All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Tenable.sc plugin listing now supports the
filters
parameter #718 - Tenable.sc report definition launching capability #656
- Tenable.io (TVM) WAS Export support #850
- Tenable.sc HostUUID support for accept & recast risks #843
- Moved cryptography to be an optional package only for the pkcs12 extra
- Corrected the pyproject.toml config for the readme
- Linted CHANGELOG.md
- Fixed missing variable passing within graphql queries #839
- Updated the GQL Queries for Cloud Security #840
- Updated pipeline w/ pre-commit checks
- Updated default ovject params for Security Center #714
- Agents List throws an exception when no agents are available #687
- Updated Security Center users endpoints with user migration upon delete #541
- Adding support for GET /api/v1/vectors endpoint by @naumraviz in #818 #819 #822
- Adding support for GET /api/v1/vectors endpoint - run_ai_summarization param by @naumraviz in #829
- Support for Export phase 2 Filters and Endpoints by @aseemsavio in #826
- Simple shim for support importing as TVM as well as TIO. by @SteveMcGrath in #821
- Feature/gql support by @SteveMcGrath in #832
- Agent export csv writer by @JosephPerri in #830
- Initial ASM support & Tests by @SteveMcGrath in #835
- Improved Export Iterator logging. by @SteveMcGrath in #820
- Updated tooling and GH Actions by @SteveMcGrath in #833
- Updated Analysis iterator to improve record keeping. by @SteveMcGrath in #834
- Fixed cert auth issues by @SteveMcGrath in #836
- Corrected last_modified issue #810 by @SteveMcGrath in #837
- Merged in all of the remaining Tenable Identity Exposure API modules #466 #468 #484 #487 #496 #497 #498 #499 #500 #501 #503 #505 #507 #509 #510 #511 #516 #517 #519 #522 #525 #526 #527 #528 #529 #531 #537 #538
- Added support for Python 3.12 to testing framework #773
- Refactored Audit Log module to support pagination updates #772
- Added Job Adoption support to Export sub-pkg #779
- Added Access control to main IO package
- Corrected issue with TSC Files module #771
- Pulled v3 Explore sub-pkgs as the API has been deprecated for some time.
- Added deprecation notice to v3 base sub-pkg. Only applies to access control.
- Added deprecation notice to Target Groups module (Deprecated APIs)
- Added deprecation notice to Workbenches module (Soon to be Deprecated APIs)
- Added deprecation notice to Access Groups module (Deprecated APIs)
- Support for New ACR APIs (#654)
- Added Implicit WAS exclude for Tenable Security Center (#763)
- Support for
currentPassword
field in SC Users API.
- Support for new Compliance Export Enhancement fields in Vulnerability Management.
- Support for
currentPassword
field in SC Users API.
- Bug that causes pyTenable to error out when
srcInterface
ordstInterface
values inevents
object in OT is non-null.
- Support for
inactivity_timeout
during a Security Center scan creation. - Loosened up validations on the preference object in Security Center policies API.
- Support for
file_type
property inupload
method in Vulnerability Management Credentials API.
- Vulnerability
CVE-2023-38325
by upgrading the test dependencyrequests-pkcs12
.
- Support for
include_open_ports
property in Vulnerability Management asset export request.
- Pagination bug in the Tenable OT Security Exports - Plugin Query.
- New Tenable OT Security Exports package #742
- Support for
source
andseverity_modification_type
filters to Vulnerability Management vulnerability export. - Support for filtering out hidden assets from Operational technology asset
list
method by default. - Product Rebranding in the SDK documentation.
- Support for V3 Vulnerability Management API methods.
- Support for exporting Web App Scan Results.
- Support for Python 3.11
tsc.analysis.scan(1)
not honoring Scan ID with Tenable.sc 6.0.0.- pyTenable crashes when pagination key with a null value is in the HTTP response in Tenable.io v3 APIs.
- Support for Scan UUID (
last_scan_id
) filter for assets exports.
- Support for
scan_uuid
filter for vulnerability exports.
- Bug in
tenable/io/scanners.py
that invoked the/settings/{}
endpoint instead of the correct/scanners/{}
endpoint. - Error in the documentation of the
sc.scans.edit()
method. The property -policy
was renamed topolicy_id
. - tests module getting into the pypi package. Now, the module will no longer be part of pypi package.
plugin_id
param from thesc.scans.create()
method as it is no longer supported by Tenable.sc.- Python 3.6 references from all documentation.
search_host_audit()
method fromio/v3/explore/findings
.
- Support for initiating exports (and getting the export UUID).
- Support for Tenable.ot plugins, events, more support for asset details.
