Tripwire IP360 Connector provides an enterprise-class vulnerability management solution, whose vulnerability prioritization is more precise than basic scoring. It ranks vulnerabilities with a numeric score based on impact, ease of exploit, and age. Its unique fingerprinting technology limits scans to relevant device and application types.
This document provides information about the Tripwire IP360 connector, which facilitates automated interactions with a Tripwire IP360 server using FortiSOAR™ playbooks. Add the Tripwire IP360 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a new scan configuration for scanning on Tripwire IP360, retrieving available scan configurations from Tripwire IP360, and creating a new scan profile on Tripwire IP360.
Connector Version: 1.0.0
FortiSOAR™ Versions Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-tripwire-ip360
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Tripwire IP360 connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Tripwire IP360 server to which you will connect and perform the automated operations. |
Username | Username configured for your account to access the Tripwire IP360 server to which you will connect and perform the automated operations |
Password | Password configured for your account to access the Tripwire IP360 server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Configure New Scan | Adds a new scan configuration for scanning on Tripwire IP360. | add_new_scan Investigation |
Get Scan Configurations | Retrieves all scan configurations or a specific scan configuration, based on the search text you have specified, from Tripwire IP360. | get_scans Investigation |
Update Scan Configuration | Updates an existing scan configuration, based on the scan name and other input parameters you have specified, on Tripwire IP360. | update_scan_config Investigation |
Delete Scan Configuration | Deletes a scan configuration, based on the scan name you have specified, from Tripwire IP360. | delete_scans Investigation |
Create Scan Profile | Creates a new scan profile for scanning on Tripwire IP360. | create_scan_profile Investigation |
Get Scan Profiles | Retrieves all scan profiles or a specific scan profile, based on the search text you have specified, from Tripwire IP360. | get_scan_profiles Investigation |
Update Scan Profile | Updates an existing scan profile, based on the scan name and other input parameters you have specified, on Tripwire IP360. | update_scan_profile Investigation |
Delete Scan Profile | Deletes a scan profile, based on the profile name you have specified, from Tripwire IP360. | delete_scan_profiles Investigation |
Create Network | Creates a new network on Tripwire IP360. | create_network Investigation |
Get Networks | Retrieves information for all networks from Tripwire IP360. | get_networks Investigation |
Update Network | Updates an existing network based on the network name and other input parameters you have specified, on Tripwire IP360. | update_network Investigation |
Delete Network | Deletes a network, based on the network name you have specified, from Tripwire IP360. | delete_network Investigation |
Start Scan | Starts a scan on Tripwire IP360. | start_scan Investigation |
Cancel Scan | Cancels an ongoing scan on Tripwire IP360. | cancel_scan Investigation |
Pause Scan | Pauses an ongoing scan on Tripwire IP360. | pause_scan Investigation |
Resume Scan | Resumes a paused scan on Tripwire IP360. | resume_scan Investigation |
Get Vulnerabilities | Retrieves all vulnerabilities or a specific vulnerability based on the search text and other input parameters you have specified, from Tripwire IP360. | get_vulnerabilities Investigation |
Run Agent | Runs an axon agent for system data collection on Tripwire IP360. | run_agent Investigation |
Get Agents | Retrieves information for all axon agents or a specific axon agent, based on the search text and other input parameters you have specified, from Tripwire IP360. | get_agent Investigation |
Get Assets | Retrieves information for all assets or a specific asset based on the search text and other input parameters you have specified, from Tripwire IP360. | get_assets Investigation |
Get Audits | Retrieves information for all audits (scan activity details) or a specific audit based on the search text and other input parameters you have specified, from Tripwire IP360. | get_audits Investigation |
Parameter | Description |
---|---|
Name | Name of the scan that you want to create on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Scan Profile | Scan profile used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the profile from the available profiles such as, Tripwire: Standard Profile, Tripwire: Host Inventory, Tripwire: Agent-only, which are listed in the Scan Profile drop-down list. |
Network | Network used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the network from the available networks, which are listed in the Network drop-down list. |
Appliance Pool | Appliance Pool used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the appliance pool from the available appliance pools, which are listed in the Appliance Pool drop-down list. |
On Demand | Select the On Demandcheckbox, i.e., set it to True , if you want set the scan type as On Demand.By default, it is checked, i.e., it is set as True .If True is selected from the On Demand drop-down box, then the Schedule Start drop-down box is displayed and if you select True from the Schedule Start drop-down box, i.e., if you want to create the new scan as a scheduled scan then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{ "name": "", "url": "", "schedule_failed": "", "is_debug": "", "scan_end_datetime": "", "pool": "", "fault_string": "", "scan_profile": "", "scan_start_datetime": "", "range": "", "network": "", "rejected": "", "audit": "" }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter scan configurations from Tripwire IP360. If you do not specify any search content, then all available scan configurations are retrieved from Tripwire IP360. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "name": "", "active": "", "status": "", "on_demand": "", "network": { "url": "", "name": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }, "scan_profile": { "url": "", "name": "", "active": "", "system": "", "discovery_tcp_ports": [], "discovery_tcp": "", "discovery_udp": "", "discovery_udp_ports": "", "discovery_icmp": "", "host_config_check": "", "background_port_scan": "", "background_port_scan_rate": "", "fingerprint_scan": "", "fingerprint_scan_legacy": "", "app_scan": "", "app_scan_limited": "", "app_scan_extensive": "", "udp_scan": "", "tcp_scan": "", "udp_scan_ports_exclude": "", "udp_scan_ports_include": [], "udp_scan_ports_only": "", "tcp_scan_ports_only": "", "tcp_scan_ports_include": [], "tcp_scan_ports_exclude": "", "vuln_scan": "", "vuln_scan_adjusted": "", "vuln_scan_adjusted_type": "", "vuln_scan_adjusted_vulns": [], "app_scan_adjusted": "", "app_scan_adjusted_type": "", "app_scan_adjusted_apps": [], "webapp_scan": "", "webapp_recursion_limit": "", "webapp_page_limit": "", "credentials_webhttp": "", "credentials_webform": "", "credentials_ssh": "", "credentials_smb": "", "credentials_snmp": "", "rules_auth_attempt": "", "rules_custom": "", "rules_intrusive": "", "rules_verified": "", "scap_scan": "", "scap_scan_policies": [], "rate_limit": "", "traversal_random": "", "schedule": "", "agent_only": "" }, "pool": { "url": "", "name": "", "generated": "", "notes": "", "appliances": [ { "url": "", "name": "", "ip_address": "", "authentication_key": "", "is_local": "", "software_version": "", "aap_uuid": "", "aspl_version": "", "cloud": "", "error": "", "reboot_pending": "", "last_reboot": "", "last_update": "", "last_update_seconds": "", "is_up": "", "default_soft_connection_limit": "", "soft_connection_limit": "", "hard_connection_limit": "", "hardware_type": "", "dns_servers": [], "interfaces": [ { "name": "", "ip_address": "" } ], "aap_is_up": "", "aap_timestamp": "", "aap_agent_count": "" } ], "allow_agent_processing": "" }, "last_completed_datetime": "", "next_scan_time": "", "next_scan_immediate": "", "fault_string": "" } ] }
Parameter | Description |
---|---|
Scan Name | Name of the scan that you want to update on the Tripwire IP360 server. |
