vman interface — VMware Salt API
vman interface
The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions
Run assessment of advisories in a policy
Parameters
| policy_uuid: | Policy UUID to assess. |
|---|
Response
Job ID for assessment run for specified policy.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.assess_policy( policy_uuid="1f90f261-1668-486e-a1d3-4dd68ef3020c" )
Response
RPCResponse( riq=4, ret={ "success": true, "errors": [], "jid": "20190125001746553804" }, error=None, warnings=[])
Commit Third Party Import Staging data to vman_results
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.commit_third_party_staging_data(import_uuid='some uuid'])
Response
RPCResponse( riq=4, error=None, warnings=[])
Delete unsupported advisory to state file link.
Parameters
| advisory_state_xref_uuid: | UUID of the advisory to state file linkage. |
|---|
Returns
None
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_advisory_state_link(advisory_state_xref_uuid='<advisory_state_file_xref_uuid>')
Response
RPCResponse( riq=4, ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448", error=None, warnings=[])
Delete connector for a vendor
Parameters
| vendor: | Vendor for which the connector is to be deleted. |
|---|
Returns
Number of connectors deleted.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_connector(vendor='tenable')
Response
RPCResponse( riq=4, ret=1, error=None, warnings=[])
Delete a specific exemption group.
Parameters
| exemption_group_uuid: | UUID of a specific exemption group to delete. |
|---|
Returns
Number of deleted exemption groups.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_exemption_group( exemption_group_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22", )
Response
RPCResponse( riq=4, ret=1 }, error=None, warnings=[])
Delete an existing vulnerability management policy.
Parameters
| policy_uuid: | UUID of the policy to delete. |
|---|
Returns
Response code from deleting the policy.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_policy( policy_uuid="db1ae70f-768e-4486-adae-b83546a09dea" )
Response
RPCResponse( riq=4, ret=True, error=None, warnings=[])
Delete Third Party Import Staging data
Parameters
| import_uuid: | UUID of the imported scan. |
|---|
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_third_party_staging_data(import_uuid=<some uuid>)
Response
RPCResponse( riq=4, error=None, warnings=[])
Download and ingest content
Download Vulneraiblity management tarball and expand the files into hub.opts['cachedir'] + /vman Once the download and expansion is complete, calls ingest to put them in the raas filesystem
Get advisories.
Parameters
| advisory_state_xref_uuid: | UUID of the advisory to state file linkage. |
|---|
Returns
None
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.delete_advisory_state_link(advisory_state_xref_uuid='<advisory_state_file_xref_uuid>')
Response
RPCResponse( riq=4, ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448", error=None, warnings=[])
Get assessment and remediation results for a policy
Parameters
| policy_uuid: | Get assessment and remediation results about this policy. |
|---|---|
| advisory_id: | Limit results to advisories matching this advisory ID. |
| display_name: | Limit results to display_names matching this display_name. |
| install_behavior: | Limit results to install_behaviors matching this install_behavior. |
| minion_id: | Limit results to minion matching one of this ID. |
| master_id: | Limit results to master matching one of this ID. |
| pending_reboot: | Limit results to pending_reboot matching 'null'/'true'/'false' |
| osfullname: | Limit results to OS matching name. |
| ipv4: | Limit results to matching IPv4. |
| ipv6: | Limit results to matching IPv6. |
| action: | Filter results by compliance action, assess or remediate. |
| include_in_response: | Choose the blocks that should appear in the response. |
| severity: | Filter results by severity. |
| advisory_title: | Filter results by partial advisory title match. |
| advisory_type: | Filter by advisory type. Valid values: supported, unsupported |
| cve_id: | Filter results by partial CVE ID match. |
| pkg_name: | Filter results by partial package name match. |
| pkg_status: | Filter results by package remediation status. Accepts a list of statuses. |
| sort_by: | Sort results by supplied field. |
| reverse: | Set to True to reverse sort order. |
| page: | Return results specified by page number. |
| limit: | Maximum number of results to return. |
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_advisory_minions( policy_uuid='26854b29-b122-4cc5-86ca-5d7ae3bdb107' )
Get connector for a vendor
Parameters
| vendor: | Vendor for which the connector parameters are required. |
|---|
Returns
Parameter values required to authenticate with the vendor API.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_connector(vendor='tenable')
Response
RPCResponse( riq=4, ret={'access_key': 'xxx', 'secret_key': 'xxx', 'url': 'https://cloud.tenable.com', '__secrets': ['access_key', 'secret_key']} error=None, warnings=[])
Get the parameters required for the connector to authenticate with vendor API.
