# Tenable ## Tenable WAS - Initiate Project Scope Scan \[Step 1 of 5]

The purpose of this example is to initiate scheduling a Web Application scan of the assets on the project scope in Tenable when a user clicks on an [Action](https://support.attackforge.com/attackforge-enterprise/actions) in AttackForge. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **Action**: * Entities: Projects and Project * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * was\_scan\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable WAS - Launch Scan \[Step 2 of 5\] Flow](#tenable-was-launch-scan-step-2-of-5) * logging\_level - set to "debug" for additional logging **Action 1 - Determine Action Entity** * **Script**: ```javascript if (data?.project){ return { decision:{ status: 'continue', message: 'Action called on project' }, data: { project: data.project } }; } else if (data?.projects){ return { decision:{ status: 'continue', message: 'Action called on projects' }, data: { projects: data.projects } }; } else { return { decision:{ status: 'abort', message: 'Flow called on an unsupported entity' } }; } ``` **Action 2 - Get Project(s)** * **Method**: GET * **URL**: https\://{{af\_hostname}}/api/ss/project/{{project\_id}} * **Headers**: * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data.project) { return { decision:{ status: 'next', message: 'Only one project, skipping to next action.' }, data: { project: data.project } }; } else if (data.projects){ const projects = data.projects; // Initialise counter if (!data.counter){ data.counter = 0; } if (Array.isArray(projects) && Array.length(projects) > 0 && projects?[data.counter]?.project_id ){ const project_id = projects[data.counter].project_id; return { decision: { status: 'continue', message: 'Fetching project: ' + project_id }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + project_id }, data: { projects: projects, counter: data.counter } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('projects: ', JSON.stringify(projects)); } return { decision: { status: 'abort', message: 'Error while validating "projects" object. Please check the log.' } }; } } else { return { decision: { status: 'abort', message: 'Missing data.projects and/or data.project' } }; } ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { if (secrets.logging_level === 'debug') { Logger.debug('Error fetching projects: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error fetching projects. Status: ' + (response?.statusCode || 'unknown') } }; } if (!data?.projects && !data?.project) { return { decision:{ status: 'abort', message: 'data.projects and/or data.project missing' } }; } if (data?.counter === undefined) { return { decision:{ status: 'abort', message: 'data.counter missing' } }; } const project = response.jsonBody?.project; if (!project) { if (secrets.logging_level === 'debug') { Logger.debug('Project not found'); Logger.debug('jsonBody: ', JSON.stringify(response.jsonBody)); } return { decision: { status: 'abort', message: 'No projects matched with ' + data.projects[data.counter].project_id } }; } data.projects[data.counter]?.assets = []; if (project.project_scope){ data.projects[data.counter].assets = project.project_scope; } if (Array.length(data.projects) > (data.counter + 1)) { data.counter = data.counter + 1; return { decision: { status: 'repeat', message: 'Fetching next project.' }, data: { projects: data.projects, counter: data.counter } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('Fetched project scope for all projects. ', 'Projects: ', JSON.stringify(data.projects)); } return { decision: { status: 'continue', message: 'Fetched project scope for all projects, continuing to next step.' }, data: { projects: data.projects } }; } ``` **Action 3 - Trigger WAS Scan Flow** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/flows/{{trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript let body; let project_id; let project_scope_assets; // Project if (data?.project?.project_id && data.project.project_scope) { project_scope_assets = data.project.project_scope; project_id = data.project.project_id; } // Projects else if (data?.projects && Array.length(data.projects) > 0){ const curr_project = data.projects[0]; if (curr_project.assets && curr_project.project_id) { project_scope_assets = curr_project.assets; project_id = curr_project.project_id; } } if (!project_id) { return { decision: { status: 'abort', message: 'project_id is missing' } }; } if (!project_scope_assets) { return { decision: { status: 'abort', message: 'project_scope_assets is missing' } }; } const valid_project_scope_assets = []; if (Array.isArray(project_scope_assets)) { for (let x = 0; x < project_scope_assets.length; x++) { let asset = project_scope_assets[x]; if (String.startsWith(asset, 'http://') || String.startsWith(asset, 'https://')) { Array.push(valid_project_scope_assets, asset); } else if (isValidHostname(asset)) { asset = 'https://' + asset; Array.push(valid_project_scope_assets, asset); } } } project_scope_assets = valid_project_scope_assets; if (Array.isArray(project_scope_assets) && project_scope_assets.length === 0) { return { decision: { status: 'abort', message: 'project_scope_assets is empty' } }; } return { decision: { status: 'continue', message: 'Project id and asset/scope sent to was_scan_flow: ' + secrets.was_scan_flow_trigger_id, }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.was_scan_flow_trigger_id, body: { project_id: project_id, assets: project_scope_assets } } }; function isValidHostname(str) { if (str.length === 0 || str.length > 253) return false; const labels = String.split(str, '.'); if (labels && Array.isArray(labels) && Array.length(labels) > 0) { for (let x = 0; x < labels.length; x++) { const label = labels[x]; if (label.length === 0 || label.length > 63) return false; if (label[0] === '-' || label[label.length - 1] === '-') return false; if (!(label =~ m/^[A-Za-z0-9-]+$/)) return false; } } return true; } function isValidIPv4(str) { if (!(str =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) return false; const labels = String.split(str, '.'); if (labels && Array.isArray(labels) && Array.length(labels) > 0) { for (let x = 0; x < labels.length; x++) { const label = labels[x]; if (label.length > 1 && label[0] === '0') return false; const num = Number.parseInt(label); return num >= 0 && num <= 255; } } } function isValidCIDR(str) { const match = String.match(str, m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$/); if (!match) return false; const octets = [+match[1], +match[2], +match[3], +match[4]]; const prefix = +match[5]; let isValid = true; if (octets && Array.isArray(octets) && Array.length(octets) > 0) { for (let x = 0; x < octets.length; x++) { const o = octets[x]; if (!(o >= 0 && o <= 255)) { isValid = false; } } } if (!(prefix >= 0 && prefix <= 32)) { isValid = false; } return isValid; } ``` * **Response Script**: ```javascript if (response?.statusCode !== 202) { if (secrets.logging_level === 'debug') { Logger.debug('Error submiting project to was_scan_flow: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error submiting project to was_scan_flow. Status: ' + (response?.statusCode || 'unknown') } }; } if (data?.projects) { Array.shift(data.projects); if (Array.length(data.projects) > 0) { return { decision:{ status: 'repeat', message: 'Sending next request...', delay: 1000 }, data: { projects: data.projects } }; } else { return { decision: { status: 'finish', message: 'Completed sending all projects to WAS Scan Flow.', } }; } } else { return { decision: { status: 'finish', message: 'Completed sending project to WAS Scan Flow.', } }; } ``` ## Tenable VM - Initiate Project Scope Scan \[Step 1 of 5]

