableSC.Scan.Reports | unknown | Scan report definition IDs. |
Command Example
!tenable-sc-create-scan name="test_scan_2018" policy_id="1000618" description="Test scan" repository_id="1" schedule="never" asset_ids=AllManageable scan_virtual_hosts="false" ip_list="10.0.0.1" report_ids="438" credentials="1000007" max_scan_time="2" dhcp_tracking="true"
Context Example
{ "TenableSC": { "Scan": { "CreationTime": "2018-11-26T17:29:02Z", "CreatorID": "53", "ID": "1286", "Name": "test_scan_2018", "Reports": [ "438" ], "Type": "policy" } } }
Human Readable Output
12. Delete a scan
Deletes a scan in Tenable.sc.
Base Command
tenable-sc-delete-scan
Input
Argument Name | Description | Required |
---|---|---|
scan_id | Scan ID (can be retrieved from the tenable-sc-list-scans command). | Required |
Context Output
There is no context output for this command.
Command Example
!tenable-sc-delete-scan scan_id=1286
Human Readable Output
13. Get a list of assets
Returns a list of Tenable.sc assets.
Base Command
tenable-sc-list-assets
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable assets.By default, returns both usable and manageable. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Asset.ID | string | Asset ID. |
TenableSC.Asset.Name | string | Asset name. |
TenableSC.Asset.HostCount | number | Asset host IPs count. |
TenableSC.Asset.Type | string | Asset type. |
TenableSC.Asset.Tag | string | Asset tag. |
TenableSC.Asset.Owner | string | Asset owner username. |
TenableSC.Asset.Group | string | Asset group. |
TenableSC.Asset.LastModified | date | Asset last modified time. |
Command Example
!tenable-sc-list-assets manageable=true
Context Example
{ "TenableSC": { "Asset": [ { "HostCount": 0, "ID": "354", "LastModified": "2018-01-08T13:50:05Z", "Name": "Bad Credentials", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "355", "LastModified": "2018-01-08T13:50:08Z", "Name": "Bad Windows Account", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 5, "ID": "356", "LastModified": "2018-01-08T13:50:09Z", "Name": "Windows Hosts", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "357", "LastModified": "2018-01-08T13:50:11Z", "Name": "Windows 7", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "358", "LastModified": "2018-01-08T13:50:13Z", "Name": "Windows RDP or Terminal Services", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 2, "ID": "359", "LastModified": "2018-01-08T13:50:15Z", "Name": "WMI Login Authenticated", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "360", "LastModified": "2018-01-08T13:50:16Z", "Name": "Microsoft Office 2010", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "361", "LastModified": "2018-01-08T13:50:18Z", "Name": "Microsoft Office 2007", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "362", "LastModified": "2018-01-08T13:50:19Z", "Name": "Microsoft VPN Technology", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "363", "LastModified": "2018-01-08T13:50:21Z", "Name": "Microsoft Windows Server 2000", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 4, "ID": "364", "LastModified": "2018-01-08T13:50:23Z", "Name": "Microsoft Windows Server", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "365", "LastModified": "2018-01-08T13:50:24Z", "Name": "Microsoft Windows Server 2003", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 3, "ID": "366", "LastModified": "2018-01-08T13:50:26Z", "Name": "Microsoft Windows Server 2008", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 1, "ID": "367", "LastModified": "2018-01-08T13:50:28Z", "Name": "Microsoft Windows Server 2012", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 2, "ID": "368", "LastModified": "2018-01-08T13:50:29Z", "Name": "Microsoft Windows Server Datacenter", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "369", "LastModified": "2018-01-08T13:50:31Z", "Name": "Microsoft Windows Server Enterprise", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "370", "LastModified": "2018-01-08T13:50:33Z", "Name": "Microsoft Windows Server Standard", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "371", "LastModified": "2018-01-08T13:50:36Z", "Name": "Microsoft Windows Workstation Enterprise", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "372", "LastModified": "2018-01-08T13:50:37Z", "Name": "Microsoft Windows Workstation Home", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "373", "LastModified": "2018-01-08T13:50:39Z", "Name": "Microsoft Windows 8", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "374", "LastModified": "2018-01-08T13:50:40Z", "Name": "Microsoft Windows Workstation Ultimate", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "375", "LastModified": "2018-01-08T13:50:42Z", "Name": "Unsupported Windows Operating Systems", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "376", "LastModified": "2018-01-08T13:50:43Z", "Name": "Microsoft