vman interface — VMware Salt API

vman interface — VMware Salt API

vman interface

The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions

assess_policy(policy_uuid: <class 'uuid.UUID'>)
Returns: <class 'str'>

Run assessment of advisories in a policy

Parameters

policy_uuid:Policy UUID to assess.

Response

Job ID for assessment run for specified policy.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.assess_policy(
    policy_uuid="1f90f261-1668-486e-a1d3-4dd68ef3020c"
)
Response
RPCResponse(
    riq=4,
    ret={
        "success": true,
        "errors": [],
        "jid": "20190125001746553804"
    },
    error=None,
    warnings=[])
commit_third_party_staging_data(import_uuid: <class 'uuid.UUID'>)

Commit Third Party Import Staging data to vman_results

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.commit_third_party_staging_data(import_uuid='some uuid'])
Response
RPCResponse(
    riq=4,
    error=None,
    warnings=[])

Delete unsupported advisory to state file link.

Parameters

advisory_state_xref_uuid:UUID of the advisory to state file linkage.

Returns

None

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_advisory_state_link(advisory_state_xref_uuid='<advisory_state_file_xref_uuid>')
Response
RPCResponse(
    riq=4,
    ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
    error=None,
    warnings=[])
delete_connector(vendor: <class 'str'>)
Returns: <class 'int'>

Delete connector for a vendor

Parameters

vendor:Vendor for which the connector is to be deleted.

Returns

Number of connectors deleted.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_connector(vendor='tenable')
Response
RPCResponse(
    riq=4,
    ret=1,
    error=None,
    warnings=[])
delete_exemption_group(exemption_group_uuid: <class 'uuid.UUID'>)
Returns: <class 'int'>

Delete a specific exemption group.

Parameters

exemption_group_uuid:UUID of a specific exemption group to delete.

Returns

Number of deleted exemption groups.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_exemption_group(
    exemption_group_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22",
)
Response
RPCResponse(
    riq=4,
    ret=1
    },
    error=None,
    warnings=[])
delete_policy(policy_uuid: <class 'uuid.UUID'>)
Returns: <class 'bool'>

Delete an existing vulnerability management policy.

Parameters

policy_uuid:UUID of the policy to delete.

Returns

Response code from deleting the policy.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_policy(
    policy_uuid="db1ae70f-768e-4486-adae-b83546a09dea"
)
Response
RPCResponse(
    riq=4,
    ret=True,
    error=None,
    warnings=[])
delete_third_party_import(import_uuid: <class 'uuid.UUID'>)

Delete Third Party Import Staging data

Parameters

import_uuid:UUID of the imported scan.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_third_party_staging_data(import_uuid=<some uuid>)
Response
RPCResponse(
    riq=4,
    error=None,
    warnings=[])
download_content(auto_ingest: bool | None = True)
Returns: <class 'dict'>

Download and ingest content

Download Vulneraiblity management tarball and expand the files into hub.opts['cachedir'] + /vman Once the download and expansion is complete, calls ingest to put them in the raas filesystem

get_advisories(policy_uuid: uuid.UUID | None, advisory_state_xref_uuid: uuid.UUID | None, advisory_id: str | None, advisory_type: str | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get advisories.

Parameters

advisory_state_xref_uuid:UUID of the advisory to state file linkage.

Returns

None

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.delete_advisory_state_link(advisory_state_xref_uuid='<advisory_state_file_xref_uuid>')
Response
RPCResponse(
    riq=4,
    ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
    error=None,
    warnings=[])
get_advisory_minions(policy_uuid: <class 'uuid.UUID'>, advisory_id: str | None, display_name: str | None, install_behavior: str | None, minion_id: str | None, master_id: str | None, pending_reboot: str | None, osfullname: str | None, ipv4: str | None, ipv6: str | None, action: str | None, include_in_response: list[str] | None, severity: str | None, advisory_title: str | None, advisory_type: str | None = supported, cve_id: str | None, pkg_name: str | None, pkg_status: list[str] | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get assessment and remediation results for a policy

