Net::SecurityCenter::API::Analysis - Perl interface to Tenable.sc (SecurityCenter) Analysis REST API
use Net::SecurityCenter::REST; use Net::SecurityCenter::API::Analysis; my $sc = Net::SecurityCenter::REST->new('sc.example.org'); $sc->login('secman', 'password'); my $api = Net::SecurityCenter::API::Analysis->new($sc); $sc->logout();
This module provides Perl scripts easy way to interface the Analysis REST API of Tenable.sc (SecurityCenter).
For more information about the Tenable.sc (SecurityCenter) REST API follow the online documentation:
https://docs.tenable.com/sccv/api/index.html
Create a new instance of Net::SecurityCenter::API::Analysis using Net::SecurityCenter::REST class.
Processes a query for analysis
Params:
type : Type of analysis (required)
type
Allowed types:
scLog
vuln
event
mobile
user
source : Type of source
source
Allowed values for vuln type:
individual
cumulative
patched
Allowed values for event type:
lce
archive
tool : Tool
tool
Allowed values:
cceipdetail
cveipdetail
iavmipdetail
listmailclients
listservices
listos
listsoftware
listsshservers
listvuln
listwebclients
listwebservers
sumasset
sumcce
sumclassa
sumclassb
sumclassc
sumcve
sumdnsname
sumfamily
sumiavm
sumid
sumip
summsbulletin
sumport
sumprotocol
sumremediation
sumseverity
sumuserresponsibility
trend
vulndetails
vulnipdetail
vulnipsummary
filters : Filter array for field, operator and value (eg. [ 'ip', '=', '10.10.0.0/16' ])
filters
[ 'ip', '=', '10.10.0.0/16' ]
query_id : ID of query
query_id
sort_dir : Sort direction ASC or DESC
sort_dir
ASC
DESC
sort_field : Sort field
sort_field
scan_id : Scan ID (only for individual source type and vuln type values)
scan_id
lce_id : LCE ID (only for archive source type and event type values)
lce_id
view : View type (only for individual source type and vuln type values and archive source type and event type values)
view
all
new
page : Number of page for pagination
page
limit : Number of items (default is 1000)
limit
1000
Downloads an analysis of a query in CSV format.
NOTE: This is a facility for $sc->get( download => 1, ... ) method
$sc->get( download => 1, ... )
columns : Report columns (comma-separated value, eg. pluginID,name)
columns
pluginID,name
Processes a query for log analysis.
NOTE: This is a facility for $sc->get( type => 'scLog', ... ) method
$sc->get( type => 'scLog', ... )
date : Log basename (YYYYMM eg. 201901) or all
date
YYYYMM
201901
severity : Log severity (info, warning or critical)
severity
info
warning
critical
initiator : ID of SecurityCenter user
initiator
module : Module (eg. auth)
module
auth
organization : ID of SecurityCenter organization
organization
page : Number of page for pagination (default is all)
Processes a query for vulnerability analysis.
NOTE: This is a facility for $sc->get( type => 'vuln', ... ) method
$sc->get( type => 'vuln', ... )
view : View type (see $sc->get( view => ... ) for allowed values)
$sc->get( view => ... )
scan_id : Scan ID
tool : Tool (see $sc->get( tool => ... ) for allowed params)
$sc->get( tool => ... )
Processes a query for event analysis.
NOTE: This is a facility for $sc->get( type => 'event', ... ) method
$sc->get( type => 'event', ... )
lce_id : LCE ID
listdata
sumconns
sumdate
sumdstip
sumevent
sumevent2
sumsrcip
sumtime
sumtype
sumuser
syslog
timedist
Processes a query for mobile analysis.
NOTE: This is a facility for $sc->get( type => 'mobile', ... ) method
$sc->get( type => 'mobile', ... )
sumdeviceid
summdmuser
summodel
sumoscpe
sumpluginid
filters : Filter array for field, operator and value (eg. [ 'ip '= '10.10.0.0/16' ])
[ 'ip '= '10.10.0.0/16' ]
Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-Net-SecurityCenter/issues. You will be notified automatically of any progress on your issue.
This is open source software. The code repository is available for public review and contribution under the terms of the license.
https://github.com/giterlizzi/perl-Net-SecurityCenter
git clone https://github.com/giterlizzi/perl-Net-SecurityCenter.git
Giuseppe Di Terlizzi <gdt@cpan.org>
This software is copyright (c) 2018-2023 by Giuseppe Di Terlizzi.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Net::SecurityCenter, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::SecurityCenter
CPAN shell
perl -MCPAN -e shell install Net::SecurityCenter
For more information on module installation, please visit the detailed CPAN module installation guide.