Tenable Security Center API: Director System

 

This API resource is only usable in Tenable.sc Director.

/mgmt/system/logFiles

Methods

GET

Gets the list of log filesĀ on a linked Tenable.sc Instance that are available to the user

Request Parameters
Expand
{
	"sciID": <number>
}
Example Response for Admins
Expand
{
	"type": "regular",
	"response": [
		{
			"organization": {
				"id": 0,
				"name": "Application",
				"description": ""
			},
			"basenames": [
				"202106"
			]
		},
		{
			"organization": {
				"id": "1",
				"name": "Child Org",
				"description": ""
			},
			"basenames": [
				"202106"
			]
		}
	],
	"error_code": 0,
	"error_msg": "",
	"warnings": [],
	"timestamp": 1624370508
}
Example Response for Security Managers
Expand
{
    "type": "regular",
    "response": [
        {
            "basenames": [
                "202106"
            ]
        }
    ],
    "error_code": 0,
    "error_msg": "",
    "warnings": [],
    "timestamp": 1624371093
}

/mgmt/system/logs

Methods

POST

Returns the available log messages on a linked Tenable.sc Instance, based on user permissions and the query filters

Request Parameters
Expand
{
	"sciID": <number>,
	"date" : scLog basename (eg. "201412") | "all",
	"query": {
		"startOffset" : <number>,
		"endOffset" : <number>,
		"filters" : [
			{
				"filterName" : "keywords",
				"operator" : "=",
				"value" : <string>
			},
			{
				"filterName" : "severity",
				"value" : {
					"id" : <number> [0-2],
					"operator" : "=",
					"name":"INFO|WARNING|CRITICAL"
				}
			},
			{
				"filterName" : "module",
				"operator" : "=",
				"value" : <string> (eg. "auth")
			},
			{
				"filterName" : "organization",
				"value" : {
					"id" : <number>
				}
			}
		]
	}
}
Example Response
Expand
{
   "type": "regular",
    "response": {
        "skip": [],
        "totalRecords": 56,
        "endOffset": 3,
        "results": [
            {
                "rawLog": "Tue, 22 Jun 2021 10:20:28 -0400|qahead|auth|INFO|Successful logout for 'qahead'.\n",
                "organization": {
                    "id": "1",
                    "name": "Child Org",
                    "description": ""
                },
                "message": "Successful logout for 'qahead'.",
                "severity": {
                    "id": "0",
                    "name": "INFO",
                    "description": "Information"
                },
                "module": "auth",
                "source": "qahead",
                "date": "Tue, 22 Jun 2021 10:20:28 -0400"
            },
            {
                "rawLog": "Tue, 22 Jun 2021 09:20:01 -0400|qahead|policy|INFO|' [qahead]' deleted organization policy 'Basic Policy' (id #1000002).\n",
                "organization": {
                    "id": "1",
                    "name": "Child Org",
                    "description": ""
                },
                "message": "' [qahead]' deleted organization policy 'Basic Policy' (id #1000002).",
                "severity": {
                    "id": "0",
                    "name": "INFO",
                    "description": "Information"
                },
                "module": "policy",
                "source": "qahead",
                "date": "Tue, 22 Jun 2021 09:20:01 -0400"
            },
            {
                "rawLog": "Tue, 22 Jun 2021 09:18:08 -0400|qahead|policy|INFO|' [qahead]' created organization policy 'Basic Policy' (id #1000002).\n",
                "organization": {
                    "id": "1",
                    "name": "Child Org",
                    "description": ""
                },
                "message": "' [qahead]' created organization policy 'Basic Policy' (id #1000002).",
                "severity": {
                    "id": "0",
                    "name": "INFO",
                    "description": "Information"
                },
                "module": "policy",
                "source": "qahead",
                "date": "Tue, 22 Jun 2021 09:18:08 -0400"
            }
        ]
    },
    "error_code": 0,
    "error_msg": "",
    "warnings": [],
    "timestamp": 1624372254
}