added
Web App Scanning: Get Remediation Scan Configuration
about 1 month ago by Lance Duvall
A new endpoint has been added to the Tenable Web App Scanning API that enables users to generate a scan configuration for a remediation scan. Remediation scans can be used to validate whether remediation actions for a vulnerability has been successful. Note that this endpoint only returns a configuration that can be used to create a remediation scan. You must use the response from this endpoint as the request body for the Create scan config endpoint to create the remediation scan. For more information about remediation scans, see Launch a Remediation Scan in the Tenable Web App user guide.
The new endpoint is described in the following table:
| Endpoint | Name | Description |
|---|---|---|
| GET /api/v3/export/configs/remediation/{vuln_id} | Get remediation scan configuration | Returns a scan configuration for the vulnerability that you want to remediate. |
Example
To generate a remediation scan configuration for a vulnerability with UUID f7c91cfa-b9c4-46eb-bcdc-3defb08e2e4b, you could use the following cURL request:
curl --request GET \
--url https://cloud.tenable.com/api/v3/export/configs/remediation/f7c91cfa-b9c4-46eb-bcdc-3defb08e2e4b \
--header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
--header 'accept: application/json'
The request returns a remediation scan configuration in JSON format:
{
"name": "Remediation scan of plugin 115540",
"targets": [
"http://203.0.113.224:3334/remediation"
],
"owner_id": "a8ba6418-0b8e-44b9-add6-17bf941719a6",
"template_id": "3223f18e-5a94-4e02-b560-77a4a8246cd3",
"scanner_id": "36960339",
"permissions": [],
"settings": {
"assessment": {
"rfi_remote_url": "http://rfi.nessus.org/rfi.txt",
"dictionary": "limited",
"enable": true
},
"audit": {
"forms": false,
"cookies": true,
"ui_forms": false,
"ui_inputs": false,
"headers": false,
"links": false,
"parameter_names": false,
"parameter_values": true,
"jsons": false,
"xmls": false,
"path_parameters": false,
"include_vector_patterns": []
},
"browser": {
"screen_height": 1200,
"screen_width": 1600,
"ignore_images": true,
"job_timeout": 60,
"pool_size": 3
},
"chrome": {
"script_finish_wait": 5000,
"script_page_load_wait": 30000,
"script_command_wait": 500
},
"debug_mode": false,
"http": {
"response_max_size": 5000000,
"request_redirect_limit": 3,
"custom_user_agent": false,
"request_headers": {
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5"
},
"include_scan_id": false,
"request_concurrency": 10,
"request_timeout": 30
},
"plugin": {
"rate_limiter": {
"requests_per_second": 25,
"autothrottle": true,
"timeout_threshold": 100
},
"mode": "disable",
"ids": [
114211,
98148,
98204,
113837,
98203,
113894,
113895
],
"names": [],
"families": [
"Component Vulnerability",
"Injection",
"HTTP Security Header",
"Web Servers",
"File Inclusion",
"Data Exposure",
"Authentication & Session",
"Cross Site Scripting",
"Code Execution",
"General",
"SSL/TLS",
"Cross Site Request Forgery"
]
},
"queue_timeout": "08:00:00",
"scope": {
"option": "urls",
"exclude_file_extensions": [
"js",
"css",
"png",
"jpeg",
"gif",
"pdf",
"csv",
"svn-base",
"svg",
"jpg",
"ico",
"woff",
"woff2",
"exe",
"msi",
"zip"
],
"exclude_path_patterns": [
"logout"
],
"dom_depth_limit": 5,
"directory_depth_limit": 10,
"page_limit": 10000,
"decompose_paths": false,
"exclude_binaries": true,
"auto_redundant_paths": 5,
"deduplicate_pages": false
},
"session": {},
"timeout": "00:10:00",
"remediation": {
"findings": [
{
"vuln_id": "f7c91cfa-b9c4-46eb-bcdc-3defb08e2e4b",
"scan_id": "72b549a2-9921-4eeb-86f3-1e2b9ab7ca82",
"plugin_id": 115540,
"found_on_url": "http://203.0.113.224:3334/remediation",
"details": {
"inputType": "cookie",
"inputName": "connect.sid",
"creation_type": "from_url_via_browser"
}
}
]
}
},
"in_remediation": true
}
You can then use the response from the previous request to create the remediation scan configuration with the Create scan configuration endpoint. For example:
curl --request POST \
--url https://cloud.tenable.com/was/v2/configs \
--header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"name": "Remediation scan of plugin 115540",
"targets": [
"http://203.0.113.224:3334/remediation"
],
"owner_id": "a8ba6418-0b8e-44b9-add6-17bf941719a6",
"template_id": "3223f18e-5a94-4e02-b560-77a4a8246cd3",
"scanner_id": "36960339",
"permissions": [],
"settings": {
"assessment": {
"rfi_remote_url": "http://rfi.nessus.org/rfi.txt",
"dictionary": "limited",
"enable": true
},
"audit": {
"forms": false,
"cookies": true,
"ui_forms": false,
"ui_inputs": false,
"headers": false,
"links": false,
"parameter_names": false,
"parameter_values": true,
"jsons": false,
"xmls": false,
"path_parameters": false,
"include_vector_patterns": []
},
"browser": {
"screen_height": 1200,
"screen_width": 1600,
"ignore_images": true,
"job_timeout": 60,
"pool_size": 3
},
"chrome": {
"script_finish_wait": 5000,
"script_page_load_wait": 30000,
"script_command_wait": 500
},
"debug_mode": false,
"http": {
"response_max_size": 5000000,
"request_redirect_limit": 3,
"custom_user_agent": false,
"request_headers": {
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5"
},
"include_scan_id": false,
"request_concurrency": 10,
"request_timeout": 30
},
"plugin": {
"rate_limiter": {
"requests_per_second": 25,
"autothrottle": true,
"timeout_threshold": 100
},
"mode": "disable",
"ids": [
114211,
98148,
98204,
113837,
98203,
113894,
113895
],
"names": [],
"families": [
"Component Vulnerability",
"Injection",
"HTTP Security Header",
"Web Servers",
"File Inclusion",
"Data Exposure",
"Authentication & Session",
"Cross Site Scripting",
"Code Execution",
"General",
"SSL/TLS",
"Cross Site Request Forgery"
]
},
"queue_timeout": "08:00:00",
"scope": {
"option": "urls",
"exclude_file_extensions": [
"js",
"css",
"png",
"jpeg",
"gif",
"pdf",
"csv",
"svn-base",
"svg",
"jpg",
"ico",
"woff",
"woff2",
"exe",
"msi",
"zip"
],
"exclude_path_patterns": [
"logout"
],
"dom_depth_limit": 5,
"directory_depth_limit": 10,
"page_limit": 10000,
"decompose_paths": false,
"exclude_binaries": true,
"auto_redundant_paths": 5,
"deduplicate_pages": false
},
"session": {},
"timeout": "00:10:00",
"remediation": {
"findings": [
{
"vuln_id": "f7c91cfa-b9c4-46eb-bcdc-3defb08e2e4b",
"scan_id": "72b549a2-9921-4eeb-86f3-1e2b9ab7ca82",
"plugin_id": 115540,
"found_on_url": "http://203.0.113.224:3334/remediation",
"details": {
"inputType": "cookie",
"inputName": "connect.sid",
"creation_type": "from_url_via_browser"
}
}
]
}
},
"in_remediation": true
}
'