- Bug in
tio.scans.results()
fixed to passhistory_id
andhistory_uuid
.
- Refactored Tenable.ot session client.
- Support for Python Version 3.6.
- Support for Role Based Access Control endpoints.
- Support for specifying Agent UUIDs instead of numeric IDs for bulk group addition.
- Added support for querying v3 Findings for Hosts, Cloud Resources, Web Applications and Host Audits modules. #592 #595
- Added support for querying v3 Assets data for Hosts, Cloud Resources, and Web Applications modules. #592 #594
- Fixed Tenable.io - Tags example #590
- Fixed Nessus import issue #589
- Initial support for Nessus #556
- Wheels published to PyPi #536
- Python 3.10 support #540
- Corrected broken security step in pipeline #563
- Export param regression with plugin family #555
- NessusReportv2 doesnt handle Nonetype in cvss scoring #552
- Initial support for additional Tenable.ad APIs
- Upgraded restfly to 1.4.5
- Issue with Content-Type errors around case sensitivity #520
- Initial support for Tenable.ad #487 #484 #468 #466
- Fixed PR pipeline issue #490
- typing-extension requirement fixed #489
- Added required init files #491
- deprecated use of "default" in marshmallow schemas #493
- TenableSC version checking refactored to handle an APIError on the response when unauthenticated. (breaking issue for 5.20.0) #475
- GraphQL support for TenableOT #461
- hard_delete param #465
- Updated Github Actions to add style checking and security checking
- Refactored the API Docsite to be easier to navigate, read, and link. #460 #464
- Rebased low-level connection logic to use RESTfly instead. (v2 work) #457
- Refactored Container Security Package to be within the IO package and recoded to properly follow the API docs. #459 #474
- Refactored Exports API code to follow v2 standard #463
- OrgID should be optional for repositories #444
- Added Python 3.9 in the pypi changes #380 #376
- Added pylint to JenkinsFile #378
- code owners file is added #366
- Added export compliance API in IO package #358
- Added for the session object,in logout ,session close in tenable.sc and Added 'UnknownError' and 'RetryError' (PR #386,PR #363 closed) added that changes in PR #387
- Deprecation warning for io session API #391
- For attribute plugin_version in plugin_detail #389
- Reverse of Appsdir dependencies PR #382
- Requirements patch 1.3.2 for library appdir #379
- had added the fix for the issue #236 and fix done for credentials safe in PR #388
- Bugfix asset details PR #384
- Fixed pylint issues in tenable.sc PR #381
- Fixed self log in tenable.io, base, cs, downloads, dl, ot, reports #353 #370,#371
- Fixed Remediation and Compliance doc #365
- Fixed Remediation scan with selected plugins only #362
- Fixed github issue 321 update_assets_ttl_days #360
- Fixed github issue 304 tags.create() function #357
- Fixed github issue 298 io_exception_handling #354
- Fixed the documentation issue in exclusions #352
- Fixed the import os problem of PR 299 #351
- Fixed invalid creation date in row num #341
- add tio.remediationscans endpoints #339
- added stream_hook param to tio.scans.export endpoint #332
- fix all_permisisons var in tio.tags to have correct values #340
- fix tests and test coverage #336, #328, #344, #338
- fix links and typos in documentation #335, #323
- update semver version #334
- fixed endpoints in sc.organizations #330, #331
- missing import in ContainerSecurity class #299
- PyLint and Codacy checks as part of PyTenable test suite / pipeline #316
- move assets endpoint in tio.assets.move_assets #312
- access group v2 endpoints added in tio.access_groups_v2 #308
- add support for "schedule_scan" in tio.scans endpoints #288
- add list_routes and edit_routes in tio.scanner_groups #290
- add exclusions_import in tio.exclusions #293
- add list_auths and edit_auths in tio.users #296
- add check_auto_targets in tio.scans #301
- add bulk_delete in tio.assets #302
- add network_asset_count in tio.networks #303
- tags.create and tags.edit now have access_control and filter #309
- updated tio.exclusions.edit arguments #282
- added sort arg in tio.scans.history, fixed sort in tio.tags #283
- added network_id arg to tio.exclusions create/edit #284
- support bulk delete in tio.tags.delete #295
- many errors and warnings across the code base #320, #317, #314, #313, #281
- tio.agent_config.edit now returns payload #287
- error handling in tio.plugins #291
- Centralized the SSL Verification process and support passing the verify param to Python Requests regardless of the of the session setting. This addresses the requests issue identified psf/requests#3829 #265 #166 #139
- Tenable.io policy template details required type #271
- Editing a user would fail if no account name existed #270
- Export iterator could potentially restart #263
- TenableIO.credentials.upload method added #269
- Removed integer checks for tio.editor.obj_details
- Fixed Plugin Family URL for scan policies when using mixed families #255
timeout
andwhen_done
are now documented and supported for both vuln and asset exports.