Windows Workstation Professional", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "377", "LastModified": "2018-01-08T13:50:45Z", "Name": "Microsoft Windows XP", "Owner": "API55", "Type": "dynamic" }, { "HostCount": 0, "ID": "392", "LastModified": "2018-06-11T16:45:26Z", "Name": "Malware or Malicious Processes", "Owner": "API55", "Type": "dynamic" }, { "HostCount": "1", "ID": "537", "LastModified": "2018-11-07T13:34:11Z", "Name": "Maya test Asset", "Owner": "API55", "Type": "static" }, { "HostCount": 0, "ID": "538", "LastModified": "2018-11-07T13:35:12Z", "Name": "Malware or Malicious Processes(1)", "Owner": "API55", "Type": "dynamic" }, { "HostCount": "1", "ID": "543", "LastModified": "2018-11-20T18:29:53Z", "Name": "test_asset", "Owner": "API55", "Type": "static" }, { "HostCount": "2", "ID": "544", "LastModified": "2018-11-20T18:31:51Z", "Name": "test_asset2", "Owner": "API55", "Type": "static" }, { "HostCount": "2", "ID": "545", "LastModified": "2018-11-20T18:32:21Z", "Name": "test_asset3", "Owner": "API55", "Type": "static" }, { "HostCount": "2", "ID": "546", "LastModified": "2018-11-20T18:35:28Z", "Name": "test_asset4", "Owner": "API55", "Type": "static" }, { "HostCount": "2", "ID": "547", "LastModified": "2018-11-20T18:36:07Z", "Name": "test_asset5", "Owner": "API55", "Type": "static" }, { "HostCount": "2", "ID": "548", "LastModified": "2018-11-21T15:40:52Z", "Name": "blah", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "549", "LastModified": "2018-11-21T16:05:10Z", "Name": "test_asset9", "Owner": "API55", "Tag": "hmm,blob", "Type": "static" }, { "HostCount": "2", "ID": "550", "LastModified": "2018-11-22T15:12:29Z", "Name": "yyyy", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "551", "LastModified": "2018-11-25T16:06:39Z", "Name": "test_asset_Sun Nov 25 2018 18:06:35 GMT+0200 (IST)", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "552", "LastModified": "2018-11-25T16:08:54Z", "Name": "test_asset_Sun Nov 25 2018 18:08:50 GMT+0200 (IST)", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "556", "LastModified": "2018-11-25T16:18:56Z", "Name": "test_asset_Sun Nov 25 2018 18:18:52 GMT+0200 (IST)", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "557", "LastModified": "2018-11-25T16:34:52Z", "Name": "test_asset_Sun Nov 25 2018 18:34:47 GMT+0200 (IST)", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "558", "LastModified": "2018-11-26T08:20:09Z", "Name": "test_asset_Mon Nov 26 2018 10:20:05 GMT+0200 (IST)", "Owner": "API55", "Type": "static" }, { "HostCount": "1", "ID": "690", "LastModified": "2018-11-26T16:10:08Z", "Name": "test_asset_Mon Nov 26 2018 18:10:02 GMT+0200 (IST)", "Owner": "API55", "Type": "static" } ] } }
Human Readable Output
14. Create an asset
Creates an asset in Tenable.sc with the specified IP addresses.
Base Command
tenable-sc-create-asset
Input
Argument Name | Description | Required |
---|---|---|
name | Asset name. | Required |
description | Asset description. | Optional |
owner_id | Asset owner ID, default is the Session User ID (can be retrieved from the tenable-sc-list-users command). | Optional |
tag | Asset tag. | Optional |
ip_list | Comma-separated list of IPs to include in the asset, e.g., 10.0.0.2,10.0.0.4 | Required |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Asset.Name | string | Asset name. |
TenableSC.Asset.ID | string | Asset ID. |
TenableSC.Asset.OwnerName | string | Asset owner name. |
TenableSC.Asset.Tags | string | Asset tags. |
Command Example
!tenable-sc-create-asset name="test_asset_2018" description="desc" owner_id="53" ip_list="10.0.0.1,10.0.0.2"
Context Example
{ "TenableSC": { "Asset": { "ID": "691", "Name": "test_asset_2018", "OwnerName": "API55" } } }
Human Readable Output
15. Get asset information
Get details for a given asset in Tenable.sc
Base Command
tenable-sc-get-asset
Input
Argument Name | Description | Required |
---|---|---|
asset_id | Asset ID (can be retrieved from the tenable-sc-list-assets command). | Required |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Asset.ID | number | Asset ID. |
TenableSC.Asset.Name | string | Asset name. |
TenableSC.Asset.Description | string | Asset description. |
TenableSC.Asset.Tag | string | Asset tag. |
TenableSC.Asset.Modified | date | Asset last modified time. |
TenableSC.Asset.Owner | string | Asset owner user name. |
TenableSC.Asset.Group | string | Asset owner group. |
TenableSC.Asset.IPs | unknown | Asset viewable IPs. |
Command Example
!tenable-sc-get-asset asset_id=691
Context Example
{ "TenableSC": { "Asset": { "Created": "2018-11-26T18:17:39Z", "Description": "desc", "Group": "Full Access", "ID": "691", "IPs": [ "10.0.0.1", "10.0.0.2" ], "Modified": "2018-11-26T18:17:39Z", "Name": "test_asset_2018", "Owner": "API55" } } }
Human Readable Output
16. Delete an asset
Deletes the asset with the specified asset ID from Tenable.sc.