New Name | New name of the existing scan that you want to update on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . You can change the status of the specified existing scan. |
Scan Profile | Scan profile used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the profile from the available profiles such as, Tripwire: Standard Profile, Tripwire: Host Inventory, Tripwire: Agent-only, which are listed in the Scan Profile drop-down list. |
Network | Network used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the network from the available networks, which are listed in the Network drop-down list. |
Appliance Pool | Appliance Pool used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the appliance pool from the available appliance pools, which are listed in the Appliance Pool drop-down list. |
On Demand | Select the On Demandcheckbox, i.e., set it to True , if you want set the scan type as On Demand. By default, it is checked, i.e., it is set as True . |
Schedule Start | (Optional) You can change the scheduled start of the specified existing scheduled scan configuration. If you select True from the Schedule Start drop-down box, i.e., if you want to update the existing specified scan as a scheduled scan then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{ "url": "", "name": "", "active": "", "network": "", "scan_profile": "", "pool": "", "last_completed_datetime": "", "next_scan_immediate": "", "next_scan_time": "", "fault_string": "" }
Parameter | Description |
---|---|
Scan Name | Name of the scan whose configuration you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted scan configuration
if the scan configuration is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Name | Name of the scan profile that you want to create on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan profile to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Agent Only Scan | Select the Agent Only Scan checkbox, i.e., set it to True , if you want the scan profile to include all assets with agents installed regardless of network.By default, it is not checked, i.e., it is set as False . |
Credentials | Credential type for the scan profile that you want to create on the Tripwire IP360 server. You can choose from the following options: Windows, SSH, SNMP, HTTP, or Web Form. |
Application Scan | Select the Application Scan checkbox, i.e., set it to True , if you want the scan profile to include an application scan.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan | Select the Vulnerability Scan checkbox, i.e., set it to True , if you want the scan profile to include a vulnerability scan.By default, it is checked, i.e., it is set as True . |
Web Application Scan | Select the Web Application Scan checkbox, i.e., set it to True , if you want the scan profile to include a web application scan.By default, it is checked, i.e., it is set as True . |
Webapp Recursion Limit | (Optional) Webapp recursion limit to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Webapp Page Limit | (Optional) Webapp page limit to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Discovery Scans | Scan type to be used for the scan profile that you want to create on the Tripwire IP360 server. You can choose from the following options: OS Fingerprinting, Legacy OS Fingerprinting, Ping Scan, TCP Port Scan, or UDP Port Scan. |
Discovery TCP Ports | (Optional) TCP port list to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Discovery UDP Ports | (Optional) UDP port list to be set for the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Only | (Optional) Restrict scanning of TCP ports to only the list specified in this field for the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Include | (Optional) List of TCP scan ports to be included in the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Exclude | (Optional) List of TCP scan ports to be excluded from the scan profile that you want to create on the Tripwire IP360 server. |
UDP Scan Ports Include | (Optional) List of UDP scan ports to be included in the scan profile that you want to create on the Tripwire IP360 server. |
UDP Scan Ports Exclude | (Optional) List of UDP scan ports to be excluded from the scan profile that you want to create on the Tripwire IP360 server. |
Background Port Detection | Select the Background Port Detection checkbox, i.e., set it to True , if you want the scan profile to include running of additional full port detection scans in the background to detect open ports not included in current scans. Discovered ports will automatically be used in future scans.By default, it is not checked, i.e., it is set as False . |
Background Port Rate Limit | (Optional) Only applicable if you have selected the Background Port Detection option. Ports per second to be checked during full port detection scans in the background. |
Scap Scan | Select the Scap Scan checkbox, i.e., set it to True , if you want the scan profile to include a scap scan.By default, it is not checked, i.e., it is set as False . |
Scap Scan Policies | (Optional) Only applicable if you have selected the >Scap Scan option. List of scap scan policies to be included in the scap scan. |
Fast Application Scan | Select the Fast Application Scan checkbox, i.e., set it to True , if you want to scan only the applications associated with the selected vulnerabilities.By default, it is not checked, i.e., it is set as False . |
IP Traversal | (Optional) Type of IP Traversal to be included in the scan profile that you want to create on the Tripwire IP360 server. You can choose between Random or Sequential. |
Host Configuration Check | Select the Host Configuration Check checkbox, i.e., set it to True , if you want to include a host configuration check in the scan profile that you want to create on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Extensive Application Scan | Select the Extensive Application Scan checkbox, i.e., set it to True , if you want to include an extensive application scan in the scan profile that you want to create on the Tripwire IP360 server.By default, it is not checked, i.e., it is set as False . |
Rules Verified | (Optional) All predefined rules, including customer-created rules will be flagged in the scan profile according to the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rules Intrusive | (Optional) Rules are run against lab systems will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Custom Rules | (Optional) Rules that are created by a user will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rate Limit | (Optional) Rate limit for scanning to be included in the scan profile. |
Vulnerability Scan Adjusted | Select the Vulnerability Scan Adjusted checkbox, i.e., set it to True , if you want to scan only for applications associated with the selected vulnerabilities in the scan profile that you want to create on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . If Vulnerability Scan Adjusted checkbox is checked, i.e., set it to True, then the following fields are displayed, whose parameters you can set:
|
The output contains the following populated JSON schema:
{ "name": "", "url": "", "active": "", "system": "", "discovery_tcp_ports": [], "discovery_tcp": "", "discovery_udp": "", "discovery_udp_ports": "", "discovery_icmp": "", "host_config_check": "", "background_port_scan": "", "background_port_scan_rate": "", "fingerprint_scan": "", "fingerprint_scan_legacy": "", "app_scan": "", "app_scan_limited": "", "app_scan_extensive": "", "udp_scan": "", "tcp_scan": "", "udp_scan_ports_exclude": "", "udp_scan_ports_include": [], "udp_scan_ports_only": "", "tcp_scan_ports_only": "", "tcp_scan_ports_include": [ "5" ], "tcp_scan_ports_exclude": "", "vuln_scan": "", "vuln_scan_adjusted": "", "vuln_scan_adjusted_type": "", "vuln_scan_adjusted_vulns": [], "app_scan_adjusted": "", "app_scan_adjusted_type": "", "app_scan_adjusted_apps": [], "webapp_scan": "", "webapp_recursion_limit": "", "webapp_page_limit": "", "credentials_webhttp": "", "credentials_webform": "", "credentials_ssh": "", "credentials_smb": "", "credentials_snmp": "", "rules_auth_attempt": "", "rules_custom": "", "rules_intrusive": "", "rules_verified": "", "scap_scan": "", "scap_scan_policies": [], "rate_limit": "", "traversal_random": "", "schedule": "", "agent_only": "" }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter scan profiles from Tripwire IP360. If you do not specify any search content, then all available scan profiles are retrieved from Tripwire IP360. |
