Tenable Vulnerability Management Component
Assess vulnerabilities; manage assets, users, agents, and more.
Component key: tenable-vulnerability-management
Description
Tenable Vulnerability Management is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity. This component allows you to interact with the Tenable Vulnerability Management REST API.
API Documentation
This component was built using the Tenable Vulnerability Management API Reference
Connections
Access Key / Secret Key
To generate API keys in Tenable Vulnerability Management:
- Login to your Tenable account and navigate to My Account by selecting the user icon in the top right menu.
- Navigate to API Keys and select generate to generate an Access Key and a Secret Key.
- Enter these values into the connection configuration of your integration.
- Save these values as they will not be shown again.
| Input | Notes | Example |
|---|---|---|
| Access Key | ||
| Secret Key |
Data Sources
Select Agent
Select an agent from a picklist. | key: selectAgent | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
| Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
| Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
| Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Select Agent Group
Select an agent group from a picklist of agent groups. | key: selectAgentGroup | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
Select Asset
Select an asset from a picklist. | key: selectAsset | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
Select User
Select a user from a picklist. | key: selectUser | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
Actions
Add Agent to Group
Adds an agent to the agent group. | key: addAgentToGroup
| Input | Notes | Example |
|---|---|---|
| Agent ID | The ID of the agent to add. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Group ID | The ID of the agent group. | 123 |
{
"data": {
"success": true
}
}
Add or Remove Asset Tags
Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | key: addOrRemoveAssetTags
| Input | Notes | Example |
|---|---|---|
| Action | Specifies whether to add or remove tags. | add |
| Assets | An array of asset UUIDs. | 123e4567-e89b-12d3-a456-426614174000 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Tags | An array of tag value UUIDs. | 123e4567-e89b-12d3-a456-426614174000 |
{
"data": {
"job_uuid": "62210d02a7056d0297f50a8ddfbd549eaef1d0bc94e1ea3fad09"
}
}
Create Agent Group
Creates an agent group. | key: createAgentGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Name | The name of the agent group. | My Agent Group |
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 0,
"agents_count": 0
}
}
Create User
Creates a new user. | key: createUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name@domain | |
| Name | The name of the user (for example, first and last name). | John Doe |
| Password | Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol. | password |
| Permissions | The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information. | 16 |
| Username | A valid username must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. | name@domain |
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Delete Agent Group
Deletes an agent group. | key: deleteAgentGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Group ID | The ID or UUID of the agent group to delete. | 123 |
{
"data": {
"success": true
}
}
Delete Asset
Deletes the specified asset. | key: deleteAsset
| Input | Notes | Example |
|---|---|---|
| Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"success": true
}
}
Delete Scanner
Deletes and unlinks a scanner from Tenable Vulnerability Management. | key: deleteScanner
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Scanner ID | The ID of the scanner. | 1 |
{
"data": {
"success": true
}
}
Delete User
Deletes a user. | key: deleteUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
{
"data": {
"success": true
}
}
Download Vulnerabilities
Downloads exported vulnerabilities as a JSON file. | key: downloadVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Chunk ID | The ID of the chunk you want to export. | 1 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Export UUID | The UUID of the vulnerability export request. | 123e4567-e89b-12d3-a456-426614174000 |
{
"data": [
{
"asset": {
"bios_uuid": "1fa02642-5b8e-8f27-42a9-debde798d957",
"device_type": "general-purpose",
"fqdn": "sharepoint2016.target.example.com",
"hostname": "sharepoint2016",
"uuid": "53ed0fa2-ccd5-4d2e-92ee-c072635889e3",
"ipv4": "203.0.113.71",
"ipv6": "2001:db8:199e:6fb9:2edd:67f0:3f30:c7",
"last_authenticated_results": "2023-05-04T05:03:13.737Z",
"mac_address": "00:50:56:a6:22:93",
"netbios_name": "SHAREPOINT2016",
"operating_system": [
"Microsoft Windows Server 2016 Standard"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\n\n Produact : Microsoft SharePoint Enterprise Server 2016\n KB : 5002113\n - C:\\Program Files\\Microsoft Office Servers\\16.0\\bin\\ascalc.dll has not been patched.\n Remote version : 16.0.4342.1000\n Should be : 16.0.5266.1000\n\n",
