Skip to main content

Tenable.sc

This Integration is part of the Tenable.sc Pack.#

Use the Tenable.sc integration to get a real-time, continuous assessment of your security posture so you can find and fix vulnerabilities faster.

All data in Tenable.sc is managed using group level permissions. If you have several groups, data (scans, scan results, assets, etc) can be viewable but not manageable. Users with Security Manager role  can manage everything. These permissions come into play when multiple groups are in use.

It is important to know what data is manageable for the user in order to work with the integration.

This integration was integrated and tested with Tenable.sc v5.7.0.

Use cases

  • Create and run scans.
  • Launch and manage scan results and the found vulnerabilities.
  • Create and view assets.
  • View policies, repositories, credentials, users and more system information.
  • View and real-time receiving of alerts.

Tenable.sc Playbook

Tenable.sc - Launch scan


image

Configure tenable.sc on Cortex XSOAR

To use the Tenable.sc integration in Cortex XSOAR, a user with administrative privileges is recommended.

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Tenable.sc.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Server URL (e.g. https://192.168.0.1)
    • Username
    • Trust any certificate (not secure)
    • Use system proxy settings
    • Fetch incidents
    • First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year):
    • Incident type
  4. Click Test to validate the URLs, token, and connection.

Fetched Incidents Data

For the first fetch, you can specify the time range to return alerts for. Subsequent fetches return alerts from Tenable.sc according to their last triggered time.

[
            {
                "id": "1",
                "name": "bwu_alert1",
                "description": "",
                "lastTriggered": "1485891841",
                "triggerName": "sumip",
                "triggerOperator": ">=",
                "triggerValue": "5",
                "action": [
                    {
                        "id": "1",
                        "type": "ticket",
                        "definition": {
                            "assignee": {
                                "id": "4",
                                "username": "API17",
                                "firstname": "API17",
                                "lastname": ""
                            },
                            "name": "Ticket opened by alert",
                            "description": "",
                            "notes": ""
                        },
                        "status": "0",
                        "users": [],
                        "objectID": null
                    }
                ],
                "query": {
                    "id": "1648",
                    "name": "Query for alert 'bwu_alert1' at 1463283903",
                    "description": ""
                },
                "owner": {
                    "id": "4",
                    "username": "API17",
                    "firstname": "API17",
                    "lastname": ""
                }
            },
            {
                "id": "2",
                "name": "Test Alert",
                "description": "Maya test alert",
                "lastTriggered": "1543248911",
                "triggerName": "sumip",
                "triggerOperator": ">=",
                "triggerValue": "0",
                "action": [
                    {
                        "id": "10",
                        "type": "notification",
                        "definition": {
                            "message": "Event!",
                            "users": [
                                {
                                    "id": "53",
                                    "username": "API55",
                                    "firstname": "API55",
                                    "lastname": ""
                                }
                            ]
                        },
                        "status": "0",
                        "users": [
                            {
                                "id": "53",
                                "username": "API55",
                                "firstname": "API55",
                                "lastname": ""
                            }
                        ],
                        "objectID": null
                    },
                    {
                        "id": "11",
                        "type": "ticket",
                        "definition": {
                            "assignee": {
                                "id": "53",
                                "username": "API55",
                                "firstname": "API55",
                                "lastname": ""
                            },
                            "name": "Ticket opened by alert",
                            "description": "",
                            "notes": ""
                        },
                        "status": "0",
                        "users": [],
                        "objectID": null
                    }
                ],
                "query": {
                    "id": "12669",
                    "name": "IP Summary",
                    "description": ""
                },
                "owner": {
                    "id": "53",
                    "username": "API55",
                    "firstname": "API55",
                    "lastname": ""
                }
            },
            {
                "id": "3",
                "name": "Test fetch",
                "description": "",
                "lastTriggered": "0",
                "triggerName": "sumport",
                "triggerOperator": ">=",
                "triggerValue": "1",
                "action": [
                    {
                        "id": "5",
                        "type": "ticket",
                        "definition": {
                            "assignee": {
                                "id": "53",
                                "username": "API55",
                                "firstname": "API55",
                                "lastname": ""
                            },
                            "name": "Ticket opened by alert",
                            "description": "",
                            "notes": ""
                        },
                        "status": "0",
                        "users": [],
                        "objectID": null
                    }
                ],
                "query": {
                    "id": "13177",
                    "name": "IPv4 Fixed Address: 11.0.0.2",
                    "description": ""
                },
                "owner": {
                    "id": "53",
                    "username": "API55",
                    "firstname": "API55",
                    "lastname": ""
                }
            }
        ]

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Get a list of scans: tenable-sc-list-scans
  2. Initiate a scan: tenable-sc-launch-scan
  3. Get vulnerability information for a scan: tenable-sc-get-vulnerability
  4. Get the status of a scan: tenable-sc-get-scan-status
  5. Get a report with scan results: tenable-sc-get-scan-report
  6. Get a list of credentials: tenable-sc-list-credentials
  7. Get a list of scan policies: tenable-sc-list-policies
  8. Get a list of report definitions: tenable-sc-list-report-definitions
  9. Get a list of scan repositories: tenable-sc-list-repositories
  10. Get a list of scan zones: tenable-sc-list-zones
  11. Create a scan: tenable-sc-create-scan
  12. Delete a scan: tenable-sc-delete-scan
  13. List all assets: tenable-sc-list-assets
  14. Create an asset: tenable-sc-create-asset
  15. Get asset information: tenable-sc-get-asset
  16. Delete an asset: tenable-sc-delete-asset
  17. Get a list of alerts: tenable-sc-list-alerts
  18. Get alert information: tenable-sc-get-alert
  19. Get device information for a user: tenable-sc-get-device
  20. Get a list of users: tenable-sc-list-users
  21. Get licensing information: tenable-sc-get-system-licensing
  22. Get system information and diagnostics: tenable-sc-get-system-information
  23. Get device information: tenable-sc-get-device
  24. Get all scan results: tenable-sc-get-all-scan-results

1. Get a list of scans


Returns a list of existing Tenable.sc scans.

Base Command

tenable-sc-list-scans

Input
Argument Name Description Required
manageable Whether to return only manageable scans. By default, returns both usable and manageable scans. Optional

Context Output
Path Type Description
TenableSC.Scan.Name string Scan name.
TenableSC.Scan.ID number Scan ID.
TenableSC.Scan.Description string Scan description.
TenableSC.Scan.Policy string Scan policy name.
TenableSC.Scan.Group string Scan policy owner group name.
TenableSC.Scan.Owner string Scan policy owner user name.

