saf
saf copied to clipboard
mitre
Nexus API
Add capability to make use of Nexus API to retrieve HDF content from previous scans maintained in Nexus
- [ ] Familiarization with tenable.sc API specification - what does it provide (capabilities, e.g., endpoints), what are its limitations
- [ ] How do we implement a users specific tenable.sc API solution
- [ ] Develop a strategy for developing and implementing the Nexus API
- Include the API within SAF CLI
- [ ] Scan virtual imagines (3) and send results to InfoSec Nexus - (Get help from Will)
- [ ] Identify minimal endpoint API fields to retrieve from the Nexus scans that satisfy HDF schema
- [ ] Develop the API
- [ ] Add the API capability to SAF CLI
API Capabilities: Tenable.sc REST API allows integration with other standalone or web applications through scripting. All available endpoints are listed on the left menu of guide. can click on each of them for more info on how to query it. (e.g. method, parameters, request response etc.) Check the Best Practices to common tasks using theTenable.sc API. It covers the following workflows:
- Authentication with the API
- Launch a Remediation Scan on Tenable.sc
- Retrieve Vulnerability Data for a Specific Time Range
- Retrieve Asset Data from Tenable.sc
- Add Asset Data to Tenable.sc
Limitation: the guide does NOT GUARANTEE OF FUTURE COMPATIBILITY. Whenever Tenable extends the protocol or implementation, they may not be able to maintain backward compatibility; consequently, some APIs will change in either structure or functionality.
As part of developing the strategy, we need to determine what capabilities (use case, scenarios) we want to provide to our client solution.
