# Tenable Vulnerability Management Component ![](/docs/img/components/icons/60/dGVuYWJsZS12dWxuZXJhYmlsaXR5LW1hbmFnZW1lbnQ=.png) #### Assess vulnerabilities; manage assets, users, agents, and more. Component key: **tenable-vulnerability-management** [Changelog ↓](#changelog) ## Description[​](#description "Direct link to Description") [Tenable Vulnerability Management](https://www.tenable.com/products/tenable-io) is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity. This component allows you to interact with the Tenable Vulnerability Management REST API. #### API Documentation[​](#api-documentation "Direct link to API Documentation") This component was built using the [Tenable Vulnerability Management API Reference](https://developer.tenable.com/reference/navigate) ## Connections[​](#connections "Direct link to Connections") ### Access Key / Secret Key[​](#tenable-connection "Direct link to Access Key / Secret Key") **key: tenable-connection** To generate [API keys](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm#To-generate-API-keys-for-your-own-account:) in Tenable Vulnerability Management: 1. Login to your [Tenable](https://cloud.tenable.com/tio/app.html#/login) account and navigate to **My Account** by selecting the user icon in the top right menu. 2. Navigate to API Keys and select generate to generate an Access Key and a Secret Key. 3. Enter these values into the connection configuration of your integration. 1. Save these values as they will not be shown again. | Input | Notes | Example | | ---------- | ----- | ------- | | Access Key | | | | Secret Key | | | ## Data Sources[​](#data-sources "Direct link to Data Sources") ### Select Agent[​](#selectagent "Direct link to Select Agent") Select an agent from a picklist. | **key: selectAgent** | **type: picklist** | Input | Notes | Example | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | Connection | | | | Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | | Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | | Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | | Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard\_fields' values are searched against the wildcard filter text. | field1,field2 | *** ### Select Agent Group[​](#selectagentgroup "Direct link to Select Agent Group") Select an agent group from a picklist of agent groups. | **key: selectAgentGroup** | **type: picklist** | Input | Notes | Example | | ---------- | ----- | ------- | | Connection | | | *** ### Select Asset[​](#selectasset "Direct link to Select Asset") Select an asset from a picklist. | **key: selectAsset** | **type: picklist** | Input | Notes | Example | | ---------- | ----- | ------- | | Connection | | | *** ### Select Scanner[​](#selectscanner "Direct link to Select Scanner") Select a scanner from a picklist. | **key: selectScanner** | **type: picklist** | Input | Notes | Example | | ---------- | ----- | ------- | | Connection | | | ### Example Payload for Select Scanner ```json { "result": [ { "label": "US West Cloud Scanners", "key": "120958" } ] } ``` *** ### Select User[​](#selectuser "Direct link to Select User") Select a user from a picklist. | **key: selectUser** | **type: picklist** | Input | Notes | Example | | ---------- | ----- | ------- | | Connection | | | *** ## Actions[​](#actions "Direct link to Actions") ### Add Agent to Group[​](#addagenttogroup "Direct link to Add Agent to Group") Adds an agent to the agent group. | **key: addAgentToGroup** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Agent ID | The ID of the agent to add. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Group ID | The ID of the agent group. | 123 | ### Example Payload for Add Agent to Group ```json { "data": { "success": true } } ``` *** ### Add or Remove Asset Tags[​](#addorremoveassettags "Direct link to Add or Remove Asset Tags") Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | **key: addOrRemoveAssetTags** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Action | Specifies whether to add or remove tags. | add | | Assets | An array of asset UUIDs. | 123e4567-e89b-12d3-a456-426614174000 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Tags | An array of tag value UUIDs. | 123e4567-e89b-12d3-a456-426614174000 | ### Example Payload for Add or Remove Asset Tags ```json { "data": { "job_uuid": "62210d02a7056d0297f50a8ddfbd549eaef1d0bc94e1ea3fad09" } } ``` *** ### Create Agent Group[​](#createagentgroup "Direct link to Create Agent Group") Creates an agent group. | **key: createAgentGroup** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | -------------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Name | The name of the agent group. | My Agent Group | ### Example Payload for Create Agent Group ```json { "data": { "id": 106592, "uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6", "name": "Western Region", "creation_date": 1544455100, "last_modification_date": 1544455100, "timestamp": 1544455100, "shared": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f", "user_permissions": 0, "agents_count": 0 } } ``` *** ### Create User[​](#createuser "Direct link to Create User") Creates a new user. | **key: createUser** | Input | Notes | Example | | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Email | The email address of the user. A valid email address must be in the format, name\@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name\@domain | | Name | The name of the user (for example, first and last name). | John Doe | | Password | Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol. | password | | Permissions | The user permissions as described in Permissions. See https\://developer.tenable.com/reference/users-create for more information. | 16 | | Username | A valid username must be in the format, name\@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. | name\@domain | ### Example Payload for Create User ```json { "data": { "uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e", "id": 5, "user_name": "user2@example.com", "username": "user4@api.demo", "email": "user2@example.com", "name": "Test User", "type": "local", "aggregate": true, "container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e", "permissions": 32, "login_fail_count": 0, "login_fail_total": 0, "enabled": true, "lockout": 0, "uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e" } } ``` *** ### Delete Agent Group[​](#deleteagentgroup "Direct link to Delete Agent Group") Deletes an agent group. | **key: deleteAgentGroup** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Group ID | The ID or UUID of the agent group to delete. | 123 | ### Example Payload for Delete Agent Group ```json { "data": { "success": true } } ``` *** ### Delete Asset[​](#deleteasset "Direct link to Delete Asset") Deletes the specified asset. | **key: deleteAsset** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for Delete Asset ```json { "data": { "success": true } } ``` *** ### Delete Scanner[​](#deletescanner "Direct link to Delete Scanner") Deletes and unlinks a scanner from Tenable Vulnerability Management. | **key: deleteScanner** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Scanner ID | The ID of the scanner. | 1 | ### Example Payload for Delete Scanner ```json { "data": { "success": true } } ``` *** ### Delete User[​](#deleteuser "Direct link to Delete User") Deletes a user. | **key: deleteUser** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 | ### Example Payload for Delete User ```json { "data": { "success": true } } ``` *** ### Download Vulnerabilities[​](#downloadvulnerabilities "Direct link to Download Vulnerabilities") Downloads exported vulnerabilities as a JSON file. | **key: downloadVulnerabilities** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Chunk ID | The ID of the chunk you want to export. | 1 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Export UUID | The UUID of the vulnerability export request. | 123e4567-e89b-12d3-a456-426614174000 | ### Example Payload for Download Vulnerabilities ```json { "data": [ { "asset": { "bios_uuid": "1fa02642-5b8e-8f27-42a9-debde798d957", "device_type": "general-purpose", "fqdn": "sharepoint2016.target.example.com", "hostname": "sharepoint2016", "uuid": "53ed0fa2-ccd5-4d2e-92ee-c072635889e3", "ipv4": "203.0.113.71", "ipv6": "2001:db8:199e:6fb9:2edd:67f0:3f30:c7", "last_authenticated_results": "2023-05-04T05:03:13.737Z", "mac_address": "00:50:56:a6:22:93", "netbios_name": "SHAREPOINT2016", "operating_system": [ "Microsoft Windows Server 2016 Standard" ], "network_id": "00000000-0000-0000-0000-000000000000", "tracked": true }, "output": "\n\n Produact : Microsoft SharePoint Enterprise Server 2016\n KB : 5002113\n - C:\\Program Files\\Microsoft Office Servers\\16.0\\bin\\ascalc.dll has not been patched.