Skip to main content

Tenable Vulnerability Management Component

Use the component to assess vulnerabilities; manage assets, users, agents, and more.

Component key: tenable-vulnerability-management

Description

Tenable Vulnerability Management is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity.

Use the component to assess vulnerabilities; manage assets, users, agents, and more.

API Documentation:

The component was built using the Tenable Vulnerability Management API Reference.

Connections

Tenable Connection

To generate API keys in Tenable Vulnerability Management:

  1. Login to your Tenable account and navigate to My Account by selecting the user icon in the top right menu.
  2. Navigate to API Keys and select generate to generate an Access Key and a Secret Key.
  3. Enter these values into the connection configuration of your integration.
    1. Save these values as they will not be shown again.
InputNotes
Access Key
string
/ Required
accessKey
 
Secret Key
password
/ Required
secretKey
 

Data Sources

Select Agent

Select an agent from a picklist. | key: selectAgent | type: picklist

InputNotesExample
Connection
connection
/ Required
connection
 
 
Filter
string
f
Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.
field1:match:sometext
Filter Type
string
ft
If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.
and
Wildcard Filter Text
string
w
Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.
wild
Wildcard Fields
string
wf
A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.
field1,field2

Select User

Select a user from a picklist. | key: selectUser | type: picklist

InputNotes
Connection
connection
/ Required
connection
 

Actions

Add Agent to Group

Adds an agent to the agent group. | key: addAgentToGroup

InputDefaultNotesExample
Agent ID
string
/ Required
agentId
The ID of the agent to add.
123
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group ID
string
/ Required
groupId
The ID of the agent group.
123

{
"data": {
"success": true
}
}

Add or Remove Asset Tags

Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | key: addOrRemoveAssetTags

InputDefaultNotesExample
Action
string
/ Required
action
Specifies whether to add or remove tags.
add
Assets
string
/ Required
Value List
assets
An array of asset UUIDs.
123e4567-e89b-12d3-a456-426614174000
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Tags
string
/ Required
Value List
tags
An array of tag value UUIDs.
123e4567-e89b-12d3-a456-426614174000

{
"data": {
"job_uuid": "62210d02a7056d0297f50a8ddfbd549eaef1d0bc94e1ea3fad09"
}
}

Create Agent Group

Creates an agent group. | key: createAgentGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Name
string
/ Required
name
The name of the agent group.
My Agent Group

{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 0,
"agents_count": 0
}
}

Create User

Creates a new user. | key: createUser

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Email
string
email
The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains.
name@domain
Name
string
name
The name of the user (for example, first and last name).
John Doe
Password
password
/ Required
password
Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol.
password
Permissions
string
/ Required
permissions
The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information.
16
Username
string
/ Required
username
A valid username must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance.
name@domain

{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}

Delete Agent Group

Deletes an agent group. | key: deleteAgentGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group ID
string
/ Required
groupId
The ID or UUID of the agent group to delete.
123

{
"data": {
"success": true
}
}

Delete Asset

Deletes the specified asset. | key: deleteAsset

InputDefaultNotesExample
Asset UUID
string
/ Required
assetUuid
The UUID of the asset.
123e4567-e89b-12d3-a456-426614174000
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"success": true
}
}

Delete Scanner

Deletes and unlinks a scanner from Tenable Vulnerability Management. | key: deleteScanner

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Scanner ID
string
/ Required
scannerId
The ID of the scanner.
1

{
"data": {
"success": true
}
}

Delete User

Deletes a user. | key: deleteUser

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
User ID
string
/ Required
userId
The UUID (uuid) or unique ID (id) of the user.
60f73e4f-8983-41c2-a13c-39074cbb6229

{
"data": {
"success": true
}
}

Download Vulnerabilities

Downloads exported vulnerabilities as a JSON file. | key: downloadVulnerabilities