Parameters

policy_uuid:Get assessment and remediation results about this policy.
advisory_id:Limit results to advisories matching this advisory ID.
display_name:Limit results to display_names matching this display_name.
install_behavior:Limit results to install_behaviors matching this install_behavior.
minion_id:Limit results to minion matching one of this ID.
master_id:Limit results to master matching one of this ID.
pending_reboot:Limit results to pending_reboot matching 'null'/'true'/'false'
osfullname:Limit results to OS matching name.
ipv4:Limit results to matching IPv4.
ipv6:Limit results to matching IPv6.
action:Filter results by compliance action, assess or remediate.
include_in_response:Choose the blocks that should appear in the response.
severity:Filter results by severity.
advisory_title:Filter results by partial advisory title match.
advisory_type:Filter by advisory type. Valid values: supported, unsupported
cve_id:Filter results by partial CVE ID match.
pkg_name:Filter results by partial package name match.
pkg_status:Filter results by package remediation status. Accepts a list of statuses.
sort_by:Sort results by supplied field.
reverse:Set to True to reverse sort order.
page:Return results specified by page number.
limit:Maximum number of results to return.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_advisory_minions(
    policy_uuid='26854b29-b122-4cc5-86ca-5d7ae3bdb107'
)
get_connector(vendor: <class 'str'>)
Returns: <class 'dict'>

Get connector for a vendor

Parameters

vendor:Vendor for which the connector parameters are required.

Returns

Parameter values required to authenticate with the vendor API.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_connector(vendor='tenable')
Response
RPCResponse(
    riq=4,
    ret={'access_key': 'xxx', 'secret_key': 'xxx', 'url': 'https://cloud.tenable.com',
         '__secrets': ['access_key', 'secret_key']}
    error=None,
    warnings=[])
get_connector_params(vendor: <class 'str'>)
Returns: <class 'dict'>

Get the parameters required for the connector to authenticate with vendor API.

Parameters

vendor:Vendor for which the connector parameters are required.

Returns

Dictionary containing the parameters required to authenticate with the vendor API.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_connector_params(vendor='tenable')
Response
RPCResponse(
    riq=4,
    ret={
        'accessKey': None,
        'secretKey': None,
        'days_since': 90,
        'url': 'https://cloud.tenable.com',
        '__secrets': ['accessKey', 'secretKey']
    },
    error=None,
    warnings=[])
get_content_stats()
Returns: <class 'dict'>

Get the stats for the latest ingested content

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_content_stats()
Response
RPCResponse(
    riq=4,
    ret={
        "creation_date": "2019-08-26T20:52:18.479319",
        "file_name": "vman_2019-08-26T20:52:18.479319_e5b4970e-250f-4b4e-b7a5-53df6e1d0448.tar.gz.e",
        "ingest_date": "2019-09-24T17:04:07.865149",
        "uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
        "build_number": "12345",
    },
    error=None,
    warnings=[])
get_detail_report(report_uuid)

Get vulnerability detailed report

Parameters

report_uuid:UUID of report to retrieve.

