Tenable Security Center API: ARC

Gets the list of ARCs

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**running
**status
**result
**policyStatements*
creator
owner
groups
ownerGroup
targetGroup
lastUpdateTime
lastCompletedUpdateTime
lastComplianceUpdateTime
createdTIme
modifiedTIme
focusFilters
schedule
canUse
canManage
order
activated

Legend

* = always comes back

** = comes back if fields list not specified on GET all
* = policyStatements field on /arc::GET will return a minimal set of Policy Statement fields. This includes the fields: id, label, baseStatus, compliantStatus, drilldownStatus, and displayType

redFont =  field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable ARCs. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable ARCs. By default, both usable and manageable objects are returned.
activated - the response returns an 'usable' object containing an array of objects with only activated ARCs for the session user. This is not compatible with usable and/or manageable filters.

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

{     "type" : "regular",     "response" : {         "usable" : [             {                 "running" : "false",                 "id" : "1",                 "name" : "POST TEST",                 "description" : "",                 "policyStatements" : [                     {                         "id" : "1",                         "label" : "label",                         "baseStatus" : "0",                         "compliantStatus" : "0",                         "drilldownStatus" : "0",                         "displayType" : "state"                 }                 ],                 "result" : "fail",                 "status" : 0             }         ],         "manageable" : [             {                 "running" : "false",                 "id" : "1",                 "name" : "POST TEST",                 "description" : "",                 "policyStatements" : [                     {                         "id" : "1",                         "label" : "label",                         "baseStatus" : "0",                         "compliantStatus" : "0",                         "drilldownStatus" : "0",                         "displayType" : "state"                 }                 ],                 "result" : "fail",                 "status" : 0             }         ]     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1413315427 }

Adds an ARC

NOTE #1: ARC add will automatically "prepare" the files for its Assets.

NOTE #2: *For valid filternames based on queryType or combination asset format, see /query::POST.

Request Parameters

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72

{     "name" : <string>,     "order" : <number>,     "description" : <string> DEFAULT "",     "schedule" : {         "type" : <string> "ical" | "never",        type "ical"     -----------         "start" : <string> (This value takes the iCal format),         "repeatRule" : <string> (This value takes the repeat rule format)     },     "ownerID" : <number> DEFAULT (Session User ID),     "policyStatements" : [         {             "label" : <string>,             "queryType" : <string> "vuln" | "lce",             "conditionalName" : <string> "hosts" | "ports" | "records",             "conditionalOperator" : <string> "Any" | "No" | "All" | ">" | "<" | ">=" | "<=",             "displayType" : <string> "percentage" | "ratio" | "state",             "baseFilters" : [                 {                     "filterName" : <string> (valid Query filterName based on queryType),                     "value : (Format depends on filter's "filterName" parameter)                     "operator" : <string> (Options depend on filter's "filterName" parameter*)                 }             ] DEFAULT [],             "compliantFilters" : [                 {                     "filterName" : <string> (valid Query filterName based on queryType),                     "value : (Format depends on filter's "filterName" parameter)                     "operator" : <string> (Options depend on filter's "filterName" parameter*)                 }             ],             "drilldownFilters" : [                 {                     "filterName" : <string> (valid Query filterName based on queryType),                     "value : (Format depends on filter's "filterName" parameter)                     "operator" : <string> (Options depend on filter's "filterName" parameter*)                 }             ],                 "conditionalOperator" is ">" | "<" | ">=" | "<="            ------------------------------------------------             "conditionalValue" : <number>     }...     ],     "focusFilters" : [         {             "operator" : <string> ">" | "<" | ">=" | "<=" | "=",             "filterName" : <string> "asset" | "repository" | "ip",                 "filterName" is "asset" and "operator" is "~"           ---------------------------------------------             "value" : {                 (combination asset*)             }                 "filterName" is "asset" and "operator" is not "~"           -------------------------------------------------             "value" : {                 "id" : <number>           }               "filterName" is "repository"            ----------------------------             "value" : [                 {                     "id" : <number>               }...             ]               "filterName" is "ip"            --------------------             "value" : <string> (valid IP or IP list)         }...     ] OPTIONAL     ... }

