Tenable Vulnerability Management

the tenable vulnerability management connector facilitates seamless integration with swimlane turbine, enabling automated vulnerability assessment and prioritization tenable vulnerability management is a comprehensive solution for identifying, investigating, and prioritizing vulnerabilities within your it environment this connector enables swimlane turbine users to integrate tenable's powerful scanning and reporting capabilities directly into their security workflows by leveraging this integration, users can automate vulnerability assessments, streamline remediation processes, and enhance their overall security posture with minimal manual intervention prerequisites to effectively utilize the tenable vulnerability management connector with swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url endpoint for tenable api access access key unique identifier for api authentication secret key confidential key paired with the access key for secure api calls capabilities this connector provides the following capabilities check scan export status create report create scan download assets chunk download exported scan download report download vulnerabilities chunk export assets information export scan export vulnerabilities get asset details get assets export status get folders list get host details from scan get plugin details and so on asset setup the asset for this connector requires the following inputs access key secret key for more information on how to get these keys, see generate api key https //docs tenable com/tenableio/content/settings/generateapikey htm for more information on workbench filters, see workbench filters https //developer tenable com/docs/workbench filters api specific links list assets https //developer tenable com/reference/assets list assetsget asset details https //developer tenable com/reference/assets asset infoexport assets information https //developer tenable com/reference/exports assets request exportget assets export status https //developer tenable com/reference/exports assets export statusdownload assets chunk https //developer tenable com/reference/exports assets download chunkget scans list https //developer tenable com/reference/scans listlaunch scan https //developer tenable com/reference/scans launchget scan details https //developer tenable com/reference/scans detailsget scan status https //developer tenable com/reference/scans get latest statusexport scan https //developer tenable com/reference/scans export requestcheck scan export status https //developer tenable com/reference/scans export statusdownload exported scan https //developer tenable com/reference/scans export downloadcreate scan https //developer tenable com/reference/scans createget host details from scan https //developer tenable com/reference/scans host detailsget vulnerabilities https //developer tenable com/reference/exports vulns request export and so on configurations tenable io api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required access key access key generated by tenable io api string required secret key secret key generated by tenable io api string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions check scan export status checks the export status of a scan in tenable vulnerability management using scan id and file id endpoint url scans/{{scan id}}/export/{{file id}}/status method get input argument name type required description scan id string required the unique identifier for the scan this identifier can be either the scans schedule uuid or the scans id attribute in the response message from the get /scans endpoint tenable recommends that you use scans schedule uuid file id string required the id of the file to poll (included in response from /scans/{scan id}/export) output parameter type description status code number http status code of the response reason string response reason phrase status string status value example \[ { "status code" 200, "response headers" { "date" "tue, 23 jan 2024 17 46 30 gmt", "content type" "application/json; charset=utf 8", "content length" "18", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "access control allow origin" " ", "x request uuid" "a5a1cbd867e14f708e21002adc786a9b", "access control allow headers" "accept, content type, authorization, x request uuid, x client id, x session uuid ", "access control allow methods" "get, post, delete, put", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no cache", "accept ranges" "bytes" }, "reason" "ok", "json body" { "status" "ready" } } ] create report generates a detailed pdf report in tenable vulnerability management using a specified template endpoint url reports/export method post input argument name type required description name string optional a name for the report if this parameter is omitted, tenable vulnerability management uses the default name vulnerabilities export report with a timestamp in iso 8601 format appended to the end to create a unique name for example, vulnerabilities export report 2023 11 30t00 23 13 199227748z template name string required the type of template to use for the report host vulns summary—an executive summary report that provides operations teams a snapshot of risk based on vulnerable assets host vulns by plugins—a report that provides a summary of the plugins that detected vulnerabilities on affected assets plugins are sorted by severity and the assets are sorted by the asset criticality rating (acr) host vulns by assets—a summary of the most vulnerable assets filters array optional a set of filters to apply to the report filters can be used to narrow the vulnerabilities or assets included in the report property string required the property to filter the results by operator string required the comparison operator to apply to the filter for example, eq, neq, gt, etc value array required the value to compare the given property to using the specified operator some properties can only be compared to a specific set of values output parameter type description status code number http status code of the response reason string response reason phrase uuid string unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 03 feb 2025 06 56 46 gmt", "content type" "application/json; charset=utf 8", "content length" "47", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "757c9907169d14fb9538ff049c8f36e8", "vary" "origin", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin", "cache control" "no store", "x gateway site id" "service nginx router ap south 1 prod 7dfccb8dd9 rrpww" }, "reason" "ok", "json body" { "uuid" "4e461c25 600f 4e0a 8735 df85513d6c81" } } ] create scan initiates a new scan in tenable vulnerability management with specific 'uuid' and 'settings' endpoint url scans method post input argument name type required description uuid string required the uuid for the tenable provided scan template to use use the get /editor/scan/templates endpoint to find the template uuid settings object required parameter for create scan name string required the name of the scan description string optional the description of the scan policy id number optional the unique id of the policy to use to create the scan use the get /policies endpoint to find the policy id folder id number optional the unique id of the folder where you want to store the scan use the get /folders endpoint to find the folder id scanner id string optional the unique id of the scanner to use use the get /scanners endpoint to find the scanner id target network uuid string optional the target network uuid this field is required if the scanner id parameter is auto routed enabled boolean required if true, the schedule for the scan is enabled launch string optional when to launch the scan possible values are on demand, daily, weekly, monthly, yearly scan time window number optional for nessus agent scans, scan time window is the time frame, in minutes, during which agents must transmit scan results to tenable io in order to be included in dashboards and reports if your request omits this parameter, the default value is 180 minutes for nessus scanner scans, scan time window is the time frame, in minutes, after which the scan will automatically stop if your request omits this parameter, the default