Parameters
| vendor: | Vendor for which the connector parameters are required. |
|---|
Returns
Dictionary containing the parameters required to authenticate with the vendor API.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_connector_params(vendor='tenable')
Response
RPCResponse( riq=4, ret={ 'accessKey': None, 'secretKey': None, 'days_since': 90, 'url': 'https://cloud.tenable.com', '__secrets': ['accessKey', 'secretKey'] }, error=None, warnings=[])
Get the stats for the latest ingested content
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_content_stats()
Response
RPCResponse( riq=4, ret={ "creation_date": "2019-08-26T20:52:18.479319", "file_name": "vman_2019-08-26T20:52:18.479319_e5b4970e-250f-4b4e-b7a5-53df6e1d0448.tar.gz.e", "ingest_date": "2019-09-24T17:04:07.865149", "uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448", "build_number": "12345", }, error=None, warnings=[])
Get vulnerability detailed report
Parameters
| report_uuid: | UUID of report to retrieve. |
|---|
Return: JSON formatted report.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_detail_report( report_uuid="1471bdbc-c495-4211-b6f0-6e442ce4dde6" )
Response
RPCResponse( riq=4, ret={ "minions": { "master2": [ { "usage": { "cmd": [], "enabled": [], "network": [], "running": [] }, "comment": null, "pkg_name": "glibc", "severity": "medium", "master_id": "master2_master", "advisory_id": "CESA-2019:2118", "master_uuid": "60522eca-8ad0-43fb-9461-171027e03deb", "advisory_uuid": "082e07e7-6abd-4617-b4d9-0800091baa9b", "pkg_version_target": "2.17-292.el7", "pkg_version_current": "2.17-260.el7_6.6", "pkg_version_advisory": "2.17-292.el7" }, ] }, "advisories": { "CESA-2016:1064": { "info": { "cve": { "uuid": "027bc255-638b-409b-9e66-613538cc93c8", "cve_id": "CVE-2016-2149", "cvssv2": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "cvssv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "references": { "REDHAT": { "url": "https://access.redhat.com/errata/RHSA-2016:1064", "name": "RHSA-2016:1064" } }, "cvssv2_base": 4.0, "cvssv3_base": 6.5, "description": "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users", "published_date": "2016-06-08T17:59:00", "cvssv2_severity": "MEDIUM", "cvssv3_severity": "MEDIUM", "cvssv2_impact_score": 2.9, "cvssv3_impact_score": 2.9 }, "uuid": "18b865af-47ad-4786-8124-d0748a0bb1f2", "title": "CentOS OpenShift Enterprise 3.2 security, bug fix, and enhancement update", "packages": { "el7": { "kibana": "4.1.2-2.el7aos", "lucene": "4.10.4.redhat_1-5.el7", "rubygem-fluent-plugin-kubernetes_metadata_filter-doc": "0.12.0-1.el7aos" } }, "severity": "high", "advisory_id": "CESA-2016:1064", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform", }, "minions": [ "master2" ] }, }, "meta": { "policy_uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b", "policy_name": "awesome policy", "target_group_name": "All Minions", "creation_date": "2019-09-24T17:11:57.449781", "function": "policy.assessment", "critical": 42, "high": 104, "medium": 136, "low": 0, "none": 0 } }, error=None, warnings=[])
Get exemption groups.
An exemption group is a combination of minions and advisories that will not be remediated, with an associated reason - perhaps your infrastructure requires an unsecure package, etc.