The purpose of this example is to initiate scheduling a VM scan of the assets on the project scope in Tenable when a user clicks on an [Action](https://support.attackforge.com/attackforge-enterprise/actions) in AttackForge. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **Action**: * Entities: Projects and Project * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * vm\_scan\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable VM - Launch Scan \[Step 2 of 5\] Flow](#tenable-vm-launch-scan-step-2-of-5) * logging\_level - set to "debug" for additional logging **Action 1 - Determine Action Entity** * **Script**: ```javascript if (data?.project){ return { decision:{ status: 'continue', message: 'Action called on project' }, data: { project: data.project } }; } else if (data?.projects){ return { decision:{ status: 'continue', message: 'Action called on projects' }, data: { projects: data.projects } }; } else { return { decision:{ status: 'abort', message: 'Flow called on an unsupported entity' } }; } ``` **Action 2 - Get Project(s)** * **Method**: GET * **URL**: https\://{{af\_hostname}}/api/ss/project/{{project\_id}} * **Headers**: * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data.project) { return { decision:{ status: 'next', message: 'Only one project, skipping to next action.' }, data: { project: data.project } }; } else if (data.projects){ const projects = data.projects; // Initialise counter if (!data.counter){ data.counter = 0; } if (Array.isArray(projects) && Array.length(projects) > 0 && projects?[data.counter]?.project_id ){ const project_id = projects[data.counter].project_id; return { decision: { status: 'continue', message: 'Fetching project: ' + project_id }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + project_id }, data: { projects: projects, counter: data.counter } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('projects: ', JSON.stringify(projects)); } return { decision: { status: 'abort', message: 'Error while validating "projects" object. Please check the log.' } }; } } else { return { decision: { status: 'abort', message: 'Missing data.projects and/or data.project' } }; } ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { if (secrets.logging_level === 'debug') { Logger.debug('Error fetching projects: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error fetching projects. Status: ' + (response?.statusCode || 'unknown') } }; } if (!data?.projects && !data?.project) { return { decision:{ status: 'abort', message: 'data.projects and/or data.project missing' } }; } if (data?.counter === undefined) { return { decision:{ status: 'abort', message: 'data.counter missing' } }; } const project = response.jsonBody?.project; if (!project) { if (secrets.logging_level === 'debug') { Logger.debug('Project not found'); Logger.debug('jsonBody: ', JSON.stringify(response.jsonBody)); } return { decision: { status: 'abort', message: 'No projects matched with ' + data.projects[data.counter].project_id } }; } data.projects[data.counter].assets = []; if (project.project_scope){ data.projects[data.counter].assets = project.project_scope; } if (Array.length(data.projects) > (data.counter + 1)) { data.counter = data.counter + 1; return { decision: { status: 'repeat', message: 'Fetching next project.' }, data: { projects: data.projects, counter: data.counter } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('Fetched project scope for all projects. ', 'Projects: ', JSON.stringify(data.projects)); } return { decision: { status: 'continue', message: 'Fetched project scope for all projects, continuing to next step.' }, data: { projects: data.projects } }; } ``` **Action 3 - Trigger VM Scan Flow** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/flows/{{trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript let body; let project_id; let project_scope_assets; // Project if (data?.project?.project_id && data.project.project_scope) { project_scope_assets = data.project.project_scope; project_id = data.project.project_id; } // Projects else if (data?.projects && Array.length(data.projects) > 0){ const curr_project = data.projects[0]; if (curr_project.assets && curr_project.project_id) { project_scope_assets = curr_project.assets; project_id = curr_project.project_id; } } if (!project_id) { return { decision: { status: 'abort', message: 'project_id is missing' } }; } if (!project_scope_assets) { return { decision: { status: 'abort', message: 'project_scope_assets is missing' } }; } const valid_project_scope_assets = []; if (Array.isArray(project_scope_assets)) { for (let x = 0; x < project_scope_assets.length; x++) { const asset = project_scope_assets[x]; if (isValidCIDR(asset) || isValidIPv4(asset) || isValidHostname(asset)) { Array.push(valid_project_scope_assets, asset); } } } project_scope_assets = valid_project_scope_assets; if (Array.isArray(project_scope_assets) && project_scope_assets.length === 0) { return { decision: { status: 'abort', message: 'project_scope_assets is empty' } }; } return { decision: { status: 'continue', message: 'Project id and asset/scope sent to vm_scan_flow: ' + secrets.vm_scan_flow_trigger_id, }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.vm_scan_flow_trigger_id, body: { project_id: project_id, assets: project_scope_assets } } }; function isValidHostname(str) { if (str.length === 0 || str.length > 253) return false; const labels = String.split(str, '.'); if (labels && Array.isArray(labels) && Array.length(labels) > 0) { for (let x = 0; x < labels.length; x++) { const label = labels[x]; if (label.length === 0 || label.length > 63) return false; if (label[0] === '-' || label[label.length - 1] === '-') return false; if (!(label =~ m/^[A-Za-z0-9-]+$/)) return false; } } return true; } function isValidIPv4(str) { if (!(str =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) return false; const labels = String.split(str, '.'); if (labels && Array.isArray(labels) && Array.length(labels) > 0) { for (let x = 0; x < labels.length; x++) { const label = labels[x]; if (label.length > 1 && label[0] === '0') return false; const num = Number.parseInt(label); return num >= 0 && num <= 255; } } } function isValidCIDR(str) { const match = String.match(str, m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$/); if (!match) return false; const octets = [+match[1], +match[2], +match[3], +match[4]]; const prefix = +match[5]; let isValid = true; if (octets && Array.isArray(octets) && Array.length(octets) > 0) { for (let x = 0; x < octets.length; x++) { const o = octets[x]; if (!(o >= 0 && o <= 255)) { isValid = false; } } } if (!(prefix >= 0 && prefix <= 32)) { isValid = false; } return isValid; } ``` * **Response Script**: ```javascript if (response?.statusCode !== 202) { if (secrets.logging_level === 'debug') { Logger.debug('Error submiting project to was_scan_flow: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error submiting project to was_scan_flow. Status: ' + (response?.statusCode || 'unknown') } }; } if (data?.projects) { Array.shift(data.projects); if (Array.length(data.projects) > 0) { return { decision:{ status: 'repeat', message: 'Sending next request...', delay: 1000 }, data: { projects: data.projects } }; } else { return { decision: { status: 'finish', message: 'Completed sending all projects to VM Scan Flow.', } }; } } else { return { decision: { status: 'finish', message: 'Completed sending project to VM Scan Flow.', } }; } ``` ## Tenable WAS - Launch Scan \[Step 2 of 5]