The output contains the following populated JSON schema:
{ "previous": "", "results": [ { "url": "", "window_enabled": "", "window_start": "", "timezone": "", "days": "", "window_end": "", "weekdays": "", "frequency_period": "", "frequency_max": "", "weeks": "", "name": "" } ], "next": "", "count": "" }
Parameter | Description |
---|---|
Profile Name | Name of the scan profile that you want to update on the Tripwire IP360 server. |
Name | New name of the existing scan profile that you want to update on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan profile to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Agent Only Scan | Select the Agent Only Scan checkbox, i.e., set it to True , if you want the scan profile to include all assets with agents installed regardless of network.By default, it is not checked, i.e., it is set as False . |
Credentials | Credential type for the scan profile that you want to update on the Tripwire IP360 server. You can choose from the following options: Windows, SSH, SNMP, HTTP, or Web Form. |
Application Scan | Select the Application Scan checkbox, i.e., set it to True , if you want the scan profile to include an application scan.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan | Select the Vulnerability Scan checkbox, i.e., set it to True , if you want the scan profile to include a vulnerability scan.By default, it is checked, i.e., it is set as True . |
Web Application Scan | Select the Web Application Scan checkbox, i.e., set it to True , if you want the scan profile to include a web application scan.By default, it is checked, i.e., it is set as True . |
Webapp Recursion Limit | (Optional) Webapp recursion limit to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Webapp Page Limit | (Optional) Webapp page limit to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Discovery Scans | Scan type to be used for the scan profile that you want to update on the Tripwire IP360 server. You can choose from the following options: OS Fingerprinting, Legacy OS Fingerprinting, Ping Scan, TCP Port Scan, or UDP Port Scan. |
Discovery TCP Ports | (Optional) TCP port list to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Discovery UDP Ports | (Optional) UDP port list to be set for the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Only | (Optional) Restrict scanning of TCP ports to only the list specified in this field for the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Include | (Optional) List of TCP scan ports to be included in the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Exclude | (Optional) List of TCP scan ports to be excluded from the scan profile that you want to update on the Tripwire IP360 server. |
UDP Scan Ports Include | (Optional) List of UDP scan ports to be included in the scan profile that you want to update on the Tripwire IP360 server. |
UDP Scan Ports Exclude | (Optional) List of UDP scan ports to be excluded from the scan profile that you want to update on the Tripwire IP360 server. |
Background Port Detection | Select the Background Port Detection checkbox, i.e., set it to True , if you want the scan profile to include running of additional full port detection scans in the background to detect open ports not included in current scans. Discovered ports will automatically be used in future scans.By default, it is not checked, i.e., it is set as False . |
Background Port Rate Limit | (Optional) Only applicable if you have selected the Background Port Detection option. Ports per second to be checked during full port detection scans in the background. |
Scap Scan | Select the Scap Scan checkbox, i.e., set it to True , if you want the scan profile to include a scap scan.By default, it is not checked, i.e., it is set as False . |
Scap Scan Policies | (Optional) Only applicable if you have selected the >Scap Scan option. List of scap scan policies to be included in the scap scan. |
Fast Application Scan | Select the Fast Application Scan checkbox, i.e., set it to True , if you want to scan only the applications associated with the selected vulnerabilities.By default, it is not checked, i.e., it is set as False . |
IP Traversal | (Optional) Type of IP Traversal to be included in the scan profile that you want to update on the Tripwire IP360 server. You can choose between Random or Sequential. |
Host Configuration Check | Select the Host Configuration Check checkbox, i.e., set it to True , if you want to include a host configuration check in the scan profile that you want to update on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Extensive Application Scan | Select the Extensive Application Scan checkbox, i.e., set it to True , if you want to include an extensive application scan in the scan profile that you want to update on the Tripwire IP360 server.By default, it is not checked, i.e., it is set as False . |
Rules Verified | (Optional) All predefined rules, including customer-created rules will be flagged in the scan profile according to the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rules Intrusive | (Optional) Rules are run against lab systems will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Custom Rules | (Optional) Rules that are created by user will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rate Limit | (Optional) Rate limit for scanning to be included in the scan profile. |
Vulnerability Scan Adjusted | Select the Vulnerability Scan Adjusted checkbox, i.e., set it to True , if you want to scan only for applications associated with the selected vulnerabilities in the scan profile that you want to update on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan Adjusted Type | (Optional) Applicable only if you have selected the Vulnerability Scan Adjusted checkbox. Set the type as excluded or only . |
Vulnerability Scan Adjusted Vulns | (Optional) Applicable only if you have selected the Vulnerability Scan Adjusted checkbox. Specify the list of vulnerabilities to check. |
The output contains the following populated JSON schema:
{ "credentials_webform": "", "webapp_page_limit": "", "rules_custom": "", "app_scan_limited": "", "active": "", "traversal_random": "", "udp_scan": "", "app_scan_adjusted": "", "credentials_snmp": "", "discovery_tcp": "", "app_scan": "", "vuln_scan_adjusted_vulns": [], "discovery_icmp": "", "tcp_scan_ports_include": [], "app_scan_adjusted_apps": [], "discovery_tcp_ports": [], "system": "", "fingerprint_scan_legacy": "", "app_scan_extensive": "", "vuln_scan": "", "discovery_udp": "", "rules_verified": "", "udp_scan_ports_include": "", "agent_only": "", "credentials_smb": "", "schedule": "", "credentials_ssh": "", "udp_scan_ports_exclude": "", "rate_limit": "", "host_config_check": "", "tcp_scan": "", "tcp_scan_ports_exclude": "", "background_port_scan_rate": "", "credentials_webhttp": "", "rules_intrusive": "", "vuln_scan_adjusted_type": "", "scap_scan_policies": [], "rules_auth_attempt": "", "vuln_scan_adjusted": "", "url": "", "udp_scan_ports_only": [], "app_scan_adjusted_type": "", "scap_scan": "", "tcp_scan_ports_only": "", "webapp_recursion_limit": "", "name": "", "discovery_udp_ports": [], "webapp_scan": "", "fingerprint_scan": "", "background_port_scan": "" }
Parameter | Description |
---|---|
Profile Name | Name of the scan profile that you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted scan profile
if the scan profile is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Name | Name of the new network that you want to add to Tripwire IP360. |
Owner | (Optional) Owner of the new network that you want to add to Tripwire IP360. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the network to active. Otherwise, it remains Inactive.By default, it is not checked, i.e., it is set as False . |
Include IPs | List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to include in the network that you want to add to Tripwire IP360. |
Exclude IPs | List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to exclude from the network that you want to add to Tripwire IP360. |
Asset Value | (Optional) Asset Value of the new network that you want to add to Tripwire IP360. |
The output contains the following populated JSON schema:
{ "active": "", "system": "", "url": "", "name": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [] }
None.
