Tenable Vulnerability Management Component
Use the component to assess vulnerabilities; manage assets, users, agents, and more.
Component key: tenable-vulnerability-management
Description
Tenable Vulnerability Management is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity.
Use the component to assess vulnerabilities; manage assets, users, agents, and more.
API Documentation:
The component was built using the Tenable Vulnerability Management API Reference.
Connections
Tenable Connection
To generate API keys in Tenable Vulnerability Management:
- Login to your Tenable account and navigate to My Account by selecting the user icon in the top right menu.
- Navigate to API Keys and select generate to generate an Access Key and a Secret Key.
- Enter these values into the connection configuration of your integration.
- Save these values as they will not be shown again.
| Input | Notes |
|---|---|
Access Key string / Required accessKey | |
Secret Key password / Required secretKey |
Data Sources
Select Agent
Select an agent from a picklist. | key: selectAgent | type: picklist
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Select User
Select a user from a picklist. | key: selectUser | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
Actions
Add Agent to Group
Adds an agent to the agent group. | key: addAgentToGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to add. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID of the agent group. | 123 |
Example Payload for Add Agent to Group
Example Payload for Add Agent to Group
{
"data": {
"success": true
}
}
Add or Remove Asset Tags
Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | key: addOrRemoveAssetTags
| Input | Default | Notes | Example |
|---|---|---|---|
Action string / Required action | Specifies whether to add or remove tags. | add | |
Assets string / Required Value List assets | An array of asset UUIDs. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Tags string / Required Value List tags | An array of tag value UUIDs. | 123e4567-e89b-12d3-a456-426614174000 |
Example Payload for Add or Remove Asset Tags
Example Payload for Add or Remove Asset Tags
{
"data": {
"job_uuid": "62210d02a7056d0297f50a8ddfbd549eaef1d0bc94e1ea3fad09"
}
}
Create Agent Group
Creates an agent group. | key: createAgentGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Name string / Required name | The name of the agent group. | My Agent Group |
Example Payload for Create Agent Group
Example Payload for Create Agent Group
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 0,
"agents_count": 0
}
}
Create User
Creates a new user. | key: createUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Email string email | The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name@domain | |
Name string name | The name of the user (for example, first and last name). | John Doe | |
Password password / Required password | Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol. | password | |
Permissions string / Required permissions | The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information. | 16 | |
Username string / Required username | A valid username must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. | name@domain |
Example Payload for Create User
Example Payload for Create User
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Delete Agent Group
Deletes an agent group. | key: deleteAgentGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID or UUID of the agent group to delete. | 123 |
Example Payload for Delete Agent Group
Example Payload for Delete Agent Group
{
"data": {
"success": true
}
}
Delete Asset
Deletes the specified asset. | key: deleteAsset
| Input | Default | Notes | Example |
|---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Delete Asset
Example Payload for Delete Asset
{
"data": {
"success": true
}
}
Delete Scanner
Deletes and unlinks a scanner from Tenable Vulnerability Management. | key: deleteScanner
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Scanner ID string / Required scannerId | The ID of the scanner. | 1 |
Example Payload for Delete Scanner
Example Payload for Delete Scanner
{
"data": {
"success": true
}
}
Delete User
Deletes a user. | key: deleteUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User ID string / Required userId | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
Example Payload for Delete User
Example Payload for Delete User
{
"data": {
"success": true
}
}
Download Vulnerabilities
Downloads exported vulnerabilities as a JSON file. | key: downloadVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Chunk ID string / Required chunkId | The ID of the chunk you want to export. | 1 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Export UUID string / Required exportUuid | The UUID of the vulnerability export request. | 123e4567-e89b-12d3-a456-426614174000 |
Example Payload for Download Vulnerabilities
Example Payload for Download Vulnerabilities
{
"data": [
{
"asset": {
"bios_uuid": "1fa02642-5b8e-8f27-42a9-debde798d957",
"device_type": "general-purpose",
"fqdn": "sharepoint2016.target.example.com",
"hostname": "sharepoint2016",
"uuid": "53ed0fa2-ccd5-4d2e-92ee-c072635889e3",
"ipv4": "203.0.113.71",
"ipv6": "2001:db8:199e:6fb9:2edd:67f0:3f30:c7",
"last_authenticated_results": "2023-05-04T05:03:13.737Z",
"mac_address": "00:50:56:a6:22:93",
"netbios_name": "SHAREPOINT2016",
"operating_system": [
"Microsoft Windows Server 2016 Standard"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\n\n Produact : Microsoft SharePoint Enterprise Server 2016\n KB : 5002113\n - C:\\Program Files\\Microsoft Office Servers\\16.0\\bin\\ascalc.dll has not been patched.\n Remote version : 16.0.4342.1000\n Should be : 16.0.5266.1000\n\n",
"plugin": {
"bid": [
156641
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [
"cpe:/a:microsoft:sharepoint_server"
],
"cvss3_base_score": 8.8,
"cvss3_temporal_score": 7.7,
"cvss3_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:O/RC:C"
},
"cvss3_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"availability_impact": "High",
"confidentiality_impact": "High",
"integrity_impact": "High",
"raw": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"cvss_base_score": 9,
"cvss_temporal_score": 6.7,
"cvss_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:OF/RC:C"
},
"cvss_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"authentication": "Single",
"availability_impact": "Complete",
"confidentiality_impact": "Complete",
"integrity_impact": "Complete",
"raw": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
},
"description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21837, CVE-2022-21840, CVE-2022-21842)",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploitability_ease": "No known exploits are available",
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "Windows : Microsoft Bulletins",
"family_id": 41,
"has_patch": true,
"id": 156641,
"in_the_news": false,
"ms_bulletin": [
"5002113"
],
"name": "Security Updates for Microsoft SharePoint Server 2016 (January 2022)",
"patch_publication_date": "2022-01-11T00:00:00Z",
"modification_date": "2022-05-06T00:00:00Z",
"publication_date": "2022-01-12T00:00:00Z",
"risk_factor": "high",
"see_also": [
"https://support.microsoft.com/en-us/help/5002113"
],
"solution": "Microsoft has released security update KB5002113 to address this issue.",
"stig_severity": "I",
"synopsis": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates.",
"unsupported_by_vendor": false,
"version": "1.6",
"vuln_publication_date": "2022-01-11T00:00:00Z",
"xrefs": [
{
"type": "CVE",
"id": "2022-21837"
},
{
"type": "CVE",
"id": "2022-21840"
},
{
"type": "CVE",
"id": "2022-21842"
},
{
"type": "IAVA",
"id": "2022-A-0007-S"
},
{
"type": "MSFT",
"id": "MS22-5002113"
},
{
"type": "MSKB",
"id": "5002113"
}
],
"vpr": {
"score": 6.7,
"drivers": {
"age_of_vuln": {
"lower_bound": 731
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": false,
"cvss3_impact_score": 5.9,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "LOW"
},
"updated": "2024-02-04T06:03:56Z"
},
"workaround": "F5 lists a workaround with instructions listed at https://my.f5.com/manage/s/article/K000137595 that can be achieved using the following steps:\n\n 1. Install the latest PI IM package\n 2. Disable signatures with excessive Total Hit Count value\n\n Note that Tenable always advises that you upgrade a system if possible, \n and all steps listed here are mitigation steps provided by F5. \n Tenable is not responsible for any negative effects that may occur from enacting this workaround.",
"workaround_type": "disable service",
"workaround_published": "2024-02-14T00:00:00Z",
"vendor_unpatched": true,
"has_workaround": true,
"cve": [
"CVE-2022-21837",
"CVE-2022-21840",
"CVE-2022-21842"
],
"type": "local"
},
"port": {
"port": 445,
"protocol": "TCP",
"service": "cifs"
},
"scan": {
"schedule_uuid": "461e4ebc-b309-face-6fa1-afa4ba163cb6d84b9dc0a0dc5020",
"started_at": "2023-05-03T14:14:02.387Z",
"uuid": "270b911b-1fe6-4760-8c49-88d315cb764e"
},
"severity": "high",
"severity_id": 3,
"severity_default_id": 3,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T19:18:10.472Z",
"last_found": "2023-05-04T05:03:13.737Z",
"state": "OPEN",
"indexed": "2023-05-04T05:13:40.809406Z",
"source": "NESSUS"
},
{
"asset": {
"device_type": "hypervisor",
"fqdn": "vcsa8.target.example.com",
"hostname": "vcsa8.target.example.com",
"uuid": "1babf006-b1f0-4dee-86a1-7a55888336c3",
"ipv4": "192.0.2.246",
"operating_system": [
"VMware vCenter Server 8.0.0 build-20037386"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\nThe following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:\n\n - https://vcsa8.target.example.com/\n - https://vcsa8.target.example.com/ui/\n",
"plugin": {
"bid": [
50344
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [],
"description": "The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.\n\nThe CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "CGI abuses",
"family_id": 3,
"has_patch": false,
"id": 50344,
"in_the_news": false,
"name": "Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header",
"modification_date": "2021-01-19T00:00:00Z",
"publication_date": "2010-10-26T00:00:00Z",
"risk_factor": "info",
"see_also": [
"http://www.nessus.org/u?55aa8f57",
"http://www.nessus.org/u?07cc2a06",
"https://content-security-policy.com/",
"https://www.w3.org/TR/CSP2/"
],
"solution": "Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.",
