tenable
Impossible Parameters for Plugin Scan
Describe the bug Not clear how to launch plugin scans using sc.scans.create() On one hand, it requires a policy_id. However when supplying a policy_id, it states that plugin_id and policy_id can't be simultaneously specified.
To Reproduce
sc.scans.create('test', 1, targets=['192.168.1.1'], plugin_id=155000)
restfly.errors.APIError: [403: POST] https://REDACTED:443/rest/scan body=b'{"type":"regular","response":"","error_code":146,"error_msg":"Please specify a valid Policy.\\n","warnings":[],"timestamp":1646329819}\n'
sc.scans.create('test', 1, targets=['192.168.1.1'], policy_id=1000002, plugin_id=155000)
restfly.errors.UnexpectedValueError: specify either a plugin_id or a policy_id for a scan, not both.
System Information (please complete the following information): TenableCore Tenable.sc 5.20 pyTenable 1.4.3 Python 3.8.10
Additional context Similar issue posted here: https://community.tenable.com/s/question/0D53a000087kUQNCA2/when-using-the-tenablesc-api-getting-conflicting-errors-trying-to-create-scan-with-pluginid
Remediation Scans are not like regular scans. When you run one from vulnerability analysis it creates a policy then runs a scan type of remediation. The issue when using a policy already created it going to run through all the plugins in that policy and not just the remediation plugin.
You can always use the post. I did a quick test and it seemed to work. Might have to play around with policy families also might have to work the timezone to make it scan immediately. You may need to add credentials either in the policy or in the scan.
def remediation_scan(self, plugin_id, ip_list, repo_id, server):
tenable = Tenable_Connect(username = self.username, password = self.password, cert = self.cert)
tenable.tsc_connect(server['server_address'])
now = datetime.now()
start_time = now.strftime("%Y%m%dT%H%M%S")
policy_json = {"name":"","description":"","context":"scan","status":-1,"createdTime":0,
"modifiedTime":0,"groups":[],"policyTemplate":{"id":1},"auditFiles":[],
"preferences":{"portscan_range":"0","tcp_scanner":"no","syn_scanner":"yes","udp_scanner":"no","syn_firewall_detection":"Automatic (normal)"},
"families":[{"id":"48","name":"VMware ESX Local Security Checks","type":"active","plugins":[{"id":plugin_id}]},{"id":"41","plugins":[{"id":"19506"}]}],"vmware_esx":[{"username":[username],"password":[password],"dont_verify_ssl":"no"}]}
remediation_policy_result = tenable.sc.post(f'policy', json=policy_json).json()
policy_id = remediation_policy_result['response']['id']
scan_json = {"name":"Remediation Scan of Plugin #{0}".format(plugin_id),
"description":"","context":"","status":-1,"createdTime":0,"modifiedTime":0,"groups":[],
"repository":{"id":repo_id},"schedule":{"start":"TZID=America/New_York:{0}".format(start_time),
"repeatRule":"FREQ=REMEDIATION;INTERVAL=1","type":"remediation","enabled":"true"},
"dhcpTracking":"true","emailOnLaunch":"false","emailOnFinish":"false","reports":[],
"type":"policy","policy":{"id":policy_id},"pluginID":plugin_id,"zone":{"id":-1},
"timeoutAction":"rollover","rolloverType":"template","scanningVirtualHosts":"false",
"classifyMitigatedAge":0,"assets":[],"ipList":ip_list,"credentials":[],"maxScanTime":"unlimited"}
remediation_scan_result = tenable.sc.post(f'scan', json=scan_json).json()
tenable.tsc_close()
return remediation_scan_result
Appreciate the response. I am actually doing something much like that in the interim, I just thought it worth bringing up that it doesn't seem like you can ever pass plugin_id as a parameter, (at least not in the way that the documentation suggests).
For clarification, I am not seeking to specify a policy, only a plugin ID. I'm just demonstrating that when you specify a plugin ID, it asks for a policy ID. When you do provide the policy ID, it says that plugin ID and policy ID can't be simultaneously specified.
From the docs:
https://pytenable.readthedocs.io/en/stable/api/sc/scans.html
plugin_id (int, optional) – The plugin id to use for a plugin-based scan.
