pyTenable icon indicating copy to clipboard operation
pyTenable copied to clipboard
verified publisher icon tenable

Can't export all vulns (only for tha last 30 days)

Open peter-fakory opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe. When I use the indicated code it seems that it exports only vulns were last found in the last 30 days so how I can export all vulns ever?

Describe the solution you'd like is there away to filter with the same code to tell PyTenable export all vulns datra and not just those who were last found in the last 'e.g. 30/60/90 days'?

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Here is the code I'm using:

from tenable.io import TenableIO import pprint

access_key='ACCESS_KEY_GOES_HERE' secret_key='SECRET_KEY_GOES_HERE'

tio = TenableIO(access_key, secret_key, product='Export Vuln Data', build='0.0.1')

for vuln in tio.exports.vulns(): pprint.pprint(vuln)

peter-fakory avatar Apr 27 '23 19:04 peter-fakory

The default filters on the API itself are 30 days && only for licensed assets. For older data you would need to specify inclusion of unlicensed assets as well as a since parameter of much older. Note the include_unlicensed blag and the since filters here:

https://pytenable.readthedocs.io/en/stable/api/io/exports.html#tenable.io.exports.api.ExportsAPI.vulns

Also worth noting, that a given IO instance only allows for so many exports running at a time, and larger exports take much long and have significantly more data. It's why we generally recommend pulling the data statefully and tracking the data using deltas.

https://developer.tenable.com/docs/tenableio-integrations#data-exports

https://developer.tenable.com/docs/tenableio-integrations#vulnerability-exports

SteveMcGrath avatar Apr 27 '23 22:04 SteveMcGrath

Hi @SteveMcGrath is there any other filters that could be limiting results.? I'm using include_unlicensed=True and since=331189387 (June, 1980) and still receiving less than 1/2 of the vulns shown in cloud.tenable.

sanchirico avatar Jun 30 '23 01:06 sanchirico

@sanchirico just doubling back on this to see if this is still an issue? if not let me know and I can close the issue out. If we dont hear back within a week or so we'll close it out as well.

SteveMcGrath avatar Feb 12 '24 17:02 SteveMcGrath