"plugin": {
"bid": [
156641
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [
"cpe:/a:microsoft:sharepoint_server"
],
"cvss3_base_score": 8.8,
"cvss3_temporal_score": 7.7,
"cvss3_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:O/RC:C"
},
"cvss3_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"availability_impact": "High",
"confidentiality_impact": "High",
"integrity_impact": "High",
"raw": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"cvss_base_score": 9,
"cvss_temporal_score": 6.7,
"cvss_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:OF/RC:C"
},
"cvss_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"authentication": "Single",
"availability_impact": "Complete",
"confidentiality_impact": "Complete",
"integrity_impact": "Complete",
"raw": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
},
"description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21837, CVE-2022-21840, CVE-2022-21842)",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploitability_ease": "No known exploits are available",
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "Windows : Microsoft Bulletins",
"family_id": 41,
"has_patch": true,
"id": 156641,
"in_the_news": false,
"ms_bulletin": [
"5002113"
],
"name": "Security Updates for Microsoft SharePoint Server 2016 (January 2022)",
"patch_publication_date": "2022-01-11T00:00:00Z",
"modification_date": "2022-05-06T00:00:00Z",
"publication_date": "2022-01-12T00:00:00Z",
"risk_factor": "high",
"see_also": [
"https://support.microsoft.com/en-us/help/5002113"
],
"solution": "Microsoft has released security update KB5002113 to address this issue.",
"stig_severity": "I",
"synopsis": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates.",
"unsupported_by_vendor": false,
"version": "1.6",
"vuln_publication_date": "2022-01-11T00:00:00Z",
"xrefs": [
{
"type": "CVE",
"id": "2022-21837"
},
{
"type": "CVE",
"id": "2022-21840"
},
{
"type": "CVE",
"id": "2022-21842"
},
{
"type": "IAVA",
"id": "2022-A-0007-S"
},
{
"type": "MSFT",
"id": "MS22-5002113"
},
{
"type": "MSKB",
"id": "5002113"
}
],
"vpr": {
"score": 6.7,
"drivers": {
"age_of_vuln": {
"lower_bound": 731
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": false,
"cvss3_impact_score": 5.9,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "LOW"
},
"updated": "2024-02-04T06:03:56Z"
},
"workaround": "F5 lists a workaround with instructions listed at https://my.f5.com/manage/s/article/K000137595 that can be achieved using the following steps:\n\n 1. Install the latest PI IM package\n 2. Disable signatures with excessive Total Hit Count value\n\n Note that Tenable always advises that you upgrade a system if possible, \n and all steps listed here are mitigation steps provided by F5. \n Tenable is not responsible for any negative effects that may occur from enacting this workaround.",
"workaround_type": "disable service",
"workaround_published": "2024-02-14T00:00:00Z",
"vendor_unpatched": true,
"has_workaround": true,
"cve": [
"CVE-2022-21837",
"CVE-2022-21840",
"CVE-2022-21842"
],
"type": "local"
},
"port": {
"port": 445,
"protocol": "TCP",
"service": "cifs"
},
"scan": {
"schedule_uuid": "461e4ebc-b309-face-6fa1-afa4ba163cb6d84b9dc0a0dc5020",
"started_at": "2023-05-03T14:14:02.387Z",
"uuid": "270b911b-1fe6-4760-8c49-88d315cb764e"
},
"severity": "high",
"severity_id": 3,
"severity_default_id": 3,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T19:18:10.472Z",
"last_found": "2023-05-04T05:03:13.737Z",
"state": "OPEN",
"indexed": "2023-05-04T05:13:40.809406Z",
"source": "NESSUS"
},
{
"asset": {
"device_type": "hypervisor",
"fqdn": "vcsa8.target.example.com",
"hostname": "vcsa8.target.example.com",
"uuid": "1babf006-b1f0-4dee-86a1-7a55888336c3",
"ipv4": "192.0.2.246",
"operating_system": [
"VMware vCenter Server 8.0.0 build-20037386"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\nThe following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:\n\n - https://vcsa8.target.example.com/\n - https://vcsa8.target.example.com/ui/\n",
"plugin": {
"bid": [
50344
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [],
"description": "The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.\n\nThe CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "CGI abuses",
"family_id": 3,
"has_patch": false,
"id": 50344,
"in_the_news": false,
"name": "Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header",
"modification_date": "2021-01-19T00:00:00Z",
"publication_date": "2010-10-26T00:00:00Z",
"risk_factor": "info",
"see_also": [
"http://www.nessus.org/u?55aa8f57",
"http://www.nessus.org/u?07cc2a06",
"https://content-security-policy.com/",
"https://www.w3.org/TR/CSP2/"
],
"solution": "Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.",
"synopsis": "The remote web server does not take steps to mitigate a class of web application vulnerabilities.",
"unsupported_by_vendor": false,
"version": "1.6",
"xrefs": [],
"type": "remote"
},
"port": {
"port": 443,
"protocol": "TCP",
