Tenable REST connection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2016 08:33 AM
Has anyone tried integrating Service-Now with Tenable Security Center via their REST API? I know that they have a app integration, however that has a requirement to have a license for the security operations module in Service-Now, which is mucho overkill for the simple task integration we're looking to achieve (vulnerabilities get flagged by our system scan, we then create tasks for some people to follow up in Service-Now). If you've done it, any advice on getting the tokin authentication working for REST?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2016 06:51 AM
Any help would be appreciated, it doesn't have to be specific to the tenable connection.
My question moves now to a more REST type of question, and whether it's possible to integrate based on this documentation. The API documentation has the following to say about how the REST API Authenticates:
Authentication
Most SecurityCenter API REST calls require authentication. A successful call to /token POST will return
two comma-delimited tokens and session cookies, the second of which needs to be included with subsequent
requests.
The token should be included as an HTTP header field with name 'X-SecurityCenter' and value of
'<token>' where <token> is the returned value from the /token POST call. A 'Content-Type' header field
should be set to 'application/:' and the cookie should also be set to the second comma-delimited value
(starting with TNS_SESSIONID) returned from /token POST.
/Token Method: POST
Logs the specified User into SecurityCenter and establishes a token for subsequent requests.
Note: Subsequent requests up to and including /token::DELETE should set the token as the value of
the "X-SecurityCenter" HTTP header field
Note: The value for unassociatedCert will be "true" if a certificate is present and not associated with
any user. You may then associate the certificate with the current user.
Request Parameters
{
"username" : <string>,
"password" : <string>
}
Example Response
{
"type" : "regular",
"response" : {
"token" : 123456789,
"unassociatedCert" : "false"
},
"error_code" : 0,
"error_msg" : "",
"warnings" : [],
"timestamp" : 1403115433
}
Should this be connected using an OAuth token? Is connecting to this type of rest api possible in Service-Now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-23-2017 03:10 PM
It is, and I've spent a bunch of time in the past three months using this code in a couple of different capacities.
I'll post some code here later (code is on a different laptop at the moment).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-18-2017 08:32 PM
Hi Jarod,
Were you able find the code? If so, please post.
Thank you,
RV
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2017 09:11 AM
Nessus / Tenable Security Center login (token) and logout code.
For use in your Script Include:
//Constants
tscSync.TSC_SERVER = 'https://your-tsc-server.com/rest';
//Tenable Security Center Common
tscLogin: function(){
try{
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setEndpoint(tscSync.TSC_SERVER+'/token');
restMessage.setHttpMethod("post");
restMessage.setMIDServer(gs.getProperty('nessus.integration.midserver'));
restMessage.setRequestHeader("content-type","application/json");
restMessage.setRequestHeader("accept","application/json");
restMessage.setStringParameter('username', gs.getProperty('nessus.security_center.username'));
restMessage.setStringParameter('password', gs.getProperty('nessus.security_center.password'));
restMessage.setRequestBody("{\"username\" : \"${username}\",\"password\" : \"${password}\"}");
var response = restMessage.execute();
var httpStatus = response.getStatusCode();
var responseBody = response.haveError() ? response.getErrorMessage() : response.getBody();
if (httpStatus == '200'){
gs.include("global.JSON");
//this.debugLog('nessusLogin','Token Body: '+responseBody);
var json = new global.JSON();
var parsed = json.decode(responseBody);
var token = parsed.response.token;
//this.debugLog('nessusLogin','token: '+token);
var myCookies = response.getHeader('Set-Cookie');
var TNS;
var name = "TNS_SESSIONID=";
var ca = myCookies.split(';');
parseInt();
for(var i=0; i<ca.length; i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1);
if (c.indexOf(name) != -1){
TNS = c.substring(name.length,c.length);
}
}
var res = {};
res.tns = TNS;
res.token = token;
var result = new JSON().encode(res); // convert object to JSON string
this.debugLog('tscLogin','Returning this:'+result);
return result;
}else{
this.debugLog('tscLogin','Error:'+responseBody);
return 'Error';
}
}
catch(ex) {
var message = ex.getMessage();
this.debugLog('tscLogin','Error: ' + message);
}
},
tscLogout: function(TNS,token){
try{
this.debugLog('tscLogout','Initiating logout');
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setEndpoint(tscSync.TSC_SERVER+'/token');
restMessage.setHttpMethod('delete');
restMessage.setMIDServer(gs.getProperty('nessus.integration.midserver'));
restMessage.setRequestHeader("content-type","application/json");
restMessage.setRequestHeader("accept","application/json");
restMessage.setRequestHeader("X-SecurityCenter",token);
restMessage.setStringParameter('Cookie',TNS);
restMessage.setRequestHeader("Cookie","TNS_SESSIONID=${Cookie}");
var response = restMessage.execute();
var httpStatus = response.getStatusCode();
var responseBody = response.haveError() ? response.getErrorMessage() : response.getBody();
if (httpStatus == '200'){
this.debugLog('tscLogout','Logout Body: '+responseBody);
}else{
this.debugLog('tscLogout','Logout Error: '+responseBody);
}
}
catch(ex) {
var message = ex.getMessage();
this.debugLog('tscLogout','Error: ' + message);
}
},