\n Remote version : 16.0.4342.1000\n Should be : 16.0.5266.1000\n\n", "plugin": { "bid": [ 156641 ], "checks_for_default_account": false, "checks_for_malware": false, "cpe": [ "cpe:/a:microsoft:sharepoint_server" ], "cvss3_base_score": 8.8, "cvss3_temporal_score": 7.7, "cvss3_temporal_vector": { "exploitability": "Unproven", "remediation_level": "Official Fix", "report_confidence": "Confirmed", "raw": "E:U/RL:O/RC:C" }, "cvss3_vector": { "access_complexity": "Low", "access_vector": "Network", "availability_impact": "High", "confidentiality_impact": "High", "integrity_impact": "High", "raw": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, "cvss_base_score": 9, "cvss_temporal_score": 6.7, "cvss_temporal_vector": { "exploitability": "Unproven", "remediation_level": "Official Fix", "report_confidence": "Confirmed", "raw": "E:U/RL:OF/RC:C" }, "cvss_vector": { "access_complexity": "Low", "access_vector": "Network", "authentication": "Single", "availability_impact": "Complete", "confidentiality_impact": "Complete", "integrity_impact": "Complete", "raw": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, "description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21837, CVE-2022-21840, CVE-2022-21842)", "exploit_available": false, "exploit_framework_canvas": false, "exploit_framework_core": false, "exploit_framework_d2_elliot": false, "exploit_framework_exploithub": false, "exploit_framework_metasploit": false, "exploitability_ease": "No known exploits are available", "exploited_by_malware": false, "exploited_by_nessus": false, "family": "Windows : Microsoft Bulletins", "family_id": 41, "has_patch": true, "id": 156641, "in_the_news": false, "ms_bulletin": [ "5002113" ], "name": "Security Updates for Microsoft SharePoint Server 2016 (January 2022)", "patch_publication_date": "2022-01-11T00:00:00Z", "modification_date": "2022-05-06T00:00:00Z", "publication_date": "2022-01-12T00:00:00Z", "risk_factor": "high", "see_also": [ "https://support.microsoft.com/en-us/help/5002113" ], "solution": "Microsoft has released security update KB5002113 to address this issue.", "stig_severity": "I", "synopsis": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates.", "unsupported_by_vendor": false, "version": "1.6", "vuln_publication_date": "2022-01-11T00:00:00Z", "xrefs": [ { "type": "CVE", "id": "2022-21837" }, { "type": "CVE", "id": "2022-21840" }, { "type": "CVE", "id": "2022-21842" }, { "type": "IAVA", "id": "2022-A-0007-S" }, { "type": "MSFT", "id": "MS22-5002113" }, { "type": "MSKB", "id": "5002113" } ], "vpr": { "score": 6.7, "drivers": { "age_of_vuln": { "lower_bound": 731 }, "exploit_code_maturity": "UNPROVEN", "cvss_impact_score_predicted": false, "cvss3_impact_score": 5.9, "threat_intensity_last28": "VERY_LOW", "threat_sources_last28": [ "No recorded events" ], "product_coverage": "LOW" }, "updated": "2024-02-04T06:03:56Z" }, "workaround": "F5 lists a workaround with instructions listed at https://my.f5.com/manage/s/article/K000137595 that can be achieved using the following steps:\n\n 1. Install the latest PI IM package\n 2. Disable signatures with excessive Total Hit Count value\n\n Note that Tenable always advises that you upgrade a system if possible, \n and all steps listed here are mitigation steps provided by F5. \n Tenable is not responsible for any negative effects that may occur from enacting this workaround.", "workaround_type": "disable service", "workaround_published": "2024-02-14T00:00:00Z", "vendor_unpatched": true, "has_workaround": true, "cve": [ "CVE-2022-21837", "CVE-2022-21840", "CVE-2022-21842" ], "type": "local" }, "port": { "port": 445, "protocol": "TCP", "service": "cifs" }, "scan": { "schedule_uuid": "461e4ebc-b309-face-6fa1-afa4ba163cb6d84b9dc0a0dc5020", "started_at": "2023-05-03T14:14:02.387Z", "uuid": "270b911b-1fe6-4760-8c49-88d315cb764e" }, "severity": "high", "severity_id": 3, "severity_default_id": 3, "severity_modification_type": "NONE", "first_found": "2022-11-08T19:18:10.472Z", "last_found": "2023-05-04T05:03:13.737Z", "state": "OPEN", "indexed": "2023-05-04T05:13:40.809406Z", "source": "NESSUS" }, { "asset": { "device_type": "hypervisor", "fqdn": "vcsa8.target.example.com", "hostname": "vcsa8.target.example.com", "uuid": "1babf006-b1f0-4dee-86a1-7a55888336c3", "ipv4": "192.0.2.246", "operating_system": [ "VMware vCenter Server 8.0.0 build-20037386" ], "network_id": "00000000-0000-0000-0000-000000000000", "tracked": true }, "output": "\nThe following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:\n\n - https://vcsa8.target.example.com/\n - https://vcsa8.target.example.com/ui/\n", "plugin": { "bid": [ 50344 ], "checks_for_default_account": false, "checks_for_malware": false, "cpe": [], "description": "The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.\n\nThe CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.", "exploit_available": false, "exploit_framework_canvas": false, "exploit_framework_core": false, "exploit_framework_d2_elliot": false, "exploit_framework_exploithub": false, "exploit_framework_metasploit": false, "exploited_by_malware": false, "exploited_by_nessus": false, "family": "CGI abuses", "family_id": 3, "has_patch": false, "id": 50344, "in_the_news": false, "name": "Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header", "modification_date": "2021-01-19T00:00:00Z", "publication_date": "2010-10-26T00:00:00Z", "risk_factor": "info", "see_also": [ "http://www.nessus.org/u?55aa8f57", "http://www.nessus.org/u?07cc2a06", "https://content-security-policy.com/", "https://www.w3.org/TR/CSP2/" ], "solution": "Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.", "synopsis": "The remote web server does not take steps to mitigate a class of web application vulnerabilities.", "unsupported_by_vendor": false, "version": "1.6", "xrefs": [], "type": "remote" }, "port": { "port": 443, "protocol": "TCP", "service": "www" }, "scan": { "schedule_uuid": "16cf08d3-3f94-79f4-8038-996376eabd4f186741fe15533e70", "started_at": "2023-05-03T14:13:56.983Z", "uuid": "e86252a3-8dc0-43b6-8ddd-afb219d040ed" }, "severity": "info", "severity_id": 0, "severity_default_id": 0, "severity_modification_type": "NONE", "first_found": "2022-11-08T06:12:27.940Z", "last_found": "2023-05-04T09:39:26.415Z", "state": "OPEN", "indexed": "2023-05-04T09:44:55.673359Z", "source": "NESSUS" } ] } ``` *** ### Export Assets[​](#exportassets "Direct link to Export Assets") Exports all assets that match the request criteria. | **key: exportAssets** | Input | Notes | Example | | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | Chunk Size | Specifies the number of assets per exported