The purpose of this example is to create and launch a Web Application scan in Tenable. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **HTTP Trigger**: * Method: POST * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * owner\_id - the Tenable ID of the owner of the scanner. * tenable\_template\_id - the UUID of the Tenable-provided template resource. * user\_template\_id - the UUID of the Tenable user-defined template. * tenable\_auth - your [Tenable API Key](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) * logging\_level - set to "debug" for additional logging **Action 1 - Create WAS Scan Configuration** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript // user custom fields const scan_name = 'WAS Scan on Flows'; const description = 'WAS scan created via AttackForge Flow'; // From body const project_asset = data.jsonBody?.assets; const project_id = data.jsonBody?.project_id; if (!project_id) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.project_id must exist. Please check the log.' } }; } if (!project_asset) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.assets must exist. Please check the log.' } }; } if (!Array.isArray(project_asset)) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.assets must be an array. Please check the log.' } }; } if (secrets.logging_level === 'debug'){ Logger.debug('scan_name: ', scan_name); Logger.debug('description: ', description); Logger.debug('project_asset: ', project_asset); } return { decision: { status: 'continue', message: 'Creating WAS configuration.', }, request: { body: { name: scan_name, description: description, targets: project_asset, template_id: secrets.tenable_template_id, user_template_id: secrets.user_template_id, owner_id: secrets.owner_id } }, data: { project_id: project_id } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 201 && response.statusCode !== 202){ if (secrets.logging_level === 'debug'){ Logger.debug('Error: ' + JSON.stringify(response.jsonBody)); } return { decision: { status: 'abort', message: 'Error creating WAS configuration. Please check the log.', } }; } const response_body = response.jsonBody; const config_id = response_body?.config_id; if (!config_id){ if (secrets.logging_level === 'debug'){ Logger.debug('response_body: ' + JSON.stringify(response_body)); } return { decision: { status: 'abort', message: 'No config_id returned. Please check the log.', } }; } return { decision: { status: 'continue', message: 'Configuration created: ' + config_id, }, data: { project_id: data?.project_id, config_id: config_id } }; ``` **Action 2 - Launch WAS Scan** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (!data.config_id){ if (secrets.logging_level === 'debug'){ Logger.debug('data: ', JSON.stringify(data)); } return { decision:{ status: 'abort', message: 'Error: data.config_id must be present for WAS Scan launch. Please check the log.' } }; } return { decision: { status: 'continue', message: 'Launching WAS scan.', }, request: { url: 'https://cloud.tenable.com/was/v2/configs/' + data.config_id + '/scans' }, data: { project_id: data?.project_id, config_id: data?.config_id } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 201 && response.statusCode !== 202){ if (secrets.logging_level === 'debug'){ Logger.debug('Error: ' + JSON.stringify(response.jsonBody)); } return { decision: { status: 'abort', message: 'Error launching WAS scan', } }; } const scan_id = response.jsonBody?.scan_id; if (!scan_id){ if (secrets.logging_level === 'debug'){ Logger.debug('response.body: ' + JSON.stringify(response.body)); } return { decision: { status: 'abort', message: 'No scan_id returned, please check the log.', } }; } return { decision: { status: 'continue', message: 'Scan launched: ' + scan_id, }, data: { project_id: data?.project_id, config_id: data?.config_id, scan_id: scan_id } }; ``` **Action 3 - Update Project with Scan Details** * **Method**: PUT * **URL**: https\://{{af\_hostname}}/api/ss/project/{id} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * **Request Script**: ```javascript if (!data?.project_id){ if (secrets.logging_level === 'debug'){ Logger.debug('data:', JSON.stringify(data)); } return{ decision:{ status: 'abort', message: 'Error: project_id is missing' } }; } if (!data?.scan_id){ if (secrets.logging_level === 'debug'){ Logger.debug('data:', JSON.stringify(data)); } return{ decision:{ status: 'abort', message: 'Error: scan_id is required in order to update tenable_was_active_scan custom_field. Please check the log' } }; } if (!data.config_id){ if (secrets.logging_level === 'debug'){ Logger.debug('data:', JSON.stringify(data)); } return{ decision:{ status: 'abort', message: 'Error: config_id is required in order to update tenable_was_active_scan custom_field. Please check the log' } }; } return { decision: { status: 'continue', message: 'Updating project with "tenable_was_active_scan" and "tenable_was_config_id" custom_fields.' }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + data.project_id, body: { custom_fields: [ { key: "tenable_was_active_scan", value: String.from(data.scan_id) }, { key: "tenable_was_config_id", value: String.from(data.config_id) } ] } }, data: { project_id: data?.project_id, config_id: data?.config_id, scan_id: data?.scan_id } }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200){ if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return{ decision:{ status: 'abort', message: 'Error while updating project with Tenable scan custom fields. Please check the log.' } }; } return { decision: { status: 'finish', message: 'Successfully updated project: ' + data?.project_id + ' with "tenable_was_active_scan" custom field: '+ data?.scan_id +' and "tenable_was_config_id custom field: "' + data?.config_id, } }; ``` ## Tenable VM - Launch Scan \[Step 2 of 5]

The purpose of this example is to create and launch a VM scan in Tenable. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **HTTP Trigger**: * Method: POST * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * scan\_name\_prefix - the prefix for the scan name in Tenable e.g. AttackForge Project Scan * vm\_network\_scan\_template\_uuid - the UUID for the Tenable VM scan template * tenable\_auth - your [Tenable API Key](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) * logging\_level - set to "debug" for additional logging **Action 1 - Create VM Scan Configuration** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript const curr_time = Date.datetime('now'); // Users can customise scan name by configuring scan name pattern in secret or as a variable const scan_name = secrets.scan_name_prefix + curr_time; // Users can set description of scan here. const description = 'Example description'; // From body const project_asset = data.jsonBody?.assets; const project_id = data.jsonBody?.project_id; if (!project_id) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.project_id must exist. Please check the log.' } }; } if (!project_asset) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.assets must exist. Please check the log.' } }; } if (!Array.isArray(project_asset)) { return { decision:{ status: 'abort', message: 'Error: data.jsonBody.assets must be an array. Please check the log.' } }; } // multiple targets - simply separate it with comma in target "target1, target2" let target_list = ''; for (let x = 0; x < project_asset.length; x++) { const asset = project_asset[x]; if (x === project_asset.length - 1) { target_list = target_list + asset; } else { target_list = target_list + asset + ','; } } return { decision: { status: 'continue', message: 'Sending a request for create VM scan.' }, request: { body: { settings: { name: scan_name, description: description, text_targets: target_list }, uuid: secrets.vm_network_scan_template_uuid }, }, data: { project_id: project_id } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 200){ if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error', } }; } if (!response.jsonBody?.scan?.id){ if (secrets.logging_level === 'debug'){ Logger.debug('response.jsonBody: ', JSON.stringify(response.jsonBody)); } return { decision:{ status: 'abort', message: 'Error: No id found from response.jsonBody.scan' } }; } const scan_id = response.jsonBody.scan.id; return { decision: { status: 'continue', message: 'Scan id created in Tenable', }, data: { project_id: data?.project_id, scan_id: scan_id } }; ``` **Action 2 - Launch VM Scan** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (!data.scan_id) { if (secrets.logging_level === 'debug'){ Logger.debug('data: ', JSON.stringify(data)); } return { decision:{ status: 'abort', message: 'Error: data.scan_id is required for launching Tenable VM Scan. Please check the log.' } }; } return { decision: { status: 'continue', message: 'Launching Tenable VM Scan on scan_id:' + data.scan_id, }, request: { url: 'https://cloud.tenable.com/scans/' + data.scan_id + '/launch' }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 200){ if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error while Launching the VM Scan, please check the log.', } }; } return { decision: { status: 'continue', message: 'Successfully launched VM Scan.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; ``` **Action 3 - Update Project with Scan Details** * **Method**: PUT * **URL**: https\://{{af\_hostname}}/api/ss/project/{id} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * **Request Script**: ```javascript if (!data?.scan_id){ return { decision:{ status: 'abort', message: 'Error: scan_id is required.' } }; } if (!data?.project_id){ return { decision:{ status: 'abort', message: 'Error: project_id is required.' } }; } return { decision: { status: 'continue', message: 'Updating "tenable_vm_active_scan" on project ' + data.project_id + '.', }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + data.project_id, body: { custom_fields: [ { key: "tenable_vm_active_scan", value: String.from(data.scan_id) } ] } } }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200){ if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision:{ status: 'abort', message: 'Error while updating project with "tenable_vm_active_scan" custom_field' } }; } return { decision: { status: 'finish', message: 'Successfully completed updating project with "tenable_vm_active_scan" custom_field' } }; ``` ## Tenable VM & WAS - Find Active Scans to Poll Status \[Step 3 of 5]

