Tenable Vulnerability Management Component
Use the component to assess vulnerabilities; manage assets, users, agents, and more.
Component key: tenable-vulnerability-management
Description
Tenable Vulnerability Management is a leading security solution that identifies, evaluates, and prioritizes vulnerabilities to reduce risk and enhance cybersecurity.
Use the component to assess vulnerabilities; manage assets, users, agents, and more.
API Documentation:
The component was built using the Tenable Vulnerability Management API Reference.
Connections
Tenable Connection
To generate API keys in Tenable Vulnerability Management:
- Login to your Tenable account and navigate to My Account by selecting the user icon in the top right menu.
- Navigate to API Keys and select generate to generate an Access Key and a Secret Key.
- Enter these values into the connection configuration of your integration.
- Save these values as they will not be shown again.
Input | Notes |
---|---|
Access Key string / Required accessKey | |
Secret Key password / Required secretKey |
Data Sources
Select Agent
Select an agent from a picklist. | key: selectAgent | type: picklist
Input | Notes | Example |
---|---|---|
Connection connection / Required connection | ||
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Select User
Select a user from a picklist. | key: selectUser | type: picklist
Input | Notes |
---|---|
Connection connection / Required connection |
Actions
Add Agent to Group
Adds an agent to the agent group. | key: addAgentToGroup
Input | Default | Notes | Example |
---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to add. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID of the agent group. | 123 |
Example Payload for Add Agent to Group
{
"data": {
"success": true
}
}
Add or Remove Asset Tags
Adds or removes tags from the specified assets, and returns the UUID of the asynchronous asset update job. | key: addOrRemoveAssetTags
Input | Default | Notes | Example |
---|---|---|---|
Action string / Required action | Specifies whether to add or remove tags. | add | |
Assets string / Required Value List assets | An array of asset UUIDs. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Tags string / Required Value List tags | An array of tag value UUIDs. | 123e4567-e89b-12d3-a456-426614174000 |
Example Payload for Add or Remove Asset Tags
{
"data": {
"job_uuid": "62210d02a7056d0297f50a8ddfbd549eaef1d0bc94e1ea3fad09"
}
}
Create Agent Group
Creates an agent group. | key: createAgentGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Name string / Required name | The name of the agent group. | My Agent Group |
Example Payload for Create Agent Group
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 0,
"agents_count": 0
}
}
Create User
Creates a new user. | key: createUser
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Email string email | The email address of the user. A valid email address must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. Administrators can create users with an email address that has a domain outside of the approved domains. | name@domain | |
Name string name | The name of the user (for example, first and last name). | John Doe | |
Password password / Required password | Passwords must be at least 12 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character symbol. | password | |
Permissions string / Required permissions | The user permissions as described in Permissions. See https://developer.tenable.com/reference/users-create for more information. | 16 | |
Username string / Required username | A valid username must be in the format, name@domain, where domain corresponds to a domain approved for your Tenable Vulnerability Management instance. | name@domain |
Example Payload for Create User
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Delete Agent Group
Deletes an agent group. | key: deleteAgentGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group ID string / Required groupId | The ID or UUID of the agent group to delete. | 123 |
Example Payload for Delete Agent Group
{
"data": {
"success": true
}
}
Delete Asset
Deletes the specified asset. | key: deleteAsset
Input | Default | Notes | Example |
---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Delete Asset
{
"data": {
"success": true
}
}
Delete Scanner
Deletes and unlinks a scanner from Tenable Vulnerability Management. | key: deleteScanner
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Scanner ID string / Required scannerId | The ID of the scanner. | 1 |
Example Payload for Delete Scanner
{
"data": {
"success": true