- Updated docs to replace "category_name" with "name" in the example in tagging. #241
- Updated export None checking added in 1.2.3 to check for None correctly #248
- Updated filter schema to always return the rule.
- Incorrect endpoint used for sc.organizations.recast_risk_rules #256
- Added pagination support in tio.agent_groups_details #251
- Added "linked" to accepted account types #257
- Tenable.ot base version is now 3.7
- TenableOT object now uses
secret_key
overapi_token
. - Updated VulnInternmixer iterator in Tenable.ot to support new format.
This version was pulled due to a dirty build environment. All 1.2.4 notes are in 1.2.5
- Corrected documentation issue #239
- Corrected behavior in tio.exports.ExportsIterator now that the API has changed
- Reverted Tenable.sc credential issue #210 as the docs are incorrect.
- Fixed documentation issues #228 #225 #233 #229
- Fixed regex escaping in test suite #230
- Removed ipaddress requirement as it's part of the standard library #226
- Embedded new base classes leveraging RESTfly for connection logic instead of the custom-coded ones.
- Added base schema for filtering using marshmallow.
- Added Tenable.ot support using new base class.
- Refactored the Downloads class to use the new RESTfly-based classes.
- New unit tests will now start to use responses over pytest-vcr when possible.
- tenable.downloads.Downloads now will warn about deprecation.
- history_uuid is now a field that can be used in TenableIO.scans
- Relaxed type checking for scan_id in TenableIO.scans
- TenableSC.FeedsAPI.process pointed to the wrong URL. #201
- TenableIO.ScansAPI didn't distinctly call out that unknown keyword args are shunted to settings #202
- Explicitly called out the common themes section of the documentation for TenableSC #200
- Adjusted case sensitivity guidelines for plugin_family in TenableIO.exports.vulns #199
- Added assign tags method to TenableIO.assets package #194
- Errant id check in audit file template list #195
- BytesIO import didn't exist in TenableSC.audit_files package #197
- Response timeout settings exposed and defaults set. #192 #193
- Improved handling of export chunks.
- Added Error handling of JSON decode errors
- Added retry logic of chunks that appear to be broken (networking issue?)
- Added automatic retiring and re-fetch to ignore empty chunks of data.
- Retry documentation wasn't correct, adjusted the default values as necessary.
- TenableSC.queries.create() did not pass filters to the constructor #191
- TenableIO.tags.list_categories() was pointing to values instead of categories #186
- TenableSC instantiation does not support base path customization #187
- Documentation Examples for TenableSC.feeds use feed instead of feeds #178
- Documentation Examples for TenableSC.files used feed instead of files. #179
- TenableSC.credentials used the incorrect parameter for oracleAuthType. #180
- TenableSC.AssetListAPI constructor improperly referred to fobj instead of kw['fobj'] #177
- TenableSC.ScannerAPI.edit improperly attempted to merge the scanner details into the PATCH call #176
- Increased default chunk sizing for TenableIO.exports.assets to 1000
- Increased default num_assets chunk sizing for TenableIO.exports.vulns to 500
- Increased default page sizing for TenableSC.analysis calls to 1000
- Improved debug logs for all API calls. Debug logs now effectively log before, during, and after.
- Improved debug log format. Pre-Request logs now output a standard JSON format.
- Will now attempt to retry on lower-level ConnectionErrors.
- ExportIterator will now backoff on status calls up to 30 seconds between calls.
- Exporting WAS scans nor functions as intended. #175
- TenableIO.TagAPI filter check erroneously used self.check instead of self._check
- API Key support for TenableSC as Tenable.sc version 5.13 introduced key support.
- TenableSC now supports context management for authentication. (with TenableSC...)
- Dyanamic tag filter field support for TenableIO.tags create and edit methods. #174
- TenableSC.login user && passwd parameters now called username && password
- Upped Revision on 0.3.29
- Testing in travis for Python 3.7 and 3.8
- New UA String code was failing on windows hosts as os.uname isn't x-platform #164
- Implicit "all" hostType was not set when creating an accepted risk. #162
- Converted to new UA String format in an effort to normalize UA strings.