InputDefaultNotesExample
Chunk ID
string
/ Required
chunkId
The ID of the chunk you want to export.
1
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Export UUID
string
/ Required
exportUuid
The UUID of the vulnerability export request.
123e4567-e89b-12d3-a456-426614174000

{
"data": [
{
"asset": {
"bios_uuid": "1fa02642-5b8e-8f27-42a9-debde798d957",
"device_type": "general-purpose",
"fqdn": "sharepoint2016.target.example.com",
"hostname": "sharepoint2016",
"uuid": "53ed0fa2-ccd5-4d2e-92ee-c072635889e3",
"ipv4": "203.0.113.71",
"ipv6": "2001:db8:199e:6fb9:2edd:67f0:3f30:c7",
"last_authenticated_results": "2023-05-04T05:03:13.737Z",
"mac_address": "00:50:56:a6:22:93",
"netbios_name": "SHAREPOINT2016",
"operating_system": [
"Microsoft Windows Server 2016 Standard"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\n\n Produact : Microsoft SharePoint Enterprise Server 2016\n KB : 5002113\n - C:\\Program Files\\Microsoft Office Servers\\16.0\\bin\\ascalc.dll has not been patched.\n Remote version : 16.0.4342.1000\n Should be : 16.0.5266.1000\n\n",
"plugin": {
"bid": [
156641
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [
"cpe:/a:microsoft:sharepoint_server"
],
"cvss3_base_score": 8.8,
"cvss3_temporal_score": 7.7,
"cvss3_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:O/RC:C"
},
"cvss3_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"availability_impact": "High",
"confidentiality_impact": "High",
"integrity_impact": "High",
"raw": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"cvss_base_score": 9,
"cvss_temporal_score": 6.7,
"cvss_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:OF/RC:C"
},
"cvss_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"authentication": "Single",
"availability_impact": "Complete",
"confidentiality_impact": "Complete",
"integrity_impact": "Complete",
"raw": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
},
"description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21837, CVE-2022-21840, CVE-2022-21842)",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploitability_ease": "No known exploits are available",
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "Windows : Microsoft Bulletins",
"family_id": 41,
"has_patch": true,
"id": 156641,
"in_the_news": false,
"ms_bulletin": [
"5002113"
],
"name": "Security Updates for Microsoft SharePoint Server 2016 (January 2022)",
"patch_publication_date": "2022-01-11T00:00:00Z",
"modification_date": "2022-05-06T00:00:00Z",
"publication_date": "2022-01-12T00:00:00Z",
"risk_factor": "high",
"see_also": [
"https://support.microsoft.com/en-us/help/5002113"
],
"solution": "Microsoft has released security update KB5002113 to address this issue.",
"stig_severity": "I",
"synopsis": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates.",
"unsupported_by_vendor": false,
"version": "1.6",
"vuln_publication_date": "2022-01-11T00:00:00Z",
"xrefs": [
{
"type": "CVE",
"id": "2022-21837"
},
{
"type": "CVE",
"id": "2022-21840"
},
{
"type": "CVE",
"id": "2022-21842"
},
{
"type": "IAVA",
"id": "2022-A-0007-S"
},
{
"type": "MSFT",
"id": "MS22-5002113"
},
{
"type": "MSKB",
"id": "5002113"
}
],
"vpr": {
"score": 6.7,
"drivers": {
"age_of_vuln": {
"lower_bound": 731