Return: JSON formatted report.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_detail_report(
    report_uuid="1471bdbc-c495-4211-b6f0-6e442ce4dde6"
)
Response
RPCResponse(
    riq=4,
    ret={
        "minions": {
            "master2": [
                {
                    "usage": {
                        "cmd": [],
                        "enabled": [],
                        "network": [],
                        "running": []
                    },
                    "comment": null,
                    "pkg_name": "glibc",
                    "severity": "medium",
                    "master_id": "master2_master",
                    "advisory_id": "CESA-2019:2118",
                    "master_uuid": "60522eca-8ad0-43fb-9461-171027e03deb",
                    "advisory_uuid": "082e07e7-6abd-4617-b4d9-0800091baa9b",
                    "pkg_version_target": "2.17-292.el7",
                    "pkg_version_current": "2.17-260.el7_6.6",
                    "pkg_version_advisory": "2.17-292.el7"
                },
            ]
        },
        "advisories": {
            "CESA-2016:1064": {
                "info": {
                    "cve": {
                        "uuid": "027bc255-638b-409b-9e66-613538cc93c8",
                        "cve_id": "CVE-2016-2149",
                        "cvssv2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                        "cvssv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                        "references": {
                            "REDHAT": {
                                "url": "https://access.redhat.com/errata/RHSA-2016:1064",
                                "name": "RHSA-2016:1064"
                            }
                        },
                        "cvssv2_base": 4.0,
                        "cvssv3_base": 6.5,
                        "description": "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users",
                        "published_date": "2016-06-08T17:59:00",
                        "cvssv2_severity": "MEDIUM",
                        "cvssv3_severity": "MEDIUM",
                        "cvssv2_impact_score": 2.9,
                        "cvssv3_impact_score": 2.9
                    },
                    "uuid": "18b865af-47ad-4786-8124-d0748a0bb1f2",
                    "title": "CentOS OpenShift Enterprise 3.2 security, bug fix, and enhancement update",
                    "packages": {
                        "el7": {
                            "kibana": "4.1.2-2.el7aos",
                            "lucene": "4.10.4.redhat_1-5.el7",
                            "rubygem-fluent-plugin-kubernetes_metadata_filter-doc": "0.12.0-1.el7aos"
                        }
                    },
                    "severity": "high",
                    "advisory_id": "CESA-2016:1064",
                    "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform",
                },
                "minions": [
                    "master2"
                ]
            },

        },
        "meta": {
            "policy_uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b",
            "policy_name": "awesome policy",
            "target_group_name": "All Minions",
            "creation_date": "2019-09-24T17:11:57.449781",
            "function": "policy.assessment",
            "critical": 42,
            "high": 104,
            "medium": 136,
            "low": 0,
            "none": 0
        }
    },
    error=None,
    warnings=[])
get_exemption_groups(policy_uuid: <class 'uuid.UUID'>, exemption_group_uuid: <class 'uuid.UUID'>, page: <class 'int'>, limit: <class 'int'> = 50)
Returns: <class 'dict'>

Get exemption groups.

An exemption group is a combination of minions and advisories that will not be remediated, with an associated reason - perhaps your infrastructure requires an unsecure package, etc.

Parameters

policy_uuid:UUID of the associated policy.
exemption_group_uuid:UUID of a specific exemption group to return.

Returns

List of exemptions groups for the policy.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_exemption_groups(
    policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22",
)
Response
RPCResponse(
    riq=4,
    ret={
        "count": 1,
        "results": [{
            "uuid": "3a776df3-9c4d-4d54-8e1f-dc0c189f0f68",
            "policy_uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22",
            "advisory_uuid": "02b952e3-1d8c-4db3-8771-3edf23e0a0dd",
            "master_id": "master1_master",
            "minion_id": "oracle",
            "reason": "Approved by CISO"
        }]
    },
    error=None,
    warnings=[])
get_exemptions(policy_uuid: uuid.UUID | None, exemption_uuid: uuid.UUID | None)
Returns: <class 'dict'>

Get exemptions

Parameters

policy_uuid:UUID of the policy.
exemption_uuid:UUID of the exemption.

Returns

List of matching advisories (either by policy_uuid or exemption_id or both)

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_exemptions(
    policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22",
    exemption_uuid="3a776df3-9c4d-4d54-8e1f-dc0c189f0f68"
)
Response
RPCResponse(
    riq=4,
    ret={
        "count": 1,
        "results": [{
            "uuid": "3a776df3-9c4d-4d54-8e1f-dc0c189f0f68",
            "policy_uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22",
            "advisory_uuid": "02b952e3-1d8c-4db3-8771-3edf23e0a0dd",
            "master_id": "master1_master",
            "minion_id": "oracle",
            "reason": "Approved by CISO"
        }]
    },
    error=None,
    warnings=[])
get_policies(policy_uuids: list[uuid.UUID] | None, names: list[str] | None, tgt_uuids: list[uuid.UUID] | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get summary information on vulnerability management policies

Parameters

policy_uuids:List of vulnerability management policy UUIDs. This parameter is optional when retrieving a list of policies.
names:List of vulnerability management policy names. This parameter is optional when retrieving a list of policies.
tgt_uuids:List of policy target group UUIDs. This parameter accepts one or more tgt_uuids.
sort_by:Sort results by supplied field.
reverse:Set to True to reverse sort order.
page:Return results specified by page number.
limit:Maximum number of policies to return.