Parameters
| policy_uuid: | UUID of the associated policy. |
|---|---|
| exemption_group_uuid: | UUID of a specific exemption group to return. |
Returns
List of exemptions groups for the policy.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_exemption_groups( policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22", )
Response
RPCResponse( riq=4, ret={ "count": 1, "results": [{ "uuid": "3a776df3-9c4d-4d54-8e1f-dc0c189f0f68", "policy_uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22", "advisory_uuid": "02b952e3-1d8c-4db3-8771-3edf23e0a0dd", "master_id": "master1_master", "minion_id": "oracle", "reason": "Approved by CISO" }] }, error=None, warnings=[])
Get exemptions
Parameters
| policy_uuid: | UUID of the policy. |
|---|---|
| exemption_uuid: | UUID of the exemption. |
Returns
List of matching advisories (either by policy_uuid or exemption_id or both)
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_exemptions( policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22", exemption_uuid="3a776df3-9c4d-4d54-8e1f-dc0c189f0f68" )
Response
RPCResponse( riq=4, ret={ "count": 1, "results": [{ "uuid": "3a776df3-9c4d-4d54-8e1f-dc0c189f0f68", "policy_uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22", "advisory_uuid": "02b952e3-1d8c-4db3-8771-3edf23e0a0dd", "master_id": "master1_master", "minion_id": "oracle", "reason": "Approved by CISO" }] }, error=None, warnings=[])
Get summary information on vulnerability management policies
Parameters
| policy_uuids: | List of vulnerability management policy UUIDs. This parameter is optional when retrieving a list of policies. |
|---|---|
| names: | List of vulnerability management policy names. This parameter is optional when retrieving a list of policies. |
| tgt_uuids: | List of policy target group UUIDs. This parameter accepts one or more tgt_uuids. |
| sort_by: | Sort results by supplied field. |
| reverse: | Set to True to reverse sort order. |
| page: | Return results specified by page number. |
| limit: | Maximum number of policies to return. |
Returns
List of policies matching the request criteria.
Examples
Request 1
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_policies( policy_uuids=[ "a5aa646e-f7fe-4d99-945b-7e40b929df7b", ], )
Response 1
RPCResponse( riq=4, ret={ "count": 1, "results": [ { "uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b", "name": "awesome policy", "tgt_uuid": "7f93b928-388b-11e6-b133-346895ecb8f3", "tgt_name": "All Minions", "schedule_uuid": null, "last_update": "2019-07-18T19:55:05.617862", "last_assess_jid": "20190719154009438906", "last_assess_timestamp": "2019-07-19T15:40:09.402146", "last_remed_jid": null, "last_remed_timestamp": null, "stats": { "CRITICAL": 1 }, "schedule": null, "minions_assessed": 4 } ] }, error=None, warnings=[])
Get assessment and remediation runs against the policy
Parameters
| policy_uuid: | UUID of the policy. |
|---|---|
| jid: | Job ID |
| fun: | Job function name. |
| state: | Filter by one or more statuses of the assessment or remediation runs. |
| user: | Name of the user who ran the policy. |
| expected: | Number of expected minions to return a result. |
| returned: | Number of minions which returned a result. |
| sort_by: | Sort results by supplied field. |
| reverse: | Set to True to reverse sort order. |
| page: | Return results specified by page number. |
| limit: | Maximum number of results to return. |
Returns
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_policy_run_history( policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22" )
Response
RPCResponse( riq=4, ret={ "count": 2, "results": [{ "jid": "20190127194046350020", "state": "completed_failures", "fun": "policy.assessment", "user": "root", "expected": 8, "returned": 8, "returned_good": 5, "returned_failed": 3, "create_time": "2019-01-27T19:42:53.087028", "user_uuid": "80c67364-cb31-4f4b-972a-e7ea3f752bb8", "uuid": "e912435e-2c38-4cfa-aa1e-985c83aa8a22", "name": "demo", "tgt_uuid": "7f93b928-388b-11e6-b133-346895ecb8f3", "schedule_uuid": null, "last_update": "2019-01-27T19:40:40.544772", "last_assess_jid": "20190127194046350020", "last_assess_timestamp": "2019-01-27T19:40:46.323247", "last_remed_jid": null, "last_remed_timestamp": null }] }, error=None, warnings=[]
Get vulnerability summary reports
Parameters
| policy_uuid: | UUID of policy. Optional, when None, daily aggregated reports |
|---|
are returned.
