Tenable Security Center API: Recast Risk Rule

/recastRiskRule

Methods
GET

Gets the list of Recast Risk Rules across all reps, plugins, and orgs, unless filters are provided.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**repository
**organization
**user
**plugin
**newSeverity
**hostType
**hostValue
**port
**protocol
**order
**status
**expires
comments
createdTime
modifiedTime

Legend

* = always comes back
** = comes back if fields list not specified on GET all

Filters
Expand 
repositoryIDs=<number>,... DEFAULT 0 (i.e. all Repositories)
pluginID=<number> | <string> "all" DEFAULT "all" (i.e. all Plugins)
port=<number> | <string> "all" DEFAULT "all" (i.e. all Ports)

Session User is role "1" (administrator) 

organizationIDs=<number>,... | <string> "all" DEFAULT "all" (i.e. all Organizations)

Session User is not role "1" (administrator) 

organizationIDs=<number>,... | <string> "all" DEFAULT :sessionOrgID:

Paginated results:

By default, the result set encompasses all Recast Risk Rule

To obtain paginated results, a parameter value should be included in the request as follows:

?paginated=true

Additionally, for paginated results, the following parameters can be sent:

startOffset <number> (positive integer) DEFAULT 0,
endOffset <number> (integer >= startOffset) DEFAULT 50,
sortDirection <string> "ASC" | "DESC" DEFAULT "DESC",
sortField <string> "userID" | "pluginID" | "port" | "protocol" | "expires" | "createdTime",

Example Response
Expand 
{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"newSeverity" : "0",
			"hostType" : "all",
			"hostValue" : "",
			"port" : "any",
			"protocol" : "any",
			"order" : "1",
		 	"expires" : "-1",
			"status" : "0",
			"repository" : {
				"id" : "18",
				"name" : "New Rep 1",
				"description" : "",
				"type" : "Local",
				"uuid" : "51C9083D-3AF6-4557-9492-7B25FCF6BAEB"			},
			"organization" : {
				"id" : "8",
				"name" : "Org",
				"description" : "Testing for Policies with New Schema",
				"uuid" : "2E950182-08B6-4737-830B-4ACC8F6B92F9"			},
			"user" : {
				"id" : "1",
				"username" : "head",
				"firstname" : "Security Manager",
				"lastname" : "",
				"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"			},
			"plugin" : {
				"id" : "0",
				"name" : "Open Port",
				"description" : "",
				"type" : "active"			}
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410281615
}
POST

Adds a Recast Risk Rule to one repository.

Request Parameters
Expand 
{
    "repositories" : [
        {
            "id" : <number>        }...
    ],
    "plugin" : {
        "id" : <number>    },
	"newSeverity" : {
		"id" : <number> "0" (info) | "1" (low) | "2" (medium) | "3" (high) | "4" (critical)
	},
	...

hostType for Universal Repository type 

	...
	"hostType" : <string> "all" | "asset" | "ip" | "hostUUID",
	...

hostType for Agent Repository type 

	...
	"hostType" : <string> "all" | "asset" | "uuid",
	...

hostType for IPv4 or IPv6 Repository type 

	...
	"hostType" : <string> "all" | "asset" | "ip" ,
	...
  "port" : <number:1..65535> | <string> "any" DEFAULT "any",
    "protocol" : <number:1..> | <string> "any" DEFAULT "any",
    "comments" : <string> DEFAULT "",
    "expires" : <number> (integer >= -1) DEFAULT -1 (not set)
    ...
}

hostType "asset"

The "hostValue" parameter should contain a usable, accessible Asset ID.

...
	"hostValue" : {
		"id" : <number>	}
...

hostType "ip"

The "hostValue" parameter should contain a newline-separated and/or comma-separated list of IPs.

...
	"hostValue" : <string>...

hostType "uuid"

The "hostValue" parameter should contain a newline-separated and/or comma-separated list of UUIDs.

...
	"hostValue" : <string>...

hostType "hostUUID"

The "hostValue" parameter should contain a newline-separated and/or comma-separated list of UUIDs.

...
	"hostValue" : <string>...
Example Response
Expand 
{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"newSeverity" : "0",
			"hostType" : "all",
			"hostValue" : "",
			"port" : "any",
			"protocol" : "any",
			"comments" : "",
			"order" : "1",
			"status" : "0",
		 	"expires" : "-1",
			"createdTime" : "1410281580",
			"modifiedTime" : "1410281580",
			"repository" : {
				"id" : "18",
				"name" : "New Rep 1",
				"description" : "",
				"type" : "Local",
				"uuid" : "51C9083D-3AF6-4557-9492-7B25FCF6BAEB"			},
			"organization" : {
				"id" : "8",
				"name" : "Org",
				"description" : "Testing for Policies with New Schema",
				"uuid" : "2E950182-08B6-4737-830B-4ACC8F6B92F9"			},
			"user" : {
				"id" : "1",
				"username" : "head",
				"firstname" : "Security Manager",
				"lastname" : "",
				"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"			},
			"plugin" : {
				"id" : "0",
				"name" : "Open Port",
				"description" : "",
				"type" : "active"			}
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410281580
}

/recastRiskRule/{id}

Methods
GET

Gets the Recast Risk Rule associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**repository
**organization
**user
**plugin
**newSeverity
**hostType
**hostValue
**port
**protocol
**order
**status
**expires
comments
createdTime
modifiedTime

Legend

* = always comes back
** = comes back if fields list not specified on GET all

Request Query Parameters

None

Example Response
Expand 
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"newSeverity" : "0",
		"hostType" : "all",
		"hostValue" : "",
		"port" : "any",
		"protocol" : "any",
		"comments" : "",
		"order" : "1",
		"status" : "0",
	 	"expires" : "-1",
		"createdTime" : "1410281580",
		"modifiedTime" : "1410281580",
		"repository" : {
			"id" : "18",
			"name" : "New Rep 1",
			"description" : "",
			"type" : "Local",
			"uuid" : "51C9083D-3AF6-4557-9492-7B25FCF6BAEB"		},
		"organization" : {
			"id" : "8",
			"name" : "Org",
			"description" : "Testing for Policies with New Schema",
			"uuid" : "2E950182-08B6-4737-830B-4ACC8F6B92F9"		},
		"user" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"		},
		"plugin" : {
			"id" : "0",
			"name" : "Open Port",
			"description" : "",
			"type" : "active"		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410281625
}
DELETE

Deletes the Recast Risk Rule associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response
Expand 
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1403100582
}
PATCH
Request Parameters
Expand

Allowed Fields

expires

Example Response
Expand 
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1403100582
}

/recastRiskRule/apply

Methods
POST

Applies all rules for the given repository or all (id: 0)

Request Query Parameters
Expand 
 {
	"repository" : {
		"id" : <number>	}
}
Example Response
Expand 
 {
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410279161
}