Command Example
  !tenable-sc-list-scans manageable=true
Context Example
{
    "TenableSC": {
        "Scan": [
            {
                "Group": "Full Access",
                "ID": "701",
                "Name": "Test55",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Group": "Full Access",
                "ID": "702",
                "Name": "Test55_2",
                "Owner": "API55",
                "Policy": "Full Scan"
            },
            {
                "Group": "Full Access",
                "ID": "703",
                "Name": "test55_3",
                "Owner": "API55",
                "Policy": "Full Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1266",
                "Name": "my_test",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1267",
                "Name": "my_test",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1270",
                "Name": "test5",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1271",
                "Name": "my_test",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1274",
                "Name": "sfsa",
                "Owner": "API55",
                "Policy": "Basic_Disc"
            },
            {
                "Description": "desc",
                "Group": "Full Access",
                "ID": "1275",
                "Name": "my_test_scan",
                "Owner": "API55",
                "Policy": "Basic Discovery Scan"
            },
            {
                "Description": "desc",
                "Group": "Full Access",
                "ID": "1276",
                "Name": "my_test_scan_plug",
                "Owner": "API55",
                "Policy": "Basic Network Scan"
            },
        
        ]
    }
}
Human Readable Output

image

2. Initiate a scan


Launches an existing scan from Tenable.sc.

Base Command

tenable-sc-launch-scan

Input
Argument Name Description Required
scan_id Scan ID (can be retrieved from the tenable-sc-list-scans command). Required
diagnostic_target Valid IP/hostname of a specific target to scan. Must be provided with diagnosticPassword. Optional
diagnostic_password Non empty string password. Optional

Context Output
Path Type Description
TenableSC.ScanResults.Name string Scan name.
TenableSC.ScanResults.ID string Scan Results ID.
TenableSC.ScanResults.OwnerID string Scan owner ID.
TenableSC.ScanResults.JobID string Job ID.
TenableSC.ScanResults.Status string Scan status.

Command Example
!tenable-sc-launch-scan scan_id=1275 diagnostic_target=10.0.0.1 diagnostic_password=mypass
Context Example
{
    "TenableSC": {
        "ScanResults": {
            "ID": "3398",
            "JobID": "949739",
            "Name": "my_test_scan",
            "OwnerID": "53",
            "Status": "Queued"
        }
    }
}
Human Readable Output

image

3. Get vulnerability information for a scan


Returns details about a vulnerability from a specified Tenable.sc scan.

Base Command

tenable-sc-get-vulnerability

Input
Argument Name Description Required
vulnerability_id Vulnerability ID from the scan-report command. Required
scan_results_id Scan results ID from the scan-report command. Required
limit The number of objects to return in one response (maximum limit is 200). Optional
page The page to return starting from 0. Optional

Context Output
Path Type Description
TenableSC.ScanResults.ID number Scan results ID.
TenableSC.ScanResults.Vulnerability.ID number Vulnerability plugin ID.
TenableSC.ScanResults.Vulnerability.Name string Vulnerability name.
TenableSC.ScanResults.Vulnerability.Description string Vulnerability description.
TenableSC.ScanResults.Vulnerability.Type string Vulnerability type.
TenableSC.ScanResults.Vulnerability.Severity string Vulnerability Severity.
TenableSC.ScanResults.Vulnerability.Synopsis string Vulnerability Synopsis.
TenableSC.ScanResults.Vulnerability.Solution string Vulnerability Solution.
TenableSC.ScanResults.Vulnerability.Published date Vulnerability publish date.
TenableSC.ScanResults.Vulnerability.CPE string Vulnerability CPE.
TenableSC.ScanResults.Vulnerability.CVE unknown Vulnerability CVE.
TenableSC.ScanResults.Vulnerability.ExploitAvailable boolean Vulnerability exploit available.
TenableSC.ScanResults.Vulnerability.ExploitEase string Vulnerability exploit ease.
TenableSC.ScanResults.Vulnerability.RiskFactor string Vulnerability risk factor.
TenableSC.ScanResults.Vulnerability.CVSSBaseScore number Vulnerability CVSS base score.
TenableSC.ScanResults.Vulnerability.CVSSTemporalScore number Vulnerability CVSS temporal score.
TenableSC.ScanResults.Vulnerability.CVSSVector string Vulnerability CVSS vector.
TenableSC.ScanResults.Vulnerability.PluginDetails unknown Vulnerability plugin details.
CVE.ID unknown CVE ID.
TenableSC.ScanResults.Vulnerability.Host.IP string Vulnerability Host IP.
TenableSC.ScanResults.Vulnerability.Host.MAC string Vulnerability Host MAC.
TenableSC.ScanResults.Vulnerability.Host.Port number Vulnerability Host Port.
TenableSC.ScanResults.Vulnerability.Host.Protocol string Vulnerability Host Protocol.

Command Example
!tenable-sc-get-vulnerability scan_results_id=3331 vulnerability_id=117672
Context Example
{
    "CVE": [
        {
            "ID": "CVE-2018-7584"
        },
        {
            "ID": "CVE-2018-0737"
        },
        {
            "ID": "CVE-2018-10546"
        },
        {
            "ID": "CVE-2018-10547"
        },
        {
            "ID": "CVE-2018-10548"
        },
        {
            "ID": "CVE-2018-10549"
        },
        {
            "ID": "CVE-2018-10545"
        },
        {
            "ID": "CVE-2018-0732"
        },
        {
            "ID": "CVE-2018-14851"
        },
        {
            "ID": "CVE-2018-14883"
        },
        {
            "ID": "CVE-2018-15132"
        }
    ],
    "TenableSC": {
        "ScanResults": {
            "ID": "3331",
            "Vulnerability": {
                "CPE": "cpe:/a:tenable:securitycenter",
                "CVE": [
                    "CVE-2018-7584",
                    "CVE-2018-0737",
                    "CVE-2018-10546",
                    "CVE-2018-10547",
                    "CVE-2018-10548",
                    "CVE-2018-10549",
                    "CVE-2018-10545",
                    "CVE-2018-0732",
                    "CVE-2018-14851",
                    "CVE-2018-14883",
                    "CVE-2018-15132"
                ],
                "CVSSBaseScore": "7.5",
                "CVSSTemporalScore": null,
                "CVSSVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "Description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",
                "ExploitAvailable": "false",
                "ExploitEase": "",
                "ID": "117672",
                "Name": "Tenable SecurityCenter \u003c 5.7.1 Multiple Vulnerabilities (TNS-2018-12)",
                "PluginDetails": {
                    "CheckType": "combined",
                    "Family": "Misc.",
                    "Modified": "2018-11-15T12:00:00Z",
                    "Published": "2018-09-24T12:00:00Z"
                },
                "Published": "2018-09-17T12:00:00Z",
                "RiskFactor": "High",
                "Severity": "High",
                "Solution": "Upgrade to Tenable SecurityCenter version 5.7.1 or later.",
                "Synopsis": "An application installed on the remote host is affected by multiple vulnerabilities.",
                "Type": "active"
            }
        }
    }
}
Human Readable Output

4. Get the status of a scan

Returns the status of a specified scan in Tenable.sc.