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": false,
"cvss3_impact_score": 5.9,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "LOW"
},
"updated": "2024-02-04T06:03:56Z"
},
"workaround": "F5 lists a workaround with instructions listed at https://my.f5.com/manage/s/article/K000137595 that can be achieved using the following steps:\n\n 1. Install the latest PI IM package\n 2. Disable signatures with excessive Total Hit Count value\n\n Note that Tenable always advises that you upgrade a system if possible, \n and all steps listed here are mitigation steps provided by F5. \n Tenable is not responsible for any negative effects that may occur from enacting this workaround.",
"workaround_type": "disable service",
"workaround_published": "2024-02-14T00:00:00Z",
"vendor_unpatched": true,
"has_workaround": true,
"cve": [
"CVE-2022-21837",
"CVE-2022-21840",
"CVE-2022-21842"
],
"type": "local"
},
"port": {
"port": 445,
"protocol": "TCP",
"service": "cifs"
},
"scan": {
"schedule_uuid": "461e4ebc-b309-face-6fa1-afa4ba163cb6d84b9dc0a0dc5020",
"started_at": "2023-05-03T14:14:02.387Z",
"uuid": "270b911b-1fe6-4760-8c49-88d315cb764e"
},
"severity": "high",
"severity_id": 3,
"severity_default_id": 3,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T19:18:10.472Z",
"last_found": "2023-05-04T05:03:13.737Z",
"state": "OPEN",
"indexed": "2023-05-04T05:13:40.809406Z",
"source": "NESSUS"
},
{
"asset": {
"device_type": "hypervisor",
"fqdn": "vcsa8.target.example.com",
"hostname": "vcsa8.target.example.com",
"uuid": "1babf006-b1f0-4dee-86a1-7a55888336c3",
"ipv4": "192.0.2.246",
"operating_system": [
"VMware vCenter Server 8.0.0 build-20037386"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\nThe following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:\n\n - https://vcsa8.target.example.com/\n - https://vcsa8.target.example.com/ui/\n",
"plugin": {
"bid": [
50344
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [],
"description": "The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.\n\nThe CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "CGI abuses",
"family_id": 3,
"has_patch": false,
"id": 50344,
"in_the_news": false,
"name": "Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header",
"modification_date": "2021-01-19T00:00:00Z",
"publication_date": "2010-10-26T00:00:00Z",
"risk_factor": "info",
"see_also": [
"http://www.nessus.org/u?55aa8f57",
"http://www.nessus.org/u?07cc2a06",
"https://content-security-policy.com/",
"https://www.w3.org/TR/CSP2/"
],
"solution": "Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.",
"synopsis": "The remote web server does not take steps to mitigate a class of web application vulnerabilities.",
"unsupported_by_vendor": false,
"version": "1.6",
"xrefs": [],
"type": "remote"
},
"port": {
"port": 443,
"protocol": "TCP",
"service": "www"
},
"scan": {
"schedule_uuid": "16cf08d3-3f94-79f4-8038-996376eabd4f186741fe15533e70",
"started_at": "2023-05-03T14:13:56.983Z",
"uuid": "e86252a3-8dc0-43b6-8ddd-afb219d040ed"
},
"severity": "info",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T06:12:27.940Z",
"last_found": "2023-05-04T09:39:26.415Z",
"state": "OPEN",
"indexed": "2023-05-04T09:44:55.673359Z",
"source": "NESSUS"
}
]
}

