Merge pull request #754 from tenable/compliance-export-phase-1

Support for Tenable VM Compliance Export Phase 1 Filters

CHANGELOG.md

@@ -4,13 +4,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.21]
+
+### Added
+- Support for new Compliance Export Enhancement fields in Vulnerability Management.
+- Support for `currentPassword` field in SC Users API.
+
+[1.4.21]: https://github.com/tenable/pyTenable/compare/1.4.20...1.4.21
+
 ## [1.4.20]
 
 ### Fixed
 - Bug that causes pyTenable to error out when `srcInterface` or `dstInterface` values in `events` object in OT is non-null.
 
 [1.4.20]: https://github.com/tenable/pyTenable/compare/1.4.19...1.4.20
-.
+
 
 ## [1.4.19]
 

tenable/io/exports/api.py

@@ -339,6 +339,33 @@ def compliance(self, **kwargs) -> Union[ExportsIterator, UUID]:
             last_seen (int, optional):
                 Returns findings with a last seen time newer than the
                 specified unix timestamp.
+            ipv4_addresses (list[str], optional):
+                Returns Compliance findings found for the provided list of ipv4 addresses.
+            ipv6_addresses (list[str], optional):
+                Returns Compliance findings found for the provided list of ipv6 addresses.
+            plugin_name (list[str], optional):
+                Returns Compliance findings for the specified list of plugin names.
+            plugin_id (list[int], optional):
+                Returns Compliance findings for the specified list of plugin IDs.
+            asset_tags (list[str], optional):
+                Returns Compliance findings for the specified list of asset tags.
+            audit_name (str, optional):
+                Restricts compliance findings to those associated with the specified audit.
+            audit_file_name (str, optional):
+                Restricts compliance findings to those associated with the specified audit file name.
+            compliance_results (list[str], optional):
+                Restricts compliance findings to those associated with the specified list of compliance results,
+                such as PASSED, FAILED, SKIPPED, ERROR, UNKNOWN etc.
+            last_observed (int,optional):
+                Restricts compliance findings to those that were last observed on or after the specified unix timestamp.
+            indexed_at (int, optional):
+                Restricts compliance findings to those that were updated or indexed into Tenable Vulnerability Management
+                 on or after the specified unix timestamp.
+            since (int, optional):
+                Same as indexed_at. Restricts compliance findings to those that were updated or indexed into Tenable
+                Vulnerability Management on or after the specified unix timestamp.
+            state (list[str], optional):
+                Restricts compliance findings to those associated with the provided list of states, such as open, reopened and fixed.
             num_findings (int):
                 The number of findings to return per chunk of data.  If left
                 unspecified, the default is ``5000``.

tenable/io/exports/schema.py

@@ -115,6 +115,18 @@ class ComplianceExportSchema(Schema):
     # Temporal fields
     first_seen = fields.Int()
     last_seen = fields.Int()
+    ipv4_addresses = fields.List(fields.Str())
+    ipv6_addresses = fields.List(fields.Str())
+    plugin_name = fields.List(fields.Str())
+    plugin_id = fields.List(fields.Int())
+    asset_tags = fields.List(fields.Str())
+    audit_name = fields.Str()
+    audit_file_name = fields.Str()
+    compliance_results = fields.List(fields.Str())
+    last_observed = fields.Int()
+    indexed_at = fields.Int()
+    since = fields.Int()
+    state = fields.List(fields.Str())
 
     # Other params
     asset = fields.List(fields.UUID())

tenable/version.py

@@ -1,2 +1,2 @@
-version = '1.4.20'
+version = '1.4.21'
 version_info = tuple(int(d) for d in version.split("-")[0].split("."))

tests/io/exports/test_schema.py

@@ -84,6 +84,33 @@ def compliance_export():
     }
 
 
+@pytest.fixture
+def compliance_export_phase_1_schema():
+    """
+    Example compliance export request with phase 1 filters
+    """
+    return {
+        'first_seen': 1635798607,
+        'last_seen': 1635798607,
+        'asset': ['f634d639-cc33-4149-a683-5ad6b8f29d9c',
+                  uuid.UUID('c62f8737-8623-45a3-bdcb-560daacb21f1'),
+                  ],
+        'num_findings': 1000,
+        'ipv4_addresses': ['192.168.0.1'],
+        'ipv6_addresses': ['2001:0db8:85a3:0000:0000:8a2e:0370:7334'],
+        'plugin_name': ['Debian dla-3719 : php-seclib - security update', 'Debian dsa-5607 : chromium - security update'],
+        'plugin_id': [189491, 189490],
+        'asset_tags': ['tag-a', 'tag-b'],
+        'audit_name': 'my-audit-name',
+        'audit_file_name': 'my-audit-file-name',
+        'compliance_results': ['PASSED'],
+        'last_observed': 1635798607,
+        'indexed_at': 1635798607,
+        'since': 1635798607,
+        'state': ['Active']
+    }
+
+
 @pytest.fixture
 def vuln_export():
     '''
@@ -244,3 +271,13 @@ def test_asset_export_schema_without_open_ports(asset_export_with_out_open_ports
     schema = AssetExportSchema()
     schema_dump = schema.dump(schema.load(asset_export_with_out_open_ports))
     assert "include_open_ports" not in schema_dump
+
+def test_compliance_export_phase_1_filters(compliance_export_phase_1_schema):
+    """
+    Test Compliance Export Phase 1 Filter Schema
+    """
+    schema = ComplianceExportSchema()
+    schema_dump = schema.dump(schema.load(compliance_export_phase_1_schema))
+
+    # checking random element
+    assert schema_dump["filters"]["state"][0] == "Active"