The purpose of this example is to poll the scan status for any active Tenable scans, and for any completed scans - trigger a download of the vulnerabilities. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **Schedule**: * Every hour * CRON String: 0 0/1 \* \* \* * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * vm\_poll\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable VM - Poll Scan Status \[Step 4 of 5\] Flow](#tenable-vm-poll-scan-status-step-4-of-5) * was\_poll\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable WAS - Poll Scan Status \[Step 4 of 5\] Flow](#tenable-was-poll-scan-status-step-4-of-5) * tenable\_auth - your [Tenable API Key](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) * logging\_level - set to "debug" for additional logging **Action 1 - Get Tenable VM & WAS Scan Projects** * **Method**: GET * **URL**: https\://{{af\_hostname}}/api/ss/projects?order=created:desc\&limit=500 * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * **Request Script**: ```javascript return { decision: { status: 'continue', message: 'Getting all projects with tenable active scan ids.' }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/projects?order=created:desc&limit=500' } }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { return { decision: { status: 'abort', message: 'Error fetching projects.' } }; } const projects = response?.jsonBody?.projects; if (!projects || projects && Array.length(projects) === 0) { return { decision: { status: 'abort', message: 'No projects found.' } }; } const vm_projects = []; const was_projects = []; for (let i = 0; i < Array.length(projects); i++) { const project = projects[i]; const cfs = project.project_custom_fields; if (!cfs || Array.length(cfs) === 0) { continue; } const vm_scan_id = Array.find(cfs, find_vm_scan); const was_scan_id = Array.find(cfs, find_was_scan); const was_cf_config = Array.find(cfs, find_was_config); if (vm_scan_id) { Array.push(vm_projects, { project_id: project.project_id, scan_id: vm_scan_id.value }); } if (was_scan_id && was_cf_config) { Array.push(was_projects, { project_id: project.project_id, scan_id: was_scan_id.value, config_id: was_cf_config.value }); } } return { decision: { status: 'continue', message: 'Successfully fetched ' + Array.length(vm_projects) + ' VM Projects, and ' + Array.length(was_projects) + ' WAS Projects.' }, data: { vm_projects: vm_projects, was_projects: was_projects } }; function find_vm_scan(field){ return field.key === 'tenable_vm_active_scan'; } function find_was_scan(field){ return field.key === 'tenable_was_active_scan'; } function find_was_config(field){ return field.key === 'tenable_was_config_id'; } ``` **Action 2 - Tenable VM - Get Scan Status + Trigger Download** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/flows/{{vm\_poll\_flow\_trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data.vm_projects && Array.length(data.vm_projects) > 0) { return { decision: { status: 'continue', message: 'Requesting latest scan status and triggering download for: ' + JSON.stringify(data.vm_projects[0]) }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.vm_poll_flow_trigger_id, body: { project: data.vm_projects[0] } }, data: { vm_projects: data?.vm_projects, was_projects: data?.was_projects } }; } else { return { decision: { status: 'next', message: 'No active VM scan ids found, proceeding to next action.' } }; } ``` * **Response Script**: ```javascript if (!response?.statusCode === 202) { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return{ decision:{ status: 'abort', message: 'Error while requesting latest scan status update. Please check the log.' } }; } if (!data?.vm_projects) { return{ decision:{ status: 'abort', message: 'data.vm_projects missing' } }; } Array.shift(data.vm_projects); if (Array.length(data.vm_projects) > 0) { return { decision: { status: 'repeat', message: 'Successfully requested latest scan status update. Repeating the action', }, data: { vm_projects: data?.vm_projects, was_projects: data?.was_projects } }; } else { return { decision: { status: 'continue', message: 'Successfully requested latest scan status update. Continuing to next action.', }, data: { vm_projects: data?.vm_projects, was_projects: data?.was_projects } }; } ``` **Action 3 - Tenable WAS - Get Scan Status + Trigger Download** * **Method**: PUT * **URL**: https\://{{af\_hostname}}/api/flows/{{was\_poll\_flow\_trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data?.was_projects && Array.length(data.was_projects) > 0) { return { decision: { status: 'continue', message: 'Requesting scan update for project: ' + JSON.stringify(data.was_projects[0]), }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.was_poll_flow_trigger_id, body: { project: data.was_projects[0] } }, data: { was_projects: data?.was_projects } }; } else { return { decision: { status: 'finish', message: 'Completed processing scans' } }; } ``` * **Response Script**: ```javascript if (!response?.statusCode === 202) { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error while requesting latest scan status update. Please check the log.' } }; } if (!data?.was_projects) { return{ decision: { status: 'abort', message: 'data.was_projects missing' } }; } Array.shift(data.was_projects); if (Array.length(data.was_projects) > 0) { return { decision: { status: 'repeat', message: 'Successfully requested latest scan status update. Repeating the action', }, data: { was_projects: data.was_projects } }; } else { return { decision: { status: 'finish', message: 'Completed processing scans' } }; } ``` ## Tenable WAS - Poll Scan Status \[Step 4 of 5]