The output contains the following populated JSON schema:
{ "next": "", "results": [ { "scap_agent_persist": "", "owner": "", "asset_value": "", "virtual_hosts": [], "favor_netbios_name": "", "url": "", "active": "", "system": "", "include_ips": "", "notes": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "Operating System": "", "DNS Name": "", "NetBIOS Name": "", "IP Address": "", "OS Fingerprint": "", "Apparent MAC Address": "" }, "correlation_method": "" }, "exclude_ips": "", "name": "" } ], "previous": "", "count": "" }
Parameter | Description |
---|---|
Name | Name of an existing network that you want to update on Tripwire IP360. |
Name | (Optional) New name of the existing scan profile that you want to update on the Tripwire IP360 server. |
Owner | (Optional) Owner of the new network that you want to update on Tripwire IP360. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the network to active. Otherwise, it remains Inactive.By default, it is not checked, i.e., it is set as False . |
Include IPs | (Optional) List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to include in the network that you want to update on Tripwire IP360. |
Exclude IPs | (Optional) List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to exclude from the network that you want to update on Tripwire IP360. |
Asset Value | (Optional) Asset Value of the new network that you want to update on Tripwire IP360. |
The output contains the following populated JSON schema:
{ "name": "", "url": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }
Parameter | Description |
---|---|
Name | Name of the network that you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted network
if the network is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Scan Name | Name of the scan that you want to start on Tripwire IP360. |
Output
The output contains the following populated JSON schema:
{ "url": "", "name": "", "network": "", "scan_profile": "", "pool": "", "range": "", "special_scan": "", "status": "", "scan_type": "", "rejected": "", "all_hosts_failed": "", "last_error": "", "agent_uuids": "", "start_date": "", "scan_profile_type": "", "credential_limit": "", "end_date": "", "debug": "" }
Parameter | Description |
---|---|
Scan Name | Name of the ongoing scan that you want to cancel on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "all", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "only", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Scan Name | Name of the ongoing scan that you want to pause on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Scan Name | Name of the paused scan that you want to resume on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [ "5" ], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "all", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter vulnerabilities from Tripwire IP360. If you do not specify any search content, then all available vulnerabilities are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "results": [ { "strategy": { "url": "", "description": "", "name": "" }, "priority": "", "name": "", "risk": { "level": "", "url": "", "description": "", "name": "" }, "solution": { "url": "", "description": "", "name": "" }, "url": "", "description": "", "cvssv2": "", "cvssv3": "", "cves": [], "skill": { "level": "", "url": "", "description": "", "name": "" }, "advisories": [ { "website": "", "link": "", "name": "" } ] } ], "next": "", "previous": "" }
Parameter | Description |
---|---|
Name | System name of the axon agent that you want to run for system data collection on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "url": "", "axon_agent": "", "command": "", "command_args": "", "issued_date": "", "status": "", "started_date": "", "completed_date": "", "error_str": "" } ]
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter axon agents from Tripwire IP360. If you do not specify any search content, then all available axon agents are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "ip_address": "", "name": "", "dns_name": "", "netbios_name": "", "os_name": "", "os_version": "", "architecture": "", "agent_uuid": "", "aap_uuid": "", "agent_version": "", "plugin_version": "", "last_seen": "", "last_scan": "", "is_up": "", "latest_tasks": { "scan_now": { "url": "", "axon_agent": "", "command": "", "command_args": "", "issued_date": "", "status": "", "started_date": "", "completed_date": "", "error_str": "" } }, "support_bundle": "", "first_seen": "", "last_audit": "", "score": "", "asset": "", "deleted_datetime": "" } ] }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter assets from Tripwire IP360. If you do not specify any search content, then all available assets are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "ip_address": "", "dns_name": "", "netbios_name": "", "last_seen": "", "first_seen": "", "score": "", "domain_name": "", "operating_system": "", "network": { "url": "", "name": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }, "mac_address": "", "asset_value": "", "notes": "", "owner": "", "in_tripwire_enterprise": "" } ] }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter audits (all scan activity details) from Tripwire IP360. If you do not specify any search content, then all available audits are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "network": { "url": "", "name": "", "active": "", "system": "" }, "host_count": "", "vuln_count": "", "average_host_score": "", "start_date": "", "end_date": "", "elapsed_seconds": "", "progress": "", "ontology_version": "", "scan_profile": { "url": "", "name": "", "active": "", "system": "", "agent_only": "" }, "pool": { "url": "", "name": "", "generated": "", "notes": "", "is_up": "", "allow_agent_processing": "" }, "status": "", "scan_type": "", "debug": "", "special_scan": "", "credential_limit": "", "range": "", "rejected": "", "last_error": "", "all_hosts_failed": "", "name": "", "agent_uuids": "" } ] }
The Sample - Tripwire IP360 - 1.0.0 playbook collection comes bundled with the Tripwire IP360 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tripwire IP360 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Tripwire IP360 Connector provides an enterprise-class vulnerability management solution, whose vulnerability prioritization is more precise than basic scoring. It ranks vulnerabilities with a numeric score based on impact, ease of exploit, and age. Its unique fingerprinting technology limits scans to relevant device and application types.
This document provides information about the Tripwire IP360 connector, which facilitates automated interactions with a Tripwire IP360 server using FortiSOAR™ playbooks. Add the Tripwire IP360 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a new scan configuration for scanning on Tripwire IP360, retrieving available scan configurations from Tripwire IP360, and creating a new scan profile on Tripwire IP360.