Base Command

tenable-sc-get-scan-status

Input
Argument Name Description Required
scan_results_id Scan results ID from the tenable-sc-launch-scan command. Required

Context Output
Path Type Description
TenableSC.ScanResults.Status string Scan status.
TenableSC.ScanResults.Name string Scan name.
TenableSC.ScanResults.Description unknown Scan description.
TenableSC.ScanResults.ID unknown Scan results ID.

Command Example
!tenable-sc-get-scan-status scan_results_id=3331
Context Example
{
    "TenableSC": {
        "ScanResults": {
            "ID": "3331",
            "Name": "中文scan",
            "Status": "Completed"
        }
    }
}
Human Readable Output

image

5. Get a report with scan results


Returns a single report with a Tenable.sc scan results.

Base Command

tenable-sc-get-scan-report

Input
Argument Name Description Required
scan_results_id Scan results ID. Required
vulnerability_severity Comma-separated list of severity values of vulnerabilities to retrieve. Optional

Context Output
Path Type Description
TenableSC.ScanResults.ID number Scan results ID.
TenableSC.ScanResults.Name string Scan name.
TenableSC.ScanResults.Status string Scan status.
TenableSC.ScanResults.ScannedIPs number Scan number of scanned IPs.
TenableSC.ScanResults.StartTime date Scan start time.
TenableSC.ScanResults.EndTime date Scan end time.
TenableSC.ScanResults.Checks number Scan completed checks.
TenableSC.ScanResults.RepositoryName string Scan repository name.
TenableSC.ScanResults.Description string Scan description.
TenableSC.ScanResults.Vulnerability.ID number Scan vulnerability ID.
TenableSC.ScanResults.Vulnerability.Name string Scan vulnerability Name.
TenableSC.ScanResults.Vulnerability.Family string Scan vulnerability family.
TenableSC.ScanResults.Vulnerability.Severity string Scan vulnerability severity.
TenableSC.ScanResults.Vulnerability.Total number Scan vulnerability total hosts.
TenableSC.ScanResults.Policy string Scan policy.
TenableSC.ScanResults.Group string Scan owner group name.
TenableSC.ScanResults.Owner string Scan owner user name.
TenableSC.ScanResults.Duration number Scan duration in minutes.
TenableSC.ScanResults.ImportTime date Scan import time.

Command Example
  !tenable-sc-get-scan-report scan_results_id=3331 vulnerability_severity=High
Context Example
{
    "TenableSC": {
        "ScanResults": {
            "Checks": "17155624",
            "Duration": 97.13333333333334,
            "EndTime": "2018-11-20T17:37:11Z",
            "Group": "Full Access",
            "ID": "3331",
            "ImportTime": "2018-11-20T17:37:15Z",
            "Name": "中文scan",
            "Owner": "API17",
            "Policy": "Basic Network Scan",
            "RepositoryName": "repo",
            "ScannedIPs": "172",
            "StartTime": "2018-11-20T16:00:03Z",
            "Status": "Completed",
            "Vulnerability": [
                {
                    "Description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "106234",
                    "Name": "CentOS 7 : bind (CESA-2018:0102)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided.\n\n* Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important)\n\n* Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important)\n\n* Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors.\n(CVE-2017-5754, Important)\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.\n\nThis update also fixes the following security issues and bugs :\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 3327131.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "106353",
                    "Name": "CentOS 7 : kernel (CESA-2018:0151) (Meltdown) (Spectre)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for dhcp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.\n\nSecurity Fix(es) :\n\n* dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732)\n\n* dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "108338",
                    "Name": "CentOS 7 : dhcp (CESA-2018:0483)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "109371",
                    "Name": "CentOS 7 : glibc (CESA-2018:0805)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for dhcp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.\n\nSecurity Fix(es) :\n\n* A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.\n(CVE-2018-1111)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "109814",
                    "Name": "CentOS 7 : dhcp (CESA-2018:1453)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es) :\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting these issues.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "110204",
                    "Name": "CentOS 7 : procps-ng (CESA-2018:1700)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)\n\n* kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431641",
                    "Family": "CentOS Local Security Checks",
                    "ID": "110245",
                    "Name": "CentOS 7 : kernel (CESA-2018:1318)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for yum-utils is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use.\n\nSecurity Fix(es) :\n\n* yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "111615",
                    "Name": "CentOS 7 : yum-utils (CESA-2018:2285)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.\n(CVE-2018-3620, CVE-2018-3646)\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.\n(CVE-2018-3693)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.\n(CVE-2018-5390)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)\n\n* kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693;\nand Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article :\n\nhttps://access.redhat.com/articles/3527791",
                    "Family": "CentOS Local Security Checks",
                    "ID": "111703",
                    "Name": "CentOS 7 : kernel (CESA-2018:2384) (Foreshadow)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)",
                    "Family": "CentOS Local Security Checks",
                    "ID": "112020",
                    "Name": "CentOS 7 : mariadb (CESA-2018:2439)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: processing of certain records when 'deny-answer-aliases' is in use may trigger an assert leading to a denial of service (CVE-2018-5740)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "112164",
                    "Name": "CentOS 7 : bind (CESA-2018:2570)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",
                    "Family": "Misc.",
                    "ID": "117672",
                    "Name": "Tenable SecurityCenter \u003c 5.7.1 Multiple Vulnerabilities (TNS-2018-12)",
                    "Severity": "High",
                    "Total": "2"
                },
                {
                    "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting this issue.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article :\n\nhttps://access.redhat.com/articles/3588731",
                    "Family": "CentOS Local Security Checks",
                    "ID": "117829",
                    "Name": "CentOS 7 : kernel (CESA-2018:2748)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "Updated X.org server and driver packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es) :\n\n* libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "118986",
                    "Name": "CentOS 7 : freeglut / libX11 / libXcursor / libXfont / libXfont2 / libXres / libdrm / libepoxy / etc (CESA-2018:3059)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "118990",
                    "Name": "CentOS 7 : kernel (CESA-2018:3083)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997)\n\n* glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485)\n\n* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236)\n\n* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "118992",
                    "Name": "CentOS 7 : glibc (CESA-2018:3092)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)\n\n* poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\n\n* libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733)\n\n* libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)\n\n* poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)\n\n* poppler: out of bounds read in pdfunite (CVE-2018-13988)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "118995",
                    "Name": "CentOS 7 : PackageKit / accountsservice / adwaita-icon-theme / appstream-data / at-spi2-atk / etc (CESA-2018:3140)",
                    "Severity": "High",
                    "Total": "1"
                },
                {
                    "Description": "An update for curl and nss-pem is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nThe nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module.\n\nSecurity Fix(es) :\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.",
                    "Family": "CentOS Local Security Checks",
                    "ID": "118996",
                    "Name": "CentOS 7 : curl / nss-pem (CESA-2018:3157)",
                    "Severity": "High",
                    "Total": "1"
                }
            ]
        }
    }
}
Human Readable Output

image
image

6. Get a list of credentials


Returns a list of Tenable.sc credentials.

