NAME
Net::SecurityCenter::API::Analysis - Perl interface to Tenable.sc (SecurityCenter) Analysis REST API
SYNOPSIS
use Net::SecurityCenter::REST;
use Net::SecurityCenter::API::Analysis;
my $sc = Net::SecurityCenter::REST->new('sc.example.org');
$sc->login('secman', 'password');
my $api = Net::SecurityCenter::API::Analysis->new($sc);
$sc->logout();
DESCRIPTION
This module provides Perl scripts easy way to interface the Analysis REST API of Tenable.sc (SecurityCenter).
For more information about the Tenable.sc (SecurityCenter) REST API follow the online documentation:
https://docs.tenable.com/sccv/api/index.html
CONSTRUCTOR
Net::SecurityCenter::API::Analysis->new ( $client )
Create a new instance of Net::SecurityCenter::API::Analysis using Net::SecurityCenter::REST class.
METHODS
get
Processes a query for analysis
Params:
type
: Type of analysis (required)Allowed types:
scLog
vuln
event
mobile
user
source
: Type of sourceAllowed values for
vuln
type:individual
cumulative
patched
Allowed values for
event
type:lce
archive
tool
: ToolAllowed values:
cceipdetail
cveipdetail
iavmipdetail
listmailclients
listservices
listos
listsoftware
listsshservers
listvuln
listwebclients
listwebservers
sumasset
sumcce
sumclassa
sumclassb
sumclassc
sumcve
sumdnsname
sumfamily
sumiavm
sumid
sumip
summsbulletin
sumport
sumprotocol
sumremediation
sumseverity
sumuserresponsibility
trend
vulndetails
vulnipdetail
vulnipsummary
filters
: Filter array for field, operator and value (eg.[ 'ip', '=', '10.10.0.0/16' ]
)query_id
: ID of querysort_dir
: Sort directionASC
orDESC
sort_field
: Sort fieldscan_id
: Scan ID (only forindividual
source type andvuln
type values)lce_id
: LCE ID (only forarchive
source type andevent
type values)view
: View type (only forindividual
source type andvuln
type values andarchive
source type andevent
type values)view
all
new
patched
page
: Number of page for paginationlimit
: Number of items (default is1000
)
download
Downloads an analysis of a query in CSV format.
NOTE: This is a facility for $sc->get( download => 1, ... )
method
Params:
type
: Type of analysis (required)query_id
: ID of querysort_dir
: Sort directionASC
orDESC
sort_field
: Sort fieldscan_id
: Scan ID (only forindividual
source type andvuln
type values)view
: View type (only forindividual
source type andvuln
type values andarchive
source type andevent
type values)columns
: Report columns (comma-separated value, eg.pluginID,name
)
get_log
Processes a query for log analysis.
NOTE: This is a facility for $sc->get( type => 'scLog', ... )
method
Params:
date
: Log basename (YYYYMM
eg.201901
) orall
severity
: Log severity (info
,warning
orcritical
)initiator
: ID of SecurityCenter usermodule
: Module (eg.auth
)organization
: ID of SecurityCenter organizationpage
: Number of page for pagination (default isall
)limit
: Number of items (default is1000
)
get_vulnerabilities
Processes a query for vulnerability analysis.
NOTE: This is a facility for $sc->get( type => 'vuln', ... )
method
Params:
query_id
: ID of querysort_dir
: Sort directionASC
orDESC
sort_field
: Sort fieldsource
: Type of sourceindividual
cumulative
patched
view
: View type (see$sc->get( view => ... )
for allowed values)scan_id
: Scan IDtool
: Tool (see$sc->get( tool => ... )
for allowed params)page
: Number of page for paginationlimit
: Number of items (default is1000
)filters
: Filter array for field, operator and value (eg.[ 'ip', '=', '10.10.0.0/16' ]
)
get_events
Processes a query for event analysis.
NOTE: This is a facility for $sc->get( type => 'event', ... )
method
Params:
query_id
: ID of querysort_dir
: Sort directionASC
orDESC
sort_field
: Sort fieldsource
: Type of sourcelce
archive
view
: View type (see$sc->get( view => ... )
for allowed values)lce_id
: LCE IDtool
: Toollistdata
sumasset
sumclassa
sumclassb
sumclassc
sumconns
sumdate
sumdstip
sumevent
sumevent2
sumip
sumport
sumprotocol
sumsrcip
sumtime
sumtype
sumuser
syslog
timedist
page
: Number of page for paginationlimit
: Number of items (default is1000
)filters
: Filter array for field, operator and value (eg.[ 'ip', '=', '10.10.0.0/16' ]
)
get_mobile
Processes a query for mobile analysis.
NOTE: This is a facility for $sc->get( type => 'mobile', ... )
method
Params:
query_id
: ID of querysort_dir
: Sort directionASC
orDESC
sort_field
: Sort fieldtool
: Toollistvuln
sumdeviceid
summdmuser
summodel
sumoscpe
sumpluginid
sumseverity
vulndetails
page
: Number of page for paginationlimit
: Number of items (default is1000
)filters
: Filter array for field, operator and value (eg.[ 'ip '= '10.10.0.0/16' ]
)
SUPPORT
Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-Net-SecurityCenter/issues. You will be notified automatically of any progress on your issue.
Source Code
This is open source software. The code repository is available for public review and contribution under the terms of the license.
https://github.com/giterlizzi/perl-Net-SecurityCenter
git clone https://github.com/giterlizzi/perl-Net-SecurityCenter.git
AUTHOR
Giuseppe Di Terlizzi <gdt@cpan.org>
LICENSE AND COPYRIGHT
This software is copyright (c) 2018-2019 by Giuseppe Di Terlizzi.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.