Tenable Security Center API: Group

/group

/tes/group

/tes/group endpoint is only supported in Tenable Enclave Security


Methods
GET

Gets the list of Groups

NOTE: Only viewable shared objects will be returned. If a group retrieved contains to object shares the session user does not have permissions to view, the shares will not be returned.

Fields Parameter
Expand

NOTE: Currently, all fields come back on GET all, but the ** indicates fields which will be listed in a future release

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
createdTime
modifiedTime
lces
repositories
definingAssets
userCount
users
createDefaultObjects

 Session User has ShareObjects Permission
assets
policies
queries
credentials
dashboardTabs
arcs
auditFiles

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		{
			"id" : "2",
			"name" : "Group A",
			"description" : ""
		},
		{
			"id" : "3",
			"name" : "Group B",
			"description" : ""
		},
		{
			"id" : "4",
			"name" : "grunt",
			"description" : ""
		},
		{
			"id" : "5",
			"name" : "Full Access Group 2",
			"description" : ""
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1445894598
}

POST

Adds a Group

Note: Cannot add definingAssets of type "watchlist" | "combination" in group definitions

Request Parameters
Expand
{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"createDefaultObjects" : <string> "false" | "true" DEFAULT "false",
	"repositories" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"lces" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"definingAssets" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"assets" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"policies" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"queries" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"credentials" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"dashboardTabs" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"arcs" : [
		{
			"id" : <number>
		}...
	] OPTIONAL,
	"auditFiles" : [
		{
			"id" : <number>
		}...
	] OPTIONAL
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "5",
		"name" : "Full Access Group test",
		"description" : "",
		"createdTime" : "1436551970",
		"modifiedTime" : "1445892755",
		"lces" : [
			{
				"id" : "3",
				"name" : "test LCE",
				"description" : "Copied from Box for testing",
				"version" : "4.6.0"
			},
			{
				"id" : "4",
				"name" : "LCE 1",
				"description" : "Copied from Box for testing",
				"version" : "4.4.1"
			},
			{
				"id" : "5",
				"name" : "LCE 2",
				"description" : "Copied from Box for testing",
				"version" : "4.4.0"
			}
		],
		"repositories" : [
			{
				"id" : "38",
				"name" : "ipv4",
				"description" : "copied from QA",
				"lastVulnUpdate" : "1445621650",
				"type" : "Local",
				"dataFormat" : "IPv4",
                "uuid": "49C61E1E-3D79-4345-AE79-CE3E5DF69B47"
			},
			{
				"id" : "39",
				"name" : "ipv6 rep",
				"description" : "Copied from QA 2",
				"lastVulnUpdate" : "1437805904",
				"type" : "Local",
				"dataFormat" : "IPv6",
				"uuid": "2253DAE5-880E-4796-B94C-1B880841BE64"
			},
			{
				"id" : "44",
				"name" : "Test w/pluginPrefs",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "79843218-F7CF-48C2-867D-54EA9A6B0225"
			},
			{
				"id" : "57",
				"name" : "test mobile airwatch rep",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "B0718AAC-2CDA-4A9C-B6F5-ED1F8EFFC755"
			}
		],
		"definingAssets" : [
			{
				"id" : "0",
				"name" : "All Defined Ranges",
				"description" : "",
                "uuid": "0A18B330-B893-4080-96F2-220A45E0B203"
			}
		],
		"userCount" : 0,
		"users" : [],
		"createDefaultObjects" : "false",
		"assets" : [],
		"policies" : [],
		"queries" : [],
		"credentials" : [],
		"dashboardTabs" : [],
		"auditFiles" : [],
		"arcs" : [
			{
				"id" : "18",
				"name" : "Database Settings",
				"description" : "The Database ARC presents a series of policy statements that measure percentage compliance against organizational policies such as authentication policy, privilege policy, and best practices. These policies all share a common theme in assessing database compliance and configuration.	Organizational policy should in turn be based on appropriate currently accepted standards.	\n\nThe ARC and the associated policy statements rely on audit results received from Nessus scans utilizing database audit files for compliance scanning. The audit files and policy statements are guides that can be customized to fit the specific policy guidelines of the organization.\n\nBy reviewing the ARC, Compliance Managers can easily and quickly identify compliance concerns within database-driven systems based around these controls, and rapidly identify gaps in the database security programs or policies."
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1445892755
}

/group/{id}

/tes/group/{id}

/tes/group/{id} endpoint is only supported in Tenable Enclave Security


Methods
GET

Gets the Group associated with {id}.

NOTE: Only viewable shared objects will be returned. If the group retrieved contains to object shares the session user does not have permissions to view, the shares will not be returned.

Fields Parameter

The endpoint returns minimal [ which includes * and ** ] fields only, if all of the conditions are met:

  • user has no permission to 'Manage Group'
  • user has no permission to 'Share Object'
  • user is not viewing self group
  • the group to view is not in the list of user's 'Managable Groups'

The contents of the sharableObjects fields [as mentioned in NOTE above] shows only those objects that are shared with the Groups that is enabled using ManageObjectsOfGroup/s in user Settings.

Irrespective of the permManageGroup, permShareObject a user can always view minimal + additional fields of their own group. The sharable fields however are displayed based on the ManageObjectsOfGroup/s permissions as mentioned above.

