pyTenable
pyTenable copied to clipboard
tenable
Constant 403 GET Error - Not Authorized to Perform Request
I have a small script which I have put together to attempt to test API feature via pyTenable in our environment. Using the API Keys for my acct, all seems well when I try to pull lists and etc. However, for some I keep getting Not Authorized Errors, and my Tenable Admin says I should be fine.
[403: GET] https://cloud.tenable.com/editor/policy/templates body=b'{"error":"You are not authorized to perform this request"}'
Here is a sample of my code (API Keys and other sensitive data removed):
# Initial test for pyTenable to scan devices using the API functionality
# Test is to achieve "On Demand Network Scan" where groups of devices may not belong to the same domain
# I want to perform Authenticated / Managed Scans against groups of device IPs
# Import Tenable.io class module:
from tenable.io import TenableIO
# Leverage API feature using my API keys:
access_key = 'SomeAccessKey'
secret_key = 'SomeSecretKey'
# Define the group of devices as an array:
target_nodes = ['10.10.10.10']
# Define a Template and name for the scan
template_UUID = 'SomeTemplateID'
scan_name = 'MyScan_PyTenable_Test'
# Referencing various Managed Creds to use for various devices in dissimilar domains:
managed_credentials = [
{'name': 'Manaaged Cred 1', 'id': 'UUID_1'},
{'name': 'Manaaged Cred 2', 'id': 'UUID_2'},
{'name': 'Manaaged Cred 3', 'id': 'UUID_3'}
]
# Attempt to Authent w/ Tenable.io
tio = TenableIO(access_key, secret_key)
# Create new scan template instance:
scan = tio.scans.create(name=scan_name, targets=','.join(target_nodes))
# Setup the scanning template form
scan.template = True
# Update scan w/ the template name:
scan.update(template_UUID=template_UUID)
# Loop over target nodes and the Managed Creds:
for i, device in enumerate(target_nodes):
credential = managed_credentials[i % len(managed_credentials)]
scan.configure(device=device, credential=[{'id': credential['id'], 'name': credential['name']}])
# Initiate the scan.
scan.launch()
I hope this makes sense. Moreover, even trying a basic unauthenticated scan via the API... I get the same darn error:
from [tenable.io](https://tenable.io/) import TenableIO
# Leverage API feature using my API keys:
access_key = 'SomeAccessKey'
secret_key = 'SomeSecretKey'
tio = TenableIO(access_key, secret_key)
scan = tio.scans.create(
name='MyTestPythonAPIScan',
targets=['10.10.10.10']
)
tio.scans.launch(1)
Lastly, trying to access this: https://cloud.tenable.com/editor/policy/templates, returns the following:
{"statusCode":401,"error":"Unauthorized","message":"Missing authentication"}
Any ideas on what I am doing wrong, or is it something to do with permissions? I believe somehow, my acct doesn't have sufficient permissions in our Org for me to use the API functionality. Would really appreciate the guidance.
