-
Notifications
You must be signed in to change notification settings - Fork 26
"tag" command
Tagging is a key component of a Risk Based vulnerability management program. Using navi you can automate tagging based on plugin information or even an existing tag. Furthermore, you can continue to add to tags to create a nested tag structure. This tagging functionality and use cases are beyond the scope of this documentation.
- --c TEXT --> Create a Tag with this Category - Required
- --v TEXT --> Create a Tag with this Value - Required
- --d TEXT --> Create a description for your Tag - Optional (TEXT"
- --plugin TEXT --> Define a Tag by a plugin ID - Optional (TEXT)
- --name TEXT --> Define a tag by text found in a plugin Name - Optional (TEXT)
- --group TEXT --> Define a tag by a Agent Group Name - Optional (TEXT)
- --output TEXT --> Create a Tag based on the text in the output. Requires --plugin
- --port TEXT --> Create a Tag based on Assets that have a port open
- --file TEXT --> Create a Tag based on IPs in a CSV file
- --scantime TEXT --> Create a Tag for assets that took longer than supplied minutes
- --cc TEXT --> Add a Tag to a new parent tag: Child Category
- --cv TEXT --> Add a Tag to a new parent tag: Child Value
- --scanid TEXT --> Create a tag based on a scan ID
- --pipe TEXT --> Create a Tag based on a pipe from a 'navi find query -pipe'
- --query TEXT --> Use a custom query to create a tag
navi tag --c "My Category" --v "My Value" --d "My description" --plugin 93561
navi tag --c "Application Vulns" --v "Java vulns" --name java
navi tag --c "Agent Group" --v "Linux Agents" --group "Linux"
navi tag --c "Corp Agents" --v "Agent Groups" --cc "Agent Group" --cv "Linux Agents"
navi tag --c "Business Unit A" --v "Daily Scan - Prod" --scanid 1234
navi tag --c "My custom" --v "Query Tag" --query "select uuid from assets where aes >= 700;"
The 'pipe' command allows you to write your own quires to the navi DB and push the results into a tag. The '-pipe' option in the 'find query' command returns the results as a list. There is no error correction so you should only be looking for 'asset_uuid' in the vulns table, or 'uuid' in the assets table. Use the where command in your SQL query to define what assets should be returned.
The '--pipe' option in the 'tag' command accepts a list. Using the linux backtic we can combine the two commands to use navi to our delight.
Use Case: Tag all assets with a Critical Vulnerability - "Severity Tags: Critical"
navi tag --c "Severity Tags" --v "Critical" --pipe "`navi find query -pipe "select asset_uuid from vulns where severity='critical';"`"
Use Case: Tag a single asset
navi tag --c "Ownership" --v "Joe's Asset" --pipe "['c1ddce93-82d0-4a9c-a968-08c41ad99edd']"
The pipe command is limited to 2000 uuids and in versions after 6.5.22 is replaced by the '--query' command.
navi tag --c "Severity" --v "Critical" --query "select asset_uuid from vulns where severity='critical';"
If you created a new Tag you will need to run an update on the assets to download the new Tag relationships. This is especially important if you want to export using your newly created tag. Give Tenable.io 90 seconds to process the tag before updating the database.
navi update assets
There were a few limitations to tagging in releases prior to 6.4.14. All known tagging limitations have been removed