Poespas Blog

Filter Like a Pro: Harnessing the Power of Tenable Nebula API Queries for Scan Result Filtering

Introducing Tenable Nebula and API Filtering

Tenable Nebula is a next-generation vulnerability management platform that provides unparalleled visibility into an organization’s security posture. One of its most powerful features is the ability to query scan results programmatically using APIs. In this article, we’ll explore how to harness the power of Tenable Nebula API queries to filter scan results like a pro.

What are API Queries?

API (Application Programming Interface) queries allow you to interact with Tenable Nebula’s database using custom programming scripts. By leveraging API queries, you can retrieve specific data points from your scans, such as vulnerability information, asset details, or compliance status. This enables you to create tailored workflows that meet the unique needs of your organization.

Why Filter Scan Results?

Filtering scan results is essential for effective vulnerability management. By isolating specific threats or assets, you can prioritize remediation efforts, reduce noise, and focus on critical issues that require immediate attention. API queries provide a scalable and efficient way to filter large datasets, making it easier to manage complex security environments.

Filtering Scan Results with Tenable Nebula API Queries

To filter scan results using Tenable Nebula API queries, you’ll need to follow these steps:

1. Authenticate: Begin by authenticating with the Tenable Nebula API using your credentials.
2. Specify Filters: Define the filters you want to apply to your scan results. This can include parameters such as vulnerability severity, asset type, or compliance status.
3. Execute Query: Use the GET method to execute the API query and retrieve filtered scan results.

Example Code Snippet

Here’s an example code snippet in Python that demonstrates how to filter Tenable Nebula scan results using API queries:

import requests
import json
# Authenticate with Tenable Nebula API
auth_url = "https://your-tenable-nebula-instance.com/api/v1/login"
auth_data = {
    "username": "your_username",
    "password": "your_password"
}
response = requests.post(auth_url, data=auth_data)
access_token = response.json()["access_token"]
# Specify filters
filter_severity = "high"
filter_asset_type = "server"
# Execute API query to filter scan results
filter_url = f"https://your-tenable-nebula-instance.com/api/v1/scans/{scan_id}/results?filter[severity]={filter_severity}&filter[assetType]={filter_asset_type}"
response = requests.get(filter_url, headers={"Authorization": f"Bearer {access_token}"])
# Parse JSON response
filtered_results = response.json()["results"]
# Print filtered results
for result in filtered_results:
    print(result["vulnerability"]["id"], result["vulnerability"]["severity"])

In this example code snippet, we authenticate with the Tenable Nebula API using our credentials and then specify filters to isolate high-severity vulnerabilities on server assets. We execute an API query to retrieve filtered scan results and parse the JSON response to print the IDs and severities of the filtered vulnerabilities.
By harnessing the power of Tenable Nebula API queries, you can streamline your vulnerability management workflow, reduce noise, and focus on critical issues that require immediate attention. Remember to always follow best practices for authentication, filtering, and data handling when working with APIs to ensure secure and reliable results.