}
}
Delete User
Deletes a user. | key: deleteUser
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User ID string / Required userId | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
Example Payload for Delete User
{
"data": {
"success": true
}
}
Download Vulnerabilities
Downloads exported vulnerabilities as a JSON file. | key: downloadVulnerabilities
Input | Default | Notes | Example |
---|---|---|---|
Chunk ID string / Required chunkId | The ID of the chunk you want to export. | 1 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Export UUID string / Required exportUuid | The UUID of the vulnerability export request. | 123e4567-e89b-12d3-a456-426614174000 |
Example Payload for Download Vulnerabilities
{
"data": [
{
"asset": {
"bios_uuid": "1fa02642-5b8e-8f27-42a9-debde798d957",
"device_type": "general-purpose",
"fqdn": "sharepoint2016.target.example.com",
"hostname": "sharepoint2016",
"uuid": "53ed0fa2-ccd5-4d2e-92ee-c072635889e3",
"ipv4": "203.0.113.71",
"ipv6": "2001:db8:199e:6fb9:2edd:67f0:3f30:c7",
"last_authenticated_results": "2023-05-04T05:03:13.737Z",
"mac_address": "00:50:56:a6:22:93",
"netbios_name": "SHAREPOINT2016",
"operating_system": [
"Microsoft Windows Server 2016 Standard"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\n\n Produact : Microsoft SharePoint Enterprise Server 2016\n KB : 5002113\n - C:\\Program Files\\Microsoft Office Servers\\16.0\\bin\\ascalc.dll has not been patched.\n Remote version : 16.0.4342.1000\n Should be : 16.0.5266.1000\n\n",
"plugin": {
"bid": [
156641
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [
"cpe:/a:microsoft:sharepoint_server"
],
"cvss3_base_score": 8.8,
"cvss3_temporal_score": 7.7,
"cvss3_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:O/RC:C"
},
"cvss3_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"availability_impact": "High",
"confidentiality_impact": "High",
"integrity_impact": "High",
"raw": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"cvss_base_score": 9,
"cvss_temporal_score": 6.7,
"cvss_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:OF/RC:C"
},
"cvss_vector": {
"access_complexity": "Low",
"access_vector": "Network",
"authentication": "Single",
"availability_impact": "Complete",
"confidentiality_impact": "Complete",
"integrity_impact": "Complete",
"raw": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
},
"description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21837, CVE-2022-21840, CVE-2022-21842)",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploitability_ease": "No known exploits are available",
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "Windows : Microsoft Bulletins",
"family_id": 41,
"has_patch": true,
"id": 156641,
"in_the_news": false,
"ms_bulletin": [
"5002113"
],
"name": "Security Updates for Microsoft SharePoint Server 2016 (January 2022)",
"patch_publication_date": "2022-01-11T00:00:00Z",
"modification_date": "2022-05-06T00:00:00Z",
"publication_date": "2022-01-12T00:00:00Z",
"risk_factor": "high",
"see_also": [
"https://support.microsoft.com/en-us/help/5002113"
],
"solution": "Microsoft has released security update KB5002113 to address this issue.",
"stig_severity": "I",
"synopsis": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates.",
"unsupported_by_vendor": false,
"version": "1.6",
"vuln_publication_date": "2022-01-11T00:00:00Z",
"xrefs": [
{
"type": "CVE",
"id": "2022-21837"
},
{
"type": "CVE",
"id": "2022-21840"
},
{
"type": "CVE",
"id": "2022-21842"
},
{
"type": "IAVA",
"id": "2022-A-0007-S"
},
{
"type": "MSFT",
"id": "MS22-5002113"
},
{
"type": "MSKB",
"id": "5002113"
}
],
"vpr": {
"score": 6.7,
"drivers": {
"age_of_vuln": {
"lower_bound": 731
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": false,
"cvss3_impact_score": 5.9,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "LOW"
},
"updated": "2024-02-04T06:03:56Z"
},
"workaround": "F5 lists a workaround with instructions listed at https://my.f5.com/manage/s/article/K000137595 that can be achieved using the following steps:\n\n 1. Install the latest PI IM package\n 2. Disable signatures with excessive Total Hit Count value\n\n Note that Tenable always advises that you upgrade a system if possible, \n and all steps listed here are mitigation steps provided by F5. \n Tenable is not responsible for any negative effects that may occur from enacting this workaround.",
"workaround_type": "disable service",
"workaround_published": "2024-02-14T00:00:00Z",
"vendor_unpatched": true,
"has_workaround": true,
"cve": [
"CVE-2022-21837",
"CVE-2022-21840",
"CVE-2022-21842"
],
"type": "local"
},