Base Command

tenable-sc-list-credentials

Input
Argument Name Description Required
manageable Whether to return only manageable scan credentials. By default, returns both usable and manageable. Optional

Context Output
Path Type Description
TenableSC.Credential.Name string Credential name.
TenableSC.Credential.ID number Credential ID.
TenableSC.Credential.Description string Credential description.
TenableSC.Credential.Type string Credential type.
TenableSC.Credential.Tag string Credential tag.
TenableSC.Credential.Group string Credential owner group name.
TenableSC.Credential.Owner string Credential owner user name.
TenableSC.Credential.LastModified date Credential last modified time.

Command Example
!tenable-sc-list-credentials
Context Example
{
    "TenableSC": {
        "Credential": [
            {
                "ID": "1",
                "LastModified": "2017-10-30T21:17:34Z",
                "Name": "asdfasdf",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000001",
                "LastModified": "2016-06-23T14:59:38Z",
                "Name": "cloris_windows_p1",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000002",
                "LastModified": "2017-04-06T10:32:54Z",
                "Name": "cred admin api30",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000003",
                "LastModified": "2017-04-19T14:04:21Z",
                "Name": "151",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000004",
                "LastModified": "2017-05-15T22:12:38Z",
                "Name": "TestSSH creds",
                "Type": "ssh"
            },
            {
                "Group": "Full Access",
                "ID": "1000005",
                "LastModified": "2017-11-17T15:42:11Z",
                "Name": "Thycotic Test",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000006",
                "LastModified": "2018-05-10T20:11:27Z",
                "Name": "testAPI",
                "Tag": "testAPI",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000007",
                "LastModified": "2018-05-30T16:22:02Z",
                "Name": "Test",
                "Type": "database"
            },
            {
                "Description": "asgasdg",
                "Group": "Full Access",
                "ID": "1000008",
                "LastModified": "2018-05-30T16:22:42Z",
                "Name": "awefawef",
                "Tag": "testAPI",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000009",
                "LastModified": "2018-05-30T16:23:00Z",
                "Name": "oracle",
                "Type": "database"
            },
            {
                "Group": "Full Access",
                "ID": "1000010",
                "LastModified": "2018-05-30T16:23:18Z",
                "Name": "KerbTest",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000011",
                "LastModified": "2018-05-30T16:23:28Z",
                "Name": "snmpTest",
                "Type": "snmp"
            },
            {
                "Group": "Full Access",
                "ID": "1000012",
                "LastModified": "2018-05-30T16:23:43Z",
                "Name": "lmhash",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000013",
                "LastModified": "2018-05-30T16:24:00Z",
                "Name": "ntlmhash",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000014",
                "LastModified": "2018-05-30T16:24:24Z",
                "Name": "thycoti_secret",
                "Type": "windows"
            },
            {
                "Group": "Full Access",
                "ID": "1000015",
                "LastModified": "2018-05-30T16:24:56Z",
                "Name": "sshcert",
                "Type": "ssh"
            },
            {
                "Group": "Full Access",
                "ID": "1000016",
                "LastModified": "2018-05-30T16:25:10Z",
                "Name": "sshpassword",
                "Type": "ssh"
            },
            {
                "Group": "Full Access",
                "ID": "1000017",
                "LastModified": "2018-05-30T17:34:43Z",
                "Name": "SSHPublic Key",
                "Type": "ssh"
            },
            {
                "Group": "Full Access",
                "ID": "1000018",
                "LastModified": "2018-11-06T19:34:13Z",
                "Name": "SymbolPassword Test",
                "Type": "windows"
            }
        ]
    }
}
Human Readable Output

image

7. Get a list of scan policies


Returns a list of Tenable.sc scan policies.

Base Command

tenable-sc-list-policies

Input
Argument Name Description Required
manageable Whether to return only manageable scan policies. By default, returns both usable and manageable. Optional

Context Output
Path Type Description
TenableSC.ScanPolicy.Name string Scan policy name.
TenableSC.ScanPolicy.ID number Scan policy ID.
TenableSC.ScanPolicy.Description string Scan policy description.
TenableSC.ScanPolicy.Tag string Scan policy tag.
TenableSC.ScanPolicy.Group string Scan policy owner group name.
TenableSC.ScanPolicy.Owner string Scan policy owner user name.
TenableSC.ScanPolicy.LastModified date Scan policy last modified time.
TenableSC.ScanPolicy.Type string Scan policy type.

Command Example
!tenable-sc-list-policies
Context Example
{
    "TenableSC": {
        "ScanPolicy": [
            {
                "Group": "Full Access",
                "ID": "1000001",
                "LastModified": "2016-05-04T11:35:27Z",
                "Name": "MV Scan Policy",
                "Owner": "API7",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000002",
                "LastModified": "2016-05-04T11:35:58Z",
                "Name": "Web Application Tests",
                "Owner": "API7",
                "Type": "Web Application Tests"
            },
            {
                "Group": "Full Access",
                "ID": "1000003",
                "LastModified": "2016-05-04T11:36:25Z",
                "Name": "Basic Network Scan",
                "Owner": "API7",
                "Type": "Basic Network Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000004",
                "LastModified": "2016-06-23T14:41:08Z",
                "Name": "Windows Malware Scan",
                "Owner": "API17",
                "Type": "Malware Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000005",
                "LastModified": "2017-03-25T03:28:13Z",
                "Name": "Compliance Test SC Host",
                "Owner": "tenable",
                "Type": "Policy Compliance Auditing"
            },
            {
                "Group": "Full Access",
                "ID": "1000006",
                "LastModified": "2017-04-04T13:05:25Z",
                "Name": "Maiware Scan",
                "Owner": "API30",
                "Type": "Malware Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000008",
                "LastModified": "2017-04-24T18:12:39Z",
                "Name": "Basic Discovery Scan",
                "Owner": "API33",
                "Type": "Host Discovery"
            },
            {
                "Group": "Full Access",
                "ID": "1000009",
                "LastModified": "2017-05-17T00:43:07Z",
                "Name": "Test Citrix",
                "Owner": "API34",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000010",
                "LastModified": "2017-05-17T00:44:20Z",
                "Name": "test juniper",
                "Owner": "API34",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000011",
                "LastModified": "2017-05-17T00:45:02Z",
                "Name": "test vmware",
                "Owner": "API34",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000012",
                "LastModified": "2017-05-17T23:49:02Z",
                "Name": "Test PaloAlto Template",
                "Owner": "API34",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000014",
                "LastModified": "2017-09-20T16:41:40Z",
                "Name": "Full Scan",
                "Owner": "tenable",
                "Type": "Basic Network Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000015",
                "LastModified": "2017-10-17T08:05:13Z",
                "Name": "cisco_compliance",
                "Owner": "API32",
                "Type": "Advanced Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000125",
                "LastModified": "2018-02-15T15:52:22Z",
                "Name": "test_9845771654157357",
                "Owner": "API61",
                "Type": "Basic Network Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000165",
                "LastModified": "2018-04-10T19:23:00Z",
                "Name": "Test CIS",
                "Owner": "example.gmail.com",
                "Type": "Policy Compliance Auditing"
            },
            {
                "Group": "Full Access",
                "ID": "1000568",
                "LastModified": "2018-08-27T06:37:46Z",
                "Name": "Basic_Disc",
                "Owner": "API25",
                "Type": "Basic Network Scan"
            },
            {
                "Group": "Full Access",
                "ID": "1000619",
                "LastModified": "2018-11-06T19:35:24Z",
                "Name": "Symbol Password tests",
                "Owner": "hammackj",
                "Type": "Advanced Scan"
            }
        ]
    }
}
Human Readable Output