chunk. The range is 100-10000. | 100 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Filters | Specifies filters for exported assets. See https\://developer.tenable.com/reference/exports-assets-request-export for more information. | See Example | | Include Open Ports | Specifies whether or not to include open port findings from info-level plugins. | false | ### Example Payload for Export Assets ```json { "data": { "export_uuid": "60a26f04-c844-49a6-b67b-995a6ed79471" } } ``` *** ### Export Vulnerabilities[​](#exportvulnerabilities "Direct link to Export Vulnerabilities") Exports vulnerabilities that match the request criteria. | **key: exportVulnerabilities** | Input | Notes | Example | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Filters | Specifies filters for exported vulnerabilities. See https\://developer.tenable.com/reference/exports-vulns-request-export for more information. | See Example | | Include Unlicensed | Specifies whether or not to include unlicensed assets. | false | | Number of Assets | Specifies the number of assets used to chunk the vulnerabilities. | 50 | ### Example Payload for Export Vulnerabilities ```json { "data": { "export_uuid": "bf765455-53aa-4e70-9ef3-87cfca1d2be0" } } ``` *** ### Get Agent[​](#getagent "Direct link to Get Agent") Returns the specified agent details for the specified scanner. | **key: getAgent** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Agent ID | The ID of the agent to query. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for Get Agent ```json { "data": { "id": 9176838, "uuid": "655993d5-c131-46e8-a82f-957f6f894cac", "name": "GRD-LPTP", "platform": "WINDOWS", "distro": "win-x86-64", "ip": "192.0.2.57", "last_scanned": 1515620036, "plugin_feed_id": "201801081515", "core_build": "106", "core_version": "7.0.0", "linked_on": 1456775443, "last_connect": 1515674073, "status": "off", "groups": [ { "name": "CodyAgents", "id": 8 }, { "name": "Agent Group A", "id": 3316 } ], "supports_remote_logs": false, "network_uuid": "00000000-0000-0000-0000-000000000000", "network_name": "Default", "profile_uuid": "00000000-0000-0000-0000-000000000000", "profile_name": "Default", "supports_remote_settings": true, "health": 0, "health_state_name": "HEALTHY", "fredi_status": true } } ``` *** ### Get Agent Group[​](#getagentgroup "Direct link to Get Agent Group") Gets details for the agent group. | **key: getAgentGroup** | Input | Notes | Example | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | | Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | | Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true | | Group ID | The ID or UUID of the agent group to query. | 123 | | Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | | Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | | Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | | Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | | Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard\_fields' values are searched against the wildcard filter text. | field1,field2 | ### Example Payload for Get Agent Group ```json { "data": { "id": 106592, "uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6", "name": "Western Region", "creation_date": 1544455100, "last_modification_date": 1544455100, "timestamp": 1544455100, "shared": 1, "owner": "system", "owner_id": 10621200, "owner_name": "system", "owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f", "user_permissions": 128, "agents_count": 1, "agents": [ { "id": 9176838, "uuid": "fdb1812c-2423-424d-9b67-5511e9bf0714", "name": "my.new-hostname.server", "platform": "LINUX", "distro": "es8-x86-64", "ip": "172.26.102.78", "last_scanned": 1722961087, "plugin_feed_id": "202408191220", "core_build": "2391", "core_version": "10.8.0", "linked_on": 1722960266, "last_connect": 1724170973, "status": "off", "groups": [ { "name": "Western Region", "id": 106592 } ], "supports_remote_logs": false, "network_uuid": "00000000-0000-0000-0000-000000000000", "network_name": "Default", "profile_uuid": "00000000-0000-0000-0000-000000000000", "profile_name": "Default", "supports_remote_settings": true, "health": 20, "health_state_name": "CRITICAL", "fredi_status": false } ], "pagination": { "total": 0, "limit": 50, "offset": 0, "sort": [ { "name": "name", "order": "asc" } ] } } } ``` *** ### Get Asset[​](#getasset "Direct link to Get Asset") Returns details of the specified asset. | **key: getAsset** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for Get Asset ```json { "data": { "id": "116af8c3-969d-4621-9f9f-364eeb58e3a7", "has_agent": false, "last_seen": "2018-12-31T15:00:57.000Z", "last_scan_target": "192.0.2.57", "sources": [ { "name": "NESSUS_SCAN", "first_seen": "2018-12-31T15:00:57.000Z", "last_seen": "2018-12-31T15:00:57.000Z" } ], "acr_score": 8, "acr_drivers": [ { "driver_name": "device_type", "driver_value": [ "general_purpose" ] }, { "driver_name": "device_capability", "driver_value": [ "pci" ] }, { "driver_name": "internet_exposure", "driver_value": [ "internal" ] } ], "exposure_score": 753, "scan_frequency": [ { "interval": 90, "frequency": 3, "licensed": false }, { "interval": 30, "frequency": 1, "licensed": false }, { "interval": 60, "frequency": 1, "licensed": false } ], "ipv4": [ "192.0.2.57" ], "ipv6": [], "fqdn": [ "example.com" ], "netbios_name": [ "example.com" ], "operating_system": [ "Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)" ], "agent_name": [], "aws_ec2_name": [], "mac_address": [] } } ``` *** ### Get Asset Vulnerability Details[​](#getassetvulnerabilitydetails "Direct link to Get Asset Vulnerability Details") Retrieves the details for a vulnerability recorded on a specified asset. | **key: getAssetVulnerabilityDetails** | Input | Notes | Example | | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | | Asset ID | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | | Connection | | | | Date Range | The number of days of data prior to and including today that should be returned. | 30 | | Debug Request | Enabling this flag will log out the current request. | false | | Plugin ID | The ID of the plugin. | 12345 | | Query Param Filters | Filters to apply in JSON format. See https\://developer.tenable.com/reference/workbenches-asset-vulnerability-info for more information. | See Example | ### Example Payload for Get Asset Vulnerability Details ```json { "data": { "info": { "count": 1, "vuln_count": 1, "description": "The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted.\n\nAn attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.", "synopsis": "Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.", "solution": "Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.", "discovery": { "seen_first": "2019-12-31T17:15:52.000Z", "seen_last": "2019-12-31T17:15:52.000Z" }, "severity": 3, "plugin_details": { "family": "Windows : Microsoft Bulletins", "modification_date": "2016-12-31T00:00:00Z", "name": "MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)", "publication_date": "2011-12-31T00:00:00Z", "type": "local", "version": null, "severity": 3 }, "reference_information": [ { "name": "bid", "url": "http://www.securityfocus.com/bid/", "values": [ 42811 ] }, { "name": "cve", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=", "values": [ "CVE-2010-3190" ] }, { "name": "iavb", "values": [ "2011-B-0046" ] }, { "name": "msft", "url": "http://technet.microsoft.com/en-us/security/bulletin/", "values": [ "MS11-025" ] }, { "name": "osvdb", "values": [ "67674" ] }, { "name": "secunia", "url": "http://secunia.com/advisories/", "values": [ "41212" ] } ], "risk_information": { "risk_factor": "High", "cvss_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "cvss_base_score": "9.3", "cvss_temporal_vector": "E:F/RL:OF/RC:ND", "cvss_temporal_score": "7.7", "cvss3_vector": null, "cvss3_base_score": null, "cvss3_temporal_vector": null, "cvss3_temporal_score": null, "stig_severity": null }, "see_also": [ "[\"https://technet.microsoft.com/library/security/ms11-025\"]" ], "vulnerability_information": { "vulnerability_publication_date": "2010-12-31T00:00:00Z", "exploited_by_malware": null, "patch_publication_date": "2011-12-31T00:00:00Z", "exploit_available": true, "exploitability_ease": null, "asset_inventory": null, "default_account": null, "exploited_by_nessus": null, "in_the_news": null, "malware": null, "unsupported_by_vendor": null, "cpe": null, "exploit_frameworks": [] }, "vpr": { "score": 5.9, "drivers": { "age_of_vuln": { "lower_bound": 731, "upper_bound": 0 }, "exploit_code_maturity": "UNPROVEN", "cvss_impact_score_predicted": true, "threat_intensity_last28": "VERY_LOW", "threat_sources_last28": [ "No recorded events" ], "product_coverage": "MEDIUM" }, "updated": "2019-12-31T10:08:58Z" } } } } ``` *** ### Get Plugin Details[​](#getplugindetails "Direct link to Get Plugin Details") Retrieves the details for a plugin. | **key: getPluginDetails** | Input | Notes | Example | | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------- | | Connection | | | | Date Range | The number of days of data prior to and including today that should be returned. | 30 | | Debug Request | Enabling this flag will log out the current request. | false | | Plugin ID | The ID of the plugin. | 12345 | | Query Param Filters | Filters to apply in JSON format. See https\://developer.tenable.com/reference/workbenches-vulnerability-info for more information. | See Example | ### Example Payload for Get Plugin Details ```json { "data": { "info": { "count": 13, "vuln_count": 14, "description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "synopsis": "The remote web server is affected by a remote code execution vulnerability.", "solution": "Apply the referenced patch.", "discovery": { "seen_first": "2019-12-31T17:15:52.000Z", "seen_last": "2019-12-31T22:53:45.000Z" }, "severity": 4, "plugin_details": { "family": "CGI abuses", "modification_date": "2017-12-31T00:00:00Z", "name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)", "publication_date": "2014-12-31T00:00:00Z", "type": "remote", "version": null, "severity": 4 }, "reference_information": [ { "name": "bid", "url": "http://www.securityfocus.com/bid/", "values": [ 70103 ] }, { "name": "cert", "url": "http://www.kb.cert.org/vuls/id/", "values": [ "252743" ] }, { "name": "cve", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=", "values": [ "CVE-2014-6271" ] }, { "name": "edb-id", "url": "http://www.exploit-db.com/exploits/", "values": [ "34766", "34777", "34765" ] }, { "name": "iava", "values": [ "2014-A-0142" ] }, { "name": "osvdb", "values": [ "112004" ] } ], "risk_information": { "risk_factor": "Critical", "cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "cvss_base_score": "10.0", "cvss_temporal_vector": "E:F/RL:OF/RC:ND", "cvss_temporal_score": "8.3", "cvss3_vector": null, "cvss3_base_score": null, "cvss3_temporal_vector": null, "cvss3_temporal_score": null, "stig_severity": null }, "see_also": [ "http://seclists.org/oss-sec/2014/q3/650", "http://www.nessus.org/u?dacf7829", "https://www.invisiblethreat.ca/post/shellshock/" ], "vulnerability_information": { "vulnerability_publication_date": "2014-12-31T00:00:00Z", "exploited_by_malware": true, "patch_publication_date": "2014-12-31T00:00:00Z", "exploit_available": true, "exploitability_ease": null, "asset_inventory": null, "default_account": null, "exploited_by_nessus": null, "in_the_news": true, "malware": null, "unsupported_by_vendor": null, "cpe": null, "exploit_frameworks": [ { "name": "Core Impact" }, { "name": "Metasploit", "exploits": [ { "name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)", "url": null } ] } ] }, "vpr": { "score": 9.6, "drivers": { "age_of_vuln": { "lower_bound": 731, "upper_bound": 0 }, "exploit_code_maturity": "HIGH", "cvss3_impact_score": 5.9, "cvss_impact_score_predicted": true, "threat_intensity_last28": "HIGH", "threat_recency": { "lower_bound": 0, "upper_bound": 7 }, "threat_sources_last28": [ "Others", "Mainstream Media", "Code Repo and Paste Bins" ], "product_coverage": "LOW" }, "updated": "2019-12-31T10:10:57Z" } } } } ``` *** ### Get Scanner[​](#getscanner "Direct link to Get Scanner") Returns details for the specified scanner. | **key: getScanner** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Scanner ID | The ID of the scanner. | 1 | ### Example Payload for Get Scanner ```json { "data": { "creation_date": 1500743403, "group": true, "id": 120958, "key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f", "last_connect": null, "last_modification_date": 1500743403, "license": { "activation_code": "448U-ABCD-1234", "agents": -1, "ips": 500, "scanners": -1, "users": -1, "enterprise_pause": false, "expiration_date": 1614038400, "evaluation": false, "apps": { "consec": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C82J-ABCD-1234", "max_gb": "1" }, "was": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C99G-ABCD-1234", "web_assets": "10" } }, "scanners_used": 1, "agents_used": 0 }, "linked": 1, "name": "US West Cloud Scanners", "network_name": "Default", "num_scans": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa", "pool": true, "scan_count": 0, "shared": 1, "source": "service", "status": "on", "timestamp": 1500743403, "type": "local", "user_permissions": 64, "uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de", "supports_remote_logs": false } } ``` *** ### Get User[​](#getuser "Direct link to Get User") Returns details for a specific user. | **key: getUser** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 | ### Example Payload for Get User ```json { "data": { "uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e", "id": 5, "user_name": "user2@example.com", "username": "user4@api.demo", "email": "user2@example.com", "name": "Test User", "type": "local", "aggregate": true, "container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e", "permissions": 32, "login_fail_count": 0, "login_fail_total": 0, "enabled": true, "lockout": 0, "uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e" } } ``` *** ### Import Assets[​](#importassets "Direct link to Import Assets") Imports asset data in JSON format. | **key: importAssets** | Input | Notes | Example | | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | | Asset Objects | An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios\_name, mac\_address. See https\://developer.tenable.com/reference/assets-import for more information. | See Example | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Source | A user-defined name for the source of the import. | Example Import | ### Example Payload for Import Assets ```json { "data": { "asset_import_job_uuid": "467e5338-7783-4a0d-915a-5d00584784a0" } } ``` *** ### Import Vulnerabilities[​](#importvulnerabilities "Direct link to Import Vulnerabilities") Imports a list of vulnerabilities in JSON format. | **key: importVulnerabilities** | Input | Notes | Example | | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | Assets | An array of asset objects with vulnerabilities information. See https\://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | See Example | | Connection | | | | Coverage | The coverage object. See https\://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | See Example | | Data Type | The type of scan that identified the vulnerabilities. | vm | | Debug Request | Enabling this flag will log out the current request. | false | | Product | The name