"service": "www"
},
"scan": {
"schedule_uuid": "16cf08d3-3f94-79f4-8038-996376eabd4f186741fe15533e70",
"started_at": "2023-05-03T14:13:56.983Z",
"uuid": "e86252a3-8dc0-43b6-8ddd-afb219d040ed"
},
"severity": "info",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T06:12:27.940Z",
"last_found": "2023-05-04T09:39:26.415Z",
"state": "OPEN",
"indexed": "2023-05-04T09:44:55.673359Z",
"source": "NESSUS"
}
]
}
Export Assets
Exports all assets that match the request criteria. | key: exportAssets
| Input | Notes | Example |
|---|---|---|
| Chunk Size | Specifies the number of assets per exported chunk. The range is 100-10000. | 100 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Filters | Specifies filters for exported assets. See https://developer.tenable.com/reference/exports-assets-request-export for more information. | |
| Include Open Ports | Specifies whether or not to include open port findings from info-level plugins. | false |
{
"data": {
"export_uuid": "60a26f04-c844-49a6-b67b-995a6ed79471"
}
}
Export Vulnerabilities
Exports vulnerabilities that match the request criteria. | key: exportVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Filters | Specifies filters for exported vulnerabilities. See https://developer.tenable.com/reference/exports-vulns-request-export for more information. | |
| Include Unlicensed | Specifies whether or not to include unlicensed assets. | false |
| Number of Assets | Specifies the number of assets used to chunk the vulnerabilities. | 50 |
{
"data": {
"export_uuid": "bf765455-53aa-4e70-9ef3-87cfca1d2be0"
}
}
Get Agent
Returns the specified agent details for the specified scanner. | key: getAgent
| Input | Notes | Example |
|---|---|---|
| Agent ID | The ID of the agent to query. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
}
}
Get Agent Group
Gets details for the agent group. | key: getAgentGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
| Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
| Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true |
| Group ID | The ID or UUID of the agent group to query. | 123 |
| Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 |
| Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 |
| Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc |
| Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
| Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 10621200,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 1,
"agents": [
{
"id": 9176838,
"uuid": "fdb1812c-2423-424d-9b67-5511e9bf0714",
"name": "my.new-hostname.server",
"platform": "LINUX",
"distro": "es8-x86-64",
"ip": "172.26.102.78",
"last_scanned": 1722961087,
"plugin_feed_id": "202408191220",
"core_build": "2391",
"core_version": "10.8.0",
"linked_on": 1722960266,
"last_connect": 1724170973,
"status": "off",
"groups": [
{
"name": "Western Region",
"id": 106592
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": false
}
],
"pagination": {
"total": 0,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
Get Asset
Returns details of the specified asset. | key: getAsset
| Input | Notes | Example |
|---|---|---|
| Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
}
Get Asset Vulnerability Details
Retrieves the details for a vulnerability recorded on a specified asset. | key: getAssetVulnerabilityDetails
| Input | Notes | Example |
|---|---|---|
| Asset ID | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 |
| Connection | ||
| Date Range | The number of days of data prior to and including today that should be returned. | 30 |
| Debug Request | Enabling this flag will log out the current request. | false |
| Plugin ID | The ID of the plugin. | 12345 |
| Query Param Filters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerability-info for more information. |
{
"data": {
"info": {
"count": 1,
"vuln_count": 1,
"description": "The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted.\n\nAn attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.",
"synopsis": "Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.",
"solution": "Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T17:15:52.000Z"
},
"severity": 3,
"plugin_details": {
"family": "Windows : Microsoft Bulletins",
"modification_date": "2016-12-31T00:00:00Z",
"name": "MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)",
"publication_date": "2011-12-31T00:00:00Z",
"type": "local",
"version": null,
"severity": 3
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
42811
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2010-3190"
]
},
{
"name": "iavb",
"values": [
"2011-B-0046"
]
},
{
"name": "msft",
"url": "http://technet.microsoft.com/en-us/security/bulletin/",
"values": [
"MS11-025"
]
},
{
"name": "osvdb",
"values": [
"67674"
]
},
{
"name": "secunia",
"url": "http://secunia.com/advisories/",
"values": [
"41212"
]
}
],
"risk_information": {
"risk_factor": "High",
"cvss_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_base_score": "9.3",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "7.7",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"[\"https://technet.microsoft.com/library/security/ms11-025\"]"