| fun: | Filter by funciton, should be policy.assessment or policy.remediate. |
|---|---|
| start_date: | Get reports on or after date. |
| end_date: | Get reports on or before date. |
| sort_by: | Sort on field, should be date only. |
| reverse: | Reverse list order. true or false. |
| page: | Page number, default is 0. |
| limit: | Number of results returned. Default: 40. |
Returns: List of reports
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_reports()
Response
RPCResponse( riq=4, ret={ "count": 1, "results": [ { "report_uuid": "53b79e83-1269-43fb-8e0f-f4d4c201df30", "date": "2019-09-24", "creation_date": "2019-09-24T17:11:57.449781", "policy_uuid": "a5aa646e-f7fe-4d99-945b-7e40b929df7b", "fun": "policy.assessment", "critical": 42, "high": 104, "medium": 136, "low": 0, "none": 0, "policy_name": "awesome policy", "target_group_name": "All Minions", "top_advisories": [ { "name": "systemd security, bug fix, and enhancement update", "uuid": "b4c3b40a-9f11-42e4-8777-df541f20f816", "score": 9.8, "minions": 6 }, { "name": "systemd security, bug fix, and enhancement update", "uuid": "91a0b654-cb2b-48eb-b27c-b085fd035ffa", "score": 9.8, "minions": 6 }, { "name": "perl security update", "uuid": "4c4549b4-564a-446f-af0e-fd642df58dc8", "score": 9.8, "minions": 2 }, { "name": "libssh2 security, bug fix, and enhancement update", "uuid": "9acffe23-1344-4d0a-895b-e4cc63d4bcd3", "score": 9.1, "minions": 2 }, { "name": "curl security and bug fix update", "uuid": "7e3c8b03-38da-40a5-b0bf-e689216e3dda", "score": 9.1, "minions": 4 } ] } ] }, error=None, warnings=[])
Get the number of minion/packages selected for import
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_selected_for_import_cnt(import_uuid='some uuid', advisory_type=VmanAdvisoryType.SUPPORTED)
Response
RPCResponse( riq=4, ret={'count': 1}, error=None, warnings=[])
Get statistics for Vulnerability management policies
Get statistics History for vulnerability management
Parameters
| since_time: | Filter results by time. |
|---|---|
| time_unit: | Unit of time to filter the results. |
| sort_by: | Sort results by supplied field. |
| reverse: | Set to True to reverse sort order. |
| page: | Return results specified by page number. |
| limit: | Maximum number of results to return. |
Returns
Returns stats history.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_stats_history( since_time=7300, time_unit="days" )
Get supported advisories from third Party Import Staging data
Parameters
| import_uuid: | UUID of the imported scan. |
|---|---|
| advisory_id: | Filter by this advisory id. Optional. |
| minion_id: | Filter by this minion_id. Optional. |
| sort_by: | Sort by advisory_id or minion_id. Optional. |
| reverse: | Sort in descending order when True. Optional. |
| page: | Show the results of this page. Starts at 0. Optional. |
| limit: | Limit the results to these many records. Default 50. Optional. |
Returns
Dictionary of records with the supported advisories.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_supported_advisories(import_uuid="e5b4970e-250f-4b4e-b7a5-53df6e1d0448")
Response
RPCResponse( riq=4, ret={'count': 1, 'results': [{'advisory_uuid': '408675a7-336f-4b15-9bba-7737c263974c', 'advisory_id': 'CESA-2019:2136', 'advisory_name': 'Dummy advisory - 9876', 'comment': '', 'duration': 0.0, 'fun': 'policy.assessment', 'import_uuid': 'b1a050a3-51a5-4885-974a-91f4264e2510', 'master_id': 'master1', 'master_uuid': 'f635ffa4-9ebc-407a-a90c-b9f3b7e96864', 'minion_id': 'minion1', 'pkg_name': 'libcheetoh4', 'pkg_version_advisory': '7.58.0-2ubuntu3', 'selected_for_import': False, 'severity': 'high', 'start_time': None, 'tpa_uuid': 'c00f526f-73f8-408b-903e-2600b03a16a9', 'uuid': '060df507-12a9-4909-b1be-9fc39aba0130'}], }, error=None, warnings=[])
Get the details of a third party assessment import.