image

8. Get a list of report definitions


Returns a list of Tenable.sc report definitions.

Base Command

tenable-sc-list-report-definitions

Input
Argument Name Description Required
manageable Whether to return only manageable reports. By default, returns both usable and manageable. Optional

Context Output
Path Type Description
TenableSC.ReportDefinition.Name string Report definition name.
TenableSC.ReportDefinition.ID number Report definition ID.
TenableSC.ReportDefinition.Description string Report definition description.
TenableSC.ReportDefinition.Type string Report definition type.
TenableSC.ReportDefinition.Group string Report definition owner group name.
TenableSC.ReportDefinition.Owner string Report definition owner user name.

Command Example
!tenable-sc-list-report-definitions manageable=true
Context Example
{
    "TenableSC": {
        "ReportDefinition": [
            {
                "Group": "Full Access",
                "ID": "439",
                "Name": "Monthly Executive Report",
                "Owner": "API55",
                "Type": "pdf"
            },
            {
                "Group": "Full Access",
                "ID": "440",
                "Name": "Remediation Instructions by Host Report",
                "Owner": "API55",
                "Type": "pdf"
            },
            {
                "Group": "Full Access",
                "ID": "438",
                "Name": "Critical and Exploitable Vulnerabilities Report",
                "Owner": "API55",
                "Type": "pdf"
            }
        ]
    }
}
Human Readable Output

image

9. Get a list of scan repositories


Returns a list of Tenable.sc scan repositories.

Base Command

tenable-sc-list-repositories

Input

There is no input for this command.

Context Output
Path Type Description
TenableSC.ScanRepository.Name string Scan repository name.
TenableSC.ScanRepository.ID number Scan repository ID.
TenableSC.ScanRepository.Description string Scan repository.

Command Example
!tenable-sc-list-repositories
Context Example
{
    "TenableSC": {
        "ScanRepository": [
            {
                "ID": "1",
                "Name": "repo"
            },
            {
                "ID": "2",
                "Name": "Offline Repo"
            },
            {
                "ID": "3",
                "Name": "agent_repo"
            }
        ]
    }
}
Human Readable Output

image

10. Get a list of scan zones


Returns a list of Tenable.sc scan zones.

Base Command

tenable-sc-list-zones

Input

There is no input for this command.

Context Output
Path Type Description
TenableSC.ScanZone.Name string Scan zone name.
TenableSC.ScanZone.ID number Scan zone ID.
TenableSC.ScanZone.Description string Scan zone description.
TenableSC.ScanZone.IPList unknown Scan zone IP list.
TenableSC.ScanZone.ActiveScanners number Scan zone active scanners.

Command Example
!tenable-sc-list-zones
Context Example
{
    "TenableSC": {
        "ScanZone": {
            "ID": 0,
            "Name": "All Zones"
        }
    }
}
Human Readable Output

image

11. Create a scan


Creates a scan on Tenable.sc.

Base Command

tenable-sc-create-scan

Input
Argument Name Description Required
name Scan name. Required
policy_id Policy ID (can be retrieved from the tenable-sc-list-policies command). Required
description Scan description. Optional
repository_id Scan Repository ID (can be retrieved from the tenable- sc-list-repositories command). Required
zone_id Scan zone ID (default is all zones) (can be retrieved from the tenable-sc-list-zones command). Optional
schedule Schedule for the scan. Optional
asset_ids Either all assets or a comma-separated list of asset IDs to scan (can be retrieved from the tenable-sc-list-assets command). Optional
scan_virtual_hosts Whether to include virtual hosts, default is false. Optional
ip_list Comma-separated list of IPs to scan, e.g., 10.0.0.1,10.0.0.2. Optional
report_ids Comma separated list of report definition IDs to create post-scan, can be retrieved from list-report-definitions command. Optional
credentials Comma-separated credentials IDs to use (can be retrieved from the tenable-sc-list-credentials command). Optional
timeout_action Scan timeout action, default is import. Optional
max_scan_time Maximum scan run time in hours, default is 1. Optional
dhcp_tracking Track hosts which have been issued new IP address, (e.g. DHCP). Optional
rollover_type Scan rollover type. Optional
dependent_id Dependent scan ID in case of a dependent schedule, can be retrieved from list-scans command. Optional

Context Output
Path Type Description
TenableSC.Scan.ID string Scan ID.
TenableSC.Scan.CreatorID string Scan's creator ID.
TenableSC.Scan.Name string Scan name.
TenableSC.Scan.Type string Scan type.
TenableSC.Scan.CreatedTime date Scan creation time.
TenableSC.Scan.OwnerName string Scan owner username.
TenableSC.Scan.Reports unknown Scan report definition IDs.

Command Example
!tenable-sc-create-scan name="test_scan_2018" policy_id="1000618" description="Test scan" repository_id="1" schedule="never" asset_ids=AllManageable scan_virtual_hosts="false" ip_list="10.0.0.1" report_ids="438" credentials="1000007" max_scan_time="2" dhcp_tracking="true"
Context Example
{
    "TenableSC": {
        "Scan": {
            "CreationTime": "2018-11-26T17:29:02Z",
            "CreatorID": "53",
            "ID": "1286",
            "Name": "test_scan_2018",
            "Reports": [
                "438"
            ],
            "Type": "policy"
        }
    }
}
Human Readable Output

image

12. Delete a scan


Deletes a scan in Tenable.sc.

Base Command

tenable-sc-delete-scan

Input
Argument Name Description Required
scan_id Scan ID (can be retrieved from the tenable-sc-list-scans command). Required

Context Output

There is no context output for this command.

Command Example
!tenable-sc-delete-scan scan_id=1286
Human Readable Output

image

13. Get a list of assets


Returns a list of Tenable.sc assets.

