compliance export phase 1 filters

tenable · Jan 25, 2024 · abf21c1 · abf21c1
1 parent 285b184
commit abf21c1
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 0 deletions.
diff --git a/tenable/io/exports/api.py b/tenable/io/exports/api.py
@@ -339,6 +339,34 @@ def compliance(self, **kwargs) -> Union[ExportsIterator, UUID]:
             last_seen (int, optional):
                 Returns findings with a last seen time newer than the
                 specified unix timestamp.
+            ipv4_addresses (list[str], optional):
+                Returns Compliance findings found for the provided list of ipv4 addresses.
+            ipv6_addresses (list[str], optional):
+                Returns Compliance findings found for the provided list of ipv6 addresses.
+            plugin_name (list[str], optional):
+                Returns Compliance findings for the specified list of plugin names.
+            plugin_id (list[int], optional):
+                Returns Compliance findings for the specified list of plugin IDs.
+            asset_tags (list[str], optional):
+                Returns Compliance findings for the specified list of asset tags.
+            audit_name (str, optional):
+                Restricts compliance findings to those associated with the specified audit.
+            audit_file_name (str, optional):
+                Restricts compliance findings to those associated with the specified audit file name.
+            compliance_results (list[str], optional):
+                Restricts compliance findings to those associated with the specified list of compliance results,
+                such as PASSED, FAILED, SKIPPED, ERROR, UNKNOWN etc.
+            last_observed (int,optional):
+                Restricts compliance findings to those that were last observed on or after the specified unix timestamp.
+            indexed_at (int, optional):
+                Restricts compliance findings to those that were updated or indexed into Tenable Vulnerability Management
+                 on or after the specified unix timestamp.
+            since (int, optional):
+                Same as indexed_at. Restricts compliance findings to those that were updated or indexed into Tenable
+                Vulnerability Management on or after the specified unix timestamp.
+            state (list[str], optional):
+                Restricts compliance findings to those associated with the provided list of states, such as Active,
+                Fixed, New and Resurfaced
             num_findings (int):
                 The number of findings to return per chunk of data.  If left
                 unspecified, the default is ``5000``.

diff --git a/tenable/io/exports/schema.py b/tenable/io/exports/schema.py
@@ -115,6 +115,18 @@ class ComplianceExportSchema(Schema):
     # Temporal fields
     first_seen = fields.Int()
     last_seen = fields.Int()
+    ipv4_addresses = fields.List(fields.Str())
+    ipv6_addresses = fields.List(fields.Str())
+    plugin_name = fields.List(fields.Str())
+    plugin_id = fields.List(fields.Int())
+    asset_tags = fields.List(fields.Str())
+    audit_name = fields.Str()
+    audit_file_name = fields.Str()
+    compliance_results = fields.List(fields.Str())
+    last_observed = fields.Int()
+    indexed_at = fields.Int()
+    since = fields.Int()
+    state = fields.List(fields.Str())
 
     # Other params
     asset = fields.List(fields.UUID())

diff --git a/tests/io/exports/test_schema.py b/tests/io/exports/test_schema.py
@@ -84,6 +84,33 @@ def compliance_export():
     }
 
 
+@pytest.fixture
+def compliance_export_phase_1_schema():
+    """
+    Example compliance export request with phase 1 filters
+    """
+    return {
+        'first_seen': 1635798607,
+        'last_seen': 1635798607,
+        'asset': ['f634d639-cc33-4149-a683-5ad6b8f29d9c',
+                  uuid.UUID('c62f8737-8623-45a3-bdcb-560daacb21f1'),
+                  ],
+        'num_findings': 1000,
+        'ipv4_addresses': ['192.168.0.1'],
+        'ipv6_addresses': ['2001:0db8:85a3:0000:0000:8a2e:0370:7334'],
+        'plugin_name': ['Debian dla-3719 : php-seclib - security update', 'Debian dsa-5607 : chromium - security update'],
+        'plugin_id': [189491, 189490],
+        'asset_tags': ['tag-a', 'tag-b'],
+        'audit_name': 'my-audit-name',
+        'audit_file_name': 'my-audit-file-name',
+        'compliance_results': ['PASSED'],
+        'last_observed': 1635798607,
+        'indexed_at': 1635798607,
+        'since': 1635798607,
+        'state': ['Active']
+    }
+
+
 @pytest.fixture
 def vuln_export():
     '''
@@ -244,3 +271,13 @@ def test_asset_export_schema_without_open_ports(asset_export_with_out_open_ports
     schema = AssetExportSchema()
     schema_dump = schema.dump(schema.load(asset_export_with_out_open_ports))
     assert "include_open_ports" not in schema_dump
+
+def test_compliance_export_phase_1_filters(compliance_export_phase_1_schema):
+    """
+    Test Compliance Export Phase 1 Filter Schema
+    """
+    schema = ComplianceExportSchema()
+    schema_dump = schema.dump(schema.load(compliance_export_phase_1_schema))
+
+    # checking random element
+    assert schema_dump["filters"]["state"][0] == "Active"