of the product from the vendor. | Security Center | | Source | A unique string value used to track the set of assets and vulnerabilities. | scan\_uuid:scan\_chunk\_uuid | | Vendor | The company that owns the product that is the source of the vulnerability data. | tenable | ### Example Payload for Import Vulnerabilities ```json { "data": { "job_uuid": "" } } ``` *** ### List Agent Groups[​](#listagentgroups "Direct link to List Agent Groups") Retrieves a list of agent groups. | **key: listAgentGroups** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for List Agent Groups ```json { "data": { "groups": [ { "id": 106592, "uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6", "name": "slibs", "creation_date": 1544455100, "last_modification_date": 1544455100, "timestamp": 1544455100, "shared": 1, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f", "user_permissions": 128, "agents_count": 0 } ] } } ``` *** ### List Agents[​](#listagents "Direct link to List Agents") Returns a list of agents for the specified scanner. | **key: listAgents** | Input | Notes | Example | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | | Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | | Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true | | Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | | Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | | Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | | Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | | Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard\_fields' values are searched against the wildcard filter text. | field1,field2 | ### Example Payload for List Agents ```json { "data": { "agents": [ { "id": 9176838, "uuid": "655993d5-c131-46e8-a82f-957f6f894cac", "name": "GRD-LPTP", "platform": "WINDOWS", "distro": "win-x86-64", "ip": "192.0.2.57", "last_scanned": 1515620036, "plugin_feed_id": "201801081515", "core_build": "106", "core_version": "7.0.0", "linked_on": 1456775443, "last_connect": 1515674073, "status": "off", "groups": [ { "name": "CodyAgents", "id": 8 }, { "name": "Agent Group A", "id": 3316 } ], "supports_remote_logs": false, "network_uuid": "00000000-0000-0000-0000-000000000000", "network_name": "Default", "profile_uuid": "00000000-0000-0000-0000-000000000000", "profile_name": "Default", "supports_remote_settings": true, "health": 0, "health_state_name": "HEALTHY", "fredi_status": true }, { "id": 14569, "uuid": "72ac6ad1-fc86-4af4-be0c-0ff3bfbfb242", "name": "example.com", "platform": "LINUX", "distro": "es7-x86-64", "ip": "192.0.2.57", "plugin_feed_id": "201805161620", "core_build": "13", "core_version": "7.0.3", "linked_on": 1508329832, "last_connect": 1526565530, "status": "off", "groups": [ { "name": "SC Research", "id": 1167 } ], "asset_uuid": "da1a9cf3-33a2-45ae-b99d-9a15000451e1", "health": 10, "health_state_name": "WARNING", "fredi_status": true }, { "id": 14570, "uuid": "938cb466-06ea-477e-abb0-99d8da0e0f20", "name": "example.com", "platform": "LINUX", "distro": "es7-x86-64", "ip": "192.0.2.57", "plugin_feed_id": "201805161620", "core_build": "13", "core_version": "7.0.3", "linked_on": 1508329886, "last_connect": 1526565624, "status": "off", "groups": [ { "name": "SC Research", "id": 1167 } ], "asset_uuid": "b23a9cf3-23a2-45ab-b99d-9a15000451c5", "health": 20, "health_state_name": "CRITICAL", "fredi_status": true } ], "pagination": { "total": 3, "limit": 50, "offset": 0, "sort": [ { "name": "name", "order": "asc" } ] } } } ``` *** ### List Agents By Group[​](#listagentsbygroup "Direct link to List Agents By Group") Returns a list of agents for the specified agent group. | **key: listAgentsByGroup** | Input | Notes | Example | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | Agent Group ID | The ID of the agent group to query for agents. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Filter | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | | Filter Type | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | | Fetch All | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | true | | Limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | | Offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | | Sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | | Wildcard Filter Text | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | | Wildcard Fields | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard\_fields' values are searched against the wildcard filter text. | field1,field2 | ### Example Payload for List Agents By Group ```json { "data": { "agents": [ { "id": 20, "uuid": "96efbd47-9d96-443f-be29-2ac723dde270", "name": "Codys-MacBook-Pro.local", "platform": "DARWIN", "distro": "macosx", "ip": "10.31.100.110", "last_scanned": 1545272687, "plugin_feed_id": "201812281741", "core_build": "1", "core_version": "7.2.1", "linked_on": 1452106253, "last_connect": 1546264939, "status": "off", "groups": [ { "name": "Agent Group A", "id": 8 }, { "name": "Agent Group B", "id": 31 }, { "name": "Agent Group C", "id": 3315 } ], "supports_remote_logs": false, "asset_uuid": "5d1a9cf3-33a2-45ae-b99d-9a15000451e1", "health": 0, "health_state_name": "HEALTHY", "health_events": [ { "identifier": 201, "state": 0, "state_time": 1722960875000, "details": "Plugin update was successful.", "muted": false, "state_name": "HEALTHY", "identifier_name": "PLUGIN_UPDATE" }, { "identifier": 200, "state": 0, "state_time": 1722960320000, "details": "Nessus Agent plugin disk usage is normal.", "muted": false, "state_name": "HEALTHY", "identifier_name": "PLUGIN_DISK_USAGE" } ] }, { "id": 65, "uuid": "7d14d098-2c60-403a-a1d0-8bce78e27f867b06b5e32a5e47a1", "name": "DC02", "platform": "WINDOWS", "distro": "win-x86-64", "ip": "10.31.114.10", "last_scanned": 1478743235, "plugin_feed_id": "0", "linked_on": 1453821446, "status": "off", "groups": [ { "name": "Agent Group A", "id": 8 }, { "name": "Agent Group B", "id": 31 }, { "name": "Agent Group C", "id": 3316 } ], "supports_remote_logs": false, "asset_uuid": "ba4a9cf3-33a2-45ae-b99d-9a1500045345" }, { "id": 643, "uuid": "d59d1f5b-f775-4061-9e36-fae22ab7518f2596d192e3cf57f8", "name": "DESKTOP-PSNDJQ6", "platform": "WINDOWS", "distro": "win-x86-64", "ip": "192.0.2.3", "last_scanned": 1477011651, "plugin_feed_id": "0", "linked_on": 1468619962, "status": "off", "groups": [ { "name": "Agent Group A", "id": 8 }, { "name": "Agent Group C", "id": 3316 } ], "supports_remote_logs": false, "asset_uuid": "321a9cf3-33a2-45ae-b99d-9a1500045444" } ], "pagination": { "total": 3, "limit": 50, "offset": 0, "sort": [ { "name": "name", "order": "asc" } ] } } } ``` *** ### List Asset Tags[​](#listassettags "Direct link to List Asset Tags") Returns a list of assigned tags for the specified asset UUID. | **key: listAssetTags** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------------------------------------ | | Asset UUID | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for List Asset Tags ```json { "data": { "tags": [ { "value_uuid": "173c3f3c-cb25-4f35-97e8-26b83f50c38d", "category_name": "location", "asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7", "created_at": "2018-12-31T16:29:40.606Z", "source": "static", "value": "Chicago", "created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf", "category_uuid": "e50a526c-966f-4b80-a641-6dd359b8202e" }, { "value_uuid": "6c25f771-61b6-412d-8e10-1778203f14c8", "category_name": "threat", "asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7", "created_at": "2018-12-31T16:29:40.606Z", "source": "static", "value": "wannacry", "created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf", "category_uuid": "c9f13d31-e9f7-40e6-9830-3c770e800675" } ] } } ``` *** ### List Asset