Tenable Security Center API: AuditFile

/auditFile

Methods

GET

Gets the list of AuditFiles.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." If requested, typeFields returns as follows:

type "scapWindows" | "scapLinux" (SCAP): dataStreamName, benchmarkName, profileName, tailoringOriginalFilename
type not "scapWindows" | not "scapLinux" (Tenable): variables

Allowed Fields

*id
*uuid
**name
**description
**type
**status
groups
creator
version
context
filename
originalFilename
createdTime
modifiedTime
lastRefreshedTime
canUse
canManage
auditFileTemplate
typeFields

Session User role not "1" (Administrator)

ownerGroup
targetGroup
owner

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont = field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Query Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable AuditFiles. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable AuditFiles. By default, both usable and manageable objects are returned.

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "5",
				"name" : "Admin - Top 25 extended File Listener",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "AC4697BA-EE58-4EBC-B05A-D3CCDF170D21"			},
			{
				"id" : "6",
				"name" : "Admin - Top 25 lite",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "7F24580C-2601-44DD-96D1-1595AEB40731"			},
			{
				"id" : "1000030",
				"name" : "Basic Audit File",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FCE9E39-A85A-4408-8796-5E892A015B69"			},
			{
				"id" : "1000047",
				"name" : "With Scap",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "71479486-3ADB-461E-B0BF-2EDF615CDBDA"			},
			{
				"id" : "1000048",
				"name" : "test12122",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "D91B78FC-92A4-46BE-AE72-2774CE2C63DE"			},
			{
				"id" : "1000049",
				"name" : "Test",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "B4CED4AA-2852-42FC-8794-CCDC14E4434D"			}
		],
		"manageable" : [
			{
				"id" : "1000030",
				"name" : "Basic Audit File",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FCE9E39-A85A-4408-8796-5E892A015B69"			},
			{
				"id" : "1000047",
				"name" : "With Scap",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "71479486-3ADB-461E-B0BF-2EDF615CDBDA"			},
			{
				"id" : "1000048",
				"name" : "test12122",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "D91B78FC-92A4-46BE-AE72-2774CE2C63DE"			},
			{
				"id" : "1000049",
				"name" : "Test",
				"description" : "",
				"type" : "scapWindows",
				"status" : "0",
				"uuid" : "B4CED4AA-2852-42FC-8794-CCDC14E4434D"			},
			{
				"id" : "1000052",
				"name" : "AuditFileTest3",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "6FABA32D-B409-49D6-A13B-2A29D6014284"			},
			{
				"id" : "1000054",
				"name" : "AuditFile Test 5",
				"description" : "",
				"type" : "windowsfiles",
				"status" : "0",
				"uuid" : "676FDD6A-5AFC-43FC-BE28-BAF7AD451B0D"			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410981838
}

POST

Adds an AuditFile.

NOTE #1: The filename and tailoringFilename fields should contain the value of the same parameter passed back on a */file/upload::POST* if they are provided. The tailoringOriginalFilename field should contain the value of the tailoring file's original name, prior to upload if it is provided.
NOTE #2: For Tenable AuditFiles, field type must be sent as a blank string. SCAP AuditFile field type will be "scapWindows" or "scapLinux".
NOTE #3: AuditFile Template Variable names and values validation is limited to format only. They are not validated against the template's name/value pairs, nor are defaults set.

Request Parameters

Expand

{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"type" : <string> "scapWindows" | "scapLinux" | "" (Tenable Audit File)
...

type is "" (Tenable Audit File)

...
	"auditFileTemplate" : {
		"id" : <number> DEFAULT -1 (NOT_SET)
	},
	"variables" : [
		{
			"name" : <string>,
			"value" : <string>		}...
	],


	auditFileTemplate 'id' not '-1'
	-------------------------------
	"filename" : <string>,
	"originalFilename" : <string> DEFAULT "",
}

typeis "scapWindows" | "scapLinux"

...
	"version" : <string> "1.0" | "1.1" | "1.2",
	"benchmarkName" : <string>,
	"profileName" : <string>,
	"filename" : <string>,
	"originalFilename" : <string> DEFAULT "",
 	version "1.2"	-------------
	"dataStreamName" : <string>,
	"tailoringFilename" : <string> OPTIONAL,
	"tailoringOriginalFilename" : <string> OPTIONAL


	"tailoringFilename" is provided
	--------------------------------
	"tailoringOriginalFilename" : <string>...