Returns

List of policies matching the request criteria.

Examples

Request 1
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_policies(
    policy_uuids=[
        "a5aa646e-f7fe-4d99-945b-7e40b929df7b",
    ],
)
Response 1
RPCResponse(
    riq=4,
    ret={
        "count": 1,
        "results": [
          {
            "uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b",
            "name": "awesome policy",
            "tgt_uuid": "7f93b928-388b-11e6-b133-346895ecb8f3",
            "tgt_name": "All Minions",
            "schedule_uuid": null,
            "last_update": "2019-07-18T19:55:05.617862",
            "last_assess_jid": "20190719154009438906",
            "last_assess_timestamp": "2019-07-19T15:40:09.402146",
            "last_remed_jid": null,
            "last_remed_timestamp": null,
            "stats": {
              "CRITICAL": 1
            },
            "schedule": null,
            "minions_assessed": 4
          }
        ]
    },
    error=None,
    warnings=[])
get_policy_run_history(policy_uuid: <class 'uuid.UUID'>, jid: str | None, state: list[str] | None, fun: str | None, user: str | None, expected: int | None, returned: int | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get assessment and remediation runs against the policy

Parameters

policy_uuid:UUID of the policy.
jid:Job ID
fun:Job function name.
state:Filter by one or more statuses of the assessment or remediation runs.
user:Name of the user who ran the policy.
expected:Number of expected minions to return a result.
returned:Number of minions which returned a result.
sort_by:Sort results by supplied field.
reverse:Set to True to reverse sort order.
page:Return results specified by page number.
limit:Maximum number of results to return.

Returns

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_policy_run_history(
    policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22"
)
Response
RPCResponse(
    riq=4,
    ret={
        "count": 2,
        "results": [{
            "jid": "20190127194046350020",
            "state": "completed_failures",
            "fun": "policy.assessment",
            "user": "root",
            "expected": 8,
            "returned": 8,
            "returned_good": 5,
            "returned_failed": 3,
            "create_time": "2019-01-27T19:42:53.087028",
            "user_uuid": "80c67364-cb31-4f4b-972a-e7ea3f752bb8",
            "uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22",
            "name": "demo",
            "tgt_uuid": "7f93b928-388b-11e6-b133-346895ecb8f3",
            "schedule_uuid": null,
            "last_update": "2019-01-27T19:40:40.544772",
            "last_assess_jid": "20190127194046350020",
            "last_assess_timestamp": "2019-01-27T19:40:46.323247",
            "last_remed_jid": null,
            "last_remed_timestamp": null
        }]
    },
    error=None,
    warnings=[]
get_reports(fun: str | None, start_date: datetime.date | None, end_date: datetime.date | None, policy_uuid: uuid.UUID | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get vulnerability summary reports

Parameters

policy_uuid:UUID of policy. Optional, when None, daily aggregated reports

are returned.

fun:Filter by funciton, should be policy.assessment or policy.remediate.
start_date:Get reports on or after date.
end_date:Get reports on or before date.
sort_by:Sort on field, should be date only.
reverse:Reverse list order. true or false.
page:Page number, default is 0.
limit:Number of results returned. Default: 40.