Export Assets

Exports all assets that match the request criteria. | key: exportAssets

InputDefaultNotesExample
Chunk Size
string
/ Required
chunkSize
Specifies the number of assets per exported chunk. The range is 100-10000.
100
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Filters
code
filters
Specifies filters for exported assets. See https://developer.tenable.com/reference/exports-assets-request-export for more information.
Include Open Ports
boolean
/ Required
includeOpenPorts
false
Specifies whether or not to include open port findings from info-level plugins.
 

{
"data": {
"export_uuid": "60a26f04-c844-49a6-b67b-995a6ed79471"
}
}

Export Vulnerabilities

Exports vulnerabilities that match the request criteria. | key: exportVulnerabilities

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Filters
code
filters
Specifies filters for exported vulnerabilities. See https://developer.tenable.com/reference/exports-vulns-request-export for more information.
Include Unlicensed
boolean
includeUnlicensed
false
Specifies whether or not to include unlicensed assets.
 
Number of Assets
string
/ Required
numAssets
Specifies the number of assets used to chunk the vulnerabilities.
50

{
"data": {
"export_uuid": "bf765455-53aa-4e70-9ef3-87cfca1d2be0"
}
}

Get Agent

Returns the specified agent details for the specified scanner. | key: getAgent

InputDefaultNotesExample
Agent ID
string
/ Required
agentId
The ID of the agent to query.
123
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
}
}

Get Agent Group

Gets details for the agent group. | key: getAgentGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Filter
string
f
Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.
field1:match:sometext
Filter Type
string
ft
If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.
and
Get All
boolean
getAll
true
If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.
 
Group ID
string
/ Required
groupId
The ID or UUID of the agent group to query.
123
Limit
string
limit
The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.
50
Offset
string
offset
The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.
0
Sort
string
sort
The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).
name:desc
Wildcard Filter Text
string
w
Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.
wild
Wildcard Fields
string
wf
A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.
field1,field2

{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 10621200,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 1,
"agents": [
{
"id": 9176838,
"uuid": "fdb1812c-2423-424d-9b67-5511e9bf0714",
"name": "my.new-hostname.server",
"platform": "LINUX",
"distro": "es8-x86-64",
"ip": "172.26.102.78",
"last_scanned": 1722961087,
"plugin_feed_id": "202408191220",
"core_build": "2391",
"core_version": "10.8.0",
"linked_on": 1722960266,
"last_connect": 1724170973,
"status": "off",
"groups": [
{
"name": "Western Region",
"id": 106592
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": false
}
],
"pagination": {
"total": 0,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}

Get Asset

Returns details of the specified asset. | key: getAsset

InputDefaultNotesExample
Asset UUID
string
/ Required
assetUuid
The UUID of the asset.
123e4567-e89b-12d3-a456-426614174000
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
}

Get Asset Vulnerability Details

Retrieves the details for a vulnerability recorded on a specified asset. | key: getAssetVulnerabilityDetails

InputDefaultNotesExample
Asset ID
string
/ Required
assetId
The UUID of the asset.
116af8c3-969d-4621-9f9f-364eeb58e3a7
Connection
connection
/ Required
connection
 
 
 
Date Range
string
dateRange
The number of days of data prior to and including today that should be returned.
30
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Plugin ID
string
/ Required
pluginId
The ID of the plugin.
12345
Query Param Filters
code
queryParamFilters
Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerability-info for more information.

{
"data": {
"info": {
"count": 1,
"vuln_count": 1,
"description": "The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted.\n\nAn attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.",
"synopsis": "Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.",
"solution": "Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T17:15:52.000Z"
},
"severity": 3,
"plugin_details": {
"family": "Windows : Microsoft Bulletins",
"modification_date": "2016-12-31T00:00:00Z",
"name": "MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)",
"publication_date": "2011-12-31T00:00:00Z",
"type": "local",
"version": null,
"severity": 3
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
42811
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2010-3190"
]
},
{
"name": "iavb",
"values": [
"2011-B-0046"
]
},
{
"name": "msft",
"url": "http://technet.microsoft.com/en-us/security/bulletin/",
"values": [
"MS11-025"
]
},
{
"name": "osvdb",
"values": [
"67674"
]
},
{
"name": "secunia",
"url": "http://secunia.com/advisories/",
"values": [
"41212"
]
}
],
"risk_information": {
"risk_factor": "High",
"cvss_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_base_score": "9.3",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "7.7",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"[\"https://technet.microsoft.com/library/security/ms11-025\"]"
],
"vulnerability_information": {
"vulnerability_publication_date": "2010-12-31T00:00:00Z",
"exploited_by_malware": null,
"patch_publication_date": "2011-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": null,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": []
},
"vpr": {
"score": 5.9,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "MEDIUM"
},
"updated": "2019-12-31T10:08:58Z"
}
}
}
}

Get Plugin Details

Retrieves the details for a plugin. | key: getPluginDetails

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Date Range
string
dateRange
The number of days of data prior to and including today that should be returned.
30
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Plugin ID
string
/ Required
pluginId
The ID of the plugin.
12345
Query Param Filters
code
queryParamFilters
Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerability-info for more information.