The purpose of this example is to export the results of a Web Application scan in Tenable. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **HTTP Trigger**: * Method: POST * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * apikey - your AttackForge user API key * current\_flow\_id - the Id for this Flow in AttackForge once it's created (used for error reporting in email) * admin\_user\_id - the Id for the user in AttackForge who receives error emails (used for error reporting) * import\_vuln\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable VM & WAS - Import Vulnerabilities \[Step 5 of 5\] Flow](#tenable-vm-and-was-import-vulnerabilities-step-5-of-5) * tenable\_auth - your [Tenable API Key](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) * logging\_level - set to "debug" for additional logging **Action 1 - Poll Scan Status** * **Method**: GET * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (!data?.jsonBody?.project?.project_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project.project_id missing' } }; } if (!data?.jsonBody?.project?.scan_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project.scan_id missing' } }; } if (!data?.jsonBody?.project?.config_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project.config_id missing' } }; } const project_id = data.jsonBody.project.project_id; const scan_id = data.jsonBody.project.scan_id; const config_id = data.jsonBody.project.config_id; return { decision: { status: 'continue', message: 'Checking scan status for scan_id: ' + scan_id, }, request: { url: 'https://cloud.tenable.com/was/v2/scans/' + scan_id }, data: { project_id: project_id, scan_id: scan_id, config_id: config_id } }; ``` * **Response Script**: ```javascript // Error if (response.statusCode !== 200){ if (response.jsonBody?.reasons?[0]?.code === 'NOT_FOUND') { if (secrets.logging_level === 'debug') { Logger.debug('code: ', response.jsonBody.reasons[0].code); Logger.debug(JSON.stringify(response)); } if (!data.retry_counter) { data.retry_counter = 0; } data.retry_counter = data.retry_counter + 1; if (data.retry_counter > 3) { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Retry failed 3 times. Exiting the process. Please check the log.', } }; } return { decision: { status: 'repeat', message: 'Scan not found with scan_id, retrying...', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type } }; } return { decision: { status: 'abort', message: 'Error getting scan status', } }; } // Success const response_body = response.jsonBody; const status = response_body?.status; const error_statuses = ['failed', 'aborted', 'cancelled']; if (Array.includes(error_statuses, status)){ return { decision: { status: 'abort', message: 'Scan ended with status: ' + status, } }; } if (status === 'completed') { // Single-target if (response_body.target && !response_body?.target_scans){ data.scan_type = 'single-target'; } // Multi-target if (response_body?.target_scans?.completed > 0){ data.scan_type = 'multi-target'; } return { decision: { status: 'continue', message: 'Scan ' + (data.scan_type || 'unknown') + ' completed.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type } }; } else { // If the scan returns incomplete and not failed - then exit the flow. // Next scheduled project scan flow will trigger this polling again. if (secrets.logging_level === 'debug'){ Logger.debug('Scan Status: ', status); } return { decision:{ status: 'finish', message: 'Polling completed. Scan status: ' + status + '. Exiting the flow.' } }; } ``` **Action 2 - Search Scans (multi-target only)** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (data?.scan_type === 'multi-target') { return { decision: { status: 'continue', message: 'Searching children scan_ids with config_id', }, request: { url: 'https://cloud.tenable.com/was/v2/configs/' + data.config_id + '/scans/search' }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type } }; } else { return { decision: { status: 'next', message: 'Not a multi-target scan, proceeding to exporting step.' }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type } }; } ``` * **Response Script**: ```javascript if (response.statusCode !== 200){ if (secrets.logging_level === 'debug'){ Logger.debug('data.config_id: ', data.config_id); Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error searching scan with config_id: ' + data.config_id + '. Please check the log.', } }; } const items = response?.jsonBody?.items; if (!items){ return { decision:{ status: 'abort', message: 'Items not found in response body.' } }; } const children_scan_ids = []; const aborted_scan_ids = []; for (let i = 0; i < Array.length(items); i++) { if (items[i]?.parent_id === data.scan_id && items[i].status === 'completed' && items[i].scan_id) { Array.push(children_scan_ids, items[i].scan_id); } if (items[i].status === 'aborted' && items[i].scan_id) { Array.push(aborted_scan_ids, { scan_id: items[i].scan_id, status: "aborted" }); } } // Warn the aborted scan ids. // Treating aborted scan as failed but completed scan. if (secrets.logging_level === 'debug'){ Logger.debug('Children Scan Ids: ', children_scan_ids); Logger.warn('Aborted Scan Ids: ', aborted_scan_ids); } if (Array.length(children_scan_ids) > 0){ return { decision: { status: 'continue', message: 'Continue to next action', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: children_scan_ids, aborted_scan_ids: aborted_scan_ids } }; } else { return { decision: { status: 'abort', message: 'No children found.' } }; } ``` **Action 3 - Export Scan Report** * **Method**: GET * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript // Initialise if (!data.final_result){ data.final_result = []; } let current_scan; // multi-target if (data?.children_scan_ids && Array.isArray(data.children_scan_ids) && Array.length(data.children_scan_ids) > 0 ) { current_scan = data.children_scan_ids[0]; } else { // single-target current_scan = data.scan_id; } if (!current_scan){ if (secrets.logging_level === 'debug'){ if (data?.children_scan_ids){ Logger.debug('data.children_scan_ids: ', JSON.stringify(data.children_scan_ids)); } else { Logger.debug('data.scan_id: ', data.scan_id); } } return { decision:{ status: 'abort', message: 'Error: current_scan must be present. Please check the log.' } }; } return { decision: { status: 'continue', message: 'Exporting scan report.' }, request: { url: 'https://cloud.tenable.com/was/v2/scans/' + current_scan + '/report' }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 200){ return { decision: { status: 'abort', message: 'Error exporting scan report', } }; } // Single-target will also be recorded under final_result if (data?.final_result) { Array.push(data.final_result, response.jsonBody); } if (data?.children_scan_ids){ Array.shift(data.children_scan_ids); if (Array.length(data.children_scan_ids) > 0){ return { decision: { status: 'repeat', message: 'Repeating process on next children scan.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; } } return { decision: { status: 'continue', message: 'Scan report exported successfully.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; ``` **Action 4 - Import Scan Report Result** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/flows/{{import\_vuln\_flow\_trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data.project_id) { return { decision: { status: 'continue', message: 'Import scan results' }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.import_vuln_flow_trigger_id, body: { final_result: data.final_result, project_id: data.project_id }, }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('data: ', JSON.stringify(data)); } return { decision: { status: 'abort', message: 'Error: project_id must be present.' } }; } ``` * **Response Script**: ```javascript if (response.statusCode === 202){ return { decision: { status: 'continue', message: 'Successfully called Importing Scan flow. Proceeding to next action.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return{ decision:{ status: 'abort', message: 'Error while calling Import Scan flow. Please check the log.' } }; } ``` **Action 5 - Update Project to Remove Table Scan Details** * **Method**: PUT * **URL**: https\://{{af\_hostname}}/api/ss/project/{id} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = apikey * **Request Script**: ```javascript if (!data?.project_id) { if (secrets.logging_level === 'debug'){ Logger.debug('data: ', JSON.stringify(data)); } return{ decision:{ status: 'abort', message: 'Error: data.project_id must exist to update project. Please check the log.' } }; } return { decision: { status: 'continue', message: 'Removing tenable_active_scan from project: ' + data.project_id }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + data.project_id, body: { custom_fields: [ { key: "tenable_was_active_scan", value: null }, { key: "tenable_was_config_id", value: null } ] } }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Failed to update project: ' + data?.project_id + '. Please check the log.' } }; } return { decision: { status: 'continue', message: 'Successfully removed tenable_was_active_scan from project: ' + data?.project_id }, data: { project_id: data?.project_id, scan_id: data?.scan_id, config_id: data?.config_id, retry_counter: data?.retry_counter, scan_type: data?.scan_type, children_scan_ids: data?.children_scan_ids, aborted_scan_ids: data?.aborted_scan_ids, final_result: data?.final_result } }; ``` **Action 6 - Send Email Report on Aborted Scan** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/ss/email * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = apikey * **Request Script**: ```javascript if (data?.aborted_scan_ids && Array.isArray(data.aborted_scan_ids) && Array.length(data.aborted_scan_ids) > 0 ) { let aborted_scan_id_table = ""; for (let i = 0; i < Array.length(data.aborted_scan_ids); i++) { if (data.aborted_scan_ids[i]?.scan_id && data.aborted_scan_ids[i]?.status) { aborted_scan_id_table = aborted_scan_id_table + '' + data.aborted_scan_ids[i].scan_id + '' + data.aborted_scan_ids[i].status + ''; } } const curr_year = Date.format(Date.datetime('now'), 'yyyy'); const emailHeader = "

"; const emailFooter = "

"; // Modify the email script based on requirements const content = '

Attention: Flow has detected aborted scan ids.

' + '

Please check on the log history of the flow run.

' + '
' + '' + '' + aborted_scan_id_table + '

Scan Id	Status

' + '
' + '

View Flow Run

' + '
'; return { decision: { status: 'continue', message: 'Send error email', }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/email', body: { to: secrets.admin_user_id, subject: '[Flow Notification] Aborted Scan Ids Discovered from Tenable Web App Scanning', html: emailHeader + content + emailFooter }, } }; } else { return { decision:{ status: 'finish', message: 'No aborted scan_ids found. Exiting the flow.' } }; } ``` * **Response Script**: ```javascript if (response?.statusCode === 200){ return{ decision: { status: 'finish', message: 'Successfully reported aborted scan ids to the admin user. Exiting the flow.' } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return{ decision: { status: 'abort', message: 'Error while reporting aborted scan ids to the admin user. Please check the log.' } }; } ``` ## Tenable VM - Poll Scan Status \[Step 4 of 5]