value is 0 and the scan will not stop after a certain time frame starttime string optional for one time scans, the starting time and date for the scan for recurrent scans, the first date on which the scan schedule is active and the time that recurring scans launch based on the rrules parameter rrules string optional the interval at which the scan repeats the interval is formatted as a string of three values delimited by semi colons these values are the frequency (freq=onetime or daily or weekly or monthly or yearly), the interval (interval=1 or 2 or 3 x), and the days of the week (byday=su,mo,tu,we,th,fr,sa) timezone string optional the timezone of the scheduled start time for the scan (as specified in the starttime parameter) text targets string optional the list of targets to scan target groups array optional an array of target group ids to scan file targets string optional the name of a file containing the list of targets to scan tag targets array optional the list of asset tag identifiers that the scan uses to determine which assets it evaluates host tagging string optional creates a unique identifier on hosts scanned using credentials agent group id array optional an array of agent group uuids to scan required if the scan is an agent scan agent scan launch type string optional indicates whether an agent scan should use the scan window (scheduled) or rule based (triggered) method for scan launches triggers array optional describes the scan triggers used when agent scan launch type is set to triggered type string optional the type of scan launch trigger (periodic or file exists) options object optional it can be either periodic hourly interval or filename parameter depends on the type of scan emails string optional a comma separated list of accounts that receive the email summary report output parameter type description status code number http status code of the response reason string response reason phrase scan object output field scan tag type object type of the resource container id string unique identifier owner uuid string unique identifier uuid string unique identifier name string name of the resource description object output field description policy id number unique identifier scanner id object unique identifier scanner uuid string unique identifier emails object output field emails sms string output field sms enabled boolean output field enabled include aggregate boolean output field include aggregate scan time window object output field scan time window custom targets string output field custom targets target network uuid object unique identifier auto routed number output field auto routed remediation number output field remediation version number output field version triggers object output field triggers reporting mode object output field reporting mode interval type object type of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "scan" {} } } ] download assets chunk downloads a specified chunk of exported assets from tenable vulnerability management using export uuid and chunk id endpoint url assets/export/{{export uuid}}/chunks/{{chunk id}} method get input argument name type required description export uuid string required the uuid of the export request chunk id number required the id of the asset chunk you want to export output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 07 31 50 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin,accept encoding", "cache control" "no store", "content encoding" "gzip", "x request uuid" "10b5fcc99897f990a87048fcbcaa9d01", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c jrc4c", "pragma" "no cache" }, "reason" "ok", "json body" \[ {} ] } ] download exported scan retrieve a previously exported scan report from tenable vulnerability management using the provided scan and file ids endpoint url scans/{{scan id}}/export/{{file id}}/download method get input argument name type required description scan id string required the unique identifier for the exported scan you want to download this identifier can be either the scans schedule uuid or the scans id attribute in the response message from the get /scans endpoint tenable recommends that you use scans schedule uuid file id string required the id of the file to download (included in response from /scans/{scan id}/export) headers object required http headers for the request accept string required parameter for download exported scan output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "response text" "string" } ] download report downloads a specified pdf report from tenable vulnerability management using the report's unique identifier endpoint url reports/export/{{report uuid}}/download method get input argument name type required description headers object optional http headers for the request accept string required the content type to accept report uuid string required the uuid of the report to download output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "file" { "file" "string", "file name" "example name" } } ] download vulnerabilities chunk downloads a specified chunk of exported vulnerabilities from tenable using export uuid and chunk id, returning a json file endpoint url vulns/export/{{export uuid}}/chunks/{{chunk id}} method get input argument name type required description export uuid string required the uuid of the vulnerability export request chunk id number required the id of the chunk you want to export headers object required http headers for the request accept string required parameter for download vulnerabilities chunk output parameter type description status code number http status code of the response reason string response reason phrase asset object output field asset fqdn string output field fqdn hostname string name of the resource uuid string unique identifier ipv4 string output field ipv4 operating system array output field operating system network id string unique identifier tracked boolean output field tracked output string output field output plugin object output field plugin cve array output field cve cvss base score number score value cvss temporal score number score value cvss temporal vector object output field cvss temporal vector exploitability string output field exploitability remediation level string output field remediation level report confidence string unique identifier raw string output field raw cvss vector object output field cvss vector access complexity string output field access complexity access vector string output field access vector authentication string output field authentication confidentiality impact string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 07 30 09 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "b98b82f6c11f66104d7354c69c68bbad", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c bzm4m", "pragma" "no cache", "expect ct" "enforce, max age=86400" }, "reason" "ok", "json body" { "asset" {}, "output" "the observed version of google chrome is \n chrome/21 0 1180 90", "plugin" {}, "port" {}, "scan" {}, "severity" "high", "severity id" 3, "severity default id" 3, "severity modification type" "none", "first found" "2018 12 31t20 59 47z", "last found" "2018 12 31t20 59 47z", "indexed at" "1590006395", "state" "open" } } ] export assets information exports asset data from tenable vulnerability management based on criteria, with a specified chunk size for the output endpoint url assets/export method post input argument name type required description chunk size number required specifies the number of assets per exported chunk include open ports boolean optional specifies whether or not to include open port findings from info level plugins if this parameter is omitted, tenable vulnerability management uses a default value of false filters object optional specifies filters for exported assets created at number optional returns all assets created later than the date specified the specified date must be in the unix timestamp format updated at number optional returns all assets updated later than the date specified the specified date must be in the unix timestamp format terminated at number optional returns all assets terminated later than the date specified the specified date must be in the unix timestamp format is terminated boolean