Base Command

tenable-sc-list-assets

Input
Argument Name Description Required
manageable Whether to return only manageable assets.By default, returns both usable and manageable. Optional

Context Output
Path Type Description
TenableSC.Asset.ID string Asset ID.
TenableSC.Asset.Name string Asset name.
TenableSC.Asset.HostCount number Asset host IPs count.
TenableSC.Asset.Type string Asset type.
TenableSC.Asset.Tag string Asset tag.
TenableSC.Asset.Owner string Asset owner username.
TenableSC.Asset.Group string Asset group.
TenableSC.Asset.LastModified date Asset last modified time.

Command Example
!tenable-sc-list-assets manageable=true
Context Example
{
    "TenableSC": {
        "Asset": [
            {
                "HostCount": 0,
                "ID": "354",
                "LastModified": "2018-01-08T13:50:05Z",
                "Name": "Bad Credentials",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "355",
                "LastModified": "2018-01-08T13:50:08Z",
                "Name": "Bad Windows Account",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 5,
                "ID": "356",
                "LastModified": "2018-01-08T13:50:09Z",
                "Name": "Windows Hosts",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "357",
                "LastModified": "2018-01-08T13:50:11Z",
                "Name": "Windows 7",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "358",
                "LastModified": "2018-01-08T13:50:13Z",
                "Name": "Windows RDP or Terminal Services",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 2,
                "ID": "359",
                "LastModified": "2018-01-08T13:50:15Z",
                "Name": "WMI Login Authenticated",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "360",
                "LastModified": "2018-01-08T13:50:16Z",
                "Name": "Microsoft Office 2010",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "361",
                "LastModified": "2018-01-08T13:50:18Z",
                "Name": "Microsoft Office 2007",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "362",
                "LastModified": "2018-01-08T13:50:19Z",
                "Name": "Microsoft VPN Technology",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "363",
                "LastModified": "2018-01-08T13:50:21Z",
                "Name": "Microsoft Windows Server 2000",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 4,
                "ID": "364",
                "LastModified": "2018-01-08T13:50:23Z",
                "Name": "Microsoft Windows Server",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "365",
                "LastModified": "2018-01-08T13:50:24Z",
                "Name": "Microsoft Windows Server 2003",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 3,
                "ID": "366",
                "LastModified": "2018-01-08T13:50:26Z",
                "Name": "Microsoft Windows Server 2008",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 1,
                "ID": "367",
                "LastModified": "2018-01-08T13:50:28Z",
                "Name": "Microsoft Windows Server 2012",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 2,
                "ID": "368",
                "LastModified": "2018-01-08T13:50:29Z",
                "Name": "Microsoft Windows Server Datacenter",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "369",
                "LastModified": "2018-01-08T13:50:31Z",
                "Name": "Microsoft Windows Server Enterprise",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "370",
                "LastModified": "2018-01-08T13:50:33Z",
                "Name": "Microsoft Windows Server Standard",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "371",
                "LastModified": "2018-01-08T13:50:36Z",
                "Name": "Microsoft Windows Workstation Enterprise",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "372",
                "LastModified": "2018-01-08T13:50:37Z",
                "Name": "Microsoft Windows Workstation Home",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "373",
                "LastModified": "2018-01-08T13:50:39Z",
                "Name": "Microsoft Windows 8",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "374",
                "LastModified": "2018-01-08T13:50:40Z",
                "Name": "Microsoft Windows Workstation Ultimate",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "375",
                "LastModified": "2018-01-08T13:50:42Z",
                "Name": "Unsupported Windows Operating Systems",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "376",
                "LastModified": "2018-01-08T13:50:43Z",
                "Name": "Microsoft Windows Workstation Professional",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "377",
                "LastModified": "2018-01-08T13:50:45Z",
                "Name": "Microsoft Windows XP",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": 0,
                "ID": "392",
                "LastModified": "2018-06-11T16:45:26Z",
                "Name": "Malware or Malicious Processes",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": "1",
                "ID": "537",
                "LastModified": "2018-11-07T13:34:11Z",
                "Name": "Maya test Asset",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": 0,
                "ID": "538",
                "LastModified": "2018-11-07T13:35:12Z",
                "Name": "Malware or Malicious Processes(1)",
                "Owner": "API55",
                "Type": "dynamic"
            },
            {
                "HostCount": "1",
                "ID": "543",
                "LastModified": "2018-11-20T18:29:53Z",
                "Name": "test_asset",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "544",
                "LastModified": "2018-11-20T18:31:51Z",
                "Name": "test_asset2",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "545",
                "LastModified": "2018-11-20T18:32:21Z",
                "Name": "test_asset3",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "546",
                "LastModified": "2018-11-20T18:35:28Z",
                "Name": "test_asset4",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "547",
                "LastModified": "2018-11-20T18:36:07Z",
                "Name": "test_asset5",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "548",
                "LastModified": "2018-11-21T15:40:52Z",
                "Name": "blah",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "549",
                "LastModified": "2018-11-21T16:05:10Z",
                "Name": "test_asset9",
                "Owner": "API55",
                "Tag": "hmm,blob",
                "Type": "static"
            },
            {
                "HostCount": "2",
                "ID": "550",
                "LastModified": "2018-11-22T15:12:29Z",
                "Name": "yyyy",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "551",
                "LastModified": "2018-11-25T16:06:39Z",
                "Name": "test_asset_Sun Nov 25 2018 18:06:35 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "552",
                "LastModified": "2018-11-25T16:08:54Z",
                "Name": "test_asset_Sun Nov 25 2018 18:08:50 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "556",
                "LastModified": "2018-11-25T16:18:56Z",
                "Name": "test_asset_Sun Nov 25 2018 18:18:52 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "557",
                "LastModified": "2018-11-25T16:34:52Z",
                "Name": "test_asset_Sun Nov 25 2018 18:34:47 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "558",
                "LastModified": "2018-11-26T08:20:09Z",
                "Name": "test_asset_Mon Nov 26 2018 10:20:05 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            },
            {
                "HostCount": "1",
                "ID": "690",
                "LastModified": "2018-11-26T16:10:08Z",
                "Name": "test_asset_Mon Nov 26 2018 18:10:02 GMT+0200 (IST)",
                "Owner": "API55",
                "Type": "static"
            }
        ]
    }
}
Human Readable Output

image

14. Create an asset


Creates an asset in Tenable.sc with the specified IP addresses.

Base Command

tenable-sc-create-asset

Input
Argument Name Description Required
name Asset name. Required
description Asset description. Optional
owner_id Asset owner ID, default is the Session User ID (can be retrieved from the tenable-sc-list-users command). Optional
tag Asset tag. Optional
ip_list Comma-separated list of IPs to include in the asset, e.g., 10.0.0.2,10.0.0.4 Required

Context Output
Path Type Description
TenableSC.Asset.Name string Asset name.
TenableSC.Asset.ID string Asset ID.
TenableSC.Asset.OwnerName string Asset owner name.
TenableSC.Asset.Tags string Asset tags.