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

{     "type" : "regular",     "response" : {         "id" : "1",         "name" : "POST TEST",         "description" : "",         "running" : "false",         "lastUpdateTime" : "1648781875",         "lastCompletedUpdateTime" : "1648781875",         "lastComplianceUpdateTime" : "1648781875",         "createdTime" : "1648781858",         "modifiedTime" : "1648781858",         "focusFilters" : [             {                 "filterName" : "ip",                 "operator" : "=",                 "value" : "172.26.20.0"         }         ],         "order" : "0",         "activated" : "true",         "groups" : [],         "policyStatements" : [             {                 "id" : "1",                 "arcID" : "1",                 "label" : "POST TEST Label",                 "baseFilters" : [                     {                         "filterName" : "ip",                         "operator" : "=",                         "value" : "172.26.20.0"                 }                 ],                 "compliantFilters" : [                     {                         "filterName" : "repository",                         "operator" : "=",                         "value" : {                             "id" : "24",                             "name" : "IPv4 Repo",                             "description" : "",                             "type" : "Local",                             "uuid" : "FC6B1EF4-A899-4AAD-9AEB-43A6D5DD01C2"                     }                     }                 ],                 "drilldownFilters" : [                     {                         "filterName" : "asset",                         "operator" : "=",                         "value" : {                             "id" : "9",                             "name" : "Linux Hosts",                             "description" : "The operating system detected has Linux installed.",                             "uuid" : "2DF066B8-F310-44BB-B6BE-BC6D5BDEE0AB"                     }                     }                 ],                 "baseStatus" : "0",                 "compliantStatus" : "0",                 "drilldownStatus" : "0",                 "conditionalName" : "hosts",                 "conditionalOperator" : "All",                 "conditionalValue" : "",                 "displayType" : "ratio",                 "result" : "pass",                 "resultOutput" : "{\"x\":\"0\",\"y\":\"0\"}",                 "queryType" : "vuln",                 "drilldownQuery" : {                     "id" : "1640"               }             }         ],         "result" : "pass",         "status" : 0,         "schedule" : {             "id" : "123",             "type" : "ical",             "start" : "TZID=America\/New_York:20220331T230000",             "repeatRule" : "FREQ=DAILY;INTERVAL=1",             "nextRun" : 1648782000         },         "canUse" : "true",         "canManage" : "true",         "creator" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"     },         "owner" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"     },         "ownerGroup" : {             "id" : "0",             "name" : "Full Access",             "description" : "Full Access group"     }     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1413315326 }

Gets the ARC associated with {id}.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**running
**status
**result
**policyStatements*
creator
owner
groups
ownerGroup
targetGroup
lastUpdateTime
lastCompletedUpdateTime
lastComplianceUpdateTime
createdTIme
modifiedTIme
focusFilters
schedule
canUse
canManage
order
activated

Legend

* = always comes back

** = comes back if fields list not specified on GET all
* = policyStatements field on /arc/{id}::GET will return all Policy Statement fields

redFont =  field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

{     "type" : "regular",     "response" : {         "id" : "1",         "name" : "POST TEST",         "description" : "",         "running" : "false",         "lastUpdateTime" : "1648781875",         "lastCompletedUpdateTime" : "1648781875",         "lastComplianceUpdateTime" : "1648781875",         "createdTime" : "1648781858",         "modifiedTime" : "1648781858",         "focusFilters" : [             {                 "filterName" : "ip",                 "operator" : "=",                 "value" : "172.26.20.0"         }         ],         "order" : "0",         "activated" : "true",         "groups" : [],         "policyStatements" : [             {                 "id" : "1",                 "arcID" : "1",                 "label" : "POST TEST Label",                 "baseFilters" : [                     {                         "filterName" : "ip",                         "operator" : "=",                         "value" : "172.26.20.0"                 }                 ],                 "compliantFilters" : [                     {                         "filterName" : "repository",                         "operator" : "=",                         "value" : {                             "id" : "24",                             "name" : "IPv4 Repo",                             "description" : "",                             "type" : "Local",                             "uuid" : "FC6B1EF4-A899-4AAD-9AEB-43A6D5DD01C2"                     }                     }                 ],                 "drilldownFilters" : [                     {                         "filterName" : "asset",                         "operator" : "=",                         "value" : {                             "id" : "9",                             "name" : "Linux Hosts",                             "description" : "The operating system detected has Linux installed.",                             "uuid" : "2DF066B8-F310-44BB-B6BE-BC6D5BDEE0AB"                     }                     }                 ],                 "baseStatus" : "0",                 "compliantStatus" : "0",                 "drilldownStatus" : "0",                 "conditionalName" : "hosts",                 "conditionalOperator" : "All",                 "conditionalValue" : "",                 "displayType" : "ratio",                 "result" : "pass",                 "resultOutput" : "{\"x\":\"0\",\"y\":\"0\"}",                 "queryType" : "vuln",                 "drilldownQuery" : {                     "id" : "1640"               }             }         ],         "result" : "pass",         "status" : 0,         "schedule" : {             "id" : "123",             "type" : "ical",             "start" : "TZID=America\/New_York:20220331T230000",             "repeatRule" : "FREQ=DAILY;INTERVAL=1",             "nextRun" : 1648782000         },         "canUse" : "true",         "canManage" : "true",         "creator" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"     },         "owner" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"     },         "ownerGroup" : {             "id" : "0",             "name" : "Full Access",             "description" : "Full Access group"     }     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1413315326 }

Edits the ARC associated with {id}, changing only the passed in fields.