optional when set to true, returns assets which have any value for the terminated at attribute deleted at number optional returns all assets deleted later than the date specified the specified date must in the unix timestamp format is deleted boolean optional when set to true, returns assets which have any value for the deleted at attribute is licensed boolean optional specifies whether the asset is included in the asset count for the tenable vulnerability management instance if true, tenable vulnerability management returns only licensed assets if false, tenable vulnerability management returns only unlicensed assets first scan time number optional returns all assets with a first scan time later than the date specified the specified date must be in the unix timestamp format last authenticated scan time number optional returns all assets with a last credentialed scan time later than the date specified the specified date must be in the unix timestamp format last assessed number optional returns all assets with a last assessed time later than the date specified servicenow sysid boolean optional if true, returns all assets that have a servicenow sys id, regardless of value if false, returns all assets that do not have a servicenow sys id sources array optional returns assets that have the specified asset source commonly used names include aws, nessus agent, pvs, nessus scan and was has plugin results boolean optional filter by whether or not the asset has plugin results associated with it if true, tenable vulnerability management returns all assets that have plugin results network id string optional the id of the network object associated with scanners that identified the assets you want to export last scan id string optional returns all assets that were last scanned by the specified scan configuration uuid output parameter type description status code number http status code of the response reason string response reason phrase export uuid string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 07 26 12 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "61c516579cc87225ca80e92cbcf97211", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c f56v8", "pragma" "no cache", "expect ct" "enforce, max age=86400" }, "reason" "ok", "json body" { "export uuid" "88484809 f575 441e b7c2 553d44ec4490" } } ] export scan exports a specified scan's results from tenable vulnerability management, requiring the scan id and output format endpoint url scans/{{scan id}}/export method post input argument name type required description scan id string required the identifier for the scan you want to export this identifier can be either the scans schedule uuid or the scans id attribute in the response message from the get /scans endpoint tenable recommends that you use scans schedule uuid history id number optional the unique identifier of the historical data that you want tenable io to export this identifier corresponds to the history id attribute of the response message from the get /scans/{scan id}/history endpoint history uuid string optional the uuid of the historical data that you want tenable io to return this identifier corresponds to the history scan uuid attribute of the response message from the get /scans/{scan id}/history endpoint format string required the file format to use (nessus, html, pdf, or csv) chapters string optional the chapters to include in the export this parameter accepts a semi colon delimited string comprised of some combination of the following options (vuln hosts summary, vuln by host, compliance exec, remediations, vuln by plugin, compliance) asset id string optional the id of the asset scanned output parameter type description status code number http status code of the response reason string response reason phrase file string output field file example \[ { "status code" 200, "response headers" { "date" "tue, 23 jan 2024 17 44 45 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "vary" "origin", "cache control" "no cache", "x request uuid" "3b4df445cf8b2d6f75e7f0c690bac8f1", "x xss protection" "1; mode=block", "x frame options" "deny", "strict transport security" "max age=63072000; includesubdomains", "x content type options" "nosniff", "x gateway site id" "service nginx router ap south 1 prod dc984846c qjj2w", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=81kwazs1p5ygy " }, "reason" "ok", "json body" { "file" "sse 3f06e801 0175 3e55 1dbd 0cefdfa31565bf36d8be25b21d01 csv" } } ] export vulnerabilities exports a list of vulnerabilities from tenable based on specified criteria, with the option to define the number of assets endpoint url vulns/export method post input argument name type required description num assets number required specifies the number of assets used to chunk the vulnerabilities include unlicensed boolean optional specifies whether or not to include unlicensed assets the default is false when no parameter is specified filters object optional specifies filters for exported vulnerabilities cidr range string optional restricts search for vulnerabilities to assets assigned an ip address within the specified cidr range first found number optional returns vulnerabilities that were first found between the specified date and now the date must be specified in unix 10 digit time format (seconds) indexed at number optional returns vulnerabilities that were indexed into tenable vulnerability management at the specified date the date must be specified in unix 10 digit time format (seconds) last fixed number optional returns vulnerabilities that were fixed between the specified date and now the date must be specified in unix 10 digit time format (seconds) last found number optional returns vulnerabilities that were last found between the specified date and now the date must be specified in unix 10 digit time format (seconds) since number optional the start date for the range of data you want to export the date must be specified in unix 10 digit time format (seconds) network id string optional the id of the network object associated with scanners that detected the vulnerabilities you want to export plugin family array optional a list of plugin families for which you want to filter the vulnerabilities returned in the vulnerability export for a list of supported plugin family values, use the get /plugins/families endpoint plugin id array optional a list of plugin ids for which you want to filter the vulnerabilities returned in the vulnerability export plugin type string optional the plugin type for which you want to filter the vulnerabilities returned in the vulnerability export for example, remote, local, combined, etc scan uuid string optional the uuid of the scan for which you want to filter vulnerabilities returned in the vulnerability export severity array optional the severity of the vulnerabilities to include in the export defaults to all severity levels supported array values are info, low, medium, high and critical severity modification type array optional returns vulnerabilities with the specified severity modification type this filter can be used to return vulnerabilities with a modified severity due to a recast or accept rule supported case sensitive values are none, recasted and accepted state array optional the state of the vulnerabilities you want the export to include supported, case insensitive values are open(the vulnerability is currently present on a host), reopened(the vulnerability was previously marked as fixed on a host, but has returned) and fixed(the vulnerability was present on a host, but is no longer detected) source array optional returns vulnerabilities identified by the specified source a source is the entity that reported the vulnerability details vpr score object optional returns vulnerabilities with the specified vulnerability priority rating (vpr) score or scores eq array optional returns vulnerabilities with a vpr equal to the specified score or scores this property cannot be combined with the following range operators lt, gt, lte, or gte neq array optional returns vulnerabilities with a vpr not equal to the specified score or scores this property can be combined with the eq property gt number optional returns vulnerabilities with a vpr greater than the specified score