{
"data": {
"info": {
"count": 13,
"vuln_count": 14,
"description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.",
"synopsis": "The remote web server is affected by a remote code execution vulnerability.",
"solution": "Apply the referenced patch.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T22:53:45.000Z"
},
"severity": 4,
"plugin_details": {
"family": "CGI abuses",
"modification_date": "2017-12-31T00:00:00Z",
"name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)",
"publication_date": "2014-12-31T00:00:00Z",
"type": "remote",
"version": null,
"severity": 4
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
70103
]
},
{
"name": "cert",
"url": "http://www.kb.cert.org/vuls/id/",
"values": [
"252743"
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2014-6271"
]
},
{
"name": "edb-id",
"url": "http://www.exploit-db.com/exploits/",
"values": [
"34766",
"34777",
"34765"
]
},
{
"name": "iava",
"values": [
"2014-A-0142"
]
},
{
"name": "osvdb",
"values": [
"112004"
]
}
],
"risk_information": {
"risk_factor": "Critical",
"cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_base_score": "10.0",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "8.3",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"http://seclists.org/oss-sec/2014/q3/650",
"http://www.nessus.org/u?dacf7829",
"https://www.invisiblethreat.ca/post/shellshock/"
],
"vulnerability_information": {
"vulnerability_publication_date": "2014-12-31T00:00:00Z",
"exploited_by_malware": true,
"patch_publication_date": "2014-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": true,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": [
{
"name": "Core Impact"
},
{
"name": "Metasploit",
"exploits": [
{
"name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)",
"url": null
}
]
}
]
},
"vpr": {
"score": 9.6,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "HIGH",
"cvss3_impact_score": 5.9,
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "HIGH",
"threat_recency": {
"lower_bound": 0,
"upper_bound": 7
},
"threat_sources_last28": [
"Others",
"Mainstream Media",
"Code Repo and Paste Bins"
],
"product_coverage": "LOW"
},
"updated": "2019-12-31T10:10:57Z"
}
}
}
}

Get Scanner

Returns details for the specified scanner. | key: getScanner

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Scanner ID
string
/ Required
scannerId
The ID of the scanner.
1

{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}

Get User

Returns details for a specific user. | key: getUser

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
User ID
string
/ Required
userId
The UUID (uuid) or unique ID (id) of the user.
60f73e4f-8983-41c2-a13c-39074cbb6229

{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}

Import Assets

Imports asset data in JSON format. | key: importAssets

InputDefaultNotesExample
Asset Objects
code
/ Required
assetObjects
An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios_name, mac_address. See https://developer.tenable.com/reference/assets-import for more information.
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Source
string
/ Required
importSource
A user-defined name for the source of the import.
Example Import

{
"data": {
"asset_import_job_uuid": "467e5338-7783-4a0d-915a-5d00584784a0"
}
}

Import Vulnerabilities

Imports a list of vulnerabilities in JSON format. | key: importVulnerabilities

InputDefaultNotesExample
Assets
code
/ Required
assets
An array of asset objects with vulnerabilities information. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information.
Connection
connection
/ Required
connection
 
 
 
Coverage
code
coverage
The coverage object. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information.
Data Type
string
/ Required
dataType
The type of scan that identified the vulnerabilities.
vm
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Product
string
/ Required
product
The name of the product from the vendor.
Security Center
Source
string
/ Required
source
A unique string value used to track the set of assets and vulnerabilities.
scan_uuid:scan_chunk_uuid
Vendor
string
/ Required
vendor
The company that owns the product that is the source of the vulnerability data.
tenable

{
"data": {
"job_uuid": ""
}
}

List Agent Groups

Retrieves a list of agent groups. | key: listAgentGroups

InputDefaultNotes
Connection
connection
/ Required
connection
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.