Vulnerabilities[​](#listassetvulnerabilities "Direct link to List Asset Vulnerabilities") Retrieves a list of the vulnerabilities recorded for a specified asset. | **key: listAssetVulnerabilities** | Input | Notes | Example | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | | Asset ID | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | | Connection | | | | Date Range | The number of days of data prior to and including today that should be returned. | 30 | | Debug Request | Enabling this flag will log out the current request. | false | | Query Param Filters | Filters to apply in JSON format. See https\://developer.tenable.com/reference/workbenches-asset-vulnerabilities for more information. | See Example | ### Example Payload for List Asset Vulnerabilities ```json { "data": { "vulnerabilities": [ { "count": 55, "plugin_family": "Port scanners", "plugin_id": 34220, "plugin_name": "Netstat Portscanner (WMI)", "vulnerability_state": "Active", "vpr_score": 2.4, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 55, "value": 0 } ], "severity": 0 }, { "count": 54, "plugin_family": "Windows", "plugin_id": 34252, "plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)", "vulnerability_state": "Active", "vpr_score": 6.3, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 54, "value": 0 } ], "severity": 0 }, { "count": 21, "plugin_family": "Service detection", "plugin_id": 22964, "plugin_name": "Service Detection", "vulnerability_state": "Active", "vpr_score": 4.5, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 21, "value": 0 } ], "severity": 0 }, { "count": 18, "plugin_family": "Web Servers", "plugin_id": 24260, "plugin_name": "HyperText Transfer Protocol (HTTP) Information", "vulnerability_state": "Active", "vpr_score": 5.5, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 18, "value": 0 } ], "severity": 0 } ], "total_vulnerability_count": 3, "total_asset_count": 0 } } ``` *** ### List Assets[​](#listassets "Direct link to List Assets") Lists up to 5,000 assets. | **key: listAssets** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for List Assets ```json { "data": { "assets": [ { "id": "116af8c3-969d-4621-9f9f-364eeb58e3a7", "has_agent": false, "last_seen": "2018-12-31T15:00:57.000Z", "last_scan_target": "192.0.2.57", "sources": [ { "name": "NESSUS_SCAN", "first_seen": "2018-12-31T15:00:57.000Z", "last_seen": "2018-12-31T15:00:57.000Z" } ], "acr_score": 8, "acr_drivers": [ { "driver_name": "device_type", "driver_value": [ "general_purpose" ] }, { "driver_name": "device_capability", "driver_value": [ "pci" ] }, { "driver_name": "internet_exposure", "driver_value": [ "internal" ] } ], "exposure_score": 753, "scan_frequency": [ { "interval": 90, "frequency": 3, "licensed": false }, { "interval": 30, "frequency": 1, "licensed": false }, { "interval": 60, "frequency": 1, "licensed": false } ], "ipv4": [ "192.0.2.57" ], "ipv6": [], "fqdn": [ "example.com" ], "netbios_name": [ "example.com" ], "operating_system": [ "Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)" ], "agent_name": [], "aws_ec2_name": [], "mac_address": [] }, { "id": "700a652e-9922-45cd-a6b7-3611c0e1601c", "has_agent": false, "last_seen": "2018-12-31T15:00:57.000Z", "last_scan_target": "192.0.2.58", "sources": [ { "name": "NESSUS_SCAN", "first_seen": "2018-12-31T14:59:23.000Z", "last_seen": "2018-12-31T15:00:57.000Z" } ], "ipv4": [ "192.0.2.58" ], "ipv6": [], "fqdn": [ "example.com" ], "netbios_name": [ "scanner" ], "operating_system": [ "Linux Kernel 4.4.0-104-generic on Ubuntu 16.04" ], "agent_name": [], "aws_ec2_name": [], "mac_address": [] }, { "id": "dc3fdd75-3a01-4277-9ecd-903a80e08332", "has_agent": false, "last_seen": "2018-12-31T15:00:57.000Z", "last_scan_target": "192.0.2.59", "sources": [ { "name": "NESSUS_SCAN", "first_seen": "2018-12-31T14:59:23.000Z", "last_seen": "2018-12-31T15:00:57.000Z" } ], "ipv4": [ "192.0.2.59" ], "ipv6": [], "fqdn": [ "example.com" ], "netbios_name": [ "SHANE" ], "operating_system": [ "Microsoft Windows 10 Pro" ], "agent_name": [], "aws_ec2_name": [], "mac_address": [] }, { "id": "47351ecd-cbae-4576-9740-ff1b4eb88177", "has_agent": false, "last_seen": "2018-12-31T15:00:57.000Z", "last_scan_target": "192.0.2.60", "sources": [ { "name": "NESSUS_SCAN", "first_seen": "2018-12-31T14:59:23.000Z", "last_seen": "2018-12-31T15:00:57.000Z" } ], "ipv4": [ "192.0.2.60" ], "ipv6": [], "fqdn": [ "example.com" ], "netbios_name": [ "ARCHIE" ], "operating_system": [ "Microsoft Windows 10 Pro" ], "agent_name": [], "aws_ec2_name": [], "mac_address": [] } ], "total": 4 } } ``` *** ### List Assets with Vulnerabilities[​](#listassetswithvulnerabilities "Direct link to List Assets with Vulnerabilities") Returns a list of assets with vulnerabilities. | **key: listAssetsWithVulnerabilities** | Input | Notes | Example | | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | Connection | | | | Date Range | The number of days of data prior to and including today that should be returned. | 30 | | Debug Request | Enabling this flag will log out the current request. | false | | Query Param Filters | Filters to apply in JSON format. See https\://developer.tenable.com/reference/workbenches-assets-vulnerabilities for more information. | See Example | ### Example Payload for List Assets with Vulnerabilities ```json { "data": { "assets": [ { "id": "b822ac94-663b-4f85-bd8c-fd1310ccff44", "severities": [ { "count": 0, "level": 0, "name": "Info" }, { "count": 1, "level": 1, "name": "Low" }, { "count": 0, "level": 2, "name": "Medium" }, { "count": 0, "level": 3, "name": "High" }, { "count": 0, "level": 4, "name": "Critical" } ], "total": 1, "fqdn": [], "ipv4": [ "192.0.2.57" ], "ipv6": [], "last_seen": "2018-12-31T17:28:28.000Z", "netbios_name": [], "agent_name": [] }, { "id": "1519f45c-b99b-4626-9818-dca849c4e364", "severities": [ { "count": 0, "level": 0, "name": "Info" }, { "count": 0, "level": 1, "name": "Low" }, { "count": 1, "level": 2, "name": "Medium" }, { "count": 0, "level": 3, "name": "High" }, { "count": 0, "level": 4, "name": "Critical" } ], "total": 1, "fqdn": [ "example.com" ], "ipv4": [ "192.0.2.57" ], "ipv6": [], "last_seen": "2018-12-31T17:28:28.000Z", "netbios_name": [], "agent_name": [] }, { "id": "6417b14b-8a28-41c7-b276-7bca6f069949", "severities": [ { "count": 0, "level": 0, "name": "Info" }, { "count": 0, "level": 1, "name": "Low" }, { "count": 1, "level": 2, "name": "Medium" }, { "count": 0, "level": 3, "name": "High" }, { "count": 0, "level": 4, "name": "Critical" } ], "total": 1, "fqdn": [ "example.com" ], "ipv4": [ "192.0.2.57" ], "ipv6": [], "last_seen": "2018-12-31T17:28:28.000Z", "netbios_name": [], "agent_name": [] } ], "total_asset_count": 3 } } ``` *** ### List Scanners[​](#listscanners "Direct link to List Scanners") Returns the scanner list. | **key: listScanners** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for List Scanners ```json { "data": { "scanners": [ { "creation_date": 1500743403, "group": true, "id": 120958, "key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f", "last_connect": null, "last_modification_date": 1500743403, "license": { "activation_code": "448U-ABCD-1234", "agents": -1, "ips": 500, "scanners": -1, "users": -1, "enterprise_pause": false, "expiration_date": 1614038400, "evaluation": false, "apps": { "consec": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C82J-ABCD-1234", "max_gb": "1" }, "was": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C99G-ABCD-1234", "web_assets": "10" } }, "scanners_used": 1, "agents_used": 0 }, "linked": 1, "name": "US West Cloud Scanners", "network_name": "Default", "num_scans": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa", "pool": true, "scan_count": 0, "shared": 