"port": {
"port": 445,
"protocol": "TCP",
"service": "cifs"
},
"scan": {
"schedule_uuid": "461e4ebc-b309-face-6fa1-afa4ba163cb6d84b9dc0a0dc5020",
"started_at": "2023-05-03T14:14:02.387Z",
"uuid": "270b911b-1fe6-4760-8c49-88d315cb764e"
},
"severity": "high",
"severity_id": 3,
"severity_default_id": 3,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T19:18:10.472Z",
"last_found": "2023-05-04T05:03:13.737Z",
"state": "OPEN",
"indexed": "2023-05-04T05:13:40.809406Z",
"source": "NESSUS"
},
{
"asset": {
"device_type": "hypervisor",
"fqdn": "vcsa8.target.example.com",
"hostname": "vcsa8.target.example.com",
"uuid": "1babf006-b1f0-4dee-86a1-7a55888336c3",
"ipv4": "192.0.2.246",
"operating_system": [
"VMware vCenter Server 8.0.0 build-20037386"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": "\nThe following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:\n\n - https://vcsa8.target.example.com/\n - https://vcsa8.target.example.com/ui/\n",
"plugin": {
"bid": [
50344
],
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [],
"description": "The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.\n\nThe CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.",
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploited_by_malware": false,
"exploited_by_nessus": false,
"family": "CGI abuses",
"family_id": 3,
"has_patch": false,
"id": 50344,
"in_the_news": false,
"name": "Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header",
"modification_date": "2021-01-19T00:00:00Z",
"publication_date": "2010-10-26T00:00:00Z",
"risk_factor": "info",
"see_also": [
"http://www.nessus.org/u?55aa8f57",
"http://www.nessus.org/u?07cc2a06",
"https://content-security-policy.com/",
"https://www.w3.org/TR/CSP2/"
],
"solution": "Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.",
"synopsis": "The remote web server does not take steps to mitigate a class of web application vulnerabilities.",
"unsupported_by_vendor": false,
"version": "1.6",
"xrefs": [],
"type": "remote"
},
"port": {
"port": 443,
"protocol": "TCP",
"service": "www"
},
"scan": {
"schedule_uuid": "16cf08d3-3f94-79f4-8038-996376eabd4f186741fe15533e70",
"started_at": "2023-05-03T14:13:56.983Z",
"uuid": "e86252a3-8dc0-43b6-8ddd-afb219d040ed"
},
"severity": "info",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"first_found": "2022-11-08T06:12:27.940Z",
"last_found": "2023-05-04T09:39:26.415Z",
"state": "OPEN",
"indexed": "2023-05-04T09:44:55.673359Z",
"source": "NESSUS"
}
]
}
Export Assets
Exports all assets that match the request criteria. | key: exportAssets
Input | Default | Notes | Example |
---|---|---|---|
Chunk Size string / Required chunkSize | Specifies the number of assets per exported chunk. The range is 100-10000. | 100 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filters code filters | Specifies filters for exported assets. See https://developer.tenable.com/reference/exports-assets-request-export for more information. | ||
Include Open Ports boolean / Required includeOpenPorts | false | Specifies whether or not to include open port findings from info-level plugins. |
Example Payload for Export Assets
{
"data": {
"export_uuid": "60a26f04-c844-49a6-b67b-995a6ed79471"
}
}
Export Vulnerabilities
Exports vulnerabilities that match the request criteria. | key: exportVulnerabilities
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filters code filters | Specifies filters for exported vulnerabilities. See https://developer.tenable.com/reference/exports-vulns-request-export for more information. | ||
Include Unlicensed boolean includeUnlicensed | false | Specifies whether or not to include unlicensed assets. | |
Number of Assets string / Required numAssets | Specifies the number of assets used to chunk the vulnerabilities. | 50 |
Example Payload for Export Vulnerabilities
{
"data": {
"export_uuid": "bf765455-53aa-4e70-9ef3-87cfca1d2be0"
}
}
Get Agent
Returns the specified agent details for the specified scanner. | key: getAgent
Input | Default | Notes | Example |
---|---|---|---|
Agent ID string / Required agentId | The ID of the agent to query. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Get Agent
{
"data": {
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
}
}
Get Agent Group
Gets details for the agent group. | key: getAgentGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Group ID string / Required groupId | The ID or UUID of the agent group to query. | 123 | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for Get Agent Group
{
"data": {