Command Example
!tenable-sc-create-asset name="test_asset_2018" description="desc" owner_id="53" ip_list="10.0.0.1,10.0.0.2"
Context Example
{
    "TenableSC": {
        "Asset": {
            "ID": "691",
            "Name": "test_asset_2018",
            "OwnerName": "API55"
        }
    }
}
Human Readable Output

image

15. Get asset information


Get details for a given asset in Tenable.sc

Base Command

tenable-sc-get-asset

Input
Argument Name Description Required
asset_id Asset ID (can be retrieved from the tenable-sc-list-assets command). Required

Context Output
Path Type Description
TenableSC.Asset.ID number Asset ID.
TenableSC.Asset.Name string Asset name.
TenableSC.Asset.Description string Asset description.
TenableSC.Asset.Tag string Asset tag.
TenableSC.Asset.Modified date Asset last modified time.
TenableSC.Asset.Owner string Asset owner user name.
TenableSC.Asset.Group string Asset owner group.
TenableSC.Asset.IPs unknown Asset viewable IPs.

Command Example
!tenable-sc-get-asset asset_id=691
Context Example
{
    "TenableSC": {
        "Asset": {
            "Created": "2018-11-26T18:17:39Z",
            "Description": "desc",
            "Group": "Full Access",
            "ID": "691",
            "IPs": [
                "10.0.0.1",
                "10.0.0.2"
            ],
            "Modified": "2018-11-26T18:17:39Z",
            "Name": "test_asset_2018",
            "Owner": "API55"
        }
    }
}
Human Readable Output

image

16. Delete an asset


Deletes the asset with the specified asset ID from Tenable.sc.

Base Command

tenable-sc-delete-asset

Input
Argument Name Description Required
asset_id Asset ID. Required

Context Output

There is no context output for this command.

Command Example
!tenable-sc-delete-asset asset_id=691
Human Readable Output

image

17. Get a list of alerts


Returns a list alerts from Tenable.sc.

Base Command

tenable-sc-list-alerts

Input
Argument Name Description Required
manageable Whether to return only manageable alerts. By default, returns both usable and manageable. Optional

Context Output
Path Type Description
TenableSC.Alert.ID string Alert ID.
TenableSC.Alert.Name string Alert name.
TenableSC.Alert.Description string Alert description.
TenableSC.Alert.State string Alert state.
TenableSC.Alert.Actions string Alert actions.
TenableSC.Alert.LastTriggered date Alert last triggered time.
TenableSC.Alert.LastEvaluated date Alert last evaluated time.
TenableSC.Alert.Group string Alert owner group name.
TenableSC.Alert.Owner string Alert owner user name.

Command Example
!tenable-sc-list-alerts
Context Example
{
    "TenableSC": {
        "Alert": [
            {
                "Actions": [
                    "ticket"
                ],
                "Group": "Full Access",
                "ID": "1",
                "LastEvaluated": "2018-11-25T19:44:00Z",
                "LastTriggered": "2017-01-31T19:44:01Z",
                "Name": "bwu_alert1",
                "Owner": "API17",
                "State": "Triggered"
            },
            {
                "Actions": [
                    "notification",
                    "ticket"
                ],
                "Group": "Full Access",
                "ID": "2",
                "LastEvaluated": "2018-11-26T18:30:14Z",
                "LastTriggered": "2018-11-26T18:30:15Z",
                "Name": "Test Alert",
                "Owner": "API55",
                "State": "Triggered"
            },
            {
                "Actions": [
                    "ticket"
                ],
                "Group": "Full Access",
                "ID": "3",
                "LastEvaluated": "2018-11-26T18:30:04Z",
                "LastTriggered": "1970-01-01T00:00:00Z",
                "Name": "Test fetch",
                "Owner": "API55",
                "State": "Not Triggered"
            }
        ]
    }
}
Human Readable Output

image

18. Get alert information


Returns information about a specified alert in Tenabel.sc.

Base Command
tenable-sc-get-alert
Input
Argument Name Description Required
alert_id Alert ID (can be retrieved from the tenable-sc-list-alerts command). Required

Context Output
Path Type Description
TenableSC.Alert.ID string Alert ID.
TenableSC.Alert.Name string Alert name.
TenableSC.Alert.Description string Alert description.
TenableSC.Alert.State string Alert state.
TenableSC.Alert.Condition.Trigger string Alert trigger.
TenableSC.Alert.LastTriggered date Alert last triggered time.
TenableSC.Alert.Action string Alert action type.
TenableSC.Alert.Action.Values unknown Alert action values.
TenableSC.Alert.Condition.Query string Alert query name.
TenableSC.Alert.Condition.Filter.Name string Alert query filter name.
TenableSC.Alert.Condition.Filter.Values unknown Alert query filter values.

Command Example
!tenable-sc-get-alert alert_id=3
Context Example
{
    "TenableSC": {
        "Alert": {
            "Action": [
                "type": "ticket",
                "values": "API55"
            ],
            "Behavior": "Execute on every trigger ",
            "Condition": {
                "Filter": [
                    {
                        "Name": "ip",
                        "Values": "11.0.0.2"
                    }
                ],
                "Query": "IPv4 Fixed Address: 11.0.0.2",
                "Trigger": "sumport >= 1"
            },
            "ID": "3",
            "LastTriggered": "Never",
            "Name": "Test fetch",
            "State": "Not Triggered"
        }
    }
}
Human Readable Output

image

19. Get device information for a user


Returns device information from the current user in Tenable.sc.

Base Command

tenable-sc-get-device

Input
Argument Name Description Required
ip A valid IP address to filter by. Optional
dnsName DNS name for the IP address. Optional

Context Output
Path Type Description
TenableSC.Device.IP string Device IP address.
TenableSC.Device.UUID string Device UUID.
TenableSC.Device.RepositoryID string Device repository ID.
TenableSC.Device.MacAddress string Device Mac address.
TenableSC.Device.NetbiosName string Device Netbios name.
TenableSC.Device.DNSName string Device DNS name.
TenableSC.Device.OS string Device operating system.
TenableSC.Device.OsCPE string Device Common Platform Enumeration.
TenableSC.Device.LastScan date Device's last scan time.
TenableSC.Device.RepositoryName string Device repository name.
TenableSC.Device.TotalScore number Device total threat score.
TenableSC.Device.LowSeverity number Device total threat scores with low severity.
TenableSC.Device.MediumSeverity number Device total threat scores with medium severity.
TenableSC.Device.HighSeverity number Device total threat scores with high severity.
TenableSC.Device.CriticalSeverity number Device total threat scores with critical severity.