Returns: List of reports

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_reports()
Response
RPCResponse(
    riq=4,
    ret={
        "count": 1,
        "results": [
          {
            "report_uuid": "53b79e83-1269-43fb-8e0f-f4d4c201df30",
            "date": "2019-09-24",
            "creation_date": "2019-09-24T17:11:57.449781",
            "policy_uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b",
            "fun": "policy.assessment",
            "critical": 42,
            "high": 104,
            "medium": 136,
            "low": 0,
            "none": 0,
            "policy_name": "awesome policy",
            "target_group_name": "All Minions",
            "top_advisories": [
              {
                "name": "systemd security, bug fix, and enhancement update",
                "uuid": "b4c3b40a-9f11-42e4-8777-df541f20f816",
                "score": 9.8,
                "minions": 6
              },
              {
                "name": "systemd security, bug fix, and enhancement update",
                "uuid": "91a0b654-cb2b-48eb-b27c-b085fd035ffa",
                "score": 9.8,
                "minions": 6
              },
              {
                "name": "perl security update",
                "uuid": "4c4549b4-564a-446f-af0e-fd642df58dc8",
                "score": 9.8,
                "minions": 2
              },
              {
                "name": "libssh2 security, bug fix, and enhancement update",
                "uuid": "9acffe23-1344-4d0a-895b-e4cc63d4bcd3",
                "score": 9.1,
                "minions": 2
              },
              {
                "name": "curl security and bug fix update",
                "uuid": "7e3c8b03-38da-40a5-b0bf-e689216e3dda",
                "score": 9.1,
                "minions": 4
              }
            ]
          }
        ]
    },
    error=None,
    warnings=[])
get_selected_for_import_cnt(import_uuid: <class 'uuid.UUID'>, advisory_type: str | None)

Get the number of minion/packages selected for import

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_selected_for_import_cnt(import_uuid='some uuid', advisory_type=VmanAdvisoryType.SUPPORTED)
Response
RPCResponse(
    riq=4,
    ret={'count': 1},
    error=None,
    warnings=[])
get_stats(include_in_response: list[str] | None)
Returns: <class 'dict'>

Get statistics for Vulnerability management policies

get_stats_history(since_time: int | None = 1, time_unit: str | None = hours, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get statistics History for vulnerability management

Parameters

since_time:Filter results by time.
time_unit:Unit of time to filter the results.
sort_by:Sort results by supplied field.
reverse:Set to True to reverse sort order.
page:Return results specified by page number.
limit:Maximum number of results to return.

Returns

Returns stats history.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_stats_history(
    since_time=7300,
    time_unit="days"
)
get_supported_advisories(import_uuid: <class 'uuid.UUID'>, advisory_id: str | None, minion_id: str | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get supported advisories from third Party Import Staging data

Parameters

import_uuid:UUID of the imported scan.
advisory_id:Filter by this advisory id. Optional.
minion_id:Filter by this minion_id. Optional.
sort_by:Sort by advisory_id or minion_id. Optional.
reverse:Sort in descending order when True. Optional.
page:Show the results of this page. Starts at 0. Optional.
limit:Limit the results to these many records. Default 50. Optional.

Returns

Dictionary of records with the supported advisories.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_supported_advisories(import_uuid="e5b4970e-250f-4b4e-b7a5-53df6e1d0448")
Response
RPCResponse(
    riq=4,
    ret={'count': 1,
         'results': [{'advisory_uuid': '408675a7-336f-4b15-9bba-7737c263974c',
                      'advisory_id': 'CESA-2019:2136',
                      'advisory_name': 'Dummy advisory - 9876',
                      'comment': '',
                      'duration': 0.0,
                      'fun': 'policy.assessment',
                      'import_uuid': 'b1a050a3-51a5-4885-974a-91f4264e2510',
                      'master_id': 'master1',
                      'master_uuid': 'f635ffa4-9ebc-407a-a90c-b9f3b7e96864',
                      'minion_id': 'minion1',
                      'pkg_name': 'libcheetoh4',
                      'pkg_version_advisory': '7.58.0-2ubuntu3',
                      'selected_for_import': False,
                      'severity': 'high',
                      'start_time': None,
                      'tpa_uuid': 'c00f526f-73f8-408b-903e-2600b03a16a9',
                      'uuid': '060df507-12a9-4909-b1be-9fc39aba0130'}],
    },
    error=None,
    warnings=[])
get_third_party_import(import_uuid: <class 'uuid.UUID'>)
Returns: <class 'dict'>

Get the details of a third party assessment import.