{
"data": {
"groups": [
{
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "slibs",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 0
}
]
}
}

List Agents

Returns a list of agents for the specified scanner. | key: listAgents

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Filter
string
f
Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.
field1:match:sometext
Filter Type
string
ft
If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.
and
Get All
boolean
getAll
true
If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.
 
Limit
string
limit
The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.
50
Offset
string
offset
The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.
0
Sort
string
sort
The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).
name:desc
Wildcard Filter Text
string
w
Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.
wild
Wildcard Fields
string
wf
A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.
field1,field2

{
"data": {
"agents": [
{
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
},
{
"id": 14569,
"uuid": "72ac6ad1-fc86-4af4-be0c-0ff3bfbfb242",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329832,
"last_connect": 1526565530,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "da1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 10,
"health_state_name": "WARNING",
"fredi_status": true
},
{
"id": 14570,
"uuid": "938cb466-06ea-477e-abb0-99d8da0e0f20",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329886,
"last_connect": 1526565624,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "b23a9cf3-23a2-45ab-b99d-9a15000451c5",
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": true
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}

List Agents By Group

Returns a list of agents for the specified agent group. | key: listAgentsByGroup

InputDefaultNotesExample
Agent Group ID
string
/ Required
agentGroupId
The ID of the agent group to query for agents.
123
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Filter
string
f
Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters.
field1:match:sometext
Filter Type
string
ft
If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match.
and
Get All
boolean
getAll
true
If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used.
 
Limit
string
limit
The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50.
50
Offset
string
offset
The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0.
0
Sort
string
sort
The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc).
name:desc
Wildcard Filter Text
string
w
Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters.
wild
Wildcard Fields
string
wf
A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text.
field1,field2

{
"data": {
"agents": [
{
"id": 20,
"uuid": "96efbd47-9d96-443f-be29-2ac723dde270",
"name": "Codys-MacBook-Pro.local",
"platform": "DARWIN",
"distro": "macosx",
"ip": "10.31.100.110",
"last_scanned": 1545272687,
"plugin_feed_id": "201812281741",
"core_build": "1",
"core_version": "7.2.1",
"linked_on": 1452106253,
"last_connect": 1546264939,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3315
}
],
"supports_remote_logs": false,
"asset_uuid": "5d1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 0,
"health_state_name": "HEALTHY",
"health_events": [
{
"identifier": 201,
"state": 0,
"state_time": 1722960875000,
"details": "Plugin update was successful.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_UPDATE"
},
{
"identifier": 200,
"state": 0,
"state_time": 1722960320000,
"details": "Nessus Agent plugin disk usage is normal.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_DISK_USAGE"
}
]
},
{
"id": 65,
"uuid": "7d14d098-2c60-403a-a1d0-8bce78e27f867b06b5e32a5e47a1",
"name": "DC02",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "10.31.114.10",
"last_scanned": 1478743235,
"plugin_feed_id": "0",
"linked_on": 1453821446,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "ba4a9cf3-33a2-45ae-b99d-9a1500045345"
},
{
"id": 643,
"uuid": "d59d1f5b-f775-4061-9e36-fae22ab7518f2596d192e3cf57f8",
"name": "DESKTOP-PSNDJQ6",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.3",
"last_scanned": 1477011651,
"plugin_feed_id": "0",
"linked_on": 1468619962,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "321a9cf3-33a2-45ae-b99d-9a1500045444"
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}

List Asset Tags

Returns a list of assigned tags for the specified asset UUID. | key: listAssetTags

InputDefaultNotesExample
Asset UUID
string
/ Required
assetUuid
The UUID of the asset.
123e4567-e89b-12d3-a456-426614174000
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"tags": [
{
"value_uuid": "173c3f3c-cb25-4f35-97e8-26b83f50c38d",
"category_name": "location",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "Chicago",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "e50a526c-966f-4b80-a641-6dd359b8202e"
},
{
"value_uuid": "6c25f771-61b6-412d-8e10-1778203f14c8",
"category_name": "threat",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "wannacry",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "c9f13d31-e9f7-40e6-9830-3c770e800675"
}
]
}
}

List Asset Vulnerabilities

Retrieves a list of the vulnerabilities recorded for a specified asset. | key: listAssetVulnerabilities

InputDefaultNotesExample
Asset ID
string
/ Required
assetId
The UUID of the asset.
116af8c3-969d-4621-9f9f-364eeb58e3a7
Connection
connection
/ Required
connection
 
 
 
Date Range
string
dateRange
The number of days of data prior to and including today that should be returned.
30
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Query Param Filters
code
queryParamFilters
Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerabilities for more information.

{
"data": {
"vulnerabilities": [
{
"count": 55,
"plugin_family": "Port scanners",
"plugin_id": 34220,
"plugin_name": "Netstat Portscanner (WMI)",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 55,
"value": 0
}
],
"severity": 0
},
{
"count": 54,
"plugin_family": "Windows",
"plugin_id": 34252,
"plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)",
"vulnerability_state": "Active",
"vpr_score": 6.3,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 54,
"value": 0
}
],
"severity": 0
},
{
"count": 21,
"plugin_family": "Service detection",
"plugin_id": 22964,
"plugin_name": "Service Detection",
"vulnerability_state": "Active",
"vpr_score": 4.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 21,
"value": 0
}
],
"severity": 0
},
{
"count": 18,
"plugin_family": "Web Servers",
"plugin_id": 24260,
"plugin_name": "HyperText Transfer Protocol (HTTP) Information",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 18,
"value": 0
}
],
"severity": 0
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}

List Assets

Lists up to 5,000 assets. | key: listAssets

InputDefaultNotes
Connection
connection
/ Required
connection
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.

{
"data": {
"assets": [
{
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "700a652e-9922-45cd-a6b7-3611c0e1601c",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.58",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.58"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"scanner"
],
"operating_system": [
"Linux Kernel 4.4.0-104-generic on Ubuntu 16.04"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "dc3fdd75-3a01-4277-9ecd-903a80e08332",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.59",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.59"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"SHANE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "47351ecd-cbae-4576-9740-ff1b4eb88177",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.60",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.60"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"ARCHIE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
],
"total": 4
}
}

List Assets with Vulnerabilities

Returns a list of assets with vulnerabilities. | key: listAssetsWithVulnerabilities

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Date Range
string
dateRange
The number of days of data prior to and including today that should be returned.
30
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Query Param Filters
code
queryParamFilters
Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-assets-vulnerabilities for more information.

{
"data": {
"assets": [
{
"id": "b822ac94-663b-4f85-bd8c-fd1310ccff44",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 1,
"level": 1,
"name": "Low"
},
{
"count": 0,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "1519f45c-b99b-4626-9818-dca849c4e364",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "6417b14b-8a28-41c7-b276-7bca6f069949",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
}
],
"total_asset_count": 3
}
}

List Scanners

Returns the scanner list. | key: listScanners

InputDefaultNotes
Connection
connection
/ Required
connection
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.

{
"data": {
"scanners": [
{
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
},
{
"creation_date": 1559325208,
"group": true,
"id": 236329,
"key": "6dec14cb6d33bce4173b8bd0a022400e306629ddca7951bebe4252a6973c16ce",
"last_connect": null,
"last_modification_date": 1559325208,
"linked": 1,
"name": "US Cloud Scanner",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1559325208,
"type": "pool",
"user_permissions": 128,
"uuid": "00000000-0000-0000-0000-00000000000000000000000000001",
"supports_remote_logs": false
},
{
"creation_date": 1561584499,
"group": true,
"id": 236911,
"key": "68a3829fe2ce4d9ee6ab053691c7b9114cab6148294b12489bbcc0db54c6c109",
"last_connect": null,
"last_modification_date": 1561584499,
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",