The purpose of this example is to export the results of a VM scan in Tenable. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **HTTP Trigger**: * Method: POST * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * import\_vuln\_flow\_trigger\_id - the [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) for [Tenable VM & WAS - Import Vulnerabilities \[Step 5 of 5\] Flow](#tenable-vm-and-was-import-vulnerabilities-step-5-of-5) * tenable\_auth - your [Tenable API Key](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) * logging\_level - set to "debug" for additional logging **Action 1 - Get Latest Scan Status** * **Method**: GET * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (!data?.jsonBody?.project?.project_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project.project_id missing' } }; } if (!data?.jsonBody?.project?.scan_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project.scan_id missing' } }; } const project_id = data.jsonBody.project.project_id; const scan_id = data.jsonBody.project.scan_id; return { decision: { status: 'continue', message: 'Getting latest VM Scan status for scan_id: ' + scan_id, }, request: { url: 'https://cloud.tenable.com/scans/' + scan_id + '/latest-status', }, data: { project_id: project_id, scan_id: scan_id } }; ``` * **Response Script**: ```javascript if (response.statusCode !== 200) { return { decision: { status: 'abort', message: 'Error' } }; } const error_status = ['aborted', 'canceled', 'paused', 'pausing', 'stopped', 'stopping']; if (response.jsonBody?.status !== 'completed') { if (Array.includes(error_status, response.jsonBody?.status)) { if (secrets.logging_level === 'debug') { Logger.debug('Error: Current project :' , data.project_id , ', Current scan_id :' , data.scan_id, ' has status: ', response.jsonBody?.status); } return { decision: { status: 'abort', message: 'Error' } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('Scan pending, exiting process.'); } return { decision: { status: 'finish', message: 'Scan pending, exiting.' } }; } } if (response.jsonBody?.status === 'completed') { if (secrets.logging_level === 'debug') { Logger.debug('Completed scan for project :' , data.project_id, ', scan_id :' , data.scan_id, ', scan status :' , response.jsonBody?.status); } return { decision: { status: 'continue', message: 'Scan ' + data?.scan_id + ' is complete.', }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; } ``` **Action 2 - Export Scan** * **Method**: POST * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/json * **Request Script**: ```javascript if (data?.scan_id){ return { decision: { status: 'continue', message: 'Requesting export of scan_id: ' + data.scan_id, }, request: { url: 'https://cloud.tenable.com/scans/' + data.scan_id + '/export', body: { format: "csv" } }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('data: ', JSON.stringify(data)); } return { decision:{ status: 'abort', message: 'Error: data.scan_id is required for exporting scan request. Please check the log.' } }; } ``` * **Response Script**: ```javascript if (response.statusCode !== 200) { return { decision: { status: 'abort', message: 'Error' } }; } if (secrets.logging_level === 'debug') { Logger.debug('File generated for scan_id: ', data.scan_id, 'file name: ', data.file); } // Give reasonable delay for Tenable File System to register file - guide: delay 1000+ return { decision: { status: 'continue', message: 'File generated', delay: 2000 }, data: { project_id: data?.project_id, scan_id: data?.scan_id, file: response.jsonBody?.file } }; ``` **Action 3 - Download Exported Scan** * **Method**: GET * **URL**: * **Headers**: * Key = X-ApiKeys; Type = Secret; Value = tenable\_auth * Key = Content-Type; Type = Value; Value = application/json * Key = Accept; Type = Value; Value = application/octet-stream * **Request Script**: ```javascript if (data?.file){ return { decision: { status: 'continue', message: 'Requesting download of the exported scan file: ' + data?.file, }, request: { url: 'https://cloud.tenable.com/scans/' + data?.scan_id + '/export/' + data?.file + '/download' }, data: { project_id: data?.project_id, scan_id: data?.scan_id, file: data?.file } }; } else { return { decision: { status: 'abort', message: 'Error: data.file must be present.' } }; } ``` * **Response Script**: ```javascript if (response.statusCode === 200){ const base64 = String.encode(response.body, 'base64'); return { decision: { status: 'continue', message: 'Successfully downloaded scan report ' + data?.file }, data: { project_id: data?.project_id, scan_id: data?.scan_id, file: data?.file, base64: base64 } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error while requesting download of exported scan on file: '+ data?.file + '. Please check the log.' } }; } ``` **Action 4 - CSV to JSON** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/ss/utils/parse-csv * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * **Request Script**: ```javascript if (data?.base64){ return { decision: { status: 'continue', message: 'Convert CSV data to JSON', }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/utils/parse-csv', body: { base64: data.base64, options: { columns: true } } }, data: { project_id: data?.project_id, scan_id: data?.scan_id, file: data?.file } }; } else { return { decision:{ status: 'abort', message: 'Error: data.base64 must be present.' } }; } ``` * **Response Script**: ```javascript if (response?.statusCode === 200){ return { decision: { status: 'continue', message: 'Successfully converted the encoded csv to json type. Proceeding to next action.' }, data: { project_id: data?.project_id, scan_id: data?.scan_id, records: response?.jsonBody?.records } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return{ decision: { status: 'abort', message: 'Error while converting the base64 encoded csv to json type. Please check the log.' } }; } ``` **Action 5 - Import Scan Results** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/flows/{{import\_vuln\_flow\_trigger\_id}} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * **Request Script**: ```javascript if (data?.records && data?.project_id){ return { decision: { status: 'continue', message: 'Triggering flow to import vulnerabilities.', }, request: { url: 'https://' + secrets.af_hostname + '/api/flows/' + secrets.import_vuln_trigger_flow_id, body: { records: data.records, project_id: data.project_id } }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('project_id: ', data?.project_id); Logger.debug('records: ', data?.records); } return { decision:{ status: 'abort', message: 'Error: data.records and data.project_id must be present in order to import vulnerabilities.' } }; } ``` * **Response Script**: ```javascript if (response?.statusCode === 202) { return { decision: { status: 'continue', message: 'Successfully sent request to import scan results.' }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; } else { if (secrets.logging_level === 'debug'){ Logger.debug('response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error while sending request to import scan results. Please check the log.' } }; } ``` **Action 6 - Update Project to Remove Tenable Details** * **Method**: PUT * **URL**: https\://{{af\_hostname}}/api/ss/project/{id} * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = apikey * **Request Script**: ```javascript return { decision: { status: 'continue', message: 'Removing tenable_vm_active_scan from project: ' + data?.project_id }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/project/' + data?.project_id, body: { custom_fields: [ { key: "tenable_vm_active_scan", value: null } ] } }, data: { project_id: data?.project_id, scan_id: data?.scan_id } }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { return { decision: { status: 'abort', message: 'Failed to update project: ' + data?.project_id } }; } return { decision: { status: 'finish', message: 'Successfully removed tenable_vm_active_scan from project: ' + data?.project_id } }; ``` ## Tenable VM & WAS - Import Vulnerabilities \[Step 5 of 5]