Parameters

import_uuid:UUID of the third party import.

Returns

Metadata of the imported scan.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_third_party_import(import_uuid='e5b4970e-250f-4b4e-b7a5-53df6e1d0448')
Response
RPCResponse(
    riq=4,
    ret={
        "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
        "policy_uuid": "fd678e0e-859a-4b4e-b7a5-43ab6d1f0635",
        "tp_source": "tenable",
        "start_time": "2019-09-24T17:04:07.865149",
        "end_time": "2019-09-24T17:04:07.865149",
        "creation_date": "2019-09-24T20:04:07.865149",
        "analysis_stats": {"supported": 0, "missing_advisory_id": 0, "missing_minion": 43},
        "state": "complete",
    },
    error=None,
    warnings=[])
get_unsupported_advisories(import_uuid: <class 'uuid.UUID'>, advisory_id: str | None, ip: str | None, advisory_type: str | None, sort_by: str | None, reverse: bool | None, page: int | None, limit: int | None = 50)
Returns: <class 'dict'>

Get unsupported advisories from third Party Import Staging data

Parameters

import_uuid:UUID of the imported scan.
advisory_id:Filter by this advisory id. Optional.
ip:Filter by this ip. Optional.
advisory_type:Type of advisory requested. Optional. Valid values: unmatched, unsupported.
sort_by:Sort by advisory_id or ip. Optional.
reverse:Sort in descending order when True. Optional.
page:Show the results of this page. Starts at 0. Optional.
limit:Limit the results to these many records. Default 50. Optional.

Returns

Dictionary of records with the unsupported advisories with comments.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_unsupported_advisories(import_uuid="e5b4970e-250f-4b4e-b7a5-53df6e1d0448")
Response
RPCResponse(
    riq=4,
    ret={'count': 59,
         'results': [{'analysis_comment': 'cannot find minion with ipv4 10.0.2.7',
                      'import_uuid': '246e7c39-a6a3-418c-ac83-c3d99a7daaa6',
                      'importable': False,
                      'tp_advisory_id': 'CESA-2019:2118',
                      'tp_extra_data': {'@pluginFamily': 'Settings',
                                        '@pluginID': '19506',
                                        '@pluginName': 'Nessus Scan Information',
                                        '@port': '0',
                                        '@protocol': 'tcp',
                                        '@severity': '0',
                                        '@svc_name': 'general',
                                        'canvas_package': 'CANVAS',
                                        'cve': ['CVE-2018-12641',
                                                'CVE-2018-12697',
                                                'CVE-2018-1000876'],
                                        'cvss3_base_score': '7.8',
                                        'cvss3_temporal_score': '4.9',
                                        'cvss3_temporal_vector': 'E:F/RL:O/RC:C',
                                        'cvss3_vector': 'AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H',
                                        'cvss_base_score': '5.0',
                                        'cvss_temporal_score': '4.1',
                                        'cvss_temporal_vector': 'E:F/RL:OF/RC:C',
                                        'cvss_vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P',
                                        'description': 'This plugin displays, for each tested host...',
                                        'exploit_available': 'true',
                                        'exploit_framework_canvas': 'true',
                                        'patch_publication_date': '2019/08/29',
                                        'plugin_modification_date': '2019/03/06',
                                        'plugin_output': 'Information about this scan ...',
                                        'plugin_publication_date': '2005/08/26',
                                        'plugin_type': 'summary',
                                        'risk_factor': 'None',
                                        'script_version': '1.92',
                                        'see_also': 'http://cpe.mitre.org/',
                                        'solution': 'n/a',
                                        'synopsis': 'This plugin displays information ...',
                                        'tag': {'Credentialed_Scan': 'true',
                                                'HOST_END': 'Mon Oct 07 21:01:47 2019',
                                                'HOST_START': 'Mon Oct 07 20:10:02 2019',
                                                'LastAuthenticatedResults': '1570480482',
                                                'TAG': '7cc53eac7bfa4abda85309c9416b9e42',
                                                'host-fqdn': 'master2',
                                                'host-ip': '10.0.2.7',
                                                'host-uuid': '8837e032-e1be-4fcb-acb9-50cb7fd5df2a',
                                                'hostname': 'master2',
                                                'local-checks-proto': 'local',
                                                'mac-address': '02:42:0A:64:00:0B',
                                                'netbios-name': 'master2',
                                                'operating-system': 'Linux Kernel '
                                                                    '4.9.184-linuxkit '
                                                                    'on CentOS Linux '
                                                                    'release 7.6.1810 '
                                                                    '(Core)',
                                                'os': 'linux',
                                                'policy-used': 'Basic Agent Scan',
                                                'system-type': 'general-purpose'},
                                        'vuln_publication_date': '2018/06/22',
                                        'xref': 'CESA:2019:2075'},
                      'tp_ip': '10.0.2.7',
                      'uuid': '040f1995-90bb-4776-979b-dab5bfd96ccb'
            }]
    },
    error=None,
    warnings=[])
get_vendors_with_connector_support()
Returns: <class 'list'>