this property cannot be combined with the eq property gte number optional returns vulnerabilities with a vpr greater than or equal to the specified score this property cannot be combined with the eq property lt number optional returns vulnerabilities with a vpr lesser than the specified score this property cannot be combined with the eq property lte number optional returns vulnerabilities with a vpr lesser than or equal to the specified score this property cannot be combined with the eq property output parameter type description status code number http status code of the response reason string response reason phrase export uuid string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 09 24 15 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "x request uuid" "9c71f6b38d372df7fb607052dc20705d", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c bzm4m", "pragma" "no cache", "expect ct" "enforce, max age=86400" }, "reason" "ok", "json body" { "export uuid" "a7cee931 f7c4 408d be1e a6da3964a639" } } ] get asset details retrieve detailed information for a specified asset using its unique identifier (uuid) in tenable vulnerability management endpoint url assets/{{asset uuid}} method get input argument name type required description asset uuid string required the uuid of the asset output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier has agent boolean output field has agent created at string output field created at updated at string output field updated at terminated at object output field terminated at deleted at object output field deleted at first seen string output field first seen last seen string output field last seen last scan target string output field last scan target last authenticated scan date object date value last licensed scan date string date value last scan id string unique identifier last schedule id string unique identifier sources array output field sources name string name of the resource first seen string output field first seen last seen string output field last seen tags array output field tags acr score object score value acr drivers array output field acr drivers driver name string name of the resource driver value array value for the parameter exposure score object score value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "id" "12345678 1234 1234 1234 123456789abc", "has agent" true, "created at" "string", "updated at" "string", "terminated at" {}, "deleted at" {}, "first seen" "string", "last seen" "string", "last scan target" "string", "last authenticated scan date" {}, "last licensed scan date" "string", "last scan id" "string", "last schedule id" "string", "sources" \[], "tags" \[] } } ] get assets export status retrieve the status of a tenable asset export request using the specified export uuid endpoint url assets/export/{{export uuid}}/status method get input argument name type required description export uuid string required the uuid for the export request output parameter type description status code number http status code of the response reason string response reason phrase status string status value chunks available array output field chunks available example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 07 27 55 gmt", "content type" "application/json;charset=utf 8", "content length" "43", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "22a7d1c4b1e0fbc505397c99b24660f7", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "accept ranges" "bytes", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c f56v8", "pragma" "no cache" }, "reason" "ok", "json body" { "status" "finished", "chunks available" \[] } } ] get folders list retrieve a comprehensive list of default and user created folders from tenable vulnerability management endpoint url folders method get output parameter type description status code number http status code of the response reason string response reason phrase folders array output field folders id number unique identifier name string name of the resource type string type of the resource custom number output field custom unread count number count value default tag number output field default tag example \[ { "status code" 200, "response headers" { "date" "tue, 21 mar 2023 06 30 16 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "d1b9a54938eb03610c10e042027aaed8", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap southeast 1 prod 5f6fc4c99 hr8sd", "pragma" "no cache", "expect ct" "enforce, max age=86400" }, "reason" "ok", "json body" { "folders" \[] } } ] get host details from scan retrieve detailed information for a specific host from a scan in tenable vulnerability management using the provided scan uuid and host id endpoint url scans/{{scan uuid}}/hosts/{{host id}} method get input argument name type required description scan uuid string required the identifier for the scan this identifier can be the either the schedule uuid or the numeric id attribute for the scan recommended to use schedule uuid host id number required the id of the host to retrieve history id number optional the unique identifier of the historical data that you want tenable io to return history uuid string optional the uuid of the historical data that you want tenable io to return output parameter type description status code number http status code of the response reason string response reason phrase info object output field info mac address object output field mac address host fqdn string output field host fqdn host ip string output field host ip operating system array output field operating system host end string output field host end host start string output field host start vulnerabilities array output field vulnerabilities count number count value host id number unique identifier hostname string name of the resource plugin family string output field plugin family plugin id number unique identifier plugin name string name of the resource severity number output field severity severity index number output field severity index vuln index number output field vuln index compliance array output field compliance count number count value host id number unique identifier hostname string name of the resource plugin family string output field plugin family plugin id string unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 29 jan 2024 06 03 33 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "vary" "origin,accept encoding", "cache control" "no cache", "content encoding" "gzip", "x request uuid" "ed50d37af715f50215ad1d9d56be523d", "x xss protection" "1; mode=block", "x frame options" "deny", "strict transport security" "max age=63072000; includesubdomains", "x content type options" "nosniff", "x gateway site id" "service nginx router ap south 1 prod dc984846c jrc4c", "cf cache status" "dynamic" }, "reason" "ok", "json body" { "info" {}, "vulnerabilities" \[], "compliance" \[] } } ] get plugin details retrieve detailed information for a specified plugin in tenable vulnerability management using the provided plugin id endpoint url plugins/plugin/{{id}} method get input argument name type required description id number required the id of the plugin output parameter type description attributes array output field attributes attribute value string value for the parameter attribute name string name of the resource family name string name of the resource name string name of the resource id number unique identifier example \[ { "attributes" \[ { "attribute value" "aix iy19744 nasl", "attribute name" "fname" }, { "attribute value" "aix 5 1 iy19744", "attribute name" "plugin name" }, { "attribute value" "$revision 1 5 $", "attribute name" "script version" } ], "family name" "aix local security checks", "name" "aix 5 1 iy19744", "id" 22372 } ] get report status retrieve the current status of a report export request in tenable vulnerability management using the report's uuid endpoint url reports/export/{{report uuid}}/status method get input argument name type required description report uuid string required the uuid of the report to check the status for output parameter type description status code number http status code of the response reason string response reason phrase status string status value example \[ { "status code" 200, "response headers" { "date" "mon, 03 feb 