The purpose of this example is to import vulnerabilities from a Tenable Web Application or VM scan. This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge. **Initial Set Up** * **HTTP Trigger**: * Method: POST * **Secrets**: * af\_hostname - your AttackForge tenant hostname e.g. demo.attackforge.com * af\_key - your AttackForge user API key * logging\_level - set to "debug" for additional logging **Action 1 - Validate, Detect, Transform & Group Findings** * **Script**: ```javascript if (!secrets?.af_hostname) { return { decision: { status: 'abort', message: 'secrets.af_hostname is required.' } }; } if (!data?.jsonBody?.project_id) { return { decision: { status: 'abort', message: 'data.jsonBody.project_id is required.' } }; } // Detecting format VM or WAS const isVM = data.jsonBody?.records && Array.isArray(data.jsonBody.records); const isWAS = !isVM && data.jsonBody?.final_result && Array.isArray(data.jsonBody.final_result); if (!isVM && !isWAS) { return { decision: { status: 'abort', message: 'Unable to detect source format. Expected data.jsonBody.records (VM) or data.jsonBody.final_result (WAS).' } }; } const sourceType = isVM ? 'VM' : 'WAS'; // Normalise into flat work items const items = []; if (isVM) { for (let i = 0; i < Array.length(data.jsonBody.records); i++) { Array.push(items, { type: 'VM', record: data.jsonBody.records[i] }); } } else { // WAS: each entry in final_result is a HTTP response wrapper from the export step // The WAS report JSON, once parsed, has scan + findings at the root of the object for (let r = 0; r < Array.length(data.jsonBody.final_result); r++) { const raw = data.jsonBody.final_result[r]; let entry; entry = raw?.scan ? raw : (raw?.data || raw); const scanId = entry?.scan?.scan_id || ''; const target = entry?.scan?.target || ''; const scanStartedAt = entry?.scan?.started_at || ''; if (entry?.findings && Array.isArray(entry.findings)) { for (let i = 0; i < Array.length(entry.findings); i++) { Array.push(items, { type: 'WAS', finding: entry.findings[i], scanId: scanId, target: target, scanStartedAt: scanStartedAt }); } } } } if (Array.length(items) === 0) { return { decision: { status: 'abort', message: 'No ' + sourceType + ' items found in input data.' } }; } if (secrets.logging_level === 'debug') { Logger.debug(sourceType + ' item count: ' + Array.length(items)); } // Group by pluginId + '|' + priority const groupKeys = []; const groupVulns = []; for (let i = 0; i < Array.length(items); i++) { const item = items[i]; let pluginId; let priority; let assetName; if (item.type === 'VM') { pluginId = item.record['Plugin ID'] || '0'; priority = mapPriorityVM(item.record['Risk']); assetName = item.record['FQDN'] || item.record['Host'] || item.record['IP Address'] || 'Unknown'; } else { pluginId = item.finding.plugin_id != null ? item.finding.plugin_id + '' : '0'; priority = mapPriorityWAS(item.finding.risk_factor); assetName = item.target || item.finding.uri || 'Unknown'; } const key = pluginId + '|' + priority; // Find existing group let idx = -1; for (let g = 0; g < Array.length(groupKeys); g++) { if (groupKeys[g] === key) { idx = g; break; } } if (idx === -1) { // New group — build base vuln from this item const vuln = item.type === 'VM' ? buildVMVuln(item.record, pluginId, priority, assetName) : buildWASVuln(item.finding, item.scanId, item.target, item.scanStartedAt, pluginId, priority, assetName); const note = item.type === 'VM' ? buildVMNote(item.record, assetName) : buildWASNote(item.finding); // User can modify where note can be placed. Currently it gets pushed into Steps to Reproduce if (note) { vuln.steps_to_reproduce = vuln.steps_to_reproduce ? vuln.steps_to_reproduce + '\n' + note.note : note.note; } Array.push(groupKeys, key); Array.push(groupVulns, vuln); } else { // Existing group — add asset + evidence const vuln = groupVulns[idx]; let assetExists = false; for (let a = 0; a < Array.length(vuln.affected_assets); a++) { if (vuln.affected_assets[a].assetName === assetName) { assetExists = true; break; } } if (!assetExists) { Array.push(vuln.affected_assets, { assetName: assetName }); } const note = item.type === 'VM' ? buildVMNote(item.record, assetName) : buildWASNote(item.finding); // User can modify where note can be placed. Currently it gets pushed into Steps to Reproduce if (note) { vuln.steps_to_reproduce = vuln.steps_to_reproduce ? vuln.steps_to_reproduce + '\n' + note.note : note.note; } } } if (Array.length(groupVulns) === 0) { return { decision: { status: 'finish', message: 'No vulnerabilities to import after grouping.' } }; } if (secrets.logging_level === 'debug') { Logger.debug('Grouped ' + Array.length(items) + ' ' + sourceType + ' items into ' + Array.length(groupVulns) + ' vulnerabilities.'); } return { decision: { status: 'continue', message: 'Grouped ' + Array.length(items) + ' ' + sourceType + ' items into ' + Array.length(groupVulns) + ' vulnerabilities.' }, data: { vulns_to_import: groupVulns, total_count: Array.length(groupVulns), imported_count: 0, source_type: sourceType } }; // Functions below // VM vuln builder function buildVMVuln(record, pluginId, priority, assetName) { const title = record['Name'] || 'Untitled VM Finding'; const tags = []; if (record['CVE'] && String.length(record['CVE']) > 0) { const cves = String.split(record['CVE'], ','); for (let j = 0; j < Array.length(cves); j++) { const cve = String.trim(cves[j]); if (String.length(cve) > 0) { Array.push(tags, cve); } } } const custom_fields = [ { key: 'tenable_plugin_id', value: pluginId }, { key: 'tenable_scan_type', value: 'VM' }, { key: 'vuln_state', value: record['Vulnerability State'] || '' }, { key: 'first_found', value: record['First Found'] || '' }, { key: 'last_found', value: record['Last Found'] || '' }, { key: 'plugin_family', value: record['Plugin Family'] || '' }, { key: 'exploit_available', value: record['Exploit Available'] || 'false' }, { key: 'patch_available', value: record['Patch Available'] || 'false' } ]; if (record['CVSS3 Vector'] && String.length(record['CVSS3 Vector']) > 0) { Array.push(custom_fields, { key: 'cvss3_vector', value: record['CVSS3 Vector'] }); } if (record['CVSS3 Base Score'] && record['CVSS3 Base Score'] !== '0.0') { Array.push(custom_fields, { key: 'cvss3_base_score', value: record['CVSS3 Base Score'] }); } if (record['CVSS Base Score'] && record['CVSS Base Score'] !== '0.0') { Array.push(custom_fields, { key: 'cvss2_base_score', value: record['CVSS Base Score'] }); } const vpr = record['Vulnerability Priority Rating (VPR)']; if (vpr && vpr !== 'null' && String.length(vpr) > 0) { Array.push(custom_fields, { key: 'vpr_score', value: vpr }); } if (record['See Also'] && String.length(record['See Also']) > 0) { Array.push(custom_fields, { key: 'reference', value: record['See Also'] }); } const frameworks = []; if (record['Metasploit'] === 'true') { Array.push(frameworks, 'Metasploit'); } if (record['CANVAS'] === 'true') { Array.push(frameworks, 'CANVAS'); } if (record['Core Exploits'] === 'true') { Array.push(frameworks, 'Core Exploits'); } if (record['D2 Elliot'] === 'true') { Array.push(frameworks, 'D2 Elliot'); } if (record['ExploitHub'] === 'true') { Array.push(frameworks, 'ExploitHub'); } if (Array.length(frameworks) > 0) { Array.push(custom_fields, { key: 'exploit_frameworks', value: Array.join(frameworks, ', ') }); } let likelihood = 1; if (vpr && vpr !== 'null') { const vprScore = Number.parseFloat(vpr); if (!Number.isNaN(vprScore)) { likelihood = Math.round(vprScore); if (likelihood < 1) { likelihood = 1; } if (likelihood > 10) { likelihood = 10; } } } let solution = record['Solution'] || ''; if (solution === 'N/A' || solution === 'n/a') { solution = ''; } const is_zeroday = record['Exploit Available'] === 'true' && record['Patch Available'] !== 'true'; const vuln = { projectId: data.jsonBody?.project_id, title: title, priority: priority, description: record['Description'] || record['Synopsis'] || '', attack_scenario: '', steps_to_reproduce: buildVMSteps(record), remediation_recommendation: solution, likelihood_of_exploitation: likelihood, affected_assets: [{ assetName: assetName }], tags: tags, custom_fields: custom_fields, is_zeroday: is_zeroday, import_source: 'Tenable VM', import_source_id: 'VM-' + pluginId, created: record['First Found'] || record['Last Found'] || '', is_visible: true }; if (secrets?.import_to_library) { vuln.import_to_library = secrets.import_to_library; } return vuln; } // Per-item VM evidence note // prefixed with asset + port function buildVMNote(record, assetName) { if (record['Plugin Output'] && String.length(record['Plugin Output']) > 0) { let prefix = '[' + assetName; if (record['Port'] && record['Port'] !