The return fields are summarized below:

permManageGroup

permShareObject

ManageObjects Of Group/s

fields

Yes

Yes

Yes/No

minimal + additional fields + sharableObjects fields

Yes

No

Yes/No

minimal + additional fields

No

Yes

No

minimal + additional fields + sharableObjects fields

No

No

Yes

minimal + additional fields for manageObjects enabled groups
minimal fields for all other groups

No

No

No [ for all groups ]

minimal fields for all groups

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
createdTime
modifiedTime
lces
repositories
definingAssets
userCount
users
createDefaultObjects


Session User has ShareObjects Permission
assets
policies
queries
credentials
dashboardTabs
arcs
auditFiles

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response
Expand
Any user with manageGroup permission enabled
{
	"type" : "regular",
	"response" : {
		"id" : "5",
		"name" : "Full Access Group test",
		"description" : "",
		"createdTime" : "1436551970",
		"modifiedTime" : "1445892755",
		"lces" : [
			{
				"id" : "3",
				"name" : "test LCE",
				"description" : "Copied from Box for testing",
				"version" : "4.6.0"
			},
			{
				"id" : "4",
				"name" : "LCE 1",
				"description" : "Copied from Box for testing",
				"version" : "4.4.1"
			},
			{
				"id" : "5",
				"name" : "LCE 2",
				"description" : "Copied from Box for testing",
				"version" : "4.4.0"
			}
		],
		"repositories" : [
			{
				"id" : "38",
				"name" : "ipv4",
				"description" : "copied from QA",
				"lastVulnUpdate" : "1445621650",
				"type" : "Local",
				"dataFormat" : "IPv4",
                "uuid": "49C61E1E-3D79-4345-AE79-CE3E5DF69B47"
			},
			{
				"id" : "39",
				"name" : "ipv6 rep",
				"description" : "Copied from QA 2",
				"lastVulnUpdate" : "1437805904",
				"type" : "Local",
				"dataFormat" : "IPv6",
                "uuid": "2253DAE5-880E-4796-B94C-1B880841BE64"
			},
			{
				"id" : "44",
				"name" : "Test w/pluginPrefs",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "79843218-F7CF-48C2-867D-54EA9A6B0225"
			},
			{
				"id" : "57",
				"name" : "test mobile airwatch rep",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "B0718AAC-2CDA-4A9C-B6F5-ED1F8EFFC755"
			}
		],
		"definingAssets" : [
			{
				"id" : "0",
				"name" : "All Defined Ranges",
				"description" : "",
                "uuid": "0A18B330-B893-4080-96F2-220A45E0B203"
			}
		],
		"userCount" : 0,
		"users" : [],
		"createDefaultObjects" : "false",
		"assets" : [],
		"policies" : [],
		"queries" : [],
		"credentials" : [],
		"dashboardTabs" : [],
		"auditFiles" : [],
		"arcs" : [
			{
				"id" : "18",
				"name" : "Database Settings",
				"description" : "The Database ARC presents a series of policy statements that measure percentage compliance against organizational policies such as authentication policy, privilege policy, and best practices. These policies all share a common theme in assessing database compliance and configuration.	Organizational policy should in turn be based on appropriate currently accepted standards.	\n\nThe ARC and the associated policy statements rely on audit results received from Nessus scans utilizing database audit files for compliance scanning. The audit files and policy statements are guides that can be customized to fit the specific policy guidelines of the organization.\n\nBy reviewing the ARC, Compliance Managers can easily and quickly identify compliance concerns within database-driven systems based around these controls, and rapidly identify gaps in the database security programs or policies."
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1445892755
}
Any user with manageGroup permission disabled and shareObject permission disabled, but can manage objects of the group in question
{
	"type" : "regular",
	"response" : {
		"id" : "5",
		"name" : "Full Access Group test",
		"description" : "",
		"createdTime" : "1436551970",
		"modifiedTime" : "1445892755",
		"lces" : [
			{
				"id" : "3",
				"name" : "test LCE",
				"description" : "Copied from Box for testing",
				"version" : "4.6.0"
			},
			{
				"id" : "4",
				"name" : "LCE 1",
				"description" : "Copied from Box for testing",
				"version" : "4.4.1"
			},
			{
				"id" : "5",
				"name" : "LCE 2",
				"description" : "Copied from Box for testing",
				"version" : "4.4.0"
			}
		],
		"repositories" : [
			{
				"id" : "38",
				"name" : "ipv4",
				"description" : "copied from QA",
				"lastVulnUpdate" : "1445621650",
				"type" : "Local",
				"dataFormat" : "IPv4",
                "uuid": "49C61E1E-3D79-4345-AE79-CE3E5DF69B47"
			},
			{
				"id" : "39",
				"name" : "ipv6 rep",
				"description" : "Copied from QA 2",
				"lastVulnUpdate" : "1437805904",
				"type" : "Local",
				"dataFormat" : "IPv6",
                "uuid": "2253DAE5-880E-4796-B94C-1B880841BE64"
			},
			{
				"id" : "44",
				"name" : "Test w/pluginPrefs",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "79843218-F7CF-48C2-867D-54EA9A6B0225"
			},
			{
				"id" : "57",
				"name" : "test mobile airwatch rep",
				"description" : "",
				"lastVulnUpdate" : "0",
				"type" : "Local",
				"dataFormat" : "mobile",
                "uuid": "B0718AAC-2CDA-4A9C-B6F5-ED1F8EFFC755"
			}
		],
		"definingAssets" : [
			{
				"id" : "0",
				"name" : "All Defined Ranges",
				"description" : "",
                "uuid": "0A18B330-B893-4080-96F2-220A45E0B203"
			}
		],
		"userCount" : 0,
		"users" : [],
		"createDefaultObjects" : "false"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1445892755
}
Any user with manageGroup permission disabled and shareObject permission disabled, and also cannot manage objects of the group in question
{
	"type" : "regular",
	"response" : {
		"id" : "5",
		"name" : "Full Access Group test",
		"description" : ""
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1445892755
}

PATCH

Edits the Group associated with {id}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /group::POST for parameters.

Example Response
See /group/{id}::GET

DELETE

Deletes the Group associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408726272
}