2025 06 58 36 gmt", "content type" "application/json; charset=utf 8", "content length" "22", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "195b0e5dbe98e89ce5e1b909a9e999a5", "vary" "origin", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin", "cache control" "no store", "accept ranges" "bytes" }, "reason" "ok", "json body" { "status" "completed" } } ] get scan details retrieve detailed results for a specific scan in tenable vulnerability management using the provided scan id endpoint url scans/{{scan id}} method get input argument name type required description scan id string required the unique identifier for the scan you want to retrieve this identifier can be either the 'scans schedule uuid' or the 'scans id' attribute in the response message from the 'get /scans' endpoint tenable recommends that you use 'scans schedule uuid' history id string optional the unique identifier of the historical data that you want tenable io to return this identifier corresponds to the 'history id' attribute of the response message from the 'get /scans/{scan id}/history' endpoint output parameter type description status code number http status code of the response reason string response reason phrase info object output field info owner string output field owner name string name of the resource no target boolean output field no target folder id number unique identifier control boolean output field control user permissions number output field user permissions schedule uuid string unique identifier edit allowed boolean output field edit allowed scanner name object name of the resource policy object output field policy shared boolean output field shared object id number unique identifier tag targets array output field tag targets acls array output field acls permissions number output field permissions owner number output field owner display name string name of the resource name string name of the resource id number unique identifier type string type of the resource hostcount number count value uuid string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "info" {}, "history" \[], "hosts" \[], "vulnerabilities" \[], "comphosts" \[], "compliance" \[], "filters" \[], "notes" \[], "remediations" {} } } ] get scan status retrieve the latest status of a specific scan from tenable vulnerability management using the unique scan id endpoint url scans/{{scan id}}/latest status method get input argument name type required description scan id string required the unique identifier for the scan this identifier can be either the scans schedule uuid or the scans id attribute in the response message from the get /scans endpoint output parameter type description status code number http status code of the response reason string response reason phrase status string status value progress number output field progress example \[ { "status code" 200, "response headers" { "date" "tue, 23 jan 2024 10 49 11 gmt", "content type" "application/json; charset=utf 8", "content length" "34", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "7ad545d3b8b9bf10d0a5384729448460", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no cache", "accept ranges" "bytes", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c qsnpq", "cf cache status" "dynamic" }, "reason" "ok", "json body" { "status" "imported", "progress" 0 } } ] get scans list retrieve a list of scans from tenable vulnerability management with 'can view' permissions endpoint url scans method get input argument name type required description folder id number optional unique identifier last modification date number optional date value output parameter type description scans array output field scans control boolean output field control creation date number date value enabled boolean output field enabled id number unique identifier last modification date number date value legacy boolean output field legacy name string name of the resource owner string output field owner policy id number unique identifier read boolean output field read schedule uuid string unique identifier shared boolean output field shared status string status value template uuid string unique identifier has triggers boolean output field has triggers type string type of the resource permissions number output field permissions user permissions number output field user permissions uuid string unique identifier wizard uuid string unique identifier progress number output field progress total targets number output field total targets folders array output field folders id number unique identifier example \[ { "scans" \[], "folders" \[], "timestamp" 123 } ] get timezones obtain a list of timezones supported by tenable vulnerability management for scan scheduling endpoint url scans/timezones method get output parameter type description status code number http status code of the response reason string response reason phrase timezones array output field timezones name string name of the resource value string value for the parameter current boolean output field current example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 11 38 47 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "cache control" "no store", "pragma" "no cache", "expires" "0", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "vary" "origin,accept encoding", "content encoding" "gzip", "x request uuid" "6e81ab3f987825ca8661652bbfdfc5e0", "strict transport security" "max age=63072000; includesubdomains" }, "reason" "ok", "json body" { "timezones" \[] } } ] get vulnerabilities export status retrieve the status of a vulnerability export in tenable vulnerability management using the specified export uuid endpoint url vulns/export/{{export uuid}}/status method get input argument name type required description export uuid string required the uuid for the vulnerability export request output parameter type description status code number http status code of the response reason string response reason phrase uuid string unique identifier status string status value chunks available array output field chunks available chunks failed array output field chunks failed chunks cancelled array output field chunks cancelled total chunks number output field total chunks chunks available count number count value empty chunks count number count value finished chunks number output field finished chunks filters object output field filters state array output field state tags object output field tags since number output field since first found number output field first found last found number output field last found last fixed number output field last fixed first seen number output field first seen last seen number output field last seen indexed at number output field indexed at indexed at end value number value for the parameter num assets per chunk number output field num assets per chunk created number output field created example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 09 28 28 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "ab9bcf704507acec0e4e7fba7a868b65", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "cache control" "no store", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c f56v8", "pragma" "no cache", "expect ct" "enforce, max age=86400" }, "reason" "ok", "json body" { "uuid" "a7cee931 f7c4 408d be1e a6da3964a639", "status" "finished", "chunks available" \[], "chunks failed" \[], "chunks cancelled" \[], "total chunks" 1, "chunks available count" 1, "empty chunks count" 1, "finished chunks" 1, "filters" {}, "num assets per chunk" 50, "created" 1706088255778 } } ] launch scan initiates a vulnerability scan in tenable vulnerability management using the provided scan id endpoint url scans/{{scan id}}/launch method post input argument name type required description scan id string required the unique identifier of the scan to launch alt targets array optional targets which are scanned by tenable io instead of the default rollover boolean optional indicates whether or not to launch a rollover scan instead of full scan a rollover scan only runs against the targets that tenable io did not scan due to a previous scan timeout output parameter type description status code number http status code of the response reason string response reason phrase scan uuid string unique identifier example \[ { "status code" 200, "response headers" { "date" "tue, 23 jan 2024 18 00 53 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "cache control" "no cache", "pragma" "", "expires" "0", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "vary" "origin", "x request uuid" "f17eb317082da50a7cfdb53ca907ef0b", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c jc6vl" }, "reason" "ok", "json body" { "scan uuid" "70fb4477 5a2d 49d5 89f2 2db3177ff0a5" } } ] list asset vulnerabilities retrieves a list of vulnerabilities for a specified asset in tenable vulnerability management using the asset id endpoint url /workbenches/assets/{{asset id}}/vulnerabilities method get input argument name type required description asset id string required the uuid of the asset date range number optional the number of days of data prior to and including today that should be returned see readme for details filter 0 filter string optional the name of the filter to apply to the exported scan report see readme for details filter 0 quality string optional the operator of the filter to apply to the exported scan report see readme for details filter 0 value string optional the value of the filter to apply to the exported scan report the value is case sensitive when used with the match (contains) or nmatch (does not contain) operators see readme for details filter search type string optional for multiple filters, specifies whether to use the and or the or logical operator see readme for details output parameter type description status code number http status code of the response reason string response reason phrase vulnerabilities array output field vulnerabilities count number count value plugin family string output field plugin family plugin id number unique identifier plugin name string name of the resource vulnerability state string output field vulnerability state vpr score number score value accepted count number count value recasted count number count value counts by severity array output field counts by severity count number count value value number value for the parameter severity number output field severity total vulnerability count number count value total asset count number count value example \[ { "status code" 200, "response headers" { "date" "thu, 30 jan 2025 07 41 03 gmt", "content type" "application/octet stream", "content length" "0", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "c75dcec9e874bb6b4064535d2aee9a54", "vary" "origin", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin", "cache control" "no store", "x gateway site id" "service nginx router ap south 1 prod 7dfccb8dd9 xdp8c" }, "reason" "ok", "json body" { "vulnerabilities" \[], "total vulnerability count" 3, "total asset count" 0 } } ] list assets retrieve up to 5,000 assets from tenable vulnerability management for analysis or tracking endpoint url assets method get output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets id string unique identifier has agent boolean output field has agent last seen string output field last seen last scan target string output field last scan target sources array output field sources name string name of the resource first seen string output field first seen last seen string output field last seen acr score object score value acr drivers array output field acr drivers driver name string name of the resource driver value array value for the parameter exposure score object score value scan frequency array output field scan frequency interval number output field interval frequency number output field frequency licensed boolean output field licensed ipv4 array output field ipv4 ipv6 string output field ipv6 fqdn string output field fqdn mac address array output field mac address netbios name string name of the resource example \[ { "status code" 200, "response headers" { "date" "tue, 23 jan 2024 11 27 11 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "15cfff713c2b2ef855947c064dfbf063", "cache control" "no store", "vary" "accept encoding,origin", "content encoding" "gzip", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c qsnpq", "pragma" "no cache" }, "reason" "ok", "json body" { "assets" \[], "total" 1 } } ] list assets with vulnerabilities retrieve a list of assets along with their associated vulnerabilities from tenable vulnerability management endpoint url workbenches/assets/vulnerabilities method get input argument name type required description date range number optional the number of days of data prior to and including today that should be returned see readme for details filter 0 filter string optional the name of the filter to apply to the exported scan report see readme for details filter 0 quality string optional the operator of the filter to apply to the exported scan report see readme for details filter 0 value string optional the value of the filter to apply to the exported scan report the value is case sensitive when used with the match (contains) or nmatch (does not contain) operators see readme for details filter search type string optional for multiple filters, specifies whether to use the and or the or logical operator see readme for details output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets id string unique identifier severities array output field severities count number count value level number output field level name string name of the resource total number output field total fqdn array output field fqdn ipv4 array output field ipv4 ipv6 array output field ipv6 last seen string output field last seen netbios name array name of the resource agent name array name of the resource total asset count number count value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "assets" \[], "total asset count" 123 } } ] list credential types retrieve all supported credential types for managed credentials in tenable io endpoint url credentials/types method get output parameter type description status code number http status code of the response reason string response reason phrase credentials array output field credentials id string unique identifier category string output field category default expand boolean output field default expand types array type of the resource id string unique identifier name string name of the resource max number output field max configuration array output field configuration type string type of the resource name string name of the resource hint string output field hint id string unique identifier filetype string type of the resource required boolean output field required default string output field default example \[ { "status code" 200, "response headers" { "date" "mon, 29 jan 2024 05 22 37 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin,accept encoding", "cache control" "no store", "content encoding" "gzip", "x request uuid" "818c0a982173a7ae88ac47cb20e158b4", "strict transport security" "max age=63072000; includesubdomains", "x gateway site id" "service nginx router ap south 1 prod dc984846c bzm4m", "pragma" "no cache" }, "reason" "ok", "json body" { "credentials" \[] } } ] list plugin families retrieves a comprehensive list of plugin families from tenable vulnerability management endpoint url plugins/families method get input argument name type required description all boolean optional specifies whether to return all plugin families if true, the plugin families hidden in tenable io ui, for example, port scanners, are included in the list output parameter type description families array output field families count number count value name string name of the resource id number unique identifier example \[ { "families" \[ {}, {}, {} ] } ] list plugins retrieve a paginated list of detailed plugin information from tenable vulnerability management endpoint url plugins/plugin method get input argument name type required description last updated string optional the last updated date to filter on in the yyyy mm dd format size number optional the number of records to include in the result set default is 1,000 the maximum size is 10,000 page number optional the index of the page to return relative to the specified page size for example, to return records 10 19 with page size 10, you must specify page 2 if you omit this parameter, tenable io applies the default