],
"vulnerability_information": {
"vulnerability_publication_date": "2010-12-31T00:00:00Z",
"exploited_by_malware": null,
"patch_publication_date": "2011-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": null,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": []
},
"vpr": {
"score": 5.9,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "MEDIUM"
},
"updated": "2019-12-31T10:08:58Z"
}
}
}
}
Get Plugin Details
Retrieves the details for a plugin. | key: getPluginDetails
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Date Range | The number of days of data prior to and including today that should be returned. | 30 |
| Debug Request | Enabling this flag will log out the current request. | false |
| Plugin ID | The ID of the plugin. | 12345 |
| Query Param Filters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerability-info for more information. |
{
"data": {
"info": {
"count": 13,
"vuln_count": 14,
"description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.",
"synopsis": "The remote web server is affected by a remote code execution vulnerability.",
"solution": "Apply the referenced patch.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T22:53:45.000Z"
},
"severity": 4,
"plugin_details": {
"family": "CGI abuses",
"modification_date": "2017-12-31T00:00:00Z",
"name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)",
"publication_date": "2014-12-31T00:00:00Z",
"type": "remote",
"version": null,
"severity": 4
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
70103
]
},
{
"name": "cert",
"url": "http://www.kb.cert.org/vuls/id/",
"values": [
"252743"
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2014-6271"
]
},
{
"name": "edb-id",
"url": "http://www.exploit-db.com/exploits/",
"values": [
"34766",
"34777",
"34765"
]
},
{
"name": "iava",
"values": [
"2014-A-0142"
]
},
{
"name": "osvdb",
"values": [
"112004"
]
}
],
"risk_information": {
"risk_factor": "Critical",
"cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_base_score": "10.0",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "8.3",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"http://seclists.org/oss-sec/2014/q3/650",
"http://www.nessus.org/u?dacf7829",
"https://www.invisiblethreat.ca/post/shellshock/"
],
"vulnerability_information": {
"vulnerability_publication_date": "2014-12-31T00:00:00Z",
"exploited_by_malware": true,
"patch_publication_date": "2014-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": true,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": [
{
"name": "Core Impact"
},
{
"name": "Metasploit",
"exploits": [
{
"name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)",
"url": null
}
]
}
]
},
"vpr": {
"score": 9.6,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "HIGH",
"cvss3_impact_score": 5.9,
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "HIGH",
"threat_recency": {
"lower_bound": 0,
"upper_bound": 7
},
"threat_sources_last28": [
"Others",
"Mainstream Media",
"Code Repo and Paste Bins"
],
"product_coverage": "LOW"
},
"updated": "2019-12-31T10:10:57Z"
}
}
}
}
Get Scanner
Returns details for the specified scanner. | key: getScanner
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Scanner ID | The ID of the scanner. | 1 |
{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}
Get User
Returns details for a specific user. | key: getUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Import Assets
Imports asset data in JSON format. | key: importAssets
| Input | Notes | Example |
|---|---|---|
| Asset Objects | An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios_name, mac_address. See https://developer.tenable.com/reference/assets-import for more information. | |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Source | A user-defined name for the source of the import. | Example Import |
{
"data": {
"asset_import_job_uuid": "467e5338-7783-4a0d-915a-5d00584784a0"
}
}
Import Vulnerabilities
Imports a list of vulnerabilities in JSON format. | key: importVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Assets | An array of asset objects with vulnerabilities information. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | |
| Connection | ||
| Coverage | The coverage object. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | |
| Data Type | The type of scan that identified the vulnerabilities. | vm |
| Debug Request | Enabling this flag will log out the current request. | false |
| Product | The name of the product from the vendor. | Security Center |
| Source | A unique string value used to track the set of assets and vulnerabilities. | scan_uuid:scan_chunk_uuid |
| Vendor | The company that owns the product that is the source of the vulnerability data. | tenable |
{
"data": {
"job_uuid": ""
}
}
List Agent Groups
Retrieves a list of agent groups. | key: listAgentGroups
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"groups": [
{