Get the list of vendors having connector support in raas.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.get_vendors_with_connector_support()
Response
RPCResponse(
    riq=4,
    ret=['tenable'],
    error=None,
    warnings=[])
import_scan(thirdparty_source: <class 'str'>, data: bytes | str, policy_uuid: uuid.UUID | None, policy_name: str | None)
Returns: <class 'dict'>

Import third party assessment into RaaS.

Parameters

thirdparty_source:Third party sources like tenable where the scan data (xml) is imported from.
data:Contents of the scan data (xml).
policy_uuid:UUID of the policy to import the scan data.
policy_name:Name of the policy to import the scan data.

Returns

A dictionary containing import_uuid and stats about the scan data imported.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.import_scan(policy_name='third_party',
                            thirdparty_source='tenable',
                            data='<xmldata>goes here</xmldata>')
Response
RPCResponse(
    riq=4,
    ret={
        "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
        "supported": 0,
        "missing_advisory_id": 0,
        "missing_minion": 43
    },
    error=None,
    warnings=[])
import_scan_via_api(thirdparty_source: <class 'str'>, policy_uuid: <class 'uuid.UUID'>)
Returns: <class 'dict'>

Import third party assessment into RaaS via API integration.

Parameters

thirdparty_source:Third party sources like tenable where the scan data is imported from.
policy_uuid:UUID of the policy to import the scan data.

Returns

A dictionary containing import_uuid

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.import_scan(policy_uuid='<policy_uuid>',
                            thirdparty_source='tenable')
Response
RPCResponse(
    riq=4,
    ret={
        "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
    },
    error=None,
    warnings=[])
ping()
Returns: <class 'bool'>

Check if Vulnerability Management feature is available.

remediate_policy(policy_uuid: <class 'uuid.UUID'>, advisory_ids: list[str] | None, minions: dict | None, pre_remediation: dict | None, post_remediation: dict | None)
Returns: <class 'str'>

Remediate one or more advisories in a policy

Parameters

policy_uuid:UUID of the policy to remediate.
check_uuids:Check UUIDs included in the policy to remediate.
minions:Minions to remediate.
pre_remediation:State file to run before remediation routine.
post_remediation:State file to run after remediation routine.

Response

Job ID for remediation run.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.remediate_policy(
    policy_uuid="3c625016-9dbf-44d8-b97c-17f4361b78a0",
    minions={"master2_master":["master2"]},
    check_uuids=["80492e63-af0b-41c8-9a5b-b202be658561"],
    pre_remediation={"saltenv": "base", "location": "/states/pre_run.sls"},
    post_remediation={"saltenv": "other", "location": "/states/post_run_thing.sls"}
)
Response
RPCResponse(
    riq=4,
    ret={
        "success": true,
        "errors": [],
        "jid": "20190125002727876899"
    },
    error=None,
    warnings=[])
Returns: <class 'uuid.UUID'>

Save unsupported advisory to state link.