Connector Version: 1.0.0
FortiSOAR™ Versions Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-tripwire-ip360
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Tripwire IP360 connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Tripwire IP360 server to which you will connect and perform the automated operations. |
Username | Username configured for your account to access the Tripwire IP360 server to which you will connect and perform the automated operations |
Password | Password configured for your account to access the Tripwire IP360 server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Configure New Scan | Adds a new scan configuration for scanning on Tripwire IP360. | add_new_scan Investigation |
Get Scan Configurations | Retrieves all scan configurations or a specific scan configuration, based on the search text you have specified, from Tripwire IP360. | get_scans Investigation |
Update Scan Configuration | Updates an existing scan configuration, based on the scan name and other input parameters you have specified, on Tripwire IP360. | update_scan_config Investigation |
Delete Scan Configuration | Deletes a scan configuration, based on the scan name you have specified, from Tripwire IP360. | delete_scans Investigation |
Create Scan Profile | Creates a new scan profile for scanning on Tripwire IP360. | create_scan_profile Investigation |
Get Scan Profiles | Retrieves all scan profiles or a specific scan profile, based on the search text you have specified, from Tripwire IP360. | get_scan_profiles Investigation |
Update Scan Profile | Updates an existing scan profile, based on the scan name and other input parameters you have specified, on Tripwire IP360. | update_scan_profile Investigation |
Delete Scan Profile | Deletes a scan profile, based on the profile name you have specified, from Tripwire IP360. | delete_scan_profiles Investigation |
Create Network | Creates a new network on Tripwire IP360. | create_network Investigation |
Get Networks | Retrieves information for all networks from Tripwire IP360. | get_networks Investigation |
Update Network | Updates an existing network based on the network name and other input parameters you have specified, on Tripwire IP360. | update_network Investigation |
Delete Network | Deletes a network, based on the network name you have specified, from Tripwire IP360. | delete_network Investigation |
Start Scan | Starts a scan on Tripwire IP360. | start_scan Investigation |
Cancel Scan | Cancels an ongoing scan on Tripwire IP360. | cancel_scan Investigation |
Pause Scan | Pauses an ongoing scan on Tripwire IP360. | pause_scan Investigation |
Resume Scan | Resumes a paused scan on Tripwire IP360. | resume_scan Investigation |
Get Vulnerabilities | Retrieves all vulnerabilities or a specific vulnerability based on the search text and other input parameters you have specified, from Tripwire IP360. | get_vulnerabilities Investigation |
Run Agent | Runs an axon agent for system data collection on Tripwire IP360. | run_agent Investigation |
Get Agents | Retrieves information for all axon agents or a specific axon agent, based on the search text and other input parameters you have specified, from Tripwire IP360. | get_agent Investigation |
Get Assets | Retrieves information for all assets or a specific asset based on the search text and other input parameters you have specified, from Tripwire IP360. | get_assets Investigation |
Get Audits | Retrieves information for all audits (scan activity details) or a specific audit based on the search text and other input parameters you have specified, from Tripwire IP360. | get_audits Investigation |
Parameter | Description |
---|---|
Name | Name of the scan that you want to create on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Scan Profile | Scan profile used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the profile from the available profiles such as, Tripwire: Standard Profile, Tripwire: Host Inventory, Tripwire: Agent-only, which are listed in the Scan Profile drop-down list. |
Network | Network used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the network from the available networks, which are listed in the Network drop-down list. |
Appliance Pool | Appliance Pool used for scanning that will apply to the new scan that you want to create on the Tripwire IP360 server. You can select the appliance pool from the available appliance pools, which are listed in the Appliance Pool drop-down list. |
On Demand | Select the On Demandcheckbox, i.e., set it to True , if you want set the scan type as On Demand.By default, it is checked, i.e., it is set as True .If True is selected from the On Demand drop-down box, then the Schedule Start drop-down box is displayed and if you select True from the Schedule Start drop-down box, i.e., if you want to create the new scan as a scheduled scan then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{ "name": "", "url": "", "schedule_failed": "", "is_debug": "", "scan_end_datetime": "", "pool": "", "fault_string": "", "scan_profile": "", "scan_start_datetime": "", "range": "", "network": "", "rejected": "", "audit": "" }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter scan configurations from Tripwire IP360. If you do not specify any search content, then all available scan configurations are retrieved from Tripwire IP360. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "name": "", "active": "", "status": "", "on_demand": "", "network": { "url": "", "name": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }, "scan_profile": { "url": "", "name": "", "active": "", "system": "", "discovery_tcp_ports": [], "discovery_tcp": "", "discovery_udp": "", "discovery_udp_ports": "", "discovery_icmp": "", "host_config_check": "", "background_port_scan": "", "background_port_scan_rate": "", "fingerprint_scan": "", "fingerprint_scan_legacy": "", "app_scan": "", "app_scan_limited": "", "app_scan_extensive": "", "udp_scan": "", "tcp_scan": "", "udp_scan_ports_exclude": "", "udp_scan_ports_include": [], "udp_scan_ports_only": "", "tcp_scan_ports_only": "", "tcp_scan_ports_include": [], "tcp_scan_ports_exclude": "", "vuln_scan": "", "vuln_scan_adjusted": "", "vuln_scan_adjusted_type": "", "vuln_scan_adjusted_vulns": [], "app_scan_adjusted": "", "app_scan_adjusted_type": "", "app_scan_adjusted_apps": [], "webapp_scan": "", "webapp_recursion_limit": "", "webapp_page_limit": "", "credentials_webhttp": "", "credentials_webform": "", "credentials_ssh": "", "credentials_smb": "", "credentials_snmp": "", "rules_auth_attempt": "", "rules_custom": "", "rules_intrusive": "", "rules_verified": "", "scap_scan": "", "scap_scan_policies": [], "rate_limit": "", "traversal_random": "", "schedule": "", "agent_only": "" }, "pool": { "url": "", "name": "", "generated": "", "notes": "", "appliances": [ { "url": "", "name": "", "ip_address": "", "authentication_key": "", "is_local": "", "software_version": "", "aap_uuid": "", "aspl_version": "", "cloud": "", "error": "", "reboot_pending": "", "last_reboot": "", "last_update": "", "last_update_seconds": "", "is_up": "", "default_soft_connection_limit": "", "soft_connection_limit": "", "hard_connection_limit": "", "hardware_type": "", "dns_servers": [], "interfaces": [ { "name": "", "ip_address": "" } ], "aap_is_up": "", "aap_timestamp": "", "aap_agent_count": "" } ], "allow_agent_processing": "" }, "last_completed_datetime": "", "next_scan_time": "", "next_scan_immediate": "", "fault_string": "" } ] }
Parameter | Description |
---|---|
Scan Name | Name of the scan that you want to update on the Tripwire IP360 server. |
New Name | New name of the existing scan that you want to update on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . You can change the status of the specified existing scan. |
Scan Profile | Scan profile used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the profile from the available profiles such as, Tripwire: Standard Profile, Tripwire: Host Inventory, Tripwire: Agent-only, which are listed in the Scan Profile drop-down list. |
Network | Network used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the network from the available networks, which are listed in the Network drop-down list. |
Appliance Pool | Appliance Pool used for scanning that will apply to the existing specified scan that you want to update on the Tripwire IP360 server. You can select the appliance pool from the available appliance pools, which are listed in the Appliance Pool drop-down list. |
On Demand | Select the On Demandcheckbox, i.e., set it to True , if you want set the scan type as On Demand. By default, it is checked, i.e., it is set as True . |
Schedule Start | (Optional) You can change the scheduled start of the specified existing scheduled scan configuration. If you select True from the Schedule Start drop-down box, i.e., if you want to update the existing specified scan as a scheduled scan then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{ "url": "", "name": "", "active": "", "network": "", "scan_profile": "", "pool": "", "last_completed_datetime": "", "next_scan_immediate": "", "next_scan_time": "", "fault_string": "" }
