Tenable.io Vulnerability import for specific Asset Tag is failed

Liju John · ‎11-15-2023

I was trying to use an asset tag in the filter query for bringing the vulnerabilities to service-now. I have used the following code in TenableIOVulnerabilitiesIntegration script include for the import.

body.filters = {};

body.filters.severity = severity;

body.filters.plugin_id = [172034];

//Category=Hadoop AssetTag=HADOOP-ALL

body.filters.tag.Hadoop = ["HADOOP-ALL"];

body.filters.indexed_at = this.runParams.startDate;

Failed Message : Attempting retry with process. TypeError: Cannot set property "Hadoop" of undefined to "HADOOP-ALL". Encountered process error running the integration.

But it works fine from my REST API client.

https://developer.tenable.com/reference/exports-vulns-request-export

https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

curl --location 'https://cloud.tenable.com/vulns/export' \
--header 'X-ApiKeys: accessKey=xxxxx;secretKey=xxxxx' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'Cookie: nginx-cloud-site-id=us08' \
--data '
{
"filters": {
"tag.Hadoop": ["HADOOP-ALL"],
"state": ["OPEN","REOPENED"],
"severity": ["critical"],
"plugin_id": [164630]
},
"num_assets": 1,
"include_unlicensed": false
}
'

Liju John · ‎11-16-2023

I had to use the script like this for /* "filters": { "tag.Hadoop": ["HADOOP-ALL"] }; */

body.filters["tag.Hadoop"]=["HADOOP-ALL"];

View solution in original post

andy_ojha · ‎11-16-2023

Hey Liju,

Interesting use-case...

You might want to check out this Docs page here, it appears like the JSON filter can be specified / overridden directly on the REST Message, such that you may not even need to modify or customize the Script Include.

Hat tip to @chandranp and @Mark Geter for sharing this tidbit...

Check this out:

- https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

View solution in original post

Gurpreet07 · ‎11-15-2023

The attribute tag.Hadoop is ambiguous . It will work if the JSON is in below format

"filters": {
"tag":{

"Hadoop": ["HADOOP-ALL"]

},
"state": ["OPEN","REOPENED"],
"severity": ["critical"],
"plugin_id": [164630]
},

OR in rename the tag and replace the decimal with a - and then use body.filters.tag-Hadoop = ["HADOOP-ALL"]; in the script

"filters": {
"tag-Hadoop": ["HADOOP-ALL"],
"state": ["OPEN","REOPENED"],
"severity": ["critical"],
"plugin_id": [164630]
},

Liju John · ‎11-16-2023

I had to use the script like this for /* "filters": { "tag.Hadoop": ["HADOOP-ALL"] }; */

body.filters["tag.Hadoop"]=["HADOOP-ALL"];

andy_ojha · ‎11-16-2023

Hey Liju,

Interesting use-case...

You might want to check out this Docs page here, it appears like the JSON filter can be specified / overridden directly on the REST Message, such that you may not even need to modify or customize the Script Include.

Hat tip to @chandranp and @Mark Geter for sharing this tidbit...

Check this out:

- https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

Liju John · ‎11-16-2023

Thanks Andy!! That works!!