1, "source": "service", "status": "on", "timestamp": 1500743403, "type": "local", "user_permissions": 64, "uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de", "supports_remote_logs": false }, { "creation_date": 1559325208, "group": true, "id": 236329, "key": "6dec14cb6d33bce4173b8bd0a022400e306629ddca7951bebe4252a6973c16ce", "last_connect": null, "last_modification_date": 1559325208, "linked": 1, "name": "US Cloud Scanner", "network_name": "Default", "num_scans": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa", "pool": true, "scan_count": 0, "shared": 1, "source": "service", "status": "on", "timestamp": 1559325208, "type": "pool", "user_permissions": 128, "uuid": "00000000-0000-0000-0000-00000000000000000000000000001", "supports_remote_logs": false }, { "creation_date": 1561584499, "group": true, "id": 236911, "key": "68a3829fe2ce4d9ee6ab053691c7b9114cab6148294b12489bbcc0db54c6c109", "last_connect": null, "last_modification_date": 1561584499, "linked": 1, "name": "US West Cloud Scanners", "network_name": "Default", "num_scans": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa", "pool": true, "scan_count": 0, "shared": 1, "source": "service", "status": "on", "timestamp": 1561584499, "type": "pool", "user_permissions": 128, "uuid": "e84ca418-ef25-4dd6-8635-4df11a6e1c2f", "supports_remote_logs": false } ] } } ``` *** ### List Users[​](#listusers "Direct link to List Users") Returns a list of users. | **key: listUsers** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for List Users ```json { "data": { "users": [ { "uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e", "id": 5, "user_name": "user2@example.com", "username": "user4@api.demo", "email": "user2@example.com", "name": "Test User", "type": "local", "aggregate": true, "container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e", "permissions": 32, "login_fail_count": 0, "login_fail_total": 0, "enabled": true, "lockout": 0, "uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e" } ] } } ``` *** ### List Vulnerabilities[​](#listvulnerabilities "Direct link to List Vulnerabilities") Returns a list of recorded vulnerabilities. | **key: listVulnerabilities** | Input | Notes | Example | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------- | ----------- | | Connection | | | | Date Range | The number of days of data prior to and including today that should be returned. | 30 | | Debug Request | Enabling this flag will log out the current request. | false | | Query Param Filters | Filters to apply in JSON format. See https\://developer.tenable.com/reference/workbenches-vulnerabilities for more information. | See Example | ### Example Payload for List Vulnerabilities ```json { "data": { "vulnerabilities": [ { "count": 319, "plugin_family": "General", "plugin_id": 51192, "plugin_name": "SSL Certificate Cannot Be Trusted", "vulnerability_state": "Active", "vpr_score": 2.4, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 319, "value": 2 } ], "severity": 2 }, { "count": 215, "plugin_family": "Misc.", "plugin_id": 70658, "plugin_name": "SSH Server CBC Mode Ciphers Enabled", "vulnerability_state": "Active", "vpr_score": 7.4, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 215, "value": 1 } ], "severity": 1 }, { "count": 168, "plugin_family": "Misc.", "plugin_id": 71049, "plugin_name": "SSH Weak MAC Algorithms Enabled", "vulnerability_state": "Active", "vpr_score": 5.5, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [ { "count": 168, "value": 1 } ], "severity": 1 } ], "total_vulnerability_count": 3, "total_asset_count": 0 } } ``` *** ### Move Assets[​](#moveassets "Direct link to Move Assets") Moves assets from the specified network to another network. | **key: moveAssets** | Input | Notes | Example | | ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Destination Network UUID | The UUID of the network to associate with the specified assets. | 123e4567-e89b-12d3-a456-426614174000 | | Source Network UUID | The UUID of the network currently associated with the assets. | 123e4567-e89b-12d3-a456-426614174000 | | Targets | The IPv4 addresses of the assets to move. The addresses can be represented as a comma-separated list, a range, or CIDR. | 1.1.1.1, 2.2.2.2-2.2.2.200 | ### Example Payload for Move Assets ```json { "data": { "response": { "data": { "asset_count": 512 } } } } ``` *** ### Raw Request[​](#rawrequest "Direct link to Raw Request") Send raw HTTP request to Tenable. | **key: rawRequest** | Input | Notes | Example | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | | Connection | | | | Data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} | | Debug Request | Enabling this flag will log out the current request. | false | | File Data | File Data to be sent as a multipart form upload. | \[{key: "example.txt", value: "My File Contents"}] | | File Data File Names | File names to apply to the file data inputs. Keys must match the file data keys above. | | | Form Data | The Form Data to be sent as a multipart form upload. | \[{"key": "Example Key", "value": new Buffer("Hello World")}] | | Header | A list of headers to send with the request. | User-Agent: curl/7.64.1 | | Max Retry Count | The maximum number of retries to attempt. Specify 0 for no retries. | 0 | | Method | The HTTP method to use. | | | Query Parameter | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1\&key2=value2. | | | Response Type | The type of data you expect in the response. You can request json, text, or binary data. | json | | Retry On All Errors | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | false | | Retry Delay (ms) | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | 0 | | Timeout | The maximum time that a client will await a response to its request | 2000 | | URL | Input the path only (/networks), The base URL is already included (https\://cloud.tenable.com). For example, to connect to https\://cloud.tenable.com/networks, only /networks is entered in this field. | /networks | | Use Exponential Backoff | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. | false | *** ### Remove Agent from Group[​](#removeagentfromgroup "Direct link to Remove Agent from Group") Removes an agent from the specified agent group. | **key: removeAgentFromGroup** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Agent ID | The ID of the agent to remove. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Group ID | The ID of the agent group. | 123 | ### Example Payload for Remove Agent from Group ```json { "data": { "success": true } } ``` *** ### Rename Agent[​](#renameagent "Direct link to Rename Agent") Renames an agent. | **key: renameAgent** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | -------------- | | Agent ID | The ID of the agent to rename. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Name | The new name for the agent. | New Agent Name | ### Example Payload for Rename Agent ```json { "data": { "owner_uuid": "76229e9a-3700-4f28-b71d-8b92051b669e", "created": 1637196514784, "modified": 1638325337487, "container_uuid": "1c42306b-3ebb-451d-a250-0a1985509880", "uuid": "a9a45fe7-bffe-4883-9a3f-bef4215b42bf", "id": 4148460, "network_uuid": "00000000-0000-0000-0000-000000000000", "name": "AGENTWINDOWS44", "platform": "WINDOWS", "distro": "win-x86-64", "ui_version": "10.0.0", "ui_build": "74", "engine_version": "19.0.1", "loaded_plugin_set": "202111302302", "ip": "198.51.100.12", "mac_addrs": "00:50:56:01:22:af", "last_connect": 1638405460245, "last_scanned": 1638322481919, "remote_settings": [ { "name": "Nessus Agent Log Level", "setting": "backend_log_level", "type": "select", "description": "This controls the Nessus Agent backend logging level. Backend reload required.", "backend_reload": true, "status": "pending", "value": "normal", "allowable_values": [ { "value": "verbose" }, { "value": "debug" }, { "value": "normal" } ], "default": "normal" }, { "name": "Plugin Compilation Performance", "setting": "plugin_load_performance_mode", "type": "select", "description": "Controls the performance for plugin compilation; lower performance takes longer to compile, but uses fewer system processor resources. Service restart required. Requires 8.1.0+", "service_restart": true, "status": "current", "value": "high", "allowable_values": [ { "value": "high" }, { "value": "medium" }, { "value": "low" } ], "default": "high" }, { "name": "Scan Performance", "setting": "scan_performance_mode", "type": "select", "description": "Controls the scan performance; lower performance takes longer to scan, but uses fewer system processor resources. Service restart required. Requires 8.1.0+", "service_restart": true, "status": "current", "value": "high", "allowable_values": [ { "value": "high" }, { "value": "medium" }, { "value": "low" } ], "default": "high" }, { "name": "Nessus Agent Update Plan", "setting": "agent_update_channel", "type": "select", "description": "The update plan to which Nessus Agent will track. Requires 7.7.0+", "status": "current", "value": "ea", "allowable_values": [ { "value": "ga", "label": "Keep up to date with GA releases." }, { "value": "ea", "label": "Opt in to Early Access releases." }, { "value": "stable", "label": "Delay updates, staying on an older release." } ], "default": "ga" }, { "name": "Automatic Hostname Update", "setting": "update_hostname", "type": "boolean", "description": "If the Nessus Agent's hostname is changed, the new hostname is updated in the Nessus Agent's manager.", "status": "current", "value": "false", "default": "false" }, { "name": "Offline Agent Scan Trigger Execution Threshold", "setting": "offline_agent_scan_trigger_execution_threshold_days", "type": "integer", "description": "Specifies the number of days of the Agent being offline after which Rule-Based Scans will stop executing", "min": 1, "status": "current", "value": "14", "default": "14" }, { "name": "Maximum Scans Per Day", "setting": "maximum_scans_per_day", "type": "integer", "description": "The maximum number of scans to run on this Agent per day.", "min": 1, "max": 48, "status": "current", "value": "10", "default": "10" } ], "restart_pending": false, "status": "off", "tracking_id": "4ab102a77f1c9c54b7123559319cc546c86867fc870e15aae384d940dc59eeaf", "last_connect_in_seconds": 1638405460, "last_scanned_in_seconds": 1638322481, "supports_remote_settings": true, "supports_remote_logs": false, "created_in_seconds": 1637196514, "modified_in_seconds": 1638325337 } } ``` *** ### Unlink Agent[​](#unlinkagent "Direct link to Unlink Agent") Unlinks an agent. | **key: unlinkAgent** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | ------- | | Agent ID | The ID of the agent to unlink. | 123 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | ### Example Payload for Unlink Agent ```json { "data": { "success": true } } ``` *** ### Update Agent Group[​](#updateagentgroup "Direct link to Update Agent Group") Changes the name of the agent group. | **key: updateAgentGroup** | Input | Notes | Example | | ------------- | ---------------------------------------------------- | -------------- | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Group ID | The ID or UUID of the agent group to update. | 123 | | Name | The name of the agent group. | My Agent Group | ### Example Payload for Update Agent Group ```json { "data": { "groups": [ { "owner_uuid": "2e3a71fc-2442-4024-9fee-085cc61750cb", "created": 1595001140400, "modified": 1595001217809, "container_uuid": "d6c3e937-4467-4171-92d8-debf5ef3c917", "uuid": "e069b272-ed76-487a-8cf9-1c32836698b7", "id": 183709, "name": "NewName", "agents_count": 0, "default_permissions": 16, "shared": 1, "user_permissions": 128, "created_in_seconds": 1595001140, "modified_in_seconds": 1595001217 } ] } } ``` *** ### Update Scanner[​](#updatescanner "Direct link to Update Scanner") Updates the specified scanner. | **key: updateScanner** | Input | Notes | Example | | ------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ---------- | | AWS Update Interval | Specifies how often, in minutes, the scanner checks in with Tenable Vulnerability Management (Amazon Web Services scanners only). | 60 | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Finish Update | Pass 1 to reboot the scanner and run the latest software update (only valid if automatic updates are disabled). | 1 | | Force Plugin Update | Pass 1 to force a plugin update. | 1 | | Force UI Update | Pass 1 to force a UI update. | 1 | | Name | The new name for the scanner. | My Scanner | | Registration Code | Sets the registration code for the scanner. | 1234 | | Scanner ID | The ID of the scanner. | 1 | ### Example Payload for Update Scanner ```json { "data": { "creation_date": 1500743403, "group": true, "id": 120958, "key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f", "last_connect": null, "last_modification_date": 1500743403, "license": { "activation_code": "448U-ABCD-1234", "agents": -1, "ips": 500, "scanners": -1, "users": -1, "enterprise_pause": false, "expiration_date": 1614038400, "evaluation": false, "apps": { "consec": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C82J-ABCD-1234", "max_gb": "1" }, "was": { "mode": "standard", "expiration_date": 1613970000, "activation_code": "C99G-ABCD-1234", "web_assets": "10" } }, "scanners_used": 1, "agents_used": 0 }, "linked": 1, "name": "US West Cloud Scanners", "network_name": "Default", "num_scans": 0, "owner": "system", "owner_id": 1, "owner_name": "system", "owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa", "pool": true, "scan_count": 0, "shared": 1, "source": "service", "status": "on", "timestamp": 1500743403, "type": "local", "user_permissions": 64, "uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de", "supports_remote_logs": false } } ``` *** ### Update User[​](#updateuser "Direct link to Update User") Updates an existing user account. | **key: updateUser** | Input | Notes | Example | | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | | Connection | | | | Debug Request | Enabling this flag will log out the current request. | false | | Email | The email address of the user. A valid email address must be in the format, name\@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name\@domain | | Enabled | Specifies whether the user's account is enabled (true) or disabled (false). | | | Name | The name of the user (for example, first and last name). | John Doe | | Permissions | The user permissions as described in Permissions. See https\://developer.tenable.com/reference/users-create for more information. | 16 | | User ID | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 | ### Example Payload for Update User ```json { "data": { "uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e", "id": 5, "user_name": "user2@example.com", "username": "user4@api.demo", "email": "user2@example.com", "name": "Test User", "type": "local", "aggregate": true, "container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e", "permissions": 32, "login_fail_count": 0, "login_fail_total": 0, "enabled": true, "lockout": 0, "uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e" } } ``` *** ## Changelog[​](#changelog "Direct link to Changelog") ### 2026-02-26[​](#2026-02-26 "Direct link to 2026-02-26") Added inline data source for scanners to enable dynamic dropdown selection ### 2025-08-29[​](#2025-08-29 "Direct link to 2025-08-29") Added inline Data Sources for improved data selection of Agent Groups and Assets