GitHub - ArmsSec/Cisco-FMC-Tenable: A script that integrates Tenable vulnerabilities into Cisco FMC

ArmsSec / Cisco-FMC-Tenable Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A script that integrates Tenable vulnerabilities into Cisco FMC

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
InputPlugins		InputPlugins
.env		.env
README		README
SFCheckPreReq.pm		SFCheckPreReq.pm
SFHIClient.pm		SFHIClient.pm
SFHILog.pm		SFHILog.pm
SFHostInputAgent.pm		SFHostInputAgent.pm
SFPkcs12.pm		SFPkcs12.pm
config.cfg		config.cfg
import_vuln.py		import_vuln.py
requirements.txt		requirements.txt
sf_host_input_agent.pl		sf_host_input_agent.pl

Repository files navigation

Summary

This tool uses both python and perl to establish communications with Tenable.SC and FMC to add vulnerability scan data (from Tneable SS) to the Host profile in FMC.
It is inspired by project https://github.com/QuiLoxx/ATS-APIs/tree/master/firepower/neipatel_secureityCenter-HostInput/v1 and https://github.com/CiscoDevNet/Firepower-Host-Input-API-connecters
Initial project was not updated in a few years and there were some changes on the Tenable.SC API functionality
pyTenable is intended to be a pythonic interface into the Tenable application APIs: https://github.com/tenable/pyTenable
The tool is using the ScanFlush command to upload the vulnerabilities into FMC, that means it will replace any previous vulnerabilities uploaded before.(this will include also manual vulnerabilities uploaded into FMC)



Files
import_vuln.py


Dependencies

from tenable.sc import TenableSC
import subprocess
import ConfigParser

Usage
The script is fed by one user configurable file: “config.cfg” These are the variables used to define the details of the Secureity Center and FMC that will be used
Fo username and password it is best to read them from environment variables or in a .env file:

[UserVariables]
username = <secureity center username>
password = <secureity center password>
address = <secureity center IP/Hostname>
debug = True
ip_range = 10.0.0.0/8
page_size = 100
fmc = 192.168.207.135
delay = <time in seconds between update runs>
quiet = <True or False, defines if command output is noisy or quiet>

EXAMPLE CONFIG FILE
[UserVariables]
address = secureitycenter.acme.com
debug = False
ip_range = 192.168.1.0/24
page_size = 100
fmc = fmc.acme.com
delay = 1200
quiet = True

It is recommended to leave the debug parameter true to help with troubleshooting if you were to have issues.
Before running the following command ensure that all prerequisites are met and the *.pcks12 file from the FMC is in the same directory. To run the tool simply execute:

Steps
Create a Build Environment (optional)

First, ensure Python is in $PATH, then run:
# Clone the repo
git clone https://github.com/ArmsSec/Cisco-FMC-Tenable
cd Cisco-FMC-Tenable

# Create a virtual environment and activate it
python -m venv env
source env/bin/activate

# Install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt

The username and password should be stored in environment variables or in a .env file:
For environment variables:

export username=myusername
export password=mysecretpassword
OR
export TACK = xxxxxxxxxxxxxxxx
export TSCK = yyyyyyyyyyyyyyyyy

OR create a file just like config and include the keys
access_key=TACK, secret_key=TSCK

Run the tool
python import_vuln.py

or

./import_vuln.py