== '0') { prefix = prefix + ':' + record['Port']; if (record['Protocol']) { prefix = prefix + '/' + record['Protocol']; } } prefix = prefix + ']'; return { note: prefix + '\n' + record['Plugin Output'], type: 'PLAINTEXT' }; } return null; } // WAS vuln builder function buildWASVuln(finding, scanId, target, scanStartedAt, pluginId, priority, assetName) { const title = finding.name || 'Untitled WAS Finding'; let remediation = finding.solution || ''; if (remediation === 'N/A' || remediation === 'n/a') { remediation = ''; } const tags = []; if (finding.cves && Array.isArray(finding.cves)) { for (let j = 0; j < Array.length(finding.cves); j++) { const cve = String.trim(finding.cves[j]); if (String.length(cve) > 0) { Array.push(tags, cve); } } } if (finding.cwe && Array.isArray(finding.cwe)) { for (let j = 0; j < Array.length(finding.cwe); j++) { Array.push(tags, 'CWE-' + finding.cwe[j]); } } if (finding.owasp && Array.isArray(finding.owasp)) { for (let j = 0; j < Array.length(finding.owasp); j++) { const o = finding.owasp[j]; if (o && o.year && o.category) { Array.push(tags, 'OWASP-' + o.year + '-' + o.category); } } } const custom_fields = [ { key: 'tenable_plugin_id', value: pluginId }, { key: 'tenable_scan_type', value: 'WAS' }, { key: 'scan_id', value: scanId }, { key: 'target_url', value: target }, { key: 'plugin_family', value: finding.family || '' }, { key: 'plugin_publication_date', value: finding.plugin_publication_date || '' } ]; if (finding.cvssv4 !== null && finding.cvssv4 !== undefined) { Array.push(custom_fields, { key: 'cvssv4_score', value: finding.cvssv4 + '' }); } if (finding.cvssv4_vector && String.length(finding.cvssv4_vector) > 0) { Array.push(custom_fields, { key: 'cvssv4_vector', value: finding.cvssv4_vector }); } if (finding.cvssv3 !== null && finding.cvssv3 !== undefined) { Array.push(custom_fields, { key: 'cvssv3_score', value: finding.cvssv3 + '' }); } if (finding.cvssv3_vector && String.length(finding.cvssv3_vector) > 0) { Array.push(custom_fields, { key: 'cvssv3_vector', value: finding.cvssv3_vector }); } if (finding.cvss !== null && finding.cvss !== undefined) { Array.push(custom_fields, { key: 'cvss2_score', value: finding.cvss + '' }); } if (finding.cvss_vector && String.length(finding.cvss_vector) > 0) { Array.push(custom_fields, { key: 'cvss2_vector', value: finding.cvss_vector }); } if (finding.see_also && Array.isArray(finding.see_also) && Array.length(finding.see_also) > 0) { Array.push(custom_fields, { key: 'reference', value: Array.join(finding.see_also, '\n') }); } if (finding.wasc && Array.isArray(finding.wasc) && Array.length(finding.wasc) > 0) { Array.push(custom_fields, { key: 'wasc', value: Array.join(finding.wasc, ', ') }); } if (finding.input_name && String.length(finding.input_name) > 0) { Array.push(custom_fields, { key: 'input_name', value: finding.input_name }); } if (finding.input_type && String.length(finding.input_type) > 0) { Array.push(custom_fields, { key: 'input_type', value: finding.input_type }); } let likelihood = 1; const cvssScore = finding.cvssv4 !== null && finding.cvssv4 !== undefined ? finding.cvssv4 : finding.cvssv3 !== null && finding.cvssv3 !== undefined ? finding.cvssv3 : finding.cvss !== null && finding.cvss !== undefined ? finding.cvss : null; if (cvssScore !== null) { likelihood = Math.round(cvssScore); if (likelihood < 1) { likelihood = 1; } if (likelihood > 10) { likelihood = 10; } } const vuln = { projectId: data.jsonBody?.project_id, title: title, priority: priority, description: finding.description || finding.synopsis || '', attack_scenario: '', steps_to_reproduce: buildWASSteps(finding), remediation_recommendation: remediation, likelihood_of_exploitation: likelihood, affected_assets: [{ assetName: assetName }], tags: tags, custom_fields: custom_fields, is_zeroday: false, import_source: 'Tenable WAS', import_source_id: 'WAS-' + pluginId, created: scanStartedAt, is_visible: true }; if (secrets?.import_to_library) { vuln.import_to_library = secrets.import_to_library; } return vuln; } // WAS evidence note function buildWASNote(finding) { const parts = []; const uri = finding.uri || ''; if (String.length(uri) > 0) { Array.push(parts, '[' + uri + ']'); } if (finding.output && String.length(finding.output) > 0) { Array.push(parts, finding.output); } if (finding.proof && String.length(finding.proof) > 0) { Array.push(parts, 'Proof: ' + finding.proof); } if (finding.request_headers && String.length(finding.request_headers) > 0) { Array.push(parts, 'Request Headers:\n' + finding.request_headers); } if (finding.response_headers && String.length(finding.response_headers) > 0) { Array.push(parts, 'Response Headers:\n' + finding.response_headers); } if (finding.payload && String.length(finding.payload) > 0) { Array.push(parts, 'Payload: ' + finding.payload); } if (Array.length(parts) > 0) { return { note: Array.join(parts, '\n'), type: 'PLAINTEXT' }; } return null; } // Steps-to-reproduce function buildVMSteps(record) { const parts = []; if (record['OS'] && String.length(record['OS']) > 0) { Array.push(parts, 'OS: ' + record['OS']); } if (record['Port'] && record['Port'] !== '0') { let portLine = 'Port: ' + record['Port']; if (record['Protocol'] && String.length(record['Protocol']) > 0) { portLine = portLine + '/' + record['Protocol']; } Array.push(parts, portLine); } return Array.join(parts, '\n'); } function buildWASSteps(finding) { const parts = []; if (finding.uri && String.length(finding.uri) > 0) { Array.push(parts, 'URL: ' + finding.uri); } if (finding.input_name && String.length(finding.input_name) > 0) { let inputLine = 'Input: ' + finding.input_name; if (finding.input_type && String.length(finding.input_type) > 0) { inputLine = inputLine + ' (' + finding.input_type + ')'; } Array.push(parts, inputLine); } return Array.join(parts, '\n'); } // ── Priority helpers ── function mapPriorityVM(risk) { if (risk === 'Critical') { return 'Critical'; } else if (risk === 'High') { return 'High'; } else if (risk === 'Medium') { return 'Medium'; } else if (risk === 'Low') { return 'Low'; } return 'Info'; } function mapPriorityWAS(risk_factor) { if (risk_factor === 'critical') { return 'Critical'; } else if (risk_factor === 'high') { return 'High'; } else if (risk_factor === 'medium') { return 'Medium'; } else if (risk_factor === 'low') { return 'Low'; } return 'Info'; } ``` **Action 2 - Import Vulnerabilities** * **Method**: POST * **URL**: https\://{{af\_hostname}}/api/ss/vulnerability * **Headers**: * Key = Content-Type; Type = Value; Value = application/json * Key = X-SSAPI-KEY; Type = Secret; Value = af\_key * **Request Script**: ```javascript if (!data?.vulns_to_import || data.vulns_to_import && Array.length(data.vulns_to_import) === 0) { return { decision: { status: 'next', message: 'No vulnerabilities to import. Skipping.' }, data: data }; } const vuln = data.vulns_to_import[0]; const remaining = Array.length(data.vulns_to_import) - 1; if (secrets.logging_level === 'debug') { Logger.debug('Importing grouped vulnerability: ' + (vuln.title || 'Untitled') + ' (' + Array.length(vuln.affected_assets) + ' asset(s)). ' + remaining + ' remaining.'); } return { decision: { status: 'continue', message: 'Importing vulnerability (' + (data.imported_count + 1) + '/' + data.total_count + '): ' + (vuln.title || 'Untitled') }, request: { url: 'https://' + secrets.af_hostname + '/api/ss/vulnerability', body: vuln }, data: data }; ``` * **Response Script**: ```javascript if (response?.statusCode !== 200) { if (secrets.logging_level === 'debug') { Logger.debug('Import error response: ', JSON.stringify(response)); } return { decision: { status: 'abort', message: 'Error importing vulnerability. Status code: ' + (response?.statusCode || 'unknown') + '. Imported so far: ' + (data?.imported_count || 0) + '/' + (data?.total_count || 0) } }; } if (data?.vulns_to_import) { Array.splice(data.vulns_to_import, 0, 1); } if (data?.imported_count) { data.imported_count = (data.imported_count || 0) + 1; } if (secrets.logging_level === 'debug') { Logger.debug('Vulnerability imported successfully. Progress: ' + data?.imported_count + '/' + data?.total_count); } if (data?.vulns_to_import && Array.length(data.vulns_to_import) > 0) { return { decision: { status: 'repeat', message: 'Imported (' + data?.imported_count + '/' + data?.total_count + '). Processing next vulnerability.' }, data: data }; } return { decision: { status: 'finish', message: 'All grouped vulnerabilities imported successfully. Total: ' + data?.imported_count }, data: data }; ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.attackforge.com/attackforge-enterprise/modules/flows/tenable.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.