Open in app

Sign in

Write

Sign in

Automate Agent Group Tagging in Tenable.io

Casey Reid a.k.a Packet Chaos
2 min readApr 4, 2023

--

I was explaining to my son that caterpillars become butterflies and that it’s one of naturals marvels; and I can’t think of a better metaphor for Agent groups turning into Tags than a caterpillar turning into a butterfly. Thankfully turning all of your agent groups into tags will take minutes not weeks.

Tags are the most important part of the Tenable One Platform because they illuminate risk in an asset and finding rich environment. The more assets you are trying to protect the more important Tags become.

In contrast, agent groups are a type of asset grouping but only designed for distributing and controlling agent scans.

In the article “Tagging Agents by Agent Group in Tenable.io” , I detailed how navi creates tags based off of Agent groups. The article is focused on use cases where you only want a portion of your agent groups tagged. But what if you wanted them all?

Introducing the Agent Group Tagging Service. This is a script that is wrapped in a docker container for ease of deployment. It’s part of a new Project I started called navi services.

Check out the overview: “Navi Services — Automate Vulnerability Management tasks with Docker and pytenable”

How do I automate this?

After installing Docker, it’s a simple command.

The docker container runs a script that uses pytenable to enumerate all agent group names and then uses navi to tag each asset by agent group. The script follows the docker command.

Docker Command

docker run -d -e access_key="your access key" -e secret_key="your secret key" packetchaos/agent_group_tags

Under the Hood

from os import system as cmd
import sys
import time
from tenable.io import TenableIO
start = time.time()

access_key = str(sys.argv[1])
secret_key = str(sys.argv[2])

url = "https://cloud.tenable.com"

tio = TenableIO(access_key, secret_key, vendor='Casey Reid', product='navi', build="Agent Group Tags - 0.0.1")

# Replace 'access_key and secret_key with your keys
cmd('navi keys --a "{}" --s "{}"'.format(access_key, secret_key))

# Update the navi database for tagging on vulns
cmd('navi update full')


def grab_headers():
    return {'Content-type': 'application/json', 'user-agent': 'Navi-Agent-Group-tags', 'X-ApiKeys': 'accessKey=' + access_key + ';secretKey=' + secret_key}


# Get Agent Groups using pytenable
agent_raw_data = tio.agent_groups.list(scanner_id=0)

# Cycle through each agent group name
for groups in agent_raw_data:
    group_name = groups['name']

    print("Tagging assets in Agent Group: {}\n".format(group_name))

    # Use Navi to tag Assets by Agent group
    cmd('navi tag --c "Agent Group" --v "{}" --group "{}"'.format(group_name, group_name))


finish = time.time()

total = finish - start
mins = total/60

print("The Script took {} seconds or {} minutes".format(total, mins))

I hope this helps bring visibility into an already important asset grouping!

Automate all of the things!

--

--

Casey Reid a.k.a Packet Chaos
Casey Reid a.k.a Packet Chaos

Written by Casey Reid a.k.a Packet Chaos

65 Followers
28 Following

I'm a perpetually curious avid learner and athletic hacker/tinker who dabbles in python development, tenable integrations, philosophy, and writing

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams