Skip to main content

Tenable Vulnerability Management Component

Assess vulnerabilities; manage assets, users, agents, and more.

Component key: tenable-vulnerability-management ·
· Changelog ↓

Description

Tenable Vulnerability Management is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity. This component allows you to interact with the Tenable Vulnerability Management REST API.

API Documentation

This component was built using the Tenable Vulnerability Management API Reference

Connections

Access Key / Secret Key

key: tenable-connection

To generate API keys in Tenable Vulnerability Management:

  1. Login to your Tenable account and navigate to My Account by selecting the user icon in the top right menu.
  2. Navigate to API Keys and select generate to generate an Access Key and a Secret Key.
  3. Enter these values into the connection configuration of your integration.
    1. Save these values as they will not be shown again.
InputNotesExample
Access Key
Secret Key

Triggers

Poll for New Records

Polls Tenable for new assets or vulnerabilities on a configured schedule using ID-based change detection. | key: pollChangesTrigger

InputNotesExample
Connection
Resource Type

The type of resource to poll for new records.

Show New Records

If true, newly detected records will be included in the output.

true

This trigger polls the Tenable Vulnerability Management API for new assets or vulnerabilities on a scheduled basis.

How It Works

  1. The trigger runs on the configured schedule
  2. It fetches all records of the selected resource type from Tenable
  3. Each record ID is compared against the set of previously known IDs — records with IDs not present in prior polls are classified as new
  4. The trigger updates its internal state after each poll, storing the full current set of known IDs

Configuration

Configure the following inputs:

  • Connection: The Tenable connection to authenticate API requests
  • Resource Type: The type of Tenable resource to monitor
ResourceTracks NewTracks Updated
AssetsYesNo
VulnerabilitiesYesNo
  • Show New Records: When enabled, newly detected records are included in the trigger output

Returned Data

Returns an object with two arrays — created for new records and updated for modified records.

{
  "data": {
    "created": [
      {
        "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
      }
    ],
    "updated": []
  }
}

The updated array is always empty — this trigger does not track modifications to existing records.

Notes

  • The first poll establishes a baseline by recording all current record IDs. No records are returned on the first execution.
  • Update detection is not supported. Only records with IDs that were not present in a prior poll are captured as new.
  • All records are fetched on every poll; there is no timestamp-based filtering. For large datasets, this may result in significant API usage.

Data Sources

Select Agent

Select an agent from a picklist. | key: selectAgent | type: picklist

InputNotesExample
Connection
Filter

Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.

field1:match:sometext
Filter Type

If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.

and
Wildcard Filter Text

Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.

wild
Wildcard Fields

A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.

field1,field2

Select Agent Group

Select an agent group from a picklist of agent groups. | key: selectAgentGroup | type: picklist

InputNotesExample
Connection

Select Asset

Select an asset from a picklist. | key: selectAsset | type: picklist

InputNotesExample
Connection

Select Scanner

Select a scanner from a picklist. | key: selectScanner | type: picklist

InputNotesExample
Connection
Example Payload for Select Scanner
Loading…

Select User

Select a user from a picklist. | key: selectUser | type: picklist

InputNotesExample
Connection

Actions

Add Agent to Group

Adds an agent to the agent group. | key: addAgentToGroup

InputNotesExample
Agent ID

The ID of the agent to add.

123
Connection
Group ID

The ID of the agent group.

123
Example Payload for Add Agent to Group
Loading…

Add or Remove Asset Tags

Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | key: addOrRemoveAssetTags

InputNotesExample
Action

Specifies whether to add or remove tags.

add
Assets

An array of asset UUIDs.

123e4567-e89b-12d3-a456-426614174000
Connection
Tags

An array of tag value UUIDs.

123e4567-e89b-12d3-a456-426614174000
Example Payload for Add or Remove Asset Tags
Loading…

Create Agent Group

Creates an agent group. | key: createAgentGroup

InputNotesExample
Connection
Name

The name of the agent group.

My Agent Group
Example Payload for Create Agent Group
Loading…

Create User

Creates a new user. | key: createUser

InputNotesExample
Connection
Email

The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains.

name@domain
Name

The name of the user (for example, first and last name).

John Doe
Password

Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol.

password
Permissions

The user permissions as described in Permissions. See Tenable API documentation for more information.

16
Username

A valid username must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance.

name@domain
Example Payload for Create User
Loading…

Delete Agent Group

Deletes an agent group. | key: deleteAgentGroup

InputNotesExample
Connection
Group ID

The ID or UUID of the agent group to delete.

