Skip to content

A script that integrates Tenable vulnerabilities into Cisco FMC

Notifications You must be signed in to change notification settings

ArmsSec/Cisco-FMC-Tenable

Repository files navigation

Summary

This tool uses both python and perl to establish communications with Tenable.SC and FMC to add vulnerability scan data (from Tneable SS) to the Host profile in FMC.
It is inspired by project https://github.com/QuiLoxx/ATS-APIs/tree/master/firepower/neipatel_securityCenter-HostInput/v1 and https://github.com/CiscoDevNet/Firepower-Host-Input-API-connecters
Initial project was not updated in a few years and there were some changes on the Tenable.SC API functionality
pyTenable is intended to be a pythonic interface into the Tenable application APIs: https://github.com/tenable/pyTenable
The tool is using the ScanFlush command to upload the vulnerabilities into FMC, that means it will replace any previous vulnerabilities uploaded before.(this will include also manual vulnerabilities uploaded into FMC)



Files
import_vuln.py


Dependencies

from tenable.sc import TenableSC
import subprocess
import ConfigParser

Usage
The script is fed by one user configurable file: “config.cfg” These are the variables used to define the details of the Security Center and FMC that will be used
Fo username and password it is best to read them from environment variables or in a .env file:

[UserVariables]
username = <security center username>
password = <security center password>
address = <security center IP/Hostname>
debug = True
ip_range = 10.0.0.0/8
page_size = 100
fmc = 192.168.207.135
delay = <time in seconds between update runs>
quiet = <True or False, defines if command output is noisy or quiet>

EXAMPLE CONFIG FILE
[UserVariables]
address = securitycenter.acme.com
debug = False
ip_range = 192.168.1.0/24
page_size = 100
fmc = fmc.acme.com
delay = 1200
quiet = True

It is recommended to leave the debug parameter true to help with troubleshooting if you were to have issues.
Before running the following command ensure that all prerequisites are met and the *.pcks12 file from the FMC is in the same directory. To run the tool simply execute:

Steps
Create a Build Environment (optional)

First, ensure Python is in $PATH, then run:
# Clone the repo
git clone https://github.com/ArmsSec/Cisco-FMC-Tenable
cd Cisco-FMC-Tenable

# Create a virtual environment and activate it
python -m venv env
source env/bin/activate

# Install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt

The username and password should be stored in environment variables or in a .env file:
For environment variables:

export username=myusername
export password=mysecretpassword
OR
export TACK = xxxxxxxxxxxxxxxx
export TSCK = yyyyyyyyyyyyyyyyy

OR create a file just like config and include the keys
access_key=TACK, secret_key=TSCK

Run the tool
python import_vuln.py

or

./import_vuln.py

About

A script that integrates Tenable vulnerabilities into Cisco FMC

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published