value of 1 output parameter type description data object response data plugin details array output field plugin details id number unique identifier name string name of the resource attributes object output field attributes plugin modification date string date value plugin version string output field plugin version exploited by malware boolean output field exploited by malware description string output field description unsupported by vendor boolean output field unsupported by vendor cvss temporal score number score value patch publication date string date value see also array output field see also default account boolean count value exploit available boolean output field exploit available exploit framework canvas boolean output field exploit framework canvas cvss base score number score value solution string output field solution exploit framework exploithub boolean output field exploit framework exploithub cpe array output field cpe plugin publication date string date value exploit framework core boolean output field exploit framework core in the news boolean output field in the news has patch boolean output field has patch xref array output field xref example \[ { "data" { "plugin details" \[] }, "size" 1000, "params" { "page" 3, "size" 1000, "last updated" "2018 01 01" }, "total count" 75621 } ] list plugins in family retrieve a list of plugins within a specified family from tenable vulnerability management using the family id endpoint url plugins/families/{{id}} method get input argument name type required description id number required the id of the family to lookup output parameter type description plugins array output field plugins id number unique identifier name string name of the resource name string name of the resource id number unique identifier example \[ { "plugins" \[ {}, {}, {} ], "name" "aix local security checks", "id" 1 } ] list policies retrieves a comprehensive list of scan policies available in tenable vulnerability management endpoint url policies method get output parameter type description status code number http status code of the response reason string response reason phrase policies array output field policies no target string output field no target template uuid string unique identifier description object output field description name string name of the resource owner string output field owner visibility string output field visibility shared number output field shared user permissions number output field user permissions last modification date number date value creation date number date value owner id number unique identifier id number unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "policies" \[] } } ] list scanners retrieve all available scanners from tenable vulnerability management to track and analyze assets endpoint url scanners method get output parameter type description status code number http status code of the response reason string response reason phrase scanners array output field scanners creation date number date value group boolean output field group id number unique identifier key string output field key last connect number output field last connect last modification date number date value license object output field license record id string unique identifier type string type of the resource activation code string output field activation code agents number output field agents ips number output field ips scanners number output field scanners users number output field users enterprise pause boolean output field enterprise pause expiration date number date value evaluation boolean output field evaluation apps object output field apps pci object output field pci mode string output field mode vm object output field vm assets number output field assets example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "scanners" \[] } } ] list tag values retrieve a list of tag values from tenable vulnerability management for categorization and analysis endpoint url tags/values method get input argument name type required description f string optional a filter condition in the field\ operator \ value format, for example, f=value\ match \ rhel filters should match field\ op \ value format ft string optional if multiple f parameters are present, specifies whether tenable vulnerability management applies and or or to conditions supported values are and and or if you omit this parameter when using multiple f parameters, tenable vulnerability management applies and by default wf string optional a comma separated list of fields to include in the wildcard search provides the same functionality as a match condition in the f in parameter for example, f=value\ match \ chi returns the same results as wf=value\&w=chi wildcard fields include category name, value, description use the w parameter to specify the search value w string optional a single search value for the wildcard fields specified in the wf parameter limit number optional the number of records to retrieve if this parameter is omitted offset number optional the starting record to retrieve if this parameter is omitted sort string optional the field you want to use to sort the results by along with the sort order the field is specified first, followed by a colon, and the order is specified second (asc or desc) for example, value \ desc would sort results by the value field in descending order if you specify multiple fields, the fields must be separated by commas for example, value \ desc ,updated at \ asc would first sort results by the value field in descending order and then by the updated at field in ascending order output parameter type description status code number http status code of the response reason string response reason phrase values array value for the parameter uuid string unique identifier created at string output field created at created by string output field created by updated at string output field updated at updated by string output field updated by category uuid string unique identifier value string value for the parameter description string output field description type string type of the resource category name string name of the resource category description string output field category description access control object output field access control version number output field version current user permissions array output field current user permissions pagination object output field pagination offset number output field offset limit number output field limit total number output field total sort array output field sort name string name of the resource order string output field order example \[ { "status code" 200, "response headers" { "date" "mon, 03 feb 2025 07 00 39 gmt", "content type" "application/pdf", "content length" "44830", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "content disposition" "attachment; filename =utf 8''my+summary+report pdf", "vary" "origin", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin", "cache control" "no store", "accept ranges" "bytes" }, "reason" "ok", "json body" { "values" \[], "pagination" {} } } ] list templates retrieve tenable provided scan templates by specifying the template type requires 'type' as a path parameter endpoint url editor/{{type}}/templates method get input argument name type required description type string required the type of templates to retrieve (scan, policy, or remediation) output parameter type description status code number http status code of the response reason string response reason phrase templates array output field templates unsupported boolean output field unsupported cloud only boolean output field cloud only desc string output field desc order number output field order subscription only boolean output field subscription only is was object output field is was title string output field title is agent object output field is agent uuid string unique identifier icon string output field icon manager only boolean output field manager only name string name of the resource example \[ { "status code" 200, "response headers" { "date" "wed, 24 jan 2024 11 23 56 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "cache control" "no store", "pragma" "no cache", "expires" "0", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "vary" "origin,accept encoding", "content encoding" "gzip", "x request uuid" "47d5c42b8efbfa71376541199a116c86", "strict transport security" "max age=63072000; includesubdomains" }, "reason" "ok", "json body" { "templates" \[] } } ] list vulnerabilities retrieve a comprehensive list of vulnerabilities recorded by tenable vulnerability management endpoint url workbenches/vulnerabilities method get input argument name type required description date range number optional the number of days of data prior to and including today that should be returned see readme for details filter 0 filter string optional the name of the filter to apply to the exported scan report see readme for details filter 0 quality string optional the operator of the filter to apply to the exported scan report see readme for details filter 0 value string optional the value of the filter to apply to the exported scan report the value is case sensitive when used with the match (contains) or nmatch (does not contain) operators see readme for details filter search type string optional for multiple filters, specifies whether to use the and or the or logical operator see readme for details output parameter type description status code number http status code of the response reason string response reason phrase vulnerabilities array output field vulnerabilities count number count value plugin family string output field plugin family plugin id number unique identifier plugin name string name of the resource vulnerability state string output field vulnerability state severity number output field severity accepted count number count value recasted count number count value counts by severity array output field counts by severity count number count value value number value for the parameter cvss base score number score value cvss3 base score number score value vpr score number score value total vulnerability count number count value total asset count number count value example \[ { "status code" 200, "response headers" { "date" "thu, 30 jan 2025 07 38 11 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "vary" "origin,accept encoding", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin", "cache control" "no store", "content encoding" "gzip", "x request uuid" "c919ac09c5e61700782dc4c92dbb669a" }, "reason" "ok", "json body" { "vulnerabilities" \[], "total vulnerability count" 6, "total asset count" 0 } } ] list workbench assets retrieve a comprehensive list of assets from tenable vulnerability management for analysis and reporting endpoint url workbenches/assets method get input argument name type required description date range number optional the number of days of data prior to and including today that should be returned see readme for details filter 0 filter string optional the name of the filter to apply to the exported scan report see readme for details filter 0 quality string optional the operator of the filter to apply to the exported scan report see readme for details filter 0 value string optional the value of the filter to apply to the exported scan report the value is case sensitive when used with the match (contains) or nmatch (does not contain) operators see readme for details filter search type string optional for multiple filters, specifies whether to use the and or the or logical operator see readme for details all fields string optional a value specifying whether you want the returned data to include all fields (full) or only the default fields (default) see readme for details output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets id string unique identifier has agent boolean output field has agent last seen string output field last seen last scan target string output field last scan target sources array output field sources name string name of the resource first seen string output field first seen last seen string output field last seen ipv4 array output field ipv4 ipv6 string output field ipv6 fqdn array output field fqdn netbios name string name of the resource operating system array output field operating system agent name string name of the resource aws ec2 name string name of the resource mac address string output field mac address bigfix asset id string unique identifier acr score number score value acr drivers array output field acr drivers driver name string name of the resource driver value array value for the parameter exposure score number score value example \[ { "status code" 200, "response headers" { "date" "mon, 10 feb 2025 06 14 18 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx clou ", "x request uuid" "21421b6e91003b5601030f73ac735572", "cache control" "no store", "vary" "accept encoding,origin", "accept ranges" "bytes", "strict transport security" "max age=63072000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "x download options" "noopen", "x content type options" "nosniff", "referrer policy" "strict origin when cross origin" }, "reason" "ok", "json body" { "assets" \[], "total" 3 } } ] response headers header description example accept ranges http response header accept ranges bytes access control allow headers http response header access control allow headers accept, content type, authorization, x request uuid, x client id, x session uuid, x container uuid, x user uuid access control allow methods http response header access control allow methods get, post, delete, put access control allow origin http response header access control allow origin cache control directives for caching mechanisms no store cf cache status http response header cf cache status dynamic cf ray http response header cf ray 90c08b89dbce1bd7 bom connection http response header connection keep alive content disposition http response header content disposition attachment; filename= 0 11 11 11 100 csv content encoding http response header content encoding gzip content length the length of the response body in bytes 18 content security policy report only http response header content security policy report only script src 'none'; connect src 'none'; report uri https //csp reporting cloudflare com/cdn cgi/script monitor/report?m=b b6sod7ygzyalufbsuvlk1mmyliaffjzdi7bhtb0es 1706009231 1 aaczddnhnwb 73 h 4uij09q4rxvysgreuct 7nhbb6smkp7 iggws94 k6dgqk4hrvabe2k47mzdhc9dtj ywohai bjcp5egvlnzzzrqvshcmtcar6sk o9jf d6azu nbd2hye9yamkt46closa05bgn kd3auxds2scyn p0 https //csp reporting cloudflare com/cdn cgi/script monitor/report?m=b b6sod7ygzyalufbsuvlk1mmyliaffjzdi7bhtb0es 1706009231 1 aaczddnhnwb 73 h 4uij09q4rxvysgreuct 7nhbb6smkp7 iggws94 k6dgqk4hrvabe2k47mzdhc9dtj ywohai bjcp5egvlnzzzrqvshcmtcar6sk o9jf d6azu nbd2hye9yamkt46closa05bgn kd3auxds2scyn p0 ; report to cf csp endpoint content type the media type of the resource application/octet stream date the date and time at which the message was originated tue, 23 jan 2024 17 44 45 gmt expect ct http response header expect ct enforce, max age=86400 expires the date/time after which the response is considered stale 0 nel http response header nel {"success fraction" 0 01,"report to" "cf nel","max age" 604800 } pragma http response header pragma no cache referrer policy http response header referrer policy strict origin when cross origin report to http response header report to {"endpoints" \[{"url" " https //a nel cloudflare com/report/v3?s=hm4m0gxhanoxu52vhznaxjpyuprifumvwgs1mrzsrji4iibw1%2fohtlqg8nvzptaqqkaintggwxcbhbyxnzsd7os3bhzv1pn1l0edamcibrqwnzijff9q3ylt%2bhlca1nwfrub"}],"group" "cf nel","max age https //a nel cloudflare com/report/v3?s=hm4m0gxhanoxu52vhznaxjpyuprifumvwgs1mrzsrji4iibw1%2fohtlqg8nvzptaqqkaintggwxcbhbyxnzsd7os3bhzv1pn1l0edamcibrqwnzijff9q3ylt%2bhlca1nwfrub"}],"group" "cf nel","max age " 604800 } server information about the software used by the origin server cloudflare server timing http response header server timing cf q config;dur=6 0000002122251e 06 set cookie http response header set cookie nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure, nginx cloud site id=us 2a; path=/; httponly; samesite=strict; secure strict transport security http response header strict transport security max age=63072000; includesubdomains transfer encoding http response header transfer encoding chunked notes for the get scan details task, tenable archives the vulnerability details if the scan is 40 days or older