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "slibs",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 0
}
]
}
}
List Agents
Returns a list of agents for the specified scanner. | key: listAgents
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
| Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
| Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true |
| Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 |
| Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 |
| Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc |
| Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
| Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
{
"data": {
"agents": [
{
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
},
{
"id": 14569,
"uuid": "72ac6ad1-fc86-4af4-be0c-0ff3bfbfb242",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329832,
"last_connect": 1526565530,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "da1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 10,
"health_state_name": "WARNING",
"fredi_status": true
},
{
"id": 14570,
"uuid": "938cb466-06ea-477e-abb0-99d8da0e0f20",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329886,
"last_connect": 1526565624,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "b23a9cf3-23a2-45ab-b99d-9a15000451c5",
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": true
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Agents By Group
Returns a list of agents for the specified agent group. | key: listAgentsByGroup
| Input | Notes | Example |
|---|---|---|
| Agent Group ID | The ID of the agent group to query for agents. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
| Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
| Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true |
| Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 |
| Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 |
| Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc |
| Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
| Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
{
"data": {
"agents": [
{
"id": 20,
"uuid": "96efbd47-9d96-443f-be29-2ac723dde270",
"name": "Codys-MacBook-Pro.local",
"platform": "DARWIN",
"distro": "macosx",
"ip": "10.31.100.110",
"last_scanned": 1545272687,
"plugin_feed_id": "201812281741",
"core_build": "1",
"core_version": "7.2.1",
"linked_on": 1452106253,
"last_connect": 1546264939,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3315
}
],
"supports_remote_logs": false,
"asset_uuid": "5d1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 0,
"health_state_name": "HEALTHY",
"health_events": [
{
"identifier": 201,
"state": 0,
"state_time": 1722960875000,
"details": "Plugin update was successful.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_UPDATE"
},
{
"identifier": 200,
"state": 0,
"state_time": 1722960320000,
"details": "Nessus Agent plugin disk usage is normal.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_DISK_USAGE"
}
]
},
{
"id": 65,
"uuid": "7d14d098-2c60-403a-a1d0-8bce78e27f867b06b5e32a5e47a1",
"name": "DC02",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "10.31.114.10",
"last_scanned": 1478743235,
"plugin_feed_id": "0",
"linked_on": 1453821446,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "ba4a9cf3-33a2-45ae-b99d-9a1500045345"
},
{
"id": 643,
"uuid": "d59d1f5b-f775-4061-9e36-fae22ab7518f2596d192e3cf57f8",
"name": "DESKTOP-PSNDJQ6",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.3",
"last_scanned": 1477011651,
"plugin_feed_id": "0",
"linked_on": 1468619962,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "321a9cf3-33a2-45ae-b99d-9a1500045444"
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Asset Tags
Returns a list of assigned tags for the specified asset UUID. | key: listAssetTags
| Input | Notes | Example |
|---|---|---|
| Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"tags": [
{
"value_uuid": "173c3f3c-cb25-4f35-97e8-26b83f50c38d",
"category_name": "location",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "Chicago",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "e50a526c-966f-4b80-a641-6dd359b8202e"
},
{
"value_uuid": "6c25f771-61b6-412d-8e10-1778203f14c8",
"category_name": "threat",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "wannacry",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "c9f13d31-e9f7-40e6-9830-3c770e800675"
}
]
}
}
List Asset Vulnerabilities
Retrieves a list of the vulnerabilities recorded for a specified asset. | key: listAssetVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Asset ID | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 |
| Connection | ||
| Date Range | The number of days of data prior to and including today that should be returned. | 30 |
| Debug Request | Enabling this flag will log out the current request. | false |
| Query Param Filters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerabilities for more information. |
{
"data": {
"vulnerabilities": [
{
"count": 55,
"plugin_family": "Port scanners",
"plugin_id": 34220,