Parameter | Description |
---|---|
Scan Name | Name of the scan whose configuration you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted scan configuration
if the scan configuration is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Name | Name of the scan profile that you want to create on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan profile to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Agent Only Scan | Select the Agent Only Scan checkbox, i.e., set it to True , if you want the scan profile to include all assets with agents installed regardless of network.By default, it is not checked, i.e., it is set as False . |
Credentials | Credential type for the scan profile that you want to create on the Tripwire IP360 server. You can choose from the following options: Windows, SSH, SNMP, HTTP, or Web Form. |
Application Scan | Select the Application Scan checkbox, i.e., set it to True , if you want the scan profile to include an application scan.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan | Select the Vulnerability Scan checkbox, i.e., set it to True , if you want the scan profile to include a vulnerability scan.By default, it is checked, i.e., it is set as True . |
Web Application Scan | Select the Web Application Scan checkbox, i.e., set it to True , if you want the scan profile to include a web application scan.By default, it is checked, i.e., it is set as True . |
Webapp Recursion Limit | (Optional) Webapp recursion limit to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Webapp Page Limit | (Optional) Webapp page limit to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Discovery Scans | Scan type to be used for the scan profile that you want to create on the Tripwire IP360 server. You can choose from the following options: OS Fingerprinting, Legacy OS Fingerprinting, Ping Scan, TCP Port Scan, or UDP Port Scan. |
Discovery TCP Ports | (Optional) TCP port list to be set for the scan profile that you want to create on the Tripwire IP360 server. |
Discovery UDP Ports | (Optional) UDP port list to be set for the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Only | (Optional) Restrict scanning of TCP ports to only the list specified in this field for the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Include | (Optional) List of TCP scan ports to be included in the scan profile that you want to create on the Tripwire IP360 server. |
TCP Scan Ports Exclude | (Optional) List of TCP scan ports to be excluded from the scan profile that you want to create on the Tripwire IP360 server. |
UDP Scan Ports Include | (Optional) List of UDP scan ports to be included in the scan profile that you want to create on the Tripwire IP360 server. |
UDP Scan Ports Exclude | (Optional) List of UDP scan ports to be excluded from the scan profile that you want to create on the Tripwire IP360 server. |
Background Port Detection | Select the Background Port Detection checkbox, i.e., set it to True , if you want the scan profile to include running of additional full port detection scans in the background to detect open ports not included in current scans. Discovered ports will automatically be used in future scans.By default, it is not checked, i.e., it is set as False . |
Background Port Rate Limit | (Optional) Only applicable if you have selected the Background Port Detection option. Ports per second to be checked during full port detection scans in the background. |
Scap Scan | Select the Scap Scan checkbox, i.e., set it to True , if you want the scan profile to include a scap scan.By default, it is not checked, i.e., it is set as False . |
Scap Scan Policies | (Optional) Only applicable if you have selected the >Scap Scan option. List of scap scan policies to be included in the scap scan. |
Fast Application Scan | Select the Fast Application Scan checkbox, i.e., set it to True , if you want to scan only the applications associated with the selected vulnerabilities.By default, it is not checked, i.e., it is set as False . |
IP Traversal | (Optional) Type of IP Traversal to be included in the scan profile that you want to create on the Tripwire IP360 server. You can choose between Random or Sequential. |
Host Configuration Check | Select the Host Configuration Check checkbox, i.e., set it to True , if you want to include a host configuration check in the scan profile that you want to create on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Extensive Application Scan | Select the Extensive Application Scan checkbox, i.e., set it to True , if you want to include an extensive application scan in the scan profile that you want to create on the Tripwire IP360 server.By default, it is not checked, i.e., it is set as False . |
Rules Verified | (Optional) All predefined rules, including customer-created rules will be flagged in the scan profile according to the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rules Intrusive | (Optional) Rules are run against lab systems will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Custom Rules | (Optional) Rules that are created by a user will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rate Limit | (Optional) Rate limit for scanning to be included in the scan profile. |
Vulnerability Scan Adjusted | Select the Vulnerability Scan Adjusted checkbox, i.e., set it to True , if you want to scan only for applications associated with the selected vulnerabilities in the scan profile that you want to create on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . If Vulnerability Scan Adjusted checkbox is checked, i.e., set it to True, then the following fields are displayed, whose parameters you can set:
|
The output contains the following populated JSON schema:
{ "name": "", "url": "", "active": "", "system": "", "discovery_tcp_ports": [], "discovery_tcp": "", "discovery_udp": "", "discovery_udp_ports": "", "discovery_icmp": "", "host_config_check": "", "background_port_scan": "", "background_port_scan_rate": "", "fingerprint_scan": "", "fingerprint_scan_legacy": "", "app_scan": "", "app_scan_limited": "", "app_scan_extensive": "", "udp_scan": "", "tcp_scan": "", "udp_scan_ports_exclude": "", "udp_scan_ports_include": [], "udp_scan_ports_only": "", "tcp_scan_ports_only": "", "tcp_scan_ports_include": [ "5" ], "tcp_scan_ports_exclude": "", "vuln_scan": "", "vuln_scan_adjusted": "", "vuln_scan_adjusted_type": "", "vuln_scan_adjusted_vulns": [], "app_scan_adjusted": "", "app_scan_adjusted_type": "", "app_scan_adjusted_apps": [], "webapp_scan": "", "webapp_recursion_limit": "", "webapp_page_limit": "", "credentials_webhttp": "", "credentials_webform": "", "credentials_ssh": "", "credentials_smb": "", "credentials_snmp": "", "rules_auth_attempt": "", "rules_custom": "", "rules_intrusive": "", "rules_verified": "", "scap_scan": "", "scap_scan_policies": [], "rate_limit": "", "traversal_random": "", "schedule": "", "agent_only": "" }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter scan profiles from Tripwire IP360. If you do not specify any search content, then all available scan profiles are retrieved from Tripwire IP360. |
The output contains the following populated JSON schema:
{ "previous": "", "results": [ { "url": "", "window_enabled": "", "window_start": "", "timezone": "", "days": "", "window_end": "", "weekdays": "", "frequency_period": "", "frequency_max": "", "weeks": "", "name": "" } ], "next": "", "count": "" }
Parameter | Description |
---|---|
Profile Name | Name of the scan profile that you want to update on the Tripwire IP360 server. |
Name | New name of the existing scan profile that you want to update on the Tripwire IP360 server. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the scan profile to active. Otherwise, it remains Inactive.By default, it is checked, i.e., it is set as True . |
Agent Only Scan | Select the Agent Only Scan checkbox, i.e., set it to True , if you want the scan profile to include all assets with agents installed regardless of network.By default, it is not checked, i.e., it is set as False . |
Credentials | Credential type for the scan profile that you want to update on the Tripwire IP360 server. You can choose from the following options: Windows, SSH, SNMP, HTTP, or Web Form. |
Application Scan | Select the Application Scan checkbox, i.e., set it to True , if you want the scan profile to include an application scan.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan | Select the Vulnerability Scan checkbox, i.e., set it to True , if you want the scan profile to include a vulnerability scan.By default, it is checked, i.e., it is set as True . |
