Tenable Security Center API: LCE

 

/lce

Methods
GET

Gets the list of LCEs.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status

ip
ntpIP
port
username
password
privateKeyPassphrase
managedRanges
version
downloadVulns
vulnStatus
lastReportTime
createdTime
modifiedTime
silos
canUse
canManage
organizations
repositories

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Example Response
Expand
{
    "type" : "regular",
    "response" : [
        {
            "id" : "3",
            "name" : "LCE 192.168.1.11",
            "description" : "",
            "ip" : "192.168.1.11",
            "ntpIP" : "192.168.1.1",
            "port" : "1243",
            "username" : "root",
            "password" : "SET",
			"privateKeyPassphrase": null,
            "managedRanges" : null,
            "version" : "4.0.2",
            "downloadVulns" : "false",
            "status" : "1",
            "vulnStatus" : "2",
            "lastReportTime" : "0",
            "createdTime" : "1409837073",
            "modifiedTime" : "1409944978",
			"silos" : [
				{
					"id" : "1",
					"file" : "\/opt\/lce\/silo_archive\/\/lceSep122014-Sep132014.ndb",
					"startDate" : "Sep 12, 2014",
					"endDate" : "Sep 13, 2014",
					"records":"0"
			}
			"organizations" : [
                {
                    "id" : "8",
                    "name" : "Org",
                    "description" : "Testing for Policies with New Schema",
        			"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
                }
            ],
            "repositories" : [],
            "canUse" : "true",
            "canManage" : "true"
        }
    ],
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1409945528
}

POST

Adds an LCE.

Request Parameters
Expand
{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"ip" : <string> (valid IP address or IP addresses separated by a comma),
	"downloadVulns" : <string> "false" | "true",
	"organizations" : [
		{
			"id" : <number>,
        	"uuid" : <uuid>,
		}...
	] DEFAULT [],
	...
}

downloadVulns is "true"

{
	...
	"ntpIP" : <string> (valid IP address, host name, IP addresses separated by a comma, or host names separated by a comma) DEFAULT {ip},
	"port" : <number> {valid port) DEFAULT "1243",
	"username" : <string>,
	"password" : <string>,
	"repositories" : [
		{
			"id" : <number>,
			"uuid" : <uuid>
		}...
	] DEFAULT []
	...
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"organizations" : [
			{
				"id" : "8",
				"name" : "Org",
				"description" : "Testing for Policies with New Schema",
				"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
			},
			{
				"id" : "9",
				"name" : "Test Org",
				"description" : "",
				"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"
			}
		],
		"repositories" : [],
		"id" : "9",
		"name" : "TEST2",
		"description" : "",
		"ip" : "192.168.1.1",
		"ntpIP" : "192.168.1.1",
		"port" : "1243",
		"username" : "",
		"password" : "",
		"privateKeyPassphrase" : "",
		"managedRanges" : null,
		"version" : "Unknown",
		"downloadVulns" : "false",
		"status" : "2",
		"vulnStatus" : "0",
		"lastReportTime" : "0",
		"createdTime" : "1409946064",
		"modifiedTime" : "1409946074",
		"canUse" : "true",
		"canManage" : "true"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409946054
}

/lce/authorize

Methods
POST

Authorizes the LCE associated with the provided id or ip to be installed on remote machine, changing only the passed in fields.

NOTE: Either (not both) the ip or the id field must be specified. Alternatively, an lce being authorize by ID may be performed by lce/{id}/authorize::POST

Request Parameters
Expand
{
	"id" : <number> OPTIONAL,
	"uuid" : <uuid> OPTIONAL,
	"ip" : <string> (valid IP address) OPTIONAL,
	"username" : <string> DEFAULT "",
	"password" : <string> DEFAULT ""
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"status" : 1,
		"version" : "unknown"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408726631
}

/lce/{id}

Methods
GET

Gets the LCE associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status
ip
ntpIP
port
username
password
managedRanges
version
downloadVulns
vulnStatus
lastReportTime
createdTime
modifiedTime
canUse
canManage
organizations
repositories

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"organizations" : [
			{
				"id" : "8",
				"name" : "Org",
				"description" : "Testing for Policies with New Schema",
        		"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
			}
		],
		"repositories" : [],
		"id" : "1",
		"name" : "testlce",
		"description" : "This is being used to test fields",
		"ip" : "192.168.1.1",
		"ntpIP" : "192.168.1.1",
		"port" : "24",
		"username" : "head",
		"password" : "SET",
		"managedRanges" : null,
		"version" : "Unknown",
		"downloadVulns" : "false",
		"status" : "2",
		"vulnStatus" : "2",
		"lastReportTime" : "0",
		"createdTime" : "1408131074",
		"modifiedTime" : "1409945570",
		"canUse" : "true",
		"canManage" : "true"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409945751
}
PATCH

Edits the LCE associated with {id}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /lce::POST for parameters.

Example Response

See /lce/{id}::GET

DELETE

Deletes the LCE associated with {id}.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408726631
}

 

/lce/{id}/authorize

Methods
POST

Authorizes the LCE associated with {id} to be installed on remote machine, changing only the passed in fields.

NOTE: To authorize by IP, See /lce/authorize::POST. An ip parameter may not be provided here.

Request Parameters
Expand
{
	"username" : <string> DEFAULT "",
	"password" : <string> DEFAULT ""
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"status" : 1,
		"version" : "unknown"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408726631
}

/lce/eventTypes

Methods
GET
Request Parameters

Gets the list of LCE event types.

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"types" : [
			"(unknown)",
			"access-denied",
			"application",
			"connection",
			"continuous",
			"data-leak",
			"database",
			"detected-change",
			"dhcp",
			"dns",
			"dos",
			"error",
			"file-access",
			"firewall",
			"honeypot",
			"indicator",
			"intrusion",
			"lce",
			"login",
			"login-failure",
			"logout",
			"nbs",
			"network",
			"process",
			"restart",
			"scanning",
			"social-networks",
			"spam",
			"stats",
			"system",
			"threatlist",
			"unnormalized",
			"usb",
			"virus",
			"vulnerability",
			"web-access",
			"web-error"
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409946200
}