"synopsis": "The remote web server does not take steps to mitigate a class of web application vulnerabilities.",
"unsupported_by_vendor": false,
"version": "1.6",
"xrefs": [],
"type": "remote"
},
"port": {
"port": 443,
"protocol": "TCP",
"service": "www"
},
"scan": {
"schedule_uuid": "16cf08d3-3f94-79f4-8038-996376eabd4f186741fe15533e70",
"started_at": "2023-05-03T14:13:56.983Z",
"uuid": "e86252a3-8dc0-43b6-8ddd-afb219d040ed"
},
"severity": "info",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T06:12:27.940Z",
"last_found": "2023-05-04T09:39:26.415Z",
"state": "OPEN",
"indexed": "2023-05-04T09:44:55.673359Z",
"source": "NESSUS"
}
]
}
Export Assets
Exports all assets that match the request criteria. | key: exportAssets
| Input | Default | Notes | Example |
|---|---|---|---|
Chunk Size string / Required chunkSize | Specifies the number of assets per exported chunk. The range is 100-10000. | 100 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filters code filters | Specifies filters for exported assets. See https://developer.tenable.com/reference/exports-assets-request-export for more information. | ||
Include Open Ports boolean / Required includeOpenPorts | false | Specifies whether or not to include open port findings from info-level plugins. |
Example Payload for Export Assets
Example Payload for Export Assets
{
"data": {
"export_uuid": "60a26f04-c844-49a6-b67b-995a6ed79471"
}
}
Export Vulnerabilities
Exports vulnerabilities that match the request criteria. | key: exportVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filters code filters | Specifies filters for exported vulnerabilities. See https://developer.tenable.com/reference/exports-vulns-request-export for more information. | ||
Include Unlicensed boolean includeUnlicensed | false | Specifies whether or not to include unlicensed assets. | |
Number of Assets string / Required numAssets | Specifies the number of assets used to chunk the vulnerabilities. | 50 |
Example Payload for Export Vulnerabilities
Example Payload for Export Vulnerabilities
{
"data": {
"export_uuid": "bf765455-53aa-4e70-9ef3-87cfca1d2be0"
}
}
Get Agent
Returns the specified agent details for the specified scanner. | key: getAgent
| Input | Default | Notes | Example |
|---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to query. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Get Agent
Example Payload for Get Agent
{
"data": {
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
}
}
Get Agent Group
Gets details for the agent group. | key: getAgentGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Group ID string / Required groupId | The ID or UUID of the agent group to query. | 123 | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for Get Agent Group
Example Payload for Get Agent Group
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 10621200,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 1,
"agents": [
{
"id": 9176838,
"uuid": "fdb1812c-2423-424d-9b67-5511e9bf0714",
"name": "my.new-hostname.server",
"platform": "LINUX",
"distro": "es8-x86-64",
"ip": "172.26.102.78",
"last_scanned": 1722961087,
"plugin_feed_id": "202408191220",
"core_build": "2391",
"core_version": "10.8.0",
"linked_on": 1722960266,
"last_connect": 1724170973,
"status": "off",
"groups": [
{
"name": "Western Region",
"id": 106592
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": false
}
],
"pagination": {
"total": 0,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
Get Asset
Returns details of the specified asset. | key: getAsset
| Input | Default | Notes | Example |
|---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Get Asset
Example Payload for Get Asset
{
"data": {
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
}
Get Asset Vulnerability Details
Retrieves the details for a vulnerability recorded on a specified asset. | key: getAssetVulnerabilityDetails
| Input | Default | Notes | Example |
|---|---|---|---|
Asset ID string / Required assetId | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | |
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Plugin ID string / Required pluginId | The ID of the plugin. | 12345 | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerability-info for more information. |
Example Payload for Get Asset Vulnerability Details
Example Payload for Get Asset Vulnerability Details
{
"data": {
"info": {
"count": 1,
"vuln_count": 1,
"description": "The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted.\n\nAn attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.",
"synopsis": "Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.",
"solution": "Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T17:15:52.000Z"
},
"severity": 3,
"plugin_details": {
"family": "Windows : Microsoft Bulletins",
"modification_date": "2016-12-31T00:00:00Z",
"name": "MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)",
"publication_date": "2011-12-31T00:00:00Z",
"type": "local",
"version": null,
"severity": 3
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
42811
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2010-3190"
]
},
{
"name": "iavb",
"values": [
"2011-B-0046"
]
},
{
"name": "msft",
"url": "http://technet.microsoft.com/en-us/security/bulletin/",
"values": [
"MS11-025"
]
},
{