Web Application Scan | Select the Web Application Scan checkbox, i.e., set it to True , if you want the scan profile to include a web application scan.By default, it is checked, i.e., it is set as True . |
Webapp Recursion Limit | (Optional) Webapp recursion limit to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Webapp Page Limit | (Optional) Webapp page limit to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Discovery Scans | Scan type to be used for the scan profile that you want to update on the Tripwire IP360 server. You can choose from the following options: OS Fingerprinting, Legacy OS Fingerprinting, Ping Scan, TCP Port Scan, or UDP Port Scan. |
Discovery TCP Ports | (Optional) TCP port list to be set for the scan profile that you want to update on the Tripwire IP360 server. |
Discovery UDP Ports | (Optional) UDP port list to be set for the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Only | (Optional) Restrict scanning of TCP ports to only the list specified in this field for the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Include | (Optional) List of TCP scan ports to be included in the scan profile that you want to update on the Tripwire IP360 server. |
TCP Scan Ports Exclude | (Optional) List of TCP scan ports to be excluded from the scan profile that you want to update on the Tripwire IP360 server. |
UDP Scan Ports Include | (Optional) List of UDP scan ports to be included in the scan profile that you want to update on the Tripwire IP360 server. |
UDP Scan Ports Exclude | (Optional) List of UDP scan ports to be excluded from the scan profile that you want to update on the Tripwire IP360 server. |
Background Port Detection | Select the Background Port Detection checkbox, i.e., set it to True , if you want the scan profile to include running of additional full port detection scans in the background to detect open ports not included in current scans. Discovered ports will automatically be used in future scans.By default, it is not checked, i.e., it is set as False . |
Background Port Rate Limit | (Optional) Only applicable if you have selected the Background Port Detection option. Ports per second to be checked during full port detection scans in the background. |
Scap Scan | Select the Scap Scan checkbox, i.e., set it to True , if you want the scan profile to include a scap scan.By default, it is not checked, i.e., it is set as False . |
Scap Scan Policies | (Optional) Only applicable if you have selected the >Scap Scan option. List of scap scan policies to be included in the scap scan. |
Fast Application Scan | Select the Fast Application Scan checkbox, i.e., set it to True , if you want to scan only the applications associated with the selected vulnerabilities.By default, it is not checked, i.e., it is set as False . |
IP Traversal | (Optional) Type of IP Traversal to be included in the scan profile that you want to update on the Tripwire IP360 server. You can choose between Random or Sequential. |
Host Configuration Check | Select the Host Configuration Check checkbox, i.e., set it to True , if you want to include a host configuration check in the scan profile that you want to update on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Extensive Application Scan | Select the Extensive Application Scan checkbox, i.e., set it to True , if you want to include an extensive application scan in the scan profile that you want to update on the Tripwire IP360 server.By default, it is not checked, i.e., it is set as False . |
Rules Verified | (Optional) All predefined rules, including customer-created rules will be flagged in the scan profile according to the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rules Intrusive | (Optional) Rules are run against lab systems will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Custom Rules | (Optional) Rules that are created by user will be included in the scan profile based on the option you select for this field. You can choose from the following options: Use, Require, or Exclude. |
Rate Limit | (Optional) Rate limit for scanning to be included in the scan profile. |
Vulnerability Scan Adjusted | Select the Vulnerability Scan Adjusted checkbox, i.e., set it to True , if you want to scan only for applications associated with the selected vulnerabilities in the scan profile that you want to update on the Tripwire IP360 server.By default, it is checked, i.e., it is set as True . |
Vulnerability Scan Adjusted Type | (Optional) Applicable only if you have selected the Vulnerability Scan Adjusted checkbox. Set the type as excluded or only . |
Vulnerability Scan Adjusted Vulns | (Optional) Applicable only if you have selected the Vulnerability Scan Adjusted checkbox. Specify the list of vulnerabilities to check. |
The output contains the following populated JSON schema:
{ "credentials_webform": "", "webapp_page_limit": "", "rules_custom": "", "app_scan_limited": "", "active": "", "traversal_random": "", "udp_scan": "", "app_scan_adjusted": "", "credentials_snmp": "", "discovery_tcp": "", "app_scan": "", "vuln_scan_adjusted_vulns": [], "discovery_icmp": "", "tcp_scan_ports_include": [], "app_scan_adjusted_apps": [], "discovery_tcp_ports": [], "system": "", "fingerprint_scan_legacy": "", "app_scan_extensive": "", "vuln_scan": "", "discovery_udp": "", "rules_verified": "", "udp_scan_ports_include": "", "agent_only": "", "credentials_smb": "", "schedule": "", "credentials_ssh": "", "udp_scan_ports_exclude": "", "rate_limit": "", "host_config_check": "", "tcp_scan": "", "tcp_scan_ports_exclude": "", "background_port_scan_rate": "", "credentials_webhttp": "", "rules_intrusive": "", "vuln_scan_adjusted_type": "", "scap_scan_policies": [], "rules_auth_attempt": "", "vuln_scan_adjusted": "", "url": "", "udp_scan_ports_only": [], "app_scan_adjusted_type": "", "scap_scan": "", "tcp_scan_ports_only": "", "webapp_recursion_limit": "", "name": "", "discovery_udp_ports": [], "webapp_scan": "", "fingerprint_scan": "", "background_port_scan": "" }
Parameter | Description |
---|---|
Profile Name | Name of the scan profile that you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted scan profile
if the scan profile is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Name | Name of the new network that you want to add to Tripwire IP360. |
Owner | (Optional) Owner of the new network that you want to add to Tripwire IP360. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the network to active. Otherwise, it remains Inactive.By default, it is not checked, i.e., it is set as False . |
Include IPs | List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to include in the network that you want to add to Tripwire IP360. |
Exclude IPs | List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to exclude from the network that you want to add to Tripwire IP360. |
Asset Value | (Optional) Asset Value of the new network that you want to add to Tripwire IP360. |
The output contains the following populated JSON schema:
{ "active": "", "system": "", "url": "", "name": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [] }
None.
The output contains the following populated JSON schema:
{ "next": "", "results": [ { "scap_agent_persist": "", "owner": "", "asset_value": "", "virtual_hosts": [], "favor_netbios_name": "", "url": "", "active": "", "system": "", "include_ips": "", "notes": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "Operating System": "", "DNS Name": "", "NetBIOS Name": "", "IP Address": "", "OS Fingerprint": "", "Apparent MAC Address": "" }, "correlation_method": "" }, "exclude_ips": "", "name": "" } ], "previous": "", "count": "" }
Parameter | Description |
---|---|
Name | Name of an existing network that you want to update on Tripwire IP360. |
Name | (Optional) New name of the existing scan profile that you want to update on the Tripwire IP360 server. |
Owner | (Optional) Owner of the new network that you want to update on Tripwire IP360. |
Status | Select the Statuscheckbox, i.e., set it to True , if you want set the status of the network to active. Otherwise, it remains Inactive.By default, it is not checked, i.e., it is set as False . |
Include IPs | (Optional) List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to include in the network that you want to update on Tripwire IP360. |
Exclude IPs | (Optional) List of IP addresses such as hostnames, IPv4, IPv6, CIDR, or a range that you want to exclude from the network that you want to update on Tripwire IP360. |
Asset Value | (Optional) Asset Value of the new network that you want to update on Tripwire IP360. |
The output contains the following populated JSON schema:
{ "name": "", "url": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }
Parameter | Description |
---|---|
Name | Name of the network that you want to delete from Tripwire IP360. |
The output contains a string message containing the result of the operation, such as Successfully deleted network
if the network is deleted successfully from Tripwire IP360.