- Query filters can now be overloadable and removable for TenableSC.analysis
- Documentation was incorrectly calling the wrong method #156
- Incorrect timezone documentation for SC #145
- repeatRule parameter for schedules was incorrectly documented as rrule #144
- host_tracking for scans constructor was documented, however unimplemented #152
- Unable to set the max scan time to unlimited #149
- Failed to add necessary requirement for the "ipaddress" python package.
- Added the Tenable.io ScansAPI.history endpoint #141
- Added the ability for Tenable.io's PolicyAPI.list() iterator to graft on plugin family details.
- Spelling type in Tenable.sc ScansAPI.launch when generating diagnostic passwords #142
- Incorrect policy UUID passed to scans created in Tenable.io w/ an existing policy. #143
- Switched the Nessusv2 file parser to diffusedxml per recommendation with bandit
- TenableSC SSL verification flags were not set in the session builder, which meant that login was a one-time event. #139
- Improved documentation for creating scans to include credentials
- Tenable.io Access Group API Added and Tested #98
- Tenable.io Networks API Added and Tested #129
- Tenable.io Managed Credentials API Added and Tested #130
- tio.policies.template_details wasn't correctly constructing the document from the editor API #136
- tio.agent_groups.list was missing from the documentation
- Tenable.sc Asset List API Added and Tested #13
- Export wait logic is now centralized. Both scan export and workbench export now use this new method.
- Multiple chapters should be merged with ; and not , in Workbenches exports
- Chapter "vuln_by_asset" was missing from the choices for workbench export #127
- Docstrings incorrectly state that chapters are only necessary for PDF and HTML #127
- Scan types weren't being set when passing the subordinate attribute #128
- Tenable.io scans.export now supports explicitly defining the filters attribute as well as the implicit argument list #124
- Doc examples for TenableSC credentials.create were incorrect. #122
- SC API Reference incorrectly stated authType of "publickey" instead of "publicKey". #122
- SC Analysis Query Expander wasn't expanding numerid ids https://community.tenable.com/s/question/0D7f2000005b5OX/filter-on-asset-via-api-call-to-analysis-resource-using-pytenable
- SC Credential privilegeEscalation attr pre-fill wasn't restricted to just specific types #126
- SC Users docs weren't linked into the documentation.
- Added support for the new plugins list endpoint.
- Support for extensible retry logic using the retry_on param.
- Tested out CSv2 API endpoints #8 #9
- Homogenized the docstrings for TenableSC #115
- Updated docs in tio.scans.create to denote that the name is required. #118
- Streaming responses in TenableSC weren't working as expected #114
- Files weren't uploading properly in TenableSC Credentials endpoints #122
- User permissions parameter type #121
- Typo in docs #120
- Scanner listing when WAS wasn't enabled caused an error #117
- All Tenable.io API doc links have been re-pointed to the new developer portal. #111
- tio.editor.edit has been renamed to tio.editor.template_details as it was misnamed.
- tio.editor.list has been renamed to tio.editor.template_list to more accurately describe it's function.
- Added the asset delete method to the workbenches TenableIO module #110
- Added and tested out the TenableSC plugin family additions to the plugins module #78
- Added and tested out the TenableSC OrganizationAPI module #77
- Added and tested out the TenableSC QueryAPI module #79
- Various documentation issues reported by sphinx addressed
- TenableSC.scan_instances.list can now support non-standard timeframes #108
- Added and tested out support for TenableSC Credentials #76
- Analysis filters now allow for collapsing lists if id dicts into lists of
integer ids. e.g.
('name', '=', [{'id': 1}])
is now('name', '=', [1])
- Added and tested out support for TenableSC AuditFileAPI #75
- Tenable.io Exports iterator now has uuid, chunk_id, chunks, and processed publicly exposed.
- Addressed issue where UnexpectedValueError was sometimes raised when specifying a scanner by name in tio.scans._create_scan_document.
- Added and tested out support for TenableSC UserAPI #24
- Added and tested out support for TenableSC GroupAPI #24
- Added and tested TenableIO.agent_groups.list() #105
- Tenable.sc Schedule document validation extended to support
now
for scans #102
- Added and tested out support for TenableSC RoleAPI #24
- Retries would throw an error as they weren't floats.
- Exports would erroneously set an option if set to none.
- The scan history test cassette was modified to match the new call.
- Corrected Doc Issue where the downloads API was incorrectly referencing sc.alerts
- Fixed issue with scan history deletion where the path was incorrect #101
- Tested out TenableSC StatusAPI #22
- Tested out TenableSC SystemAPI #22
- Tested out TenableSC ScanZoneAPI #21
- Tested out TenableSC ScannerAPI #21
- Tested out Downloads API
- RetryError no longer itself throws an error due to logging.