Base Command
tenable-sc-delete-asset
Input
Argument Name | Description | Required |
---|---|---|
asset_id | Asset ID. | Required |
Context Output
There is no context output for this command.
Command Example
!tenable-sc-delete-asset asset_id=691
Human Readable Output
17. Get a list of alerts
Returns a list alerts from Tenable.sc.
Base Command
tenable-sc-list-alerts
Input
Argument Name | Description | Required |
---|---|---|
manageable | Whether to return only manageable alerts. By default, returns both usable and manageable. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Alert.ID | string | Alert ID. |
TenableSC.Alert.Name | string | Alert name. |
TenableSC.Alert.Description | string | Alert description. |
TenableSC.Alert.State | string | Alert state. |
TenableSC.Alert.Actions | string | Alert actions. |
TenableSC.Alert.LastTriggered | date | Alert last triggered time. |
TenableSC.Alert.LastEvaluated | date | Alert last evaluated time. |
TenableSC.Alert.Group | string | Alert owner group name. |
TenableSC.Alert.Owner | string | Alert owner user name. |
Command Example
!tenable-sc-list-alerts
Context Example
{ "TenableSC": { "Alert": [ { "Actions": [ "ticket" ], "Group": "Full Access", "ID": "1", "LastEvaluated": "2018-11-25T19:44:00Z", "LastTriggered": "2017-01-31T19:44:01Z", "Name": "bwu_alert1", "Owner": "API17", "State": "Triggered" }, { "Actions": [ "notification", "ticket" ], "Group": "Full Access", "ID": "2", "LastEvaluated": "2018-11-26T18:30:14Z", "LastTriggered": "2018-11-26T18:30:15Z", "Name": "Test Alert", "Owner": "API55", "State": "Triggered" }, { "Actions": [ "ticket" ], "Group": "Full Access", "ID": "3", "LastEvaluated": "2018-11-26T18:30:04Z", "LastTriggered": "1970-01-01T00:00:00Z", "Name": "Test fetch", "Owner": "API55", "State": "Not Triggered" } ] } }
Human Readable Output
18. Get alert information
Returns information about a specified alert in Tenabel.sc.
Base Command
tenable-sc-get-alert
Input
Argument Name | Description | Required |
---|---|---|
alert_id | Alert ID (can be retrieved from the tenable-sc-list-alerts command). | Required |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Alert.ID | string | Alert ID. |
TenableSC.Alert.Name | string | Alert name. |
TenableSC.Alert.Description | string | Alert description. |
TenableSC.Alert.State | string | Alert state. |
TenableSC.Alert.Condition.Trigger | string | Alert trigger. |
TenableSC.Alert.LastTriggered | date | Alert last triggered time. |
TenableSC.Alert.Action | string | Alert action type. |
TenableSC.Alert.Action.Values | unknown | Alert action values. |
TenableSC.Alert.Condition.Query | string | Alert query name. |
TenableSC.Alert.Condition.Filter.Name | string | Alert query filter name. |
TenableSC.Alert.Condition.Filter.Values | unknown | Alert query filter values. |
Command Example
!tenable-sc-get-alert alert_id=3
Context Example
{ "TenableSC": { "Alert": { "Action": [ "type": "ticket", "values": "API55" ], "Behavior": "Execute on every trigger ", "Condition": { "Filter": [ { "Name": "ip", "Values": "11.0.0.2" } ], "Query": "IPv4 Fixed Address: 11.0.0.2", "Trigger": "sumport >= 1" }, "ID": "3", "LastTriggered": "Never", "Name": "Test fetch", "State": "Not Triggered" } } }
Human Readable Output
19. Get device information for a user
Returns device information from the current user in Tenable.sc.