123
Example Payload for Delete Agent Group
Loading…

Delete Asset

Deletes the specified asset. | key: deleteAsset

InputNotesExample
Asset UUID

The UUID of the asset.

123e4567-e89b-12d3-a456-426614174000
Connection
Example Payload for Delete Asset
Loading…

Delete Scanner

Deletes and unlinks a scanner from Tenable Vulnerability Management. | key: deleteScanner

InputNotesExample
Connection
Scanner ID

The ID of the scanner.

1
Example Payload for Delete Scanner
Loading…

Delete User

Deletes a user. | key: deleteUser

InputNotesExample
Connection
User ID

The UUID (uuid) or unique ID (id) of the user.

60f73e4f-8983-41c2-a13c-39074cbb6229
Example Payload for Delete User
Loading…

Download Vulnerabilities

Downloads exported vulnerabilities as a JSON file. | key: downloadVulnerabilities

InputNotesExample
Chunk ID

The ID of the chunk you want to export.

1
Connection
Export UUID

The UUID of the vulnerability export request.

123e4567-e89b-12d3-a456-426614174000
Example Payload for Download Vulnerabilities
Loading…

Export Assets

Exports all assets that match the request criteria. | key: exportAssets

InputNotesExample
Chunk Size

Specifies the number of assets per exported chunk. The range is 100-10000.

100
Connection
Filters

Specifies filters for exported assets. See Tenable API documentation for more information.

{
  "is_terminated": true
}
Include Open Ports

Specifies whether or not to include open port findings from info-level plugins.

false
Example Payload for Export Assets
Loading…

Export Vulnerabilities

Exports vulnerabilities that match the request criteria. | key: exportVulnerabilities

InputNotesExample
Connection
Filters

Specifies filters for exported vulnerabilities. See Tenable API documentation for more information.

{
  "cidr_range": "0.0.0.0/0"
}
Include Unlicensed

Specifies whether or not to include unlicensed assets.

false
Number of Assets

Specifies the number of assets used to chunk the vulnerabilities.

50
Example Payload for Export Vulnerabilities
Loading…

Get Agent

Returns the specified agent details for the specified scanner. | key: getAgent

InputNotesExample
Agent ID

The ID of the agent to query.

123
Connection
Example Payload for Get Agent
Loading…

Get Agent Group

Gets details for the agent group. | key: getAgentGroup

InputNotesExample
Connection
Filter

Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.

field1:match:sometext
Filter Type

If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.

and
Fetch All

If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.

true
Group ID

The ID or UUID of the agent group to query.

123
Limit

The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.

50
Offset

The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.

0
Sort

The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).

name:desc
Wildcard Filter Text

Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.

wild
Wildcard Fields

A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.

field1,field2
Example Payload for Get Agent Group
Loading…

Get Asset

Returns details of the specified asset. | key: getAsset

InputNotesExample
Asset UUID

The UUID of the asset.

123e4567-e89b-12d3-a456-426614174000
Connection
Example Payload for Get Asset
Loading…

Get Asset Vulnerability Details

Retrieves the details for a vulnerability recorded on a specified asset. | key: getAssetVulnerabilityDetails

InputNotesExample
Asset ID

The UUID of the asset.

116af8c3-969d-4621-9f9f-364eeb58e3a7
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Plugin ID

The ID of the plugin.

12345
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.filter": "plugin.name"
}
Example Payload for Get Asset Vulnerability Details
Loading…

Get Plugin Details

Retrieves the details for a plugin. | key: getPluginDetails

InputNotesExample
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Plugin ID

The ID of the plugin.

12345
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.filter": "plugin.name"
}
Example Payload for Get Plugin Details
Loading…

Get Scanner

Returns details for the specified scanner. | key: getScanner

InputNotesExample
Connection
Scanner ID

The ID of the scanner.

1
Example Payload for Get Scanner
Loading…

Get User

Returns details for a specific user. | key: getUser

InputNotesExample
Connection
User ID

The UUID (uuid) or unique ID (id) of the user.

60f73e4f-8983-41c2-a13c-39074cbb6229
Example Payload for Get User
Loading…

Import Assets

Imports asset data in JSON format. | key: importAssets

InputNotesExample
Asset Objects

An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios_name, mac_address. See Tenable API documentation for more information.