Request Parameters

NOTE #1: All PolicyStatements and FocusFilters must be provided or they will be removed.

NOTE #2: Order can only be specified if the ARC has been activated (it is activated automatically on add, but this could apply to shares).

(All fields are optional)

See /arc::POST for parameters.

Activating/Deactivating Shared ARCs

A user may call this endpoint for an ARC shared to them. They will only be able to activate, change order, or deactivate a shared ARC. They may only use the following Parameters:

Expand

1 2 3 4

{     "activated":"<boolean>",     "order":"<number>" (required if activated is "true") }

Example Response

Deletes the ARC associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8

{     "type" : "regular",     "response" : "",     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1403100582 }

Imports an ARC Template

Request Parameters

Expand

1 2 3 4

{     "filename":"<string>",     "order":"<number>" (optional) }

Example Response

Exports the ARC associated with {id}.

Request Parameters

Expand

1 2	{     "exportType":"(full|cleansed|placeholders|templates)"}

Example Response

Expand

1

<?xml version="1.0" encoding="UTF-8"?><arcTemplate>    <scVersion>5.0.0</scVersion>    <name>ARC with Assets</name>    <description>lkasdjflaskdj</description>    <focusFilters>YToxOntpOjA7YTozOntzOjEwOiJmaWx0ZXJOYW1lIjtzOjc6ImFzc2V0SUQiO3M6ODoib3BlcmF0b3IiO3M6MToifiI7czo1OiJ2YWx1ZSI7YTozOntzOjg6Im9wZXJhdG9yIjtzOjEyOiJpbnRlcnNlY3Rpb24iO3M6ODoib3BlcmFuZDEiO3M6MTA6Ii0xOlVua25vd24iO3M6ODoib3BlcmFuZDIiO3M6MTA6Ii0xOlVua25vd24iO319fQ==</focusFilters>    <policyStatements>        <policyStatement>            <label>PS</label>            <displayType>state</displayType>            <definition>YTo2OntzOjExOiJiYXNlRmlsdGVycyI7YToxOntpOjA7YTozOntzOjEwOiJmaWx0ZXJOYW1lIjtzOjI6ImlwIjtzOjg6Im9wZXJhdG9yIjtzOjE6Ij0iO3M6NToidmFsdWUiO3M6NzoiMS4xLjEuMSI7fX1zOjE2OiJjb21wbGlhbnRGaWx0ZXJzIjthOjE6e2k6MDthOjM6e3M6MTA6ImZpbHRlck5hbWUiO3M6MTM6ImJhc2VDVlNTU2NvcmUiO3M6ODoib3BlcmF0b3IiO3M6MToiPSI7czo1OiJ2YWx1ZSI7czozOiIyLTMiO319czoxNjoiZHJpbGxkb3duRmlsdGVycyI7YToxOntpOjA7YTozOntzOjEwOiJmaWx0ZXJOYW1lIjtzOjU6ImNjZUlEIjtzOjg6Im9wZXJhdG9yIjtzOjE6Ij0iO3M6NToidmFsdWUiO3M6NDoiMTIzMSI7fX1zOjE1OiJjb25kaXRpb25hbE5hbWUiO3M6NToiaG9zdHMiO3M6MTk6ImNvbmRpdGlvbmFsT3BlcmF0b3IiO3M6MzoiQWxsIjtzOjE2OiJjb25kaXRpb25hbFZhbHVlIjtzOjA6IiI7fQ==</definition>        </policyStatement>    </policyStatements>    <schedule>FREQ=DAILY;INTERVAL=1</schedule></arcTemplate>

Copies an existing ARC associated with {id}, depending on access and permissions.

Request Parameters

Expand

1 2 3 4

{     "name": <string>,     "description": <string> (optional) }

Example Response

Refreshes the Assurance Report Card associated with {id}.

Request Parameters

None

Example Response

Shares the ARC associated with {id}, depending on access and permissions

Request Parameters

Expand

1 2 3 4 5 6 7

{     "groups":         [             {<group ID record>},             ...         ] }

Example Response