- Fixed type mismatch bug in IO workbench filters #97
- Corrected issue with ScanZone updates using the wrong HTTP method #95
- Corrected doc issue with ScanResultAPI.export not referring to the fact that the exported scan is zipped.
- Corrected the raw HTTP method docs
- Added view parameter for TenableSC.analysis.scan #73
- Added accept_risks module #18 (untested)
- Added system module and converted the TenableSC module to use it over a raw call #22
- Added status module #22 (untested)
- Fixed issue with TenableSC.analysis.scan not properly passing a view. #73
- Added proxy support for the IO, SC, etc. #72
- Fixed issue where supplied sessions weren't being properly passed to _build_session.
- Added example for Workbench CSV Downloads for IO
- Added support for multi-value filters in IO.
- Added Request-UUID logging for all responses when available.
- Added TenableSC scan_instances endpoints and associated tests #19.
- Added TenableSC scan policies endpoints and associated tests #20.
- TenableIO can now pull API keys directly from environment variables as well.
- Added doc page detailing how to run the tests.
- Added TenableSC repositories endpoint and associated tests #17
- Exports methods in TenableIO now respect 0 integers being passed #69.
- Errored scan exports in TenableIO will no longer wait forever.
- Scan Exports using multiple chapters now works as expected #71 #70
- schedule_* parameters in scans have been removed in favor of direct checking and documentation of the schedule dictionary. This has larger implications down the line with repositories, alerts, etc.
- Added the
aggregate
parameter for scan import. - Added Changelog and backfilled changes from 0.1.0 to current
- Added testing for user outputs #26
- Added testing for scanner outputs #30
- Added testing for permissions #34
- Added testing for groups #35
- Adjusted the doc format to no longer pin the sidebar #61
- Added redaction to sensitive pathways #66
- Added tagging support #44
- Tenable.sc files module was incorrectly pointing to self.post instead of self._api.post
- Launching a scan with alt_targets sends an array instead of a string #64
- Tenable.sc Analysis will now handle Query IDs #63
- Agent-Delete within Tenable.io Was using the wrong Endpoint #59
- Refactored TIOIterator to use less code when subclassing.
- Documented iterators and other common models.
- Added TioExportsError to handle status error
- Tagging support for asset export
- Added scans.status in Tenable.sc
- Added scans module for Tenable.sc
- Added logging support for the whole of pyTenable
- Corrected pathway to acceptRiskRule for Tenable.sc package
- Scans.update renamed to Scans.edit in Tenable.io
- analysis_type from being sent to the API
- Tenable.sc login testing
- Tenable.sc Analysis testing #10
- Fixed iterator looping issue
- Travis now runs all tests
- Converted pytest to use conftest standard
- Improved VCRpy testing
- Container Security v1 tests (not VCRed)
- Fixed iterator first page problem
- Adjusted Tenable.sc model constructors to all behave the same uniform way
- Added tagging support for vulnerability export
- Added VCRpy to all unit tests
- Added accept_risks Model to TenableSC
- Moved get_status checking for iterators to conform to DRY
- lxml is now an optional dependency
- Added scan_instances to TenableSC
- tio.scanners.linking_key is now a method instead fo a property
- Removed a lot of stubbed models that haven't been worked on yet
- Documentation refactored
- Mocked up some of the libraries for improved testing
- Fixed typo bug in sc.scans
- Documented asset_activity to TenableIO
- Re-pointed all SecurityCenter references to TenableSC instead
- Refactored schedule sub-document creation into a separate constructor for re-use
- Documentation improvements
- Added unit tests for Inputs & Outputs for IO Scanner Groups
- Added unit tests for Inputs & Outputs for IO Policies
- Added unit tests for Inputs & Outputs for IO Plugins
- Added unit tests for Inputs & Outputs for IO Folders
- Added unit tests for Inputs & Outputs for IO Filters
- Added unit tests for Inputs & Outputs for IO Asset Lists
- Added unit tests for Inputs & Outputs for IO Target Groups
- Added unit tests for Inputs & Outputs for IO Sessions
- Added RetryError
- Inlined all of the Documentation into the code itself
- Documentation refactoring effort for the whole package
- Unit test improvements
- Refactored long-description to better suit PyPI inclusion
- Inlined the Readme
- Added TenableSC Analysis Model
- Added TenableSC Feeds Model
- Added TenableSC Files Model
- Added NessusReportv2 Model
- Refactored the sub-package pathing
- Modified importing to be relative
- Added TenableIO Exports Model
- Added TenableIO Scans Model
- Added
- Fixed Time Conversion Issue #6