Parameters
| import_uuid: | UUID of the third party import. |
|---|
Returns
Metadata of the imported scan.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_third_party_import(import_uuid='e5b4970e-250f-4b4e-b7a5-53df6e1d0448')
Response
RPCResponse( riq=4, ret={ "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448", "policy_uuid": "fd678e0e-859a-4b4e-b7a5-43ab6d1f0635", "tp_source": "tenable", "start_time": "2019-09-24T17:04:07.865149", "end_time": "2019-09-24T17:04:07.865149", "creation_date": "2019-09-24T20:04:07.865149", "analysis_stats": {"supported": 0, "missing_advisory_id": 0, "missing_minion": 43}, "state": "complete", }, error=None, warnings=[])
Get unsupported advisories from third Party Import Staging data
Parameters
| import_uuid: | UUID of the imported scan. |
|---|---|
| advisory_id: | Filter by this advisory id. Optional. |
| ip: | Filter by this ip. Optional. |
| advisory_type: | Type of advisory requested. Optional. Valid values: unmatched, unsupported. |
| sort_by: | Sort by advisory_id or ip. Optional. |
| reverse: | Sort in descending order when True. Optional. |
| page: | Show the results of this page. Starts at 0. Optional. |
| limit: | Limit the results to these many records. Default 50. Optional. |
Returns
Dictionary of records with the unsupported advisories with comments.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_unsupported_advisories(import_uuid="e5b4970e-250f-4b4e-b7a5-53df6e1d0448")
Response
RPCResponse( riq=4, ret={'count': 59, 'results': [{'analysis_comment': 'cannot find minion with ipv4 10.0.2.7', 'import_uuid': '246e7c39-a6a3-418c-ac83-c3d99a7daaa6', 'importable': False, 'tp_advisory_id': 'CESA-2019:2118', 'tp_extra_data': {'@pluginFamily': 'Settings', '@pluginID': '19506', '@pluginName': 'Nessus Scan Information', '@port': '0', '@protocol': 'tcp', '@severity': '0', '@svc_name': 'general', 'canvas_package': 'CANVAS', 'cve': ['CVE-2018-12641', 'CVE-2018-12697', 'CVE-2018-1000876'], 'cvss3_base_score': '7.8', 'cvss3_temporal_score': '4.9', 'cvss3_temporal_vector': 'E:F/RL:O/RC:C', 'cvss3_vector': 'AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'cvss_base_score': '5.0', 'cvss_temporal_score': '4.1', 'cvss_temporal_vector': 'E:F/RL:OF/RC:C', 'cvss_vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'description': 'This plugin displays, for each tested host...', 'exploit_available': 'true', 'exploit_framework_canvas': 'true', 'patch_publication_date': '2019/08/29', 'plugin_modification_date': '2019/03/06', 'plugin_output': 'Information about this scan ...', 'plugin_publication_date': '2005/08/26', 'plugin_type': 'summary', 'risk_factor': 'None', 'script_version': '1.92', 'see_also': 'http://cpe.mitre.org/', 'solution': 'n/a', 'synopsis': 'This plugin displays information ...', 'tag': {'Credentialed_Scan': 'true', 'HOST_END': 'Mon Oct 07 21:01:47 2019', 'HOST_START': 'Mon Oct 07 20:10:02 2019', 'LastAuthenticatedResults': '1570480482', 'TAG': '7cc53eac7bfa4abda85309c9416b9e42', 'host-fqdn': 'master2', 'host-ip': '10.0.2.7', 'host-uuid': '8837e032-e1be-4fcb-acb9-50cb7fd5df2a', 'hostname': 'master2', 'local-checks-proto': 'local', 'mac-address': '02:42:0A:64:00:0B', 'netbios-name': 'master2', 'operating-system': 'Linux Kernel ' '4.9.184-linuxkit ' 'on CentOS Linux ' 'release 7.6.1810 ' '(Core)', 'os': 'linux', 'policy-used': 'Basic Agent Scan', 'system-type': 'general-purpose'}, 'vuln_publication_date': '2018/06/22', 'xref': 'CESA:2019:2075'}, 'tp_ip': '10.0.2.7', 'uuid': '040f1995-90bb-4776-979b-dab5bfd96ccb' }] }, error=None, warnings=[])
Get the list of vendors having connector support in raas.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.get_vendors_with_connector_support()
Response
RPCResponse( riq=4, ret=['tenable'], error=None, warnings=[])
Import third party assessment into RaaS.
Parameters
| thirdparty_source: | Third party sources like tenable where the scan data (xml) is imported from. |
|---|---|
| data: | Contents of the scan data (xml). |
| policy_uuid: | UUID of the policy to import the scan data. |
| policy_name: | Name of the policy to import the scan data. |
Returns
A dictionary containing import_uuid and stats about the scan data imported.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.import_scan(policy_name='third_party', thirdparty_source='tenable', data='<xmldata>goes here</xmldata>')
Response
RPCResponse( riq=4, ret={ "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448", "supported": 0, "missing_advisory_id": 0, "missing_minion": 43 }, error=None, warnings=[])
Import third party assessment into RaaS via API integration.
Parameters
| thirdparty_source: | Third party sources like tenable where the scan data is imported from. |
|---|---|
| policy_uuid: | UUID of the policy to import the scan data. |
Returns
A dictionary containing import_uuid
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.import_scan(policy_uuid='<policy_uuid>', thirdparty_source='tenable')
Response
RPCResponse( riq=4, ret={ "import_uuid": "e5b4970e-250f-4b4e-b7a5-53df6e1d0448", }, error=None, warnings=[])
Check if Vulnerability Management feature is available.
