Tenable Security Center API: AuditFile

 

/auditFile

Methods
GET

Gets the list of AuditFiles.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." If requested, typeFields returns as follows:

type "scapWindows" | "scapLinux" (SCAP): dataStreamName, benchmarkName, profileName, tailoringOriginalFilename
type not "scapWindows" | not "scapLinux" (Tenable): variables

Allowed Fields

*id
*uuid
**name
**description
**type
**status
groups

creator
version
context
filename
originalFilename
createdTime
modifiedTime
lastRefreshedTime
canUse
canManage
auditFileTemplate
typeFields 

Session User role not "1" (Administrator)

ownerGroup
targetGroup
owner

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Query Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable AuditFiles. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable AuditFiles. By default, both usable and manageable objects are returned.

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "5",
				"name" : "Admin - Top 25 extended File Listener",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "AC4697BA-EE58-4EBC-B05A-D3CCDF170D21"
			},
			{
				"id" : "6",
				"name" : "Admin - Top 25 lite",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "7F24580C-2601-44DD-96D1-1595AEB40731"
			},
			{
				"id" : "1000030",
				"name" : "Basic Audit File",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FCE9E39-A85A-4408-8796-5E892A015B69"
			},
			{
				"id" : "1000047",
				"name" : "With Scap",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "71479486-3ADB-461E-B0BF-2EDF615CDBDA"
			},
			{
				"id" : "1000048",
				"name" : "test12122",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "D91B78FC-92A4-46BE-AE72-2774CE2C63DE"
			},
			{
				"id" : "1000049",
				"name" : "Test",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "B4CED4AA-2852-42FC-8794-CCDC14E4434D"
			}
		],
		"manageable" : [
			{
				"id" : "1000030",
				"name" : "Basic Audit File",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FCE9E39-A85A-4408-8796-5E892A015B69"
			},
			{
				"id" : "1000047",
				"name" : "With Scap",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "71479486-3ADB-461E-B0BF-2EDF615CDBDA"
			},
			{
				"id" : "1000048",
				"name" : "test12122",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "D91B78FC-92A4-46BE-AE72-2774CE2C63DE"
			},
			{
				"id" : "1000049",
				"name" : "Test",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "B4CED4AA-2852-42FC-8794-CCDC14E4434D"
			},
			{
				"id" : "1000052",
				"name" : "AuditFileTest3",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FABA32D-B409-49D6-A13B-2A29D6014284"
			},
			{
				"id" : "1000054",
				"name" : "AuditFile Test 5",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "676FDD6A-5AFC-43FC-BE28-BAF7AD451B0D"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410981838
}

POST

Adds an AuditFile.

NOTE #1: The filename and tailoringFilename fields should contain the value of the same parameter passed back on a */file/upload::POST* if they are provided. The tailoringOriginalFilename field should contain the value of the tailoring file's original name, prior to upload if it is provided.
NOTE #2: For Tenable AuditFiles, field type must be sent as a blank string. SCAP AuditFile field type will be "scapWindows" or "scapLinux".
NOTE #3: AuditFile Template Variable names and values validation is limited to format only. They are not validated against the template's name/value pairs, nor are defaults set.

Request Parameters
Expand
{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"type" : <string> "scapWindows" | "scapLinux" | "" (Tenable Audit File)
...

type is "" (Tenable Audit File)

...
	"auditFileTemplate" : {
		"id" : <number> DEFAULT -1 (NOT_SET)
	},
	"variables" : [
		{
			"name" : <string>,
			"value" : <string>
		}...
	],


	auditFileTemplate 'id' not '-1'
	-------------------------------
	"filename" : <string>,
	"originalFilename" : <string> DEFAULT "",
}

type is "scapWindows" | "scapLinux"

...
	"version" : <string> "1.0" | "1.1" | "1.2",
	"benchmarkName" : <string>,
	"profileName" : <string>,
	"filename" : <string>,
	"originalFilename" : <string> DEFAULT "",
 
	version "1.2"
	-------------
	"dataStreamName" : <string>,
	"tailoringFilename" : <string> OPTIONAL,
	"tailoringOriginalFilename" : <string> OPTIONAL


	"tailoringFilename" is provided
	--------------------------------
	"tailoringOriginalFilename" : <string>
...
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"
		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

/auditFile/{id}

/auditFile/{uuid}

Methods
GET

Gets the AuditFile associated with {id} or {uuid}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." If requested, typeFields returns as follows:

type "scapWindows" | "scapLinux" (SCAP): dataStreamName, benchmarkName, profileName, tailoringOriginalFilename
type not "scapWindows" | not "scapLinux" (Tenable): variables

Allowed Fields

*id
*uuid
**name
**description
**type
**status
groups

creator
version
context
filename
originalFilename
createdTime
modifiedTime
lastRefreshedTime
canUse
canManage
auditFileTemplate
typeFields 

Session User role not "1" (Administrator)

ownerGroup
targetGroup
owner

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"
		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

PATCH

Edits the AuditFile associated with {id} or {uuid}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /auditFile::POST for parameters.

Example Response

See /auditFile/{id}::GET or /auditFile/{uuid}::GET for example response.

DELETE

Deletes the AuditFile associated with {id} or {uuid}, depending on access and permissions.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1401911117
}

/auditFile/{id}/refresh

/auditFile/{uuid}/refresh

Methods
POST

Refreshes the AuditFile associated with {id} or {uuid} to use the latest template version, depending on access and permissions.

NOTE #1: This does not modify the template variables. If the latest template has different variables, the user must call /auditFile/{id}::PATCH.
NOTE #2: AuditFiles not based on templates or based on templates that no longer exist (likely due to deprication) will generate an error.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"
		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

/auditFile/{id}/share

/auditFile/{uuid}/share

Methods
POST

Shares the AuditFile associated with {id} or {uuid}, depending on access and permissions

Request Parameters
Expand
{
	"groups" : [
		{
			"id" : <number>
		}...
	]
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit FIle Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"
		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

/auditFile/{id}/export

/auditFile/{uuid}/export

Methods
GET

Exports the AuditFile associated with {id} or {uuid} as plain text XML, depending on access and permissions

NOTE: For AuditFiles based on templates, the exported AuditFile will be merged with the indicated variables before export. There is currently no option to export with placeholders.

Request Parameters

None

Example Response

None given. The response will be a AuditFile in binary or ascii format.