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "Western Region",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 10621200,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 1,
"agents": [
{
"id": 9176838,
"uuid": "fdb1812c-2423-424d-9b67-5511e9bf0714",
"name": "my.new-hostname.server",
"platform": "LINUX",
"distro": "es8-x86-64",
"ip": "172.26.102.78",
"last_scanned": 1722961087,
"plugin_feed_id": "202408191220",
"core_build": "2391",
"core_version": "10.8.0",
"linked_on": 1722960266,
"last_connect": 1724170973,
"status": "off",
"groups": [
{
"name": "Western Region",
"id": 106592
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": false
}
],
"pagination": {
"total": 0,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
Get Asset
Returns details of the specified asset. | key: getAsset
Input | Default | Notes | Example |
---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Get Asset
{
"data": {
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
}
Get Asset Vulnerability Details
Retrieves the details for a vulnerability recorded on a specified asset. | key: getAssetVulnerabilityDetails
Input | Default | Notes | Example |
---|---|---|---|
Asset ID string / Required assetId | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | |
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Plugin ID string / Required pluginId | The ID of the plugin. | 12345 | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerability-info for more information. |
Example Payload for Get Asset Vulnerability Details
{
"data": {
"info": {
"count": 1,
"vuln_count": 1,
"description": "The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted.\n\nAn attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.",
"synopsis": "Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.",
"solution": "Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T17:15:52.000Z"
},
"severity": 3,
"plugin_details": {
"family": "Windows : Microsoft Bulletins",
"modification_date": "2016-12-31T00:00:00Z",
"name": "MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)",
"publication_date": "2011-12-31T00:00:00Z",
"type": "local",
"version": null,
"severity": 3
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
42811
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2010-3190"
]
},
{
"name": "iavb",
"values": [
"2011-B-0046"
]
},
{
"name": "msft",
"url": "http://technet.microsoft.com/en-us/security/bulletin/",
"values": [
"MS11-025"
]
},
{
"name": "osvdb",
"values": [
"67674"
]
},
{
"name": "secunia",
"url": "http://secunia.com/advisories/",
"values": [
"41212"
]
}
],
"risk_information": {
"risk_factor": "High",
"cvss_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_base_score": "9.3",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "7.7",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"[\"https://technet.microsoft.com/library/security/ms11-025\"]"
],
"vulnerability_information": {
"vulnerability_publication_date": "2010-12-31T00:00:00Z",
"exploited_by_malware": null,
"patch_publication_date": "2011-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": null,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": []
},
"vpr": {
"score": 5.9,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "MEDIUM"
},
"updated": "2019-12-31T10:08:58Z"
}
}
}
}
Get Plugin Details
Retrieves the details for a plugin. | key: getPluginDetails
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Plugin ID string / Required pluginId | The ID of the plugin. | 12345 | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-vulnerability-info for more information. |
Example Payload for Get Plugin Details
{
"data": {
"info": {
"count": 13,
"vuln_count": 14,
"description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.",
"synopsis": "The remote web server is affected by a remote code execution vulnerability.",
"solution": "Apply the referenced patch.",
"discovery": {
"seen_first": "2019-12-31T17:15:52.000Z",
"seen_last": "2019-12-31T22:53:45.000Z"
},
"severity": 4,
"plugin_details": {
"family": "CGI abuses",
"modification_date": "2017-12-31T00:00:00Z",
"name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)",
"publication_date": "2014-12-31T00:00:00Z",
"type": "remote",
"version": null,
"severity": 4
},
"reference_information": [
{
"name": "bid",
"url": "http://www.securityfocus.com/bid/",
"values": [
70103
]
},
{
"name": "cert",
"url": "http://www.kb.cert.org/vuls/id/",
"values": [
"252743"
]
},
{
"name": "cve",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=",
"values": [
"CVE-2014-6271"
]
},
{
"name": "edb-id",
"url": "http://www.exploit-db.com/exploits/",
"values": [
"34766",
"34777",
"34765"
]
},
{
"name": "iava",
"values": [
"2014-A-0142"
]
},
{
"name": "osvdb",
"values": [
"112004"
]
}
],
"risk_information": {
"risk_factor": "Critical",
"cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_base_score": "10.0",
"cvss_temporal_vector": "E:F/RL:OF/RC:ND",
"cvss_temporal_score": "8.3",
"cvss3_vector": null,
"cvss3_base_score": null,
"cvss3_temporal_vector": null,
"cvss3_temporal_score": null,
"stig_severity": null
},
"see_also": [
"http://seclists.org/oss-sec/2014/q3/650",
"http://www.nessus.org/u?dacf7829",
"https://www.invisiblethreat.ca/post/shellshock/"
],
"vulnerability_information": {
"vulnerability_publication_date": "2014-12-31T00:00:00Z",
"exploited_by_malware": true,
"patch_publication_date": "2014-12-31T00:00:00Z",
"exploit_available": true,
"exploitability_ease": null,
"asset_inventory": null,
"default_account": null,
"exploited_by_nessus": null,
"in_the_news": true,
"malware": null,
"unsupported_by_vendor": null,
"cpe": null,
"exploit_frameworks": [
{
"name": "Core Impact"
},
{
"name": "Metasploit",
"exploits": [
{
"name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)",
"url": null
}
]
}
]
},
"vpr": {
"score": 9.6,
"drivers": {
"age_of_vuln": {
"lower_bound": 731,
"upper_bound": 0
},
"exploit_code_maturity": "HIGH",
"cvss3_impact_score": 5.9,
"cvss_impact_score_predicted": true,
"threat_intensity_last28": "HIGH",
"threat_recency": {
"lower_bound": 0,
"upper_bound": 7
},
"threat_sources_last28": [
"Others",
"Mainstream Media",
"Code Repo and Paste Bins"
],
"product_coverage": "LOW"
},
"updated": "2019-12-31T10:10:57Z"
}
}
}
}
Get Scanner
Returns details for the specified scanner. | key: getScanner
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Scanner ID string / Required scannerId | The ID of the scanner. | 1 |
Example Payload for Get Scanner
{
"data": {
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
}
}
Get User
Returns details for a specific user. | key: getUser
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User ID string / Required userId | The UUID (uuid) or unique ID (id) of the user. | 60f73e4f-8983-41c2-a13c-39074cbb6229 |
Example Payload for Get User
{
"data": {
"uuid": "d748ab37-f2cf-461c-8648-a8328c0f483e",
"id": 5,
"user_name": "user2@example.com",
"username": "user4@api.demo",
"email": "user2@example.com",
"name": "Test User",
"type": "local",
"aggregate": true,
"container_uuid": "f8973c82-01a7-4aee-9754-4a61e3b3e70e",
"permissions": 32,
"login_fail_count": 0,
"login_fail_total": 0,
"enabled": true,
"lockout": 0,
"uuid_id": "d748ab37-f2cf-461c-8648-a8328c0f483e"
}
}
Import Assets
Imports asset data in JSON format. | key: importAssets
Input | Default | Notes | Example |
---|---|---|---|
Asset Objects code / Required assetObjects | An array of asset objects to import. Each asset object requires a value for at least one of the following properties: fqdn, ipv4, netbios_name, mac_address. See https://developer.tenable.com/reference/assets-import for more information. | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Source string / Required importSource | A user-defined name for the source of the import. | Example Import |
Example Payload for Import Assets
{
"data": {
"asset_import_job_uuid": "467e5338-7783-4a0d-915a-5d00584784a0"
}
}
Import Vulnerabilities
Imports a list of vulnerabilities in JSON format. | key: importVulnerabilities
Input | Default | Notes | Example |
---|---|---|---|
Assets code / Required assets | An array of asset objects with vulnerabilities information. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | ||
Connection connection / Required connection | |||
Coverage code coverage | The coverage object. See https://developer.tenable.com/reference/vulnerabilities-import-v2 for more information. | ||
Data Type string / Required dataType | The type of scan that identified the vulnerabilities. | vm | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Product string / Required product | The name of the product from the vendor. | Security Center | |
Source string / Required source | A unique string value used to track the set of assets and vulnerabilities. | scan_uuid:scan_chunk_uuid | |
Vendor string / Required vendor | The company that owns the product that is the source of the vulnerability data. | tenable |
Example Payload for Import Vulnerabilities
{
"data": {
"job_uuid": ""
}
}
List Agent Groups
Retrieves a list of agent groups. | key: listAgentGroups
Input | Default | Notes |
---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Agent Groups
{
"data": {
"groups": [
{
"id": 106592,
"uuid": "9bd87b50-7349-4a52-8a41-573b9a4b9bb6",
"name": "slibs",