Remediate one or more advisories in a policy
Parameters
| policy_uuid: | UUID of the policy to remediate. |
|---|---|
| check_uuids: | Check UUIDs included in the policy to remediate. |
| minions: | Minions to remediate. |
| pre_remediation: | State file to run before remediation routine. |
| post_remediation: | State file to run after remediation routine. |
Response
Job ID for remediation run.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.remediate_policy( policy_uuid="3c625016-9dbf-44d8-b97c-17f4361b78a0", minions={"master2_master":["master2"]}, check_uuids=["80492e63-af0b-41c8-9a5b-b202be658561"], pre_remediation={"saltenv": "base", "location": "/states/pre_run.sls"}, post_remediation={"saltenv": "other", "location": "/states/post_run_thing.sls"} )
Response
RPCResponse( riq=4, ret={ "success": true, "errors": [], "jid": "20190125002727876899" }, error=None, warnings=[])
Save unsupported advisory to state link.
Parameters
| policy_uuid: | UUID of the vulnerability management policy. |
|---|---|
| advisory_id: | ID of the unsupported advisory. |
| state_file_uuid: | UUID of the state file to be attached to the advisory. |
| link_to_policy: | State file will be linked only to this policy when True. Otherwise, the state file will be available across all policies. |
Returns
UUID of the state file attached to the unsupported advisory.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.save_advisory_state_link(policy_uuid='<policy_uuid>', advisory_id='<advisory_id>', state_file_uuid='<state_file_uuid>', link_to_policy=False)
Response
RPCResponse( riq=4, ret="e5b4970e-250f-4b4e-b7a5-53df6e1d0448", error=None, warnings=[])
Save connector for a vendor
Parameters
| vendor: | Vendor for which the connector parameters are required. |
|---|---|
| connector_params: | Dictionary of connector parameters for the vendor. |
tenable
| accessKey: | Access Key from https://cloud.tenable.com |
|---|---|
| secretKey: | Secret Key from https://cloud.tenable.com |
| days_since: | Import vulnerabilities reported for the past so many days. |
Returns
Dictionary containing the parameters required to authenticate with the vendor API.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.save_connector(vendor='tenable', connector_params={'accessKey': 'xxx', 'secretKey': 'xxx', 'url': 'https://cloud.tenable.com'})
Response
RPCResponse( riq=4, ret=None error=None, warnings=[])
Add or update an exemption on a policy
Parameters
| policy_uuid: | UUID of the policy. |
|---|---|
| reason: | Reason for exemption. |
| advisory_uuids: | UUIDs of checks that are exempt. |
| minion_ids: | Minion IDs that are exempt. |
Returns
UUID of exemption group or error code from saving exemption.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.save_exemption_group( policy_uuid="e912435e-2c38-4cfa-aa1e-985c83aa8a22", reason="Approved by CISO", minion_ids=[{"master1_master":["oracle"]}], advisory_uuids=["70ceb294-0ce0-4144-8e8a-26301609cce1"] )
Response
RPCResponse( riq=4, ret="3a776df3-9c4d-4d54-8e1f-dc0c189f0f68", error=None, warnings=[])
Save a new vulnerability management policy or update an existing one.
Parameters
| name: | Name of the vulnerability management policy. |
|---|---|
| tgt_uuid: | UUID of the target group the policy applies to. |
| policy_uuid: | UUID of the policy. This parameter is optional when creating a new policy and required when updating an existing policy. |
| schedule: | Optional dict defining schedule for running policy assessment. For details on the schedule structure, see the schedule parameter of the schedule.save() RPC method. |
Returns
UUID of the new or updated policy.
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.save_policy( name="Policy 1", tgt_uuid="919193da-604e-456d-87c4-90860f5e8b59", )
Return
RPCResponse( riq=4, ret="de301811-80d2-4a89-bd24-93d025347394", error=None, warnings=[])
Update All Third Party Import Staging data by import_uuid
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.update_all_third_party_staging_data(import_uuid='some uuid', selected_for_import=True)
Response
RPCResponse( riq=4, error=None, warnings=[])
Update Third Party Import Staging data
Examples
Request
from sseapiclient import APIClient client = APIClient('http://localhost', 'root', 'salt') client.api.vman.update_third_party_staging_data(tpmp_uuids=['some uuid', 'another uuid'], selected_for_import=True)
Response
RPCResponse( riq=4, error=None, warnings=[])