"plugin_name": "Netstat Portscanner (WMI)",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 55,
"value": 0
}
],
"severity": 0
},
{
"count": 54,
"plugin_family": "Windows",
"plugin_id": 34252,
"plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)",
"vulnerability_state": "Active",
"vpr_score": 6.3,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 54,
"value": 0
}
],
"severity": 0
},
{
"count": 21,
"plugin_family": "Service detection",
"plugin_id": 22964,
"plugin_name": "Service Detection",
"vulnerability_state": "Active",
"vpr_score": 4.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 21,
"value": 0
}
],
"severity": 0
},
{
"count": 18,
"plugin_family": "Web Servers",
"plugin_id": 24260,
"plugin_name": "HyperText Transfer Protocol (HTTP) Information",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 18,
"value": 0
}
],
"severity": 0
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}
List Assets
Lists up to 5,000 assets. | key: listAssets
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"assets": [
{
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "700a652e-9922-45cd-a6b7-3611c0e1601c",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.58",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.58"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"scanner"
],
"operating_system": [
"Linux Kernel 4.4.0-104-generic on Ubuntu 16.04"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "dc3fdd75-3a01-4277-9ecd-903a80e08332",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.59",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.59"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"SHANE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "47351ecd-cbae-4576-9740-ff1b4eb88177",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.60",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.60"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"ARCHIE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
],
"total": 4
}
}
List Assets with Vulnerabilities
Returns a list of assets with vulnerabilities. | key: listAssetsWithVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Date Range | The number of days of data prior to and including today that should be returned. | 30 |
| Debug Request | Enabling this flag will log out the current request. | false |
| Query Param Filters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-assets-vulnerabilities for more information. |
{
"data": {
"assets": [
{
"id": "b822ac94-663b-4f85-bd8c-fd1310ccff44",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 1,
"level": 1,
"name": "Low"
},
{
"count": 0,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "1519f45c-b99b-4626-9818-dca849c4e364",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "6417b14b-8a28-41c7-b276-7bca6f069949",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
}
],
"total_asset_count": 3
}
}
List Scanners
Returns the scanner list. | key: listScanners
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"scanners": [
{
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
},
{
"creation_date": 1559325208,
"group": true,
"id": 236329,
"key": "6dec14cb6d33bce4173b8bd0a022400e306629ddca7951bebe4252a6973c16ce",
"last_connect": null,
"last_modification_date": 1559325208,
"linked": 1,
"name": "US Cloud Scanner",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1559325208,
"type": "pool",
"user_permissions": 128,
"uuid": "00000000-0000-0000-0000-00000000000000000000000000001",
"supports_remote_logs": false
},
{
"creation_date": 1561584499,
"group": true,
"id": 236911,
"key": "68a3829fe2ce4d9ee6ab053691c7b9114cab6148294b12489bbcc0db54c6c109",
"last_connect": null,
"last_modification_date": 1561584499,
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1561584499,
"type": "pool",
"user_permissions": 128,
"uuid": "e84ca418-ef25-4dd6-8635-4df11a6e1c2f",
"supports_remote_logs": false
}
]
}
}
List Users
Returns a list of users. | key: listUsers
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"users": [
{
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
]
}
}
List Vulnerabilities
Returns a list of recorded vulnerabilities. | key: listVulnerabilities
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Date Range | The number of days of data prior to and including today that should be returned. | 30 |
| Debug Request | Enabling this flag will log out the current request. | false |
| Query Param Filters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerabilities for more information. |
{
"data": {
"vulnerabilities": [
{
"count": 319,
"plugin_family": "General",
"plugin_id": 51192,
"plugin_name": "SSL Certificate Cannot Be Trusted",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 319,
"value": 2
}
],
"severity": 2
},
{
"count": 215,
"plugin_family": "Misc.",
"plugin_id": 70658,
"plugin_name": "SSH Server CBC Mode Ciphers Enabled",
"vulnerability_state": "Active",
"vpr_score": 7.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 215,
"value": 1
}
],
"severity": 1
},
{
"count": 168,