"creation_date": 1544455100,
"last_modification_date": 1544455100,
"timestamp": 1544455100,
"shared": 1,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "1bd703af-b2aa-4a82-ad8d-b883381a873f",
"user_permissions": 128,
"agents_count": 0
}
]
}
}
List Agents
Returns a list of agents for the specified scanner. | key: listAgents
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for List Agents
{
"data": {
"agents": [
{
"id": 9176838,
"uuid": "655993d5-c131-46e8-a82f-957f6f894cac",
"name": "GRD-LPTP",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.57",
"last_scanned": 1515620036,
"plugin_feed_id": "201801081515",
"core_build": "106",
"core_version": "7.0.0",
"linked_on": 1456775443,
"last_connect": 1515674073,
"status": "off",
"groups": [
{
"name": "CodyAgents",
"id": 8
},
{
"name": "Agent Group A",
"id": 3316
}
],
"supports_remote_logs": false,
"network_uuid": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"profile_uuid": "00000000-0000-0000-0000-000000000000",
"profile_name": "Default",
"supports_remote_settings": true,
"health": 0,
"health_state_name": "HEALTHY",
"fredi_status": true
},
{
"id": 14569,
"uuid": "72ac6ad1-fc86-4af4-be0c-0ff3bfbfb242",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329832,
"last_connect": 1526565530,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "da1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 10,
"health_state_name": "WARNING",
"fredi_status": true
},
{
"id": 14570,
"uuid": "938cb466-06ea-477e-abb0-99d8da0e0f20",
"name": "example.com",
"platform": "LINUX",
"distro": "es7-x86-64",
"ip": "192.0.2.57",
"plugin_feed_id": "201805161620",
"core_build": "13",
"core_version": "7.0.3",
"linked_on": 1508329886,
"last_connect": 1526565624,
"status": "off",
"groups": [
{
"name": "SC Research",
"id": 1167
}
],
"asset_uuid": "b23a9cf3-23a2-45ab-b99d-9a15000451c5",
"health": 20,
"health_state_name": "CRITICAL",
"fredi_status": true
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Agents By Group
Returns a list of agents for the specified agent group. | key: listAgentsByGroup
Input | Default | Notes | Example |
---|---|---|---|
Agent Group ID string / Required agentGroupId | The ID of the agent group to query for agents. | 123 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Filter string f | Apply a filter in the format ::. For example, field1:match:sometext would match any records where the value of field1 contains sometext. You can use multiple query filters. | field1:match:sometext | |
Filter Type string ft | If the filter type is 'and', the record is only returned if all filters match. If the filter type is 'or', the record is returned if any of the filters match. | and | |
Get All boolean getAll | true | If true, all results will be returned (Offset and Limit will be ignored). If false, limit and offset will be used. | |
Limit string limit | The number of records to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 50. | 50 | |
Offset string offset | The starting record to retrieve. If this parameter is omitted, Tenable Vulnerability Management uses the default value of 0. | 0 | |
Sort string sort | The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). | name:desc | |
Wildcard Filter Text string w | Wildcard search is a mechanism where multiple fields of a record are filtered against one specific filter string. If any one of the Wildcard Fields values matches against the filter string, then the record matches the wildcard filter. For a record to be returned, it must pass the wildcard filter (if there is one) AND the set of standard filters. | wild | |
Wildcard Fields string wf | A comma-delimited subset of Wildcard Fields to search when applying the wildcard filter. If Wildcard Filter Text is provided, but Wildcard Fields is not, then all 'wildcard_fields' values are searched against the wildcard filter text. | field1,field2 |
Example Payload for List Agents By Group
{
"data": {
"agents": [
{
"id": 20,
"uuid": "96efbd47-9d96-443f-be29-2ac723dde270",
"name": "Codys-MacBook-Pro.local",
"platform": "DARWIN",
"distro": "macosx",
"ip": "10.31.100.110",
"last_scanned": 1545272687,
"plugin_feed_id": "201812281741",
"core_build": "1",
"core_version": "7.2.1",
"linked_on": 1452106253,
"last_connect": 1546264939,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3315
}
],
"supports_remote_logs": false,
"asset_uuid": "5d1a9cf3-33a2-45ae-b99d-9a15000451e1",
"health": 0,
"health_state_name": "HEALTHY",
"health_events": [
{
"identifier": 201,
"state": 0,
"state_time": 1722960875000,
"details": "Plugin update was successful.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_UPDATE"