[
  {
    "ipv4": [
      "192.0.2.57",
      "192.0.2.177"
    ],
    "operating_system": [
      "Linux Kernel 2.6.32-71.el6.i686 on Red Hat Enterprise Linux Server release 6.0 (Santiago)"
    ],
    "ssh_fingerprint": "423fa07b4a12f386149e09ea10021a89",
    "bios_uuid": "d965e0f6-642d-485a-85ea-52baa9689a5b",
    "installed_software": [
      "cpe:/a:apple:itunes:12.8",
      "cpe:/a:apple:quicktime:7.7.3",
      "cpe:/a:openbsd:openssh:6.9"
    ]
  },
  {
    "mac_address": [
      "00-00-5E-00-53-00",
      "00-00-5E-00-53-FF"
    ],
    "netbios_name": "COMPUTERNAME1",
    "fqdn": [
      "example.com"
    ],
    "installed_software": [
      "cpe:/a:apple:itunes:12.8",
      "cpe:/a:apple:quicktime:7.7.3",
      "cpe:/a:openbsd:openssh:6.9",
      "cpe:/a:google:chrome"
    ]
  }
]
Connection
Source

A user-defined name for the source of the import.

Example Import
Example Payload for Import Assets
Loading…

Import Vulnerabilities

Imports a list of vulnerabilities in JSON format. | key: importVulnerabilities

InputNotesExample
Assets

An array of asset objects with vulnerabilities information. See Tenable API documentation for more information.

[
  {
    "network_interfaces": [
      {
        "ipv4": [
          "192.168.1.254"
        ],
        "netbios_name": "NETBIOS Name"
      }
    ]
  }
]
Connection
Coverage

The coverage object. See Tenable API documentation for more information.

{
  "ids": "1-100"
}
Data Type

The type of scan that identified the vulnerabilities.

vm
Product

The name of the product from the vendor.

Security Center
Source

A unique string value used to track the set of assets and vulnerabilities.

scan_uuid:scan_chunk_uuid
Vendor

The company that owns the product that is the source of the vulnerability data.

tenable
Example Payload for Import Vulnerabilities
Loading…

List Agent Groups

Retrieves a list of agent groups. | key: listAgentGroups

InputNotesExample
Connection
Example Payload for List Agent Groups
Loading…

List Agents

Returns a list of agents for the specified scanner. | key: listAgents

InputNotesExample
Connection
Filter

Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.

field1:match:sometext
Filter Type

If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.

and
Fetch All

If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.

true
Limit

The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.

50
Offset

The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.

0
Sort

The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).

name:desc
Wildcard Filter Text

Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.

wild
Wildcard Fields

A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.

field1,field2
Example Payload for List Agents
Loading…

List Agents By Group

Returns a list of agents for the specified agent group. | key: listAgentsByGroup

InputNotesExample
Agent Group ID

The ID of the agent group to query for agents.

123
Connection
Filter

Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.

field1:match:sometext
Filter Type

If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.

and
Fetch All

If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.

true
Limit

The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.

50
Offset

The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.

0
Sort

The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).

name:desc
Wildcard Filter Text

Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.

wild
Wildcard Fields

A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.

field1,field2
Example Payload for List Agents By Group
Loading…

List Asset Tags

Returns a list of assigned tags for the specified asset UUID. | key: listAssetTags

InputNotesExample
Asset UUID

The UUID of the asset.

123e4567-e89b-12d3-a456-426614174000
Connection
Example Payload for List Asset Tags
Loading…

List Asset Vulnerabilities

Retrieves a list of the vulnerabilities recorded for a specified asset. | key: listAssetVulnerabilities

InputNotesExample
Asset ID

The UUID of the asset.

116af8c3-969d-4621-9f9f-364eeb58e3a7
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.value": "critical"
}
Example Payload for List Asset Vulnerabilities
Loading…

List Assets

Lists up to 5,000 assets. | key: listAssets

InputNotesExample
Connection
Example Payload for List Assets
Loading…

List Assets with Vulnerabilities

Returns a list of assets with vulnerabilities. | key: listAssetsWithVulnerabilities

InputNotesExample
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.value": "critical"
}
Example Payload for List Assets with Vulnerabilities
Loading…

List Scanners

Returns the scanner list. | key: listScanners

InputNotesExample
Connection
Example Payload for List Scanners
Loading…

List Users

Returns a list of users. | key: listUsers

InputNotesExample
Connection
Example Payload for List Users
Loading…

List Vulnerabilities

Returns a list of recorded vulnerabilities. | key: listVulnerabilities

InputNotesExample
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.value": "critical"
}
Example Payload for List Vulnerabilities
Loading…

List Workbench Assets

Returns a list of assets from the workbenches endpoint. | key: listWorkbenchAssets

InputNotesExample
Connection
Date Range

The number of days of data prior to and including today that should be returned.

30
Query Param Filters

Filters to apply in JSON format. See Tenable API documentation for more information.