Parameters

policy_uuid:UUID of the vulnerability management policy.
advisory_id:ID of the unsupported advisory.
state_file_uuid:UUID of the state file to be attached to the advisory.
link_to_policy:State file will be linked only to this policy when True. Otherwise, the state file will be available across all policies.

Returns

UUID of the state file attached to the unsupported advisory.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.save_advisory_state_link(policy_uuid='<policy_uuid>',
                                         advisory_id='<advisory_id>',
                                         state_file_uuid='<state_file_uuid>',
                                         link_to_policy=False)
Response
RPCResponse(
    riq=4,
    ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448",
    error=None,
    warnings=[])
save_connector(vendor: <class 'str'>, connector_params: <class 'dict'>)

Save connector for a vendor

Parameters

vendor:Vendor for which the connector parameters are required.
connector_params:Dictionary of connector parameters for the vendor.

tenable

accessKey:Access Key from https://cloud.tenable.com
secretKey:Secret Key from https://cloud.tenable.com
days_since:Import vulnerabilities reported for the past so many days.

Returns

Dictionary containing the parameters required to authenticate with the vendor API.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.save_connector(vendor='tenable',
    connector_params={'accessKey': 'xxx', 'secretKey': 'xxx', 'url': 'https://cloud.tenable.com'})
Response
RPCResponse(
    riq=4,
    ret=None
    error=None,
    warnings=[])
save_exemption_group(policy_uuid: <class 'uuid.UUID'>, reason: <class 'str'>, advisory_uuids: list[uuid.UUID] | None, minion_ids: list[dict] | None)
Returns: <class 'uuid.UUID'>

Add or update an exemption on a policy

Parameters

policy_uuid:UUID of the policy.
reason:Reason for exemption.
advisory_uuids:UUIDs of checks that are exempt.
minion_ids:Minion IDs that are exempt.

Returns

UUID of exemption group or error code from saving exemption.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.save_exemption_group(
    policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22",
    reason="Approved by CISO",
    minion_ids=[{"master1_master":["oracle"]}],
    advisory_uuids=["70ceb294-0ce0-4144-8e8a-26301609cce1"]
)
Response
RPCResponse(
    riq=4,
    ret="3a776df3-9c4d-4d54-8e1f-dc0c189f0f68",
    error=None,
    warnings=[])
save_policy(name: <class 'str'>, tgt_uuid: <class 'uuid.UUID'>, policy_uuid: uuid.UUID | None, schedule: dict | None)
Returns: <class 'uuid.UUID'>

Save a new vulnerability management policy or update an existing one.

Parameters

name:Name of the vulnerability management policy.
tgt_uuid:UUID of the target group the policy applies to.
policy_uuid:UUID of the policy. This parameter is optional when creating a new policy and required when updating an existing policy.
schedule:Optional dict defining schedule for running policy assessment. For details on the schedule structure, see the schedule parameter of the schedule.save() RPC method.

Returns

UUID of the new or updated policy.

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.save_policy(
    name="Policy 1",
    tgt_uuid="919193da-604e-456d-87c4-90860f5e8b59",
)
Return
RPCResponse(
    riq=4,
    ret="de301811-80d2-4a89-bd24-93d025347394",
    error=None,
    warnings=[])
update_all_third_party_staging_data(import_uuid: <class 'uuid.UUID'>, selected_for_import: <class 'bool'>, advisory_type: str | None = supported)

Update All Third Party Import Staging data by import_uuid

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.update_all_third_party_staging_data(import_uuid='some uuid',
                                                    selected_for_import=True)
Response
RPCResponse(
    riq=4,
    error=None,
    warnings=[])
update_third_party_staging_data(tpmp_uuids: list[uuid.UUID], selected_for_import: <class 'bool'>)

Update Third Party Import Staging data

Examples

Request
from sseapiclient import APIClient
client = APIClient('http://localhost', 'root', 'salt')
client.api.vman.update_third_party_staging_data(tpmp_uuids=['some uuid', 'another uuid'],
                                                selected_for_import=True)
Response
RPCResponse(
    riq=4,
    error=None,
    warnings=[])