Parameter | Description |
---|---|
Scan Name | Name of the scan that you want to start on Tripwire IP360. |
Output
The output contains the following populated JSON schema:
{ "url": "", "name": "", "network": "", "scan_profile": "", "pool": "", "range": "", "special_scan": "", "status": "", "scan_type": "", "rejected": "", "all_hosts_failed": "", "last_error": "", "agent_uuids": "", "start_date": "", "scan_profile_type": "", "credential_limit": "", "end_date": "", "debug": "" }
Parameter | Description |
---|---|
Scan Name | Name of the ongoing scan that you want to cancel on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "all", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "only", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Scan Name | Name of the ongoing scan that you want to pause on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Scan Name | Name of the paused scan that you want to resume on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "ontology_version": "", "special_scan": "", "status": "", "rejected": "", "scan_type": "", "vuln_count": "", "name": "", "scan_profile": { "discovery_udp": "", "host_config_check": "", "scap_scan_policies": [], "credentials_webhttp": "", "webapp_scan": "", "discovery_icmp": "", "discovery_tcp_ports": [], "rate_limit": "", "discovery_tcp": "", "app_scan_adjusted_type": "", "app_scan": "", "credentials_smb": "", "rules_intrusive": "", "system": "", "tcp_scan_ports_include": [ "5" ], "tcp_scan": "", "webapp_recursion_limit": "", "app_scan_limited": "", "udp_scan_ports_only": "", "fingerprint_scan": "", "vuln_scan_adjusted_vulns": [], "credentials_webform": "", "app_scan_adjusted_apps": [], "schedule": "", "rules_custom": "", "credentials_ssh": "", "background_port_scan": "", "tcp_scan_ports_exclude": "", "app_scan_adjusted": "", "rules_verified": "", "fingerprint_scan_legacy": "", "vuln_scan_adjusted": "", "discovery_udp_ports": "", "tcp_scan_ports_only": "", "active": "", "background_port_scan_rate": "", "udp_scan": "", "app_scan_extensive": "", "name": "", "traversal_random": "", "vuln_scan": "", "vuln_scan_adjusted_type": "", "credentials_snmp": "", "scap_scan": "", "rules_auth_attempt": "all", "webapp_page_limit": "", "udp_scan_ports_include": [], "url": "", "udp_scan_ports_exclude": "", "agent_only": "" }, "debug": "", "all_hosts_failed": "", "range": "", "agent_uuids": "", "elapsed_seconds": "", "average_host_score": "", "start_date": "", "last_error": "", "host_count": "", "credential_limit": "", "url": "", "end_date": "", "network": { "include_ips": "", "virtual_hosts": [], "scap_agent_persist": "", "exclude_ips": "", "url": "", "asset_value": "", "notes": "", "favor_netbios_name": "", "owner": "", "effective_ranges": "", "active": "", "name": "", "system": "", "host_tracking": { "correlation_threshold": "", "correlation_values": { "Port Signature": "", "OS Fingerprint": "", "Operating System": "", "NetBIOS Name": "", "IP Address": "", "DNS Name": "", "Apparent MAC Address": "" }, "correlation_method": "" } }, "pool": { "notes": "", "appliances": [ { "aap_uuid": "", "hardware_type": "", "error": "", "is_up": "", "cloud": "", "authentication_key": "", "aap_timestamp": "", "aspl_version": "", "hard_connection_limit": "", "name": "", "last_reboot": "", "reboot_pending": "", "dns_servers": [], "aap_agent_count": "", "interfaces": [ { "ip_address": "", "name": "" } ], "soft_connection_limit": "", "aap_is_up": "", "ip_address": "", "last_update_seconds": "", "software_version": "", "last_update": "", "url": "", "default_soft_connection_limit": "", "is_local": "" } ], "generated": "", "url": "", "name": "", "allow_agent_processing": "" } } ]
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter vulnerabilities from Tripwire IP360. If you do not specify any search content, then all available vulnerabilities are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "results": [ { "strategy": { "url": "", "description": "", "name": "" }, "priority": "", "name": "", "risk": { "level": "", "url": "", "description": "", "name": "" }, "solution": { "url": "", "description": "", "name": "" }, "url": "", "description": "", "cvssv2": "", "cvssv3": "", "cves": [], "skill": { "level": "", "url": "", "description": "", "name": "" }, "advisories": [ { "website": "", "link": "", "name": "" } ] } ], "next": "", "previous": "" }
Parameter | Description |
---|---|
Name | System name of the axon agent that you want to run for system data collection on Tripwire IP360. |
The output contains the following populated JSON schema:
[ { "url": "", "axon_agent": "", "command": "", "command_args": "", "issued_date": "", "status": "", "started_date": "", "completed_date": "", "error_str": "" } ]
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter axon agents from Tripwire IP360. If you do not specify any search content, then all available axon agents are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "ip_address": "", "name": "", "dns_name": "", "netbios_name": "", "os_name": "", "os_version": "", "architecture": "", "agent_uuid": "", "aap_uuid": "", "agent_version": "", "plugin_version": "", "last_seen": "", "last_scan": "", "is_up": "", "latest_tasks": { "scan_now": { "url": "", "axon_agent": "", "command": "", "command_args": "", "issued_date": "", "status": "", "started_date": "", "completed_date": "", "error_str": "" } }, "support_bundle": "", "first_seen": "", "last_audit": "", "score": "", "asset": "", "deleted_datetime": "" } ] }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter assets from Tripwire IP360. If you do not specify any search content, then all available assets are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "ip_address": "", "dns_name": "", "netbios_name": "", "last_seen": "", "first_seen": "", "score": "", "domain_name": "", "operating_system": "", "network": { "url": "", "name": "", "active": "", "owner": "", "notes": "", "scap_agent_persist": "", "favor_netbios_name": "", "asset_value": "", "include_ips": "", "exclude_ips": "", "effective_ranges": "", "host_tracking": { "correlation_threshold": "", "correlation_method": "", "correlation_values": { "DNS Name": "", "OS Fingerprint": "", "NetBIOS Name": "", "Port Signature": "", "IP Address": "", "Apparent MAC Address": "", "Operating System": "" } }, "virtual_hosts": [], "system": "" }, "mac_address": "", "asset_value": "", "notes": "", "owner": "", "in_tripwire_enterprise": "" } ] }
Parameter | Description |
---|---|
Search Text | (Optional) Text based on which you want to filter audits (all scan activity details) from Tripwire IP360. If you do not specify any search content, then all available audits are retrieved from Tripwire IP360. |
Limit | (Optional) Maximum number of results that this operation should return. |
Offset | (Optional) Index of the first item that this operation should return. |
The output contains the following populated JSON schema:
{ "count": "", "next": "", "previous": "", "results": [ { "url": "", "network": { "url": "", "name": "", "active": "", "system": "" }, "host_count": "", "vuln_count": "", "average_host_score": "", "start_date": "", "end_date": "", "elapsed_seconds": "", "progress": "", "ontology_version": "", "scan_profile": { "url": "", "name": "", "active": "", "system": "", "agent_only": "" }, "pool": { "url": "", "name": "", "generated": "", "notes": "", "is_up": "", "allow_agent_processing": "" }, "status": "", "scan_type": "", "debug": "", "special_scan": "", "credential_limit": "", "range": "", "rejected": "", "last_error": "", "all_hosts_failed": "", "name": "", "agent_uuids": "" } ] }
The Sample - Tripwire IP360 - 1.0.0 playbook collection comes bundled with the Tripwire IP360 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tripwire IP360 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.