{
  "filter.0.value": "critical"
}
Example Payload for List Workbench Assets
Loading…

Move Assets

Moves assets from the specified network to another network. | key: moveAssets

InputNotesExample
Connection
Destination Network UUID

The UUID of the network to associate with the specified assets.

123e4567-e89b-12d3-a456-426614174000
Source Network UUID

The UUID of the network currently associated with the assets.

123e4567-e89b-12d3-a456-426614174000
Targets

The IPv4 addresses of the assets to move. The addresses can be represented as a comma-separated list, a range, or CIDR.

1.1.1.1, 2.2.2.2-2.2.2.200
Example Payload for Move Assets
Loading…

Raw Request

Send raw HTTP request to Tenable. | key: rawRequest

InputNotesExample
Connection
Data

The HTTP body payload to send to the URL.

{"exampleKey": "Example Data"}
Debug Request

Enabling this flag will log out the current request.

false
File Data

File Data to be sent as a multipart form upload.

[{key: "example.txt", value: "My File Contents"}]
File Data File Names

File names to apply to the file data inputs. Keys must match the file data keys above.

Form Data

The Form Data to be sent as a multipart form upload.

[{"key": "Example Key", "value": new Buffer("Hello World")}]
Header

A list of headers to send with the request.

User-Agent: curl/7.64.1
Max Retry Count

The maximum number of retries to attempt. Specify 0 for no retries.

0
Method

The HTTP method to use.

Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Retry Delay (ms)

The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled.

0
Timeout

The maximum time that a client will await a response to its request

2000
URL

Input the path only (/networks), The base URL is already included (https://cloud.tenable.com). For example, to connect to https://cloud.tenable.com/networks, only /networks is entered in this field.

/networks
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored.

false

Remove Agent from Group

Removes an agent from the specified agent group. | key: removeAgentFromGroup

InputNotesExample
Agent ID

The ID of the agent to remove.

123
Connection
Group ID

The ID of the agent group.

123
Example Payload for Remove Agent from Group
Loading…

Rename Agent

Renames an agent. | key: renameAgent

InputNotesExample
Agent ID

The ID of the agent to rename.

123
Connection
Name

The new name for the agent.

New Agent Name
Example Payload for Rename Agent
Loading…

Unlink Agent

Unlinks an agent. | key: unlinkAgent

InputNotesExample
Agent ID

The ID of the agent to unlink.

123
Connection
Example Payload for Unlink Agent
Loading…

Update Agent Group

Changes the name of the agent group. | key: updateAgentGroup

InputNotesExample
Connection
Group ID

The ID or UUID of the agent group to update.

123
Name

The name of the agent group.

My Agent Group
Example Payload for Update Agent Group
Loading…

Update Scanner

Updates the specified scanner. | key: updateScanner

InputNotesExample
AWS Update Interval

Specifies how often, in minutes, the scanner checks in with Tenable Vulnerability Management (Amazon Web Services scanners only).

60
Connection
Finish Update

Pass 1 to reboot the scanner and run the latest software update (only valid if automatic updates are disabled).

1
Force Plugin Update

Pass 1 to force a plugin update.

1
Force UI Update

Pass 1 to force a UI update.

1
Name

The new name for the scanner.

My Scanner
Registration Code

Sets the registration code for the scanner.

1234
Scanner ID

The ID of the scanner.

1
Example Payload for Update Scanner
Loading…

Update User

Updates an existing user account. | key: updateUser

InputNotesExample
Connection
Email

The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains.

name@domain
Enabled

Specifies whether the user's account is enabled (true) or disabled (false).

Name

The name of the user (for example, first and last name).

John Doe
Permissions

The user permissions as described in Permissions. See Tenable API documentation for more information.

16
User ID

The UUID (uuid) or unique ID (id) of the user.

60f73e4f-8983-41c2-a13c-39074cbb6229
Example Payload for Update User
Loading…

Changelog

2026-04-30

Updated spectral version

2026-04-21

Added New Records polling trigger that checks for new assets or vulnerabilities in Tenable Vulnerability Management on a configured schedule, using ID-based change detection

2026-03-27

Added the List Workbench Assets action, which calls the /workbenches/assets endpoint and supports date range and query param filters for filtered asset querying

2026-03-16

Improved input field documentation with formatted URL links for better readability

2026-03-13

Removed the Debug Request input from all action inputs. Debug logging is now controlled internally and no longer appears as a configurable field in actions.

2026-02-26

Added inline data source for scanners to enable dynamic dropdown selection

2025-08-29

Added inline Data Sources for improved data selection of Agent Groups and Assets