Tenable.IO
App Vendor: Tenable
App Category: Vulnerability Management
Connector Version: 1.1.1
API Version: 1.0.0
About App
The Tenable.