Command Example
!tenable-sc-get-device
Context Example
{
    "TenableSC": {
        "Device": {
            "CriticalSeverity": "0",
            "DNSName": "gateway",
            "HighSeverity": "0",
            "IP": "10.0.0.1",
            "LastScan": "2018-11-26T18:26:03Z",
            "LowSeverity": "0",
            "MacAddress": "12:34:56:78:9a:bc",
            "MediumSeverity": "0",
            "OS": "Linux Kernel 2.2 Linux Kernel 2.4 Linux Kernel 2.6",
            "RepositoryID": "1",
            "RepositoryName": "repo",
            "TotalScore": "4"
        }
    }
}
Human Readable Output

image

20. Get a list of users


List users in Tenable.sc.

Base Command

tenable-sc-list-users

Input
Argument Name Description Required
id Filter by user ID. Optional
username Filter by user name. Optional
email Filter by user email address. Optional

Context Output
Path Type Description
TenableSC.User.ID string User ID.
TenableSC.User.Username string Username.
TenableSC.User.FirstName string User first name.
TenableSC.User.LastName string User last name.
TenableSC.User.Title string User title.
TenableSC.User.Email string User email address.
TenableSC.User.Created date The creation time of the user.
TenableSC.User.Modified date Last modification time of the user.
TenableSC.User.Login date User last login.
TenableSC.User.Role string User role name.

Command Example
!tenable-sc-list-users username=API55
Context Example
{
    "TenableSC": {
        "User": {
            "Created": "2017-12-13T20:59:54Z",
            "FirstName": "API55",
            "ID": "53",
            "LastLogin": "2018-11-26T18:52:10Z",
            "Modified": "2017-12-13T20:59:54Z",
            "Role": "Security Manager",
            "Username": "API55"
        }
    }
}
Human Readable Output

image

21. Get licensing information


Retrieves licensing information from Tenable.sc.

Base Command

tenable-sc-get-system-licensing

Input

There is no input for this command.

Context Output
Path Type Description
TenableSC.Status.ActiveIPS number Number of active IP addresses.
TenableSC.Status.LicensedIPS unknown Number of licensed IP addresses.
TenableSC.Status.License unknown License status.

Command Example
!tenable-sc-get-system-licensing
Context Example
{
    "TenableSC": {
        "Status": {
            "ActiveIPS": "150",
            "License": "Valid",
            "LicensedIPS": "1024"
        }
    }
}
Human Readable Output

image

22. Get system information and diagnostics


Returns the system information and diagnostics from Tenable.sc.

Base Command

tenable-sc-get-system-information

Input

There is no input for this command.

Context Output
Path Type Description
TenableSC.System.Version string System version.
TenableSC.System.BuildID string System build ID.
TenableSC.System.ReleaseID string System release ID.
TenableSC.System.License string System license status.
TenableSC.System.JavaStatus boolean Server Java status.
TenableSC.System.RPMStatus boolean Server RPM status.
TenableSC.System.DiskStatus boolean Server disk status.
TenableSC.System.DiskThreshold number System space left on disk.
TenableSC.System.LastCheck date System last check time.

Command Example
!tenable-sc-get-system-information

23. Get device information


Retrieves information for the specified device.

Base Command

tenable-sc-get-device

Input
Argument Name Description Required
ip A valid IP address of a device. Optional
dns_name DNS name of a device. Optional
repository_id Repository ID to get the device from, can be retrieved from the list-repositories command. Optional

Context Output
Path Type Description
TenableSC.Device.IP string Device IP address.
TenableSC.Device.UUID string Device UUID.
TenableSC.Device.RepositoryID string Device repository ID.
TenableSC.Device.MacAddress string Device Mac address.
TenableSC.Device.NetbiosName string Device Netbios name.
TenableSC.Device.DNSName string Device DNS name.
TenableSC.Device.OS string Device operating system.
TenableSC.Device.OsCPE string Device Common Platform Enumeration.
TenableSC.Device.LastScan date Device's last scan time.
TenableSC.Device.RepositoryName string Device repository name.
TenableSC.Device.TotalScore number Device total threat score.
TenableSC.Device.LowSeverity number Device total threat scores with low severity.
TenableSC.Device.MediumSeverity number Device total threat scores with medium severity.
TenableSC.Device.HighSeverity number Device total threat scores with high severity.
TenableSC.Device.CriticalSeverity number Device total threat scores with critical severity.
Endpoint.IPAddress string Endpoint IP address.
Endpoint.Hostname string Endpoint DNS name.
Endpoint.MACAddress string Endpoint Mac address.
Endpoint.OS string Endpoint operating system.

Command Example
!tenable-sc-get-device ip=213.35.2.109
!tenable-sc-get-device dns_name=213-35-2-109.navisite.net
Context Example
{
    "Endpoint": {
        "Hostname": "213-35-2-109.navisite.net",
        "IPAddress": "213.35.2.109",
        "OS": "Microsoft Windows Server 2012 R2"
    },
    "TenableSC": {
        "Device": {
            "CriticalSeverity": "0",
            "DNSName": "213-35-2-109.navisite.net",
            "HighSeverity": "0",
            "IP": "213.35.2.109",
            "LastScan": "2018-12-04T06:27:32Z",
            "LowSeverity": "0",
            "MediumSeverity": "0",
            "OS": "Microsoft Windows Server 2012 R2",
            "OsCPE": "cpe:/o:microsoft:windows_server_2012:r2",
            "RepositoryID": "1",
            "RepositoryName": "repo",
            "TotalScore": "34"
        }
    }
}
Human Readable Output

image

24. Get all scan results


Returns all scan results in Tenable.sc.

Base Command

tenable-sc-get-all-scan-results

Input
Argument Name Description Required
manageable Filter only manageable alerts. By default, returns both usable and manageable alerts. Optional
page The page to return, starting from 0. Optional
limit The number of objects to return in one response (maximum limit is 200). Optional

Context Output
Path Type Description
TenableSC.ScanResults.ID Number Scan ID.
TenableSC.ScanResults.Name string Scan name.
TenableSC.ScanResults.Status string Scan status.
TenableSC.ScanResults.Description string Scan description.
TenableSC.ScanResults.Policy string Scan policy.
TenableSC.ScanResults.Group string Scan group name.
TenableSC.ScanResults.Checks number Scan completed number of checks.
TenableSC.ScanResults.StartTime date Scan results start time.
TenableSC.ScanResults.EndTime date Scan results end time.
TenableSC.ScanResults.Duration number Scan duration in minutes.
TenableSC.ScanResults.ImportTime date Scan import time.
TenableSC.ScanResults.ScannedIPs number Number of scanned IPs.
TenableSC.ScanResults.Owner string Scan owner name.
TenableSC.ScanResults.RepositoryName string Scan repository name.

Command Example
  !tenable-sc-get-all-scan-results page=10 limit=30
Human Readable Output

Troubleshooting


For errors within Tenable.sc, the cause is generally specified, e.g., The currently logged in used is not an administrator , Unable to retrieve Asset #2412. Asset #2412 does not exist or Invalid login credentials . However there might be connection errors, for example when the server URL provided is incorrect.