},
{
"identifier": 200,
"state": 0,
"state_time": 1722960320000,
"details": "Nessus Agent plugin disk usage is normal.",
"muted": false,
"state_name": "HEALTHY",
"identifier_name": "PLUGIN_DISK_USAGE"
}
]
},
{
"id": 65,
"uuid": "7d14d098-2c60-403a-a1d0-8bce78e27f867b06b5e32a5e47a1",
"name": "DC02",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "10.31.114.10",
"last_scanned": 1478743235,
"plugin_feed_id": "0",
"linked_on": 1453821446,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group B",
"id": 31
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "ba4a9cf3-33a2-45ae-b99d-9a1500045345"
},
{
"id": 643,
"uuid": "d59d1f5b-f775-4061-9e36-fae22ab7518f2596d192e3cf57f8",
"name": "DESKTOP-PSNDJQ6",
"platform": "WINDOWS",
"distro": "win-x86-64",
"ip": "192.0.2.3",
"last_scanned": 1477011651,
"plugin_feed_id": "0",
"linked_on": 1468619962,
"status": "off",
"groups": [
{
"name": "Agent Group A",
"id": 8
},
{
"name": "Agent Group C",
"id": 3316
}
],
"supports_remote_logs": false,
"asset_uuid": "321a9cf3-33a2-45ae-b99d-9a1500045444"
}
],
"pagination": {
"total": 3,
"limit": 50,
"offset": 0,
"sort": [
{
"name": "name",
"order": "asc"
}
]
}
}
}
List Asset Tags
Returns a list of assigned tags for the specified asset UUID. | key: listAssetTags
Input | Default | Notes | Example |
---|---|---|---|
Asset UUID string / Required assetUuid | The UUID of the asset. | 123e4567-e89b-12d3-a456-426614174000 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Asset Tags
{
"data": {
"tags": [
{
"value_uuid": "173c3f3c-cb25-4f35-97e8-26b83f50c38d",
"category_name": "location",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "Chicago",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "e50a526c-966f-4b80-a641-6dd359b8202e"
},
{
"value_uuid": "6c25f771-61b6-412d-8e10-1778203f14c8",
"category_name": "threat",
"asset_uuid": "c712813b-ce97-4d48-b9f2-b51bfa636dd7",
"created_at": "2018-12-31T16:29:40.606Z",
"source": "static",
"value": "wannacry",
"created_by": "8ba8728a-04c8-4694-bdb3-c94e04ba3ccf",
"category_uuid": "c9f13d31-e9f7-40e6-9830-3c770e800675"
}
]
}
}
List Asset Vulnerabilities
Retrieves a list of the vulnerabilities recorded for a specified asset. | key: listAssetVulnerabilities
Input | Default | Notes | Example |
---|---|---|---|
Asset ID string / Required assetId | The UUID of the asset. | 116af8c3-969d-4621-9f9f-364eeb58e3a7 | |
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-asset-vulnerabilities for more information. |
Example Payload for List Asset Vulnerabilities
{
"data": {
"vulnerabilities": [
{
"count": 55,
"plugin_family": "Port scanners",
"plugin_id": 34220,
"plugin_name": "Netstat Portscanner (WMI)",
"vulnerability_state": "Active",
"vpr_score": 2.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 55,
"value": 0
}
],
"severity": 0
},
{
"count": 54,
"plugin_family": "Windows",
"plugin_id": 34252,
"plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)",
"vulnerability_state": "Active",
"vpr_score": 6.3,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 54,
"value": 0
}
],
"severity": 0
},
{
"count": 21,
"plugin_family": "Service detection",
"plugin_id": 22964,
"plugin_name": "Service Detection",
"vulnerability_state": "Active",
"vpr_score": 4.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 21,
"value": 0
}
],
"severity": 0
},
{
"count": 18,
"plugin_family": "Web Servers",
"plugin_id": 24260,
"plugin_name": "HyperText Transfer Protocol (HTTP) Information",
"vulnerability_state": "Active",
"vpr_score": 5.5,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 18,
"value": 0
}
],
"severity": 0
}
],
"total_vulnerability_count": 3,
"total_asset_count": 0
}
}
List Assets
Lists up to 5,000 assets. | key: listAssets
Input | Default | Notes |
---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Assets
{
"data": {
"assets": [
{
"id": "116af8c3-969d-4621-9f9f-364eeb58e3a7",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.57",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T15:00:57.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"acr_score": 8,
"acr_drivers": [
{
"driver_name": "device_type",
"driver_value": [
"general_purpose"
]
},
{
"driver_name": "device_capability",
"driver_value": [
"pci"
]
},
{
"driver_name": "internet_exposure",
"driver_value": [
"internal"
]
}
],
"exposure_score": 753,
"scan_frequency": [
{
"interval": 90,
"frequency": 3,
"licensed": false
},
{
"interval": 30,
"frequency": 1,
"licensed": false
},
{
"interval": 60,
"frequency": 1,
"licensed": false
}
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"example.com"
],