"plugin_family": "Misc.",
"plugin_id": 71049,
"plugin_name": "SSH Weak MAC Algorithms Enabled",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 168,
"value": 1
}
],
"severity": 1
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}
Move Assets
Moves assets from the specified network to another network. | key: moveAssets
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Destination Network UUID | The UUID of the network to associate with the specified assets. | 123e4567-e89b-12d3-a456-426614174000 |
| Source Network UUID | The UUID of the network currently associated with the assets. | 123e4567-e89b-12d3-a456-426614174000 |
| Targets | The IPv4 addresses of the assets to move. The addresses can be represented as a comma-separated list, a range, or CIDR. | 1.1.1.1, 2.2.2.2-2.2.2.200 |
{
"data": {
"response": {
"data": {
"asset_count": 512
}
}
}
}
Raw Request
Send raw HTTP request to Tenable. | key: rawRequest
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} |
| Debug Request | Enabling this flag will log out the current request. | false |
| File Data | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] |
| File Data File Names | File names to apply to the file data inputs. Keys must match the file data keys above. | |
| Form Data | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] |
| Header | A list of headers to send with the request. | User-Agent: curl/7.64.1 |
| Max Retry Count | The maximum number of retries to attempt. Specify 0 for no retries. | 0 |
| Method | The HTTP method to use. | |
| Query Parameter | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | |
| Response Type | The type of data you expect in the response. You can request json, text, or binary data. | json |
| Retry On All Errors | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | false |
| Retry Delay (ms) | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | 0 |
| Timeout | The maximum time that a client will await a response to its request | 2000 |
| URL | Input the path only (/networks), The base URL is already included (https://cloud.tenable.com). For example, to connect to https://cloud.tenable.com/networks, only /networks is entered in this field. | /networks |
| Use Exponential Backoff | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. | false |
Remove Agent from Group
Removes an agent from the specified agent group. | key: removeAgentFromGroup
| Input | Notes | Example |
|---|---|---|
| Agent ID | The ID of the agent to remove. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Group ID | The ID of the agent group. | 123 |
{
"data": {
"success": true
}
}
Rename Agent
Renames an agent. | key: renameAgent
| Input | Notes | Example |
|---|---|---|
| Agent ID | The ID of the agent to rename. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Name | The new name for the agent. | New Agent Name |
{
"data": {
"owner_uuid": "76229e9a-3700-4f28-b71d-8b92051b669e",
"created": 1637196514784,
"modified": 1638325337487,
"container_uuid": "1c42306b-3ebb-451d-a250-0a1985509880",
"uuid": "a9a45fe7-bffe-4883-9a3f-bef4215b42bf",
"id": 4148460,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"name": "AGENTWINDOWS44",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ui_version": "10.0.0",
"ui_build": "74",
"engine_version": "19.0.1",
"loaded_plugin_set": "202111302302",
"ip": "198.51.100.12",
"mac_addrs": "00:50:56:01:22:af",
"last_connect": 1638405460245,
"last_scanned": 1638322481919,
"remote_settings": [
{
"name": "Nessus Agent Log Level",
"setting": "backend_log_level",
"type": "select",
"description": "This controls the Nessus Agent backend logging level. Backend reload required.",
"backend_reload": true,
"status": "pending",
"value": "normal",
"allowable_values": [
{
"value": "verbose"
},
{
"value": "debug"
},
{
"value": "normal"
}
],
"default": "normal"
},
{
"name": "Plugin Compilation Performance",
"setting": "plugin_load_performance_mode",
"type": "select",
"description": "Controls the performance for plugin compilation; lower performance takes longer to compile, but uses fewer system processor resources. Service restart required. Requires 8.1.0+",
"service_restart": true,
"status": "current",
"value": "high",
"allowable_values": [
{
"value": "high"
},
{
"value": "medium"
},
{
"value": "low"
}
],
"default": "high"
},
{
"name": "Scan Performance",
"setting": "scan_performance_mode",
"type": "select",
"description": "Controls the scan performance; lower performance takes longer to scan, but uses fewer system processor resources. Service restart required. Requires 8.1.0+",
"service_restart": true,
"status": "current",
"value": "high",
"allowable_values": [
{
"value": "high"
},
{
"value": "medium"
},
{
"value": "low"
}
],
"default": "high"
},
{
"name": "Nessus Agent Update Plan",
"setting": "agent_update_channel",
"type": "select",
"description": "The update plan to which Nessus Agent will track. Requires 7.7.0+",
"status": "current",
"value": "ea",
"allowable_values": [
{
"value": "ga",
"label": "Keep up to date with GA releases."