"name": "osvdb",
"values": [
"67674"
]
},
{
"name": "secunia",
"url": "http://secunia.com/advisories/",
"values": [
"41212"
]
}
],
"risk_information": {
"risk_factor": "High",
"cvss_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_base_score": "9.3",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "7.7",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"[\"https://technet.microsoft.com/library/security/ms11-025\"]"
],
"vulnerability_information": {
"vulnerability_publication_date": "2010-12-31T00:00:00Z",
"exploited_by_malware": null,
"patch_publication_date": "2011-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": null,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": []
},
"vpr": {
"score": 5.9,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "MEDIUM"
},
"updated": "2019-12-31T10:08:58Z"
}
}
}
}
Get Plugin Details
Retrieves the details for a plugin. | key: getPluginDetails
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Plugin ID string / Required pluginId | The ID of the plugin. | 12345 | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerability-info for more information. |
Example Payload for Get Plugin Details
Example Payload for Get Plugin Details
{
"data": {
"info": {
"count": 13,
"vuln_count": 14,
"description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.",
"synopsis": "The remote web server is affected by a remote code execution vulnerability.",
"solution": "Apply the referenced patch.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T22:53:45.000Z"
},
"severity": 4,
"plugin_details": {
"family": "CGI abuses",
"modification_date": "2017-12-31T00:00:00Z",
"name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)",
"publication_date": "2014-12-31T00:00:00Z",
"type": "remote",
"version": null,
"severity": 4
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
70103
]
},
{
"name": "cert",
"url": "http://www.kb.cert.org/vuls/id/",
"values": [
"252743"
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2014-6271"
]
},
{
"name": "edb-id",
"url": "http://www.exploit-db.com/exploits/",
"values": [
"34766",
"34777",
"34765"
]
},
{
"name": "iava",
"values": [
"2014-A-0142"
]
},
{
"name": "osvdb",
"values": [
"112004"
]
}
],
"risk_information": {
"risk_factor": "Critical",
"cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_base_score": "10.0",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "8.3",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"http://seclists.org/oss-sec/2014/q3/650",
"http://www.nessus.org/u?dacf7829",
"https://www.invisiblethreat.ca/post/shellshock/"
],
"vulnerability_information": {
"vulnerability_publication_date": "2014-12-31T00:00:00Z",
"exploited_by_malware": true,
"patch_publication_date": "2014-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": true,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": [
{
"name": "Core Impact"
},
{
"name": "Metasploit",
"exploits": [
{
"name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)",
"url": null
}
]
}
]
},
"vpr": {
"score": 9.6,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "HIGH",
"cvss3_impact_score": 5.9,
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "HIGH",
"threat_recency": {
"lower_bound": 0,
"upper_bound": 7
},
"threat_sources_last28": [
"Others",
"Mainstream Media",
"Code Repo and Paste Bins"
],
"product_coverage": "LOW"
},
"updated": "2019-12-31T10:10:57Z"
}
}
}
}
Get Scanner
Returns details for the specified scanner. | key: getScanner
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Scanner ID string / Required scannerId | The ID of the scanner. | 1 |
Example Payload for Get Scanner
Example Payload for Get Scanner
{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}
Get User
Returns details for a specific user. | key: getUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User ID string / Required userId | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
Example Payload for Get User
Example Payload for Get User
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Import Assets
Imports asset data in JSON format. | key: importAssets
| Input | Default | Notes | Example |
|---|---|---|---|
Asset Objects code / Required assetObjects | An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios_name, mac_address. See https://developer.tenable.com/reference/assets-import for more information. | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Source string / Required importSource | A user-defined name for the source of the import. | Example Import |
Example Payload for Import Assets
Example Payload for Import Assets
{
"data": {
"asset_import_job_uuid": "467e5338-7783-4a0d-915a-5d00584784a0"
}
}
Import Vulnerabilities
Imports a list of vulnerabilities in JSON format. | key: importVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Assets code / Required assets | An array of asset objects with vulnerabilities information. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | ||
Connection connection / Required connection | |||
Coverage code coverage | The coverage object. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | ||
Data Type string / Required dataType | The type of scan that identified the vulnerabilities. | vm | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Product string / Required product | The name of the product from the vendor. | Security Center | |