Base Command
tenable-sc-get-device
Input
Argument Name | Description | Required |
---|---|---|
ip | A valid IP address to filter by. | Optional |
dnsName | DNS name for the IP address. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Device.IP | string | Device IP address. |
TenableSC.Device.UUID | string | Device UUID. |
TenableSC.Device.RepositoryID | string | Device repository ID. |
TenableSC.Device.MacAddress | string | Device Mac address. |
TenableSC.Device.NetbiosName | string | Device Netbios name. |
TenableSC.Device.DNSName | string | Device DNS name. |
TenableSC.Device.OS | string | Device operating system. |
TenableSC.Device.OsCPE | string | Device Common Platform Enumeration. |
TenableSC.Device.LastScan | date | Device's last scan time. |
TenableSC.Device.RepositoryName | string | Device repository name. |
TenableSC.Device.TotalScore | number | Device total threat score. |
TenableSC.Device.LowSeverity | number | Device total threat scores with low severity. |
TenableSC.Device.MediumSeverity | number | Device total threat scores with medium severity. |
TenableSC.Device.HighSeverity | number | Device total threat scores with high severity. |
TenableSC.Device.CriticalSeverity | number | Device total threat scores with critical severity. |
Command Example
!tenable-sc-get-device
Context Example
{ "TenableSC": { "Device": { "CriticalSeverity": "0", "DNSName": "gateway", "HighSeverity": "0", "IP": "10.0.0.1", "LastScan": "2018-11-26T18:26:03Z", "LowSeverity": "0", "MacAddress": "12:34:56:78:9a:bc", "MediumSeverity": "0", "OS": "Linux Kernel 2.2 Linux Kernel 2.4 Linux Kernel 2.6", "RepositoryID": "1", "RepositoryName": "repo", "TotalScore": "4" } } }
Human Readable Output
20. Get a list of users
List users in Tenable.sc.
Base Command
tenable-sc-list-users
Input
Argument Name | Description | Required |
---|---|---|
id | Filter by user ID. | Optional |
username | Filter by user name. | Optional |
Filter by user email address. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.User.ID | string | User ID. |
TenableSC.User.Username | string | Username. |
TenableSC.User.FirstName | string | User first name. |
TenableSC.User.LastName | string | User last name. |
TenableSC.User.Title | string | User title. |
TenableSC.User.Email | string | User email address. |
TenableSC.User.Created | date | The creation time of the user. |
TenableSC.User.Modified | date | Last modification time of the user. |
TenableSC.User.Login | date | User last login. |
TenableSC.User.Role | string | User role name. |
Command Example
!tenable-sc-list-users username=API55
Context Example
{ "TenableSC": { "User": { "Created": "2017-12-13T20:59:54Z", "FirstName": "API55", "ID": "53", "LastLogin": "2018-11-26T18:52:10Z", "Modified": "2017-12-13T20:59:54Z", "Role": "Security Manager", "Username": "API55" } } }
Human Readable Output
21. Get licensing information
Retrieves licensing information from Tenable.sc.
Base Command
tenable-sc-get-system-licensing
Input
There is no input for this command.
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Status.ActiveIPS | number | Number of active IP addresses. |
TenableSC.Status.LicensedIPS | unknown | Number of licensed IP addresses. |
TenableSC.Status.License | unknown | License status. |
Command Example
!tenable-sc-get-system-licensing
Context Example
{ "TenableSC": { "Status": { "ActiveIPS": "150", "License": "Valid", "LicensedIPS": "1024" } } }
Human Readable Output
22. Get system information and diagnostics
Returns the system information and diagnostics from Tenable.sc.
Base Command
tenable-sc-get-system-information
Input
There is no input for this command.
Context Output
Path | Type | Description |
---|---|---|
TenableSC.System.Version | string | System version. |
TenableSC.System.BuildID | string | System build ID. |
TenableSC.System.ReleaseID | string | System release ID. |
TenableSC.System.License | string | System license status. |
TenableSC.System.JavaStatus | boolean | Server Java status. |
TenableSC.System.RPMStatus | boolean | Server RPM status. |
TenableSC.System.DiskStatus | boolean | Server disk status. |
TenableSC.System.DiskThreshold | number | System space left on disk. |
TenableSC.System.LastCheck | date | System last check time. |
Command Example
!tenable-sc-get-system-information
23. Get device information
Retrieves information for the specified device.