"operating_system": [
"Linux Kernel 3.10.0-862.14.4.el7.x86_64 on CentOS Linux release 7.5.1804 (Core)"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "700a652e-9922-45cd-a6b7-3611c0e1601c",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.58",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.58"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"scanner"
],
"operating_system": [
"Linux Kernel 4.4.0-104-generic on Ubuntu 16.04"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "dc3fdd75-3a01-4277-9ecd-903a80e08332",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.59",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.59"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"SHANE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
},
{
"id": "47351ecd-cbae-4576-9740-ff1b4eb88177",
"has_agent": false,
"last_seen": "2018-12-31T15:00:57.000Z",
"last_scan_target": "192.0.2.60",
"sources": [
{
"name": "NESSUS_SCAN",
"first_seen": "2018-12-31T14:59:23.000Z",
"last_seen": "2018-12-31T15:00:57.000Z"
}
],
"ipv4": [
"192.0.2.60"
],
"ipv6": [],
"fqdn": [
"example.com"
],
"netbios_name": [
"ARCHIE"
],
"operating_system": [
"Microsoft Windows 10 Pro"
],
"agent_name": [],
"aws_ec2_name": [],
"mac_address": []
}
],
"total": 4
}
}
List Assets with Vulnerabilities
Returns a list of assets with vulnerabilities. | key: listAssetsWithVulnerabilities
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Date Range string dateRange | The number of days of data prior to and including today that should be returned. | 30 | |
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Query Param Filters code queryParamFilters | Filters to apply in JSON format. See https://developer.tenable.com/reference/workbenches-assets-vulnerabilities for more information. |
Example Payload for List Assets with Vulnerabilities
{
"data": {
"assets": [
{
"id": "b822ac94-663b-4f85-bd8c-fd1310ccff44",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 1,
"level": 1,
"name": "Low"
},
{
"count": 0,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "1519f45c-b99b-4626-9818-dca849c4e364",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
},
{
"id": "6417b14b-8a28-41c7-b276-7bca6f069949",
"severities": [
{
"count": 0,
"level": 0,
"name": "Info"
},
{
"count": 0,
"level": 1,
"name": "Low"
},
{
"count": 1,
"level": 2,
"name": "Medium"
},
{
"count": 0,
"level": 3,
"name": "High"
},
{
"count": 0,
"level": 4,
"name": "Critical"
}
],
"total": 1,
"fqdn": [
"example.com"
],
"ipv4": [
"192.0.2.57"
],
"ipv6": [],
"last_seen": "2018-12-31T17:28:28.000Z",
"netbios_name": [],
"agent_name": []
}
],
"total_asset_count": 3
}
}
List Scanners
Returns the scanner list. | key: listScanners
Input | Default | Notes |
---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for List Scanners
{
"data": {
"scanners": [
{
"creation_date": 1500743403,
"group": true,
"id": 120958,
"key": "fd16fc0278c4222feb0697045cd8f0358449acc6ca3130aa63a09d5acb1dd78f",
"last_connect": null,
"last_modification_date": 1500743403,
"license": {
"activation_code": "448U-ABCD-1234",
"agents": -1,
"ips": 500,
"scanners": -1,
"users": -1,
"enterprise_pause": false,
"expiration_date": 1614038400,
"evaluation": false,
"apps": {
"consec": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C82J-ABCD-1234",
"max_gb": "1"
},
"was": {
"mode": "standard",
"expiration_date": 1613970000,
"activation_code": "C99G-ABCD-1234",
"web_assets": "10"
}
},
"scanners_used": 1,
"agents_used": 0
},
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1500743403,
"type": "local",
"user_permissions": 64,
"uuid": "26e9266b-d42e-4f77-877f-3164bce652c4db3eac57471272de",
"supports_remote_logs": false
},
{
"creation_date": 1559325208,
"group": true,
"id": 236329,
"key": "6dec14cb6d33bce4173b8bd0a022400e306629ddca7951bebe4252a6973c16ce",
"last_connect": null,
"last_modification_date": 1559325208,
"linked": 1,
"name": "US Cloud Scanner",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",
"status": "on",
"timestamp": 1559325208,
"type": "pool",
"user_permissions": 128,
"uuid": "00000000-0000-0000-0000-00000000000000000000000000001",
"supports_remote_logs": false
},
{
"creation_date": 1561584499,
"group": true,
"id": 236911,
"key": "68a3829fe2ce4d9ee6ab053691c7b9114cab6148294b12489bbcc0db54c6c109",
"last_connect": null,
"last_modification_date": 1561584499,
"linked": 1,
"name": "US West Cloud Scanners",
"network_name": "Default",
"num_scans": 0,
"owner": "system",
"owner_id": 1,
"owner_name": "system",
"owner_uuid": "564bc2ce-4dae-4285-aade-2b744697d9aa",
"pool": true,
"scan_count": 0,
"shared": 1,
"source": "service",