Source string / Required source | A unique string value used to track the set of assets and vulnerabilities. | scan_uuid:scan_chunk_uuid | |
Vendor string / Required vendor | The company that owns the product that is the source of the vulnerability data. | tenable |
Example Payload for Import Vulnerabilities
Example Payload for Import Vulnerabilities
{
"data": {
"job_uuid": ""
}
}
List Agent Groups
Retrieves a list of agent groups. | key: listAgentGroups
| Input | Default | Notes |
|---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Agent Groups
Example Payload for List Agent Groups
{
"data": {
"groups": [
{
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "slibs",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 0
}
]
}
}
List Agents
Returns a list of agents for the specified scanner. | key: listAgents
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for List Agents
Example Payload for List Agents
{
"data": {
"agents": [
{
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
},
{
"id": 14569,
"uuid": "72ac6ad1-fc86-4af4-be0c-0ff3bfbfb242",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329832,
"last_connect": 1526565530,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "da1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 10,
"health_state_name": "WARNING",
"fredi_status": true
},
{
"id": 14570,
"uuid": "938cb466-06ea-477e-abb0-99d8da0e0f20",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329886,
"last_connect": 1526565624,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "b23a9cf3-23a2-45ab-b99d-9a15000451c5",
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": true
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Agents By Group
Returns a list of agents for the specified agent group. | key: listAgentsByGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Agent Group ID string / Required agentGroupId | The ID of the agent group to query for agents. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for List Agents By Group
Example Payload for List Agents By Group
{
"data": {
"agents": [
{
"id": 20,
"uuid": "96efbd47-9d96-443f-be29-2ac723dde270",
"name": "Codys-MacBook-Pro.local",
"platform": "DARWIN",
"distro": "macosx",
"ip": "10.31.100.110",
"last_scanned": 1545272687,
"plugin_feed_id": "201812281741",
"core_build": "1",
"core_version": "7.2.1",
"linked_on": 1452106253,
"last_connect": 1546264939,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3315
}
],
"supports_remote_logs": false,
"asset_uuid": "5d1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 0,
"health_state_name": "HEALTHY",
"health_events": [
{
"identifier": 201,
"state": 0,
"state_time": 1722960875000,
"details": "Plugin update was successful.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_UPDATE"
},
{
"identifier": 200,
"state": 0,
"state_time": 1722960320000,
"details": "Nessus Agent plugin disk usage is normal.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_DISK_USAGE"
}
]
},
{
"id": 65,
"uuid": "7d14d098-2c60-403a-a1d0-8bce78e27f867b06b5e32a5e47a1",
"name": "DC02",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "10.31.114.10",
"last_scanned": 1478743235,
"plugin_feed_id": "0",
"linked_on": 1453821446,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "ba4a9cf3-33a2-45ae-b99d-9a1500045345"
},
{
"id": 643,
"uuid": "d59d1f5b-f775-4061-9e36-fae22ab7518f2596d192e3cf57f8",
"name": "DESKTOP-PSNDJQ6",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.3",
"last_scanned": 1477011651,
"plugin_feed_id": "0",
"linked_on": 1468619962,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "321a9cf3-33a2-45ae-b99d-9a1500045444"
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Asset Tags
Returns a list of assigned tags for the specified asset UUID. | key: listAssetTags
| Input | Default | Notes | Example |
|---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Asset Tags
Example Payload for List Asset Tags
{
"data": {
"tags": [
{
"value_uuid": "173c3f3c-cb25-4f35-97e8-26b83f50c38d",
"category_name": "location",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "Chicago",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "e50a526c-966f-4b80-a641-6dd359b8202e"
},
{
"value_uuid": "6c25f771-61b6-412d-8e10-1778203f14c8",
"category_name": "threat",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "wannacry",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "c9f13d31-e9f7-40e6-9830-3c770e800675"
}
]
}
}
List Asset Vulnerabilities
Retrieves a list of the vulnerabilities recorded for a specified asset. | key: listAssetVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Asset ID string / Required assetId | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | |
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerabilities for more information. |
Example Payload for List Asset Vulnerabilities
Example Payload for List Asset Vulnerabilities
{
"data": {
"vulnerabilities": [
{
"count": 55,
"plugin_family": "Port scanners",
"plugin_id": 34220,
"plugin_name": "Netstat Portscanner (WMI)",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 55,
"value": 0
}
],
"severity": 0
},
{
"count": 54,
"plugin_family": "Windows",
"plugin_id": 34252,
"plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)",
"vulnerability_state": "Active",
"vpr_score": 6.3,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 54,
"value": 0
}
],
"severity": 0
},
{
"count": 21,
"plugin_family": "Service detection",
"plugin_id": 22964,
"plugin_name": "Service Detection",
"vulnerability_state": "Active",
"vpr_score": 4.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 21,
"value": 0
}
],
"severity": 0
},
{
"count": 18,
"plugin_family": "Web Servers",
"plugin_id": 24260,
"plugin_name": "HyperText Transfer Protocol (HTTP) Information",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 18,
"value": 0
}
],
"severity": 0
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}
List Assets
Lists up to 5,000 assets. | key: listAssets
| Input | Default | Notes |
|---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Assets
Example Payload for List Assets
{
"data": {
"assets": [
{
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "700a652e-9922-45cd-a6b7-3611c0e1601c",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.58",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.58"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"scanner"
],
"operating_system": [
"Linux Kernel 4.4.0-104-generic on Ubuntu 16.04"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "dc3fdd75-3a01-4277-9ecd-903a80e08332",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.59",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.59"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"SHANE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "47351ecd-cbae-4576-9740-ff1b4eb88177",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.60",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.60"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"ARCHIE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
],
"total": 4
}
}
List Assets with Vulnerabilities
Returns a list of assets with vulnerabilities. | key: listAssetsWithVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-assets-vulnerabilities for more information. |
Example Payload for List Assets with Vulnerabilities
Example Payload for List Assets with Vulnerabilities
{
"data": {
"assets": [
{
"id": "b822ac94-663b-4f85-bd8c-fd1310ccff44",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 1,
"level": 1,
"name": "Low"
},
{
"count": 0,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "1519f45c-b99b-4626-9818-dca849c4e364",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "6417b14b-8a28-41c7-b276-7bca6f069949",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
}
],
"total_asset_count": 3
}
}
List Scanners
Returns the scanner list. | key: listScanners
| Input | Default | Notes |
|---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Scanners
Example Payload for List Scanners
{
"data": {
"scanners": [
{
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
},
{
"creation_date": 1559325208,
"group": true,
"id": 236329,
"key": "6dec14cb6d33bce4173b8bd0a022400e306629ddca7951bebe4252a6973c16ce",
"last_connect": null,
"last_modification_date": 1559325208,
"linked": 1,
"name": "US Cloud Scanner",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1559325208,
"type": "pool",
"user_permissions": 128,
"uuid": "00000000-0000-0000-0000-00000000000000000000000000001",
"supports_remote_logs": false
},
{
"creation_date": 1561584499,
"group": true,
"id": 236911,
"key": "68a3829fe2ce4d9ee6ab053691c7b9114cab6148294b12489bbcc0db54c6c109",
"last_connect": null,
"last_modification_date": 1561584499,
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1561584499,
"type": "pool",
"user_permissions": 128,
"uuid": "e84ca418-ef25-4dd6-8635-4df11a6e1c2f",
"supports_remote_logs": false
}
]
}
}
List Users
Returns a list of users. | key: listUsers
| Input | Default | Notes |
|---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Users
Example Payload for List Users
{
"data": {
"users": [
{
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
]
}
}
List Vulnerabilities
Returns a list of recorded vulnerabilities. | key: listVulnerabilities
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerabilities for more information. |
Example Payload for List Vulnerabilities
Example Payload for List Vulnerabilities
{
"data": {
"vulnerabilities": [
{
"count": 319,
"plugin_family": "General",
"plugin_id": 51192,
"plugin_name": "SSL Certificate Cannot Be Trusted",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 319,
"value": 2
}
],
"severity": 2
},
{
"count": 215,
"plugin_family": "Misc.",
"plugin_id": 70658,
"plugin_name": "SSH Server CBC Mode Ciphers Enabled",
"vulnerability_state": "Active",
"vpr_score": 7.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 215,
"value": 1
}
],
"severity": 1
},
{
"count": 168,
"plugin_family": "Misc.",
"plugin_id": 71049,
"plugin_name": "SSH Weak MAC Algorithms Enabled",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 168,
"value": 1
}
],
"severity": 1
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}
Move Assets
Moves assets from the specified network to another network. | key: moveAssets
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Destination Network UUID string / Required destination | The UUID of the network to associate with the specified assets. | 123e4567-e89b-12d3-a456-426614174000 | |