Base Command
tenable-sc-get-device
Input
Argument Name | Description | Required |
---|---|---|
ip | A valid IP address of a device. | Optional |
dns_name | DNS name of a device. | Optional |
repository_id | Repository ID to get the device from, can be retrieved from the list-repositories command. | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.Device.IP | string | Device IP address. |
TenableSC.Device.UUID | string | Device UUID. |
TenableSC.Device.RepositoryID | string | Device repository ID. |
TenableSC.Device.MacAddress | string | Device Mac address. |
TenableSC.Device.NetbiosName | string | Device Netbios name. |
TenableSC.Device.DNSName | string | Device DNS name. |
TenableSC.Device.OS | string | Device operating system. |
TenableSC.Device.OsCPE | string | Device Common Platform Enumeration. |
TenableSC.Device.LastScan | date | Device's last scan time. |
TenableSC.Device.RepositoryName | string | Device repository name. |
TenableSC.Device.TotalScore | number | Device total threat score. |
TenableSC.Device.LowSeverity | number | Device total threat scores with low severity. |
TenableSC.Device.MediumSeverity | number | Device total threat scores with medium severity. |
TenableSC.Device.HighSeverity | number | Device total threat scores with high severity. |
TenableSC.Device.CriticalSeverity | number | Device total threat scores with critical severity. |
Endpoint.IPAddress | string | Endpoint IP address. |
Endpoint.Hostname | string | Endpoint DNS name. |
Endpoint.MACAddress | string | Endpoint Mac address. |
Endpoint.OS | string | Endpoint operating system. |
Command Example
!tenable-sc-get-device ip=213.35.2.109 !tenable-sc-get-device dns_name=213-35-2-109.navisite.net
Context Example
{ "Endpoint": { "Hostname": "213-35-2-109.navisite.net", "IPAddress": "213.35.2.109", "OS": "Microsoft Windows Server 2012 R2" }, "TenableSC": { "Device": { "CriticalSeverity": "0", "DNSName": "213-35-2-109.navisite.net", "HighSeverity": "0", "IP": "213.35.2.109", "LastScan": "2018-12-04T06:27:32Z", "LowSeverity": "0", "MediumSeverity": "0", "OS": "Microsoft Windows Server 2012 R2", "OsCPE": "cpe:/o:microsoft:windows_server_2012:r2", "RepositoryID": "1", "RepositoryName": "repo", "TotalScore": "34" } } }
Human Readable Output
24. Get all scan results
Returns all scan results in Tenable.sc.
Base Command
tenable-sc-get-all-scan-results
Input
Argument Name | Description | Required |
---|---|---|
manageable | Filter only manageable alerts. By default, returns both usable and manageable alerts. | Optional |
page | The page to return, starting from 0. | Optional |
limit | The number of objects to return in one response (maximum limit is 200). | Optional |
Context Output
Path | Type | Description |
---|---|---|
TenableSC.ScanResults.ID | Number | Scan ID. |
TenableSC.ScanResults.Name | string | Scan name. |
TenableSC.ScanResults.Status | string | Scan status. |
TenableSC.ScanResults.Description | string | Scan description. |
TenableSC.ScanResults.Policy | string | Scan policy. |
TenableSC.ScanResults.Group | string | Scan group name. |
TenableSC.ScanResults.Checks | number | Scan completed number of checks. |
TenableSC.ScanResults.StartTime | date | Scan results start time. |
TenableSC.ScanResults.EndTime | date | Scan results end time. |
TenableSC.ScanResults.Duration | number | Scan duration in minutes. |
TenableSC.ScanResults.ImportTime | date | Scan import time. |
TenableSC.ScanResults.ScannedIPs | number | Number of scanned IPs. |
TenableSC.ScanResults.Owner | string | Scan owner name. |
TenableSC.ScanResults.RepositoryName | string | Scan repository name. |
Command Example
!tenable-sc-get-all-scan-results page=10 limit=30
Human Readable Output
Troubleshooting
For errors within Tenable.sc, the cause is generally specified, e.g.,
The currently logged in used is not an administrator
,
Unable to retrieve Asset #2412. Asset #2412 does not exist
or
Invalid login credentials
. However there might be connection errors, for example when the server URL provided is incorrect.