},
{
"value": "ea",
"label": "Opt in to Early Access releases."
},
{
"value": "stable",
"label": "Delay updates, staying on an older release."
}
],
"default": "ga"
},
{
"name": "Automatic Hostname Update",
"setting": "update_hostname",
"type": "boolean",
"description": "If the Nessus Agent's hostname is changed, the new hostname is updated in the Nessus Agent's manager.",
"status": "current",
"value": "false",
"default": "false"
},
{
"name": "Offline Agent Scan Trigger Execution Threshold",
"setting": "offline_agent_scan_trigger_execution_threshold_days",
"type": "integer",
"description": "Specifies the number of days of the Agent being offline after which Rule-Based Scans will stop executing",
"min": 1,
"status": "current",
"value": "14",
"default": "14"
},
{
"name": "Maximum Scans Per Day",
"setting": "maximum_scans_per_day",
"type": "integer",
"description": "The maximum number of scans to run on this Agent per day.",
"min": 1,
"max": 48,
"status": "current",
"value": "10",
"default": "10"
}
],
"restart_pending": false,
"status": "off",
"tracking_id": "4ab102a77f1c9c54b7123559319cc546c86867fc870e15aae384d940dc59eeaf",
"last_connect_in_seconds": 1638405460,
"last_scanned_in_seconds": 1638322481,
"supports_remote_settings": true,
"supports_remote_logs": false,
"created_in_seconds": 1637196514,
"modified_in_seconds": 1638325337
}
}
Unlink Agent
Unlinks an agent. | key: unlinkAgent
| Input | Notes | Example |
|---|---|---|
| Agent ID | The ID of the agent to unlink. | 123 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
{
"data": {
"success": true
}
}
Update Agent Group
Changes the name of the agent group. | key: updateAgentGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Group ID | The ID or UUID of the agent group to update. | 123 |
| Name | The name of the agent group. | My Agent Group |
{
"data": {
"groups": [
{
"owner_uuid": "2e3a71fc-2442-4024-9fee-085cc61750cb",
"created": 1595001140400,
"modified": 1595001217809,
"container_uuid": "d6c3e937-4467-4171-92d8-debf5ef3c917",
"uuid": "e069b272-ed76-487a-8cf9-1c32836698b7",
"id": 183709,
"name": "NewName",
"agents_count": 0,
"default_permissions": 16,
"shared": 1,
"user_permissions": 128,
"created_in_seconds": 1595001140,
"modified_in_seconds": 1595001217
}
]
}
}
Update Scanner
Updates the specified scanner. | key: updateScanner
| Input | Notes | Example |
|---|---|---|
| AWS Update Interval | Specifies how often, in minutes, the scanner checks in with Tenable Vulnerability Management (Amazon Web Services scanners only). | 60 |
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
| Finish Update | Pass 1 to reboot the scanner and run the latest software update (only valid if automatic updates are disabled). | 1 |
| Force Plugin Update | Pass 1 to force a plugin update. | 1 |
| Force UI Update | Pass 1 to force a UI update. | 1 |
| Name | The new name for the scanner. | My Scanner |
| Registration Code | Sets the registration code for the scanner. | 1234 |
| Scanner ID | The ID of the scanner. | 1 |
{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}
Update User
Updates an existing user account. | key: updateUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Debug Request | Enabling this flag will log out the current request. | false |
The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name@domain | |
| Enabled | Specifies whether the user's account is enabled (true) or disabled (false). | |
| Name | The name of the user (for example, first and last name). | John Doe |
| Permissions | The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information. | 16 |
| User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Changelog
2025-08-29
Added inline Data Sources for improved data selection of Agent Groups and Assets.