Source Network UUID string / Required source | The UUID of the network currently associated with the assets. | 123e4567-e89b-12d3-a456-426614174000 | |
Targets string / Required targets | The IPv4 addresses of the assets to move. The addresses can be represented as a comma-separated list, a range, or CIDR. | 1.1.1.1, 2.2.2.2-2.2.2.200 |
Example Payload for Move Assets
Example Payload for Move Assets
{
"data": {
"response": {
"data": {
"asset_count": 512
}
}
}
}
Raw Request
Send raw HTTP request to Tenable. | key: rawRequest
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Data string data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} | |
Debug Request boolean debugRequest | false | Enabling this flag will log out the current request. | |
File Data string Key Value List fileData | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] | |
File Data File Names string Key Value List fileDataFileNames | File names to apply to the file data inputs. Keys must match the file data keys above. | ||
Form Data string Key Value List formData | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] | |
Header string Key Value List headers | A list of headers to send with the request. | User-Agent: curl/7.64.1 | |
Max Retry Count string maxRetries | 0 | The maximum number of retries to attempt. Specify 0 for no retries. | |
Method string / Required method | The HTTP method to use. | ||
Query Parameter string Key Value List queryParams | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | ||
Response Type string / Required responseType | json | The type of data you expect in the response. You can request json, text, or binary data. | |
Retry On All Errors boolean retryAllErrors | false | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | |
Retry Delay (ms) string retryDelayMS | 0 | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | |
Timeout string timeout | The maximum time that a client will await a response to its request | 2000 | |
URL string / Required url | Input the path only (/networks), The base URL is already included (https://cloud.tenable.com). For example, to connect to https://cloud.tenable.com/networks, only /networks is entered in this field. | /networks | |
Use Exponential Backoff boolean useExponentialBackoff | false | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. |
Remove Agent from Group
Removes an agent from the specified agent group. | key: removeAgentFromGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to remove. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID of the agent group. | 123 |
Example Payload for Remove Agent from Group
Example Payload for Remove Agent from Group
{
"data": {
"success": true
}
}
Rename Agent
Renames an agent. | key: renameAgent
| Input | Default | Notes | Example |
|---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to rename. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Name string / Required name | The new name for the agent. | New Agent Name |
Example Payload for Rename Agent
Example Payload for Rename Agent
{
"data": {
"owner_uuid": "76229e9a-3700-4f28-b71d-8b92051b669e",
"created": 1637196514784,
"modified": 1638325337487,
"container_uuid": "1c42306b-3ebb-451d-a250-0a1985509880",
"uuid": "a9a45fe7-bffe-4883-9a3f-bef4215b42bf",
"id": 4148460,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"name": "AGENTWINDOWS44",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ui_version": "10.0.0",
"ui_build": "74",
"engine_version": "19.0.1",
"loaded_plugin_set": "202111302302",
"ip": "198.51.100.12",
"mac_addrs": "00:50:56:01:22:af",
"last_connect": 1638405460245,
"last_scanned": 1638322481919,
"remote_settings": [
{
"name": "Nessus Agent Log Level",
"setting": "backend_log_level",
"type": "select",
"description": "This controls the Nessus Agent backend logging level. Backend reload required.",
"backend_reload": true,
"status": "pending",
"value": "normal",
"allowable_values": [
{
"value": "verbose"
},
{
"value": "debug"
},
{
"value": "normal"
}
],
"default": "normal"
},
{
"name": "Plugin Compilation Performance",
"setting": "plugin_load_performance_mode",
"type": "select",
"description": "Controls the performance for plugin compilation; lower performance takes longer to compile, but uses fewer system processor resources. Service restart required. Requires 8.1.0+",
"service_restart": true,
"status": "current",
"value": "high",
"allowable_values": [
{
"value": "high"
},
{
"value": "medium"
},
{
"value": "low"
}
],
"default": "high"
},
{
"name": "Scan Performance",
"setting": "scan_performance_mode",
"type": "select",
"description": "Controls the scan performance; lower performance takes longer to scan, but uses fewer system processor resources. Service restart required. Requires 8.1.0+",
"service_restart": true,
"status": "current",
"value": "high",
"allowable_values": [
{
"value": "high"
},
{
"value": "medium"
},
{
"value": "low"
}
],
"default": "high"
},
{
"name": "Nessus Agent Update Plan",
"setting": "agent_update_channel",
"type": "select",
"description": "The update plan to which Nessus Agent will track. Requires 7.7.0+",
"status": "current",
"value": "ea",
"allowable_values": [
{
"value": "ga",
"label": "Keep up to date with GA releases."
