Tenable.io Vulnerability import for specific Asset Tag is failed

Liju John
Tera Expert

I was trying to use an asset tag in the filter query for bringing the vulnerabilities to service-now. I have used the following code in TenableIOVulnerabilitiesIntegration script include for the import.

body.filters = {};
body.filters.severity = severity;
body.filters.plugin_id = [172034];
//Category=Hadoop AssetTag=HADOOP-ALL
body.filters.tag.Hadoop = ["HADOOP-ALL"];
body.filters.indexed_at = this.runParams.startDate;
Failed Message : Attempting retry with process. TypeError: Cannot set property "Hadoop" of undefined to "HADOOP-ALL". Encountered process error running the integration.
 
But it works fine from my REST API client.
 
 curl --location 'https://cloud.tenable.com/vulns/export' \
--header 'X-ApiKeys: accessKey=xxxxx;secretKey=xxxxx' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'Cookie: nginx-cloud-site-id=us08' \
--data '
{
"filters": {
               "tag.Hadoop": ["HADOOP-ALL"],
               "state": ["OPEN","REOPENED"],
               "severity": ["critical"],
               "plugin_id": [164630]
},
"num_assets": 1,
"include_unlicensed": false
}
'
2 ACCEPTED SOLUTIONS

Liju John
Tera Expert

I had to use the script like this for  /* "filters": { "tag.Hadoop": ["HADOOP-ALL"] }; */

body.filters["tag.Hadoop"]=["HADOOP-ALL"];
LijuJohn_0-1700158107907.png

 

 

View solution in original post

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey Liju,

Interesting use-case...

You might want to check out this Docs page here, it appears like the JSON filter can be specified / overridden directly on the REST Message, such that you may not even need to modify or customize the Script Include.

 

Hat tip to @chandranp  and @Mark Geter for sharing this tidbit...

Check this out:

https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

 

View solution in original post

5 REPLIES 5

Gurpreet07
Mega Sage

The attribute tag.Hadoop is ambiguous . It will work if the JSON is in below format

 

"filters": {
               "tag":{

                             "Hadoop": ["HADOOP-ALL"]

                          },
               "state": ["OPEN","REOPENED"],
               "severity": ["critical"],
               "plugin_id": [164630]
},

 

OR in rename the tag and replace the decimal with a   -     and then use  body.filters.tag-Hadoop = ["HADOOP-ALL"];  in the script

"filters": {  
               "tag-Hadoop": ["HADOOP-ALL"],
               "state": ["OPEN","REOPENED"],
               "severity": ["critical"],
               "plugin_id": [164630]
},

Liju John
Tera Expert

I had to use the script like this for  /* "filters": { "tag.Hadoop": ["HADOOP-ALL"] }; */

body.filters["tag.Hadoop"]=["HADOOP-ALL"];
LijuJohn_0-1700158107907.png

 

 

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey Liju,

Interesting use-case...

You might want to check out this Docs page here, it appears like the JSON filter can be specified / overridden directly on the REST Message, such that you may not even need to modify or customize the Script Include.

 

Hat tip to @chandranp  and @Mark Geter for sharing this tidbit...

Check this out:

https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/...

 

Thanks Andy!! That works!!