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

/auditFile/{id}

/auditFile/{uuid}

Methods

GET

Gets the AuditFile associated with {id} or {uuid}.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." If requested, typeFields returns as follows:

type "scapWindows" | "scapLinux" (SCAP): dataStreamName, benchmarkName, profileName, tailoringOriginalFilename
type not "scapWindows" | not "scapLinux" (Tenable): variables

Allowed Fields

*id
*uuid
**name
**description
**type
**status
groups
creator
version
context
filename
originalFilename
createdTime
modifiedTime
lastRefreshedTime
canUse
canManage
auditFileTemplate
typeFields

Session User role not "1" (Administrator)

ownerGroup
targetGroup
owner

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont = field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

PATCH

Edits the AuditFile associated with {id} or {uuid}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /auditFile::POST for parameters.

Example Response

See /auditFile/{id}::GET or /auditFile/{uuid}::GET for example response.

DELETE

Deletes the AuditFile associated with {id} or {uuid}, depending on access and permissions.

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1401911117
}

/auditFile/{id}/refresh

/auditFile/{uuid}/refresh

Methods

POST

Refreshes the AuditFile associated with {id} or {uuid} to use the latest template version, depending on access and permissions.

NOTE #1: This does not modify the template variables. If the latest template has different variables, the user must call /auditFile/{id}::PATCH.
NOTE #2: AuditFiles not based on templates or based on templates that no longer exist (likely due to deprication) will generate an error.

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit File Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

Methods

POST

Shares the AuditFile associated with {id} or {uuid}, depending on access and permissions

Request Parameters

Expand

{
	"groups" : [
		{
			"id" : <number>		}...
	]
}

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "1000006",
		"name" : "Test Audit File",
		"description" : "Audit FIle Test",
		"version" : "1.12",
		"type" : "palo_alto",
		"context" : null,
		"status" : "0",
		"filename" : "scfile_KjhMPw",
		"originalFilename" : "",
		"createdTime" : "1435166011",
		"modifiedTime" : "1435249000",
		"lastRefreshedTime" : "1435249000",
		"typeFields" : {
			"variables" : []
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46"		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""		},
		"auditFileTemplate" : {
			"id" : "186",
			"name" : "TNS Palo Alto PAN-OS Best Practices",
			"categoryName" : "Palo Alto Networks PAN-OS"		},
		"uuid" : "1981424C-2EF6-450A-9D28-B1CBEBB94C47"	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1435249000
}

/auditFile/{id}/export

/auditFile/{uuid}/export

Methods

GET

Exports the AuditFile associated with {id} or {uuid} as plain text XML, depending on access and permissions

NOTE: For AuditFiles based on templates, the exported AuditFile will be merged with the indicated variables before export. There is currently no option to export with placeholders.

Request Parameters

None

Example Response

None given. The response will be a AuditFile in binary or ascii format.

Tenable Security Center API: AuditFile

/auditFile

Methods

Fields Parameter

Request Query Parameters

Filter Parameters

Example Response

Request Parameters

Example Response

/auditFile/{id}

/auditFile/{uuid}

Methods

Fields Parameter

Request Parameters

Example Response

Request Parameters

Example Response

Request Parameters

Example Response

/auditFile/{id}/refresh

/auditFile/{uuid}/refresh

Methods

Request Parameters

Example Response

/auditFile/{id}/share

/auditFile/{uuid}/share

Methods

Request Parameters

Example Response

/auditFile/{id}/export

/auditFile/{uuid}/export

Methods

Request Parameters

Example Response