},
{
"value": "ea",
"label": "Opt in to Early Access releases."
},
{
"value": "stable",
"label": "Delay updates, staying on an older release."
}
],
"default": "ga"
},
{
"name": "Automatic Hostname Update",
"setting": "update_hostname",
"type": "boolean",
"description": "If the Nessus Agent's hostname is changed, the new hostname is updated in the Nessus Agent's manager.",
"status": "current",
"value": "false",
"default": "false"
},
{
"name": "Offline Agent Scan Trigger Execution Threshold",
"setting": "offline_agent_scan_trigger_execution_threshold_days",
"type": "integer",
"description": "Specifies the number of days of the Agent being offline after which Rule-Based Scans will stop executing",
"min": 1,
"status": "current",
"value": "14",
"default": "14"
},
{
"name": "Maximum Scans Per Day",
"setting": "maximum_scans_per_day",
"type": "integer",
"description": "The maximum number of scans to run on this Agent per day.",
"min": 1,
"max": 48,
"status": "current",
"value": "10",
"default": "10"
}
],
"restart_pending": false,
"status": "off",
"tracking_id": "4ab102a77f1c9c54b7123559319cc546c86867fc870e15aae384d940dc59eeaf",
"last_connect_in_seconds": 1638405460,
"last_scanned_in_seconds": 1638322481,
"supports_remote_settings": true,
"supports_remote_logs": false,
"created_in_seconds": 1637196514,
"modified_in_seconds": 1638325337
}
}
Unlink Agent
Unlinks an agent. | key: unlinkAgent
| Input | Default | Notes | Example |
|---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to unlink. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Unlink Agent
Example Payload for Unlink Agent
{
"data": {
"success": true
}
}
Update Agent Group
Changes the name of the agent group. | key: updateAgentGroup
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID or UUID of the agent group to update. | 123 | |
Name string / Required name | The name of the agent group. | My Agent Group |
Example Payload for Update Agent Group
Example Payload for Update Agent Group
{
"data": {
"groups": [
{
"owner_uuid": "2e3a71fc-2442-4024-9fee-085cc61750cb",
"created": 1595001140400,
"modified": 1595001217809,
"container_uuid": "d6c3e937-4467-4171-92d8-debf5ef3c917",
"uuid": "e069b272-ed76-487a-8cf9-1c32836698b7",
"id": 183709,
"name": "NewName",
"agents_count": 0,
"default_permissions": 16,
"shared": 1,
"user_permissions": 128,
"created_in_seconds": 1595001140,
"modified_in_seconds": 1595001217
}
]
}
}
Update Scanner
Updates the specified scanner. | key: updateScanner
| Input | Default | Notes | Example |
|---|---|---|---|
AWS Update Interval string awsUpdateInterval | Specifies how often, in minutes, the scanner checks in with Tenable Vulnerability Management (Amazon Web Services scanners only). | 60 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Finish Update string finishUpdate | Pass 1 to reboot the scanner and run the latest software update (only valid if automatic updates are disabled). | 1 | |
Force Plugin Update string forcePluginUpdate | Pass 1 to force a plugin update. | 1 | |
Force UI Update string forceUiUpdate | Pass 1 to force a UI update. | 1 | |
Name string name | The new name for the scanner. | My Scanner | |
Registration Code string registrationCode | Sets the registration code for the scanner. | 1234 | |
Scanner ID string / Required scannerId | The ID of the scanner. | 1 |
Example Payload for Update Scanner
Example Payload for Update Scanner
{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}
Update User
Updates an existing user account. | key: updateUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Email string email | The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name@domain | |
Enabled string enabled | Specifies whether the user's account is enabled (true) or disabled (false). | ||
Name string name | The name of the user (for example, first and last name). | John Doe | |
Permissions string / Required permissions | The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information. | 16 | |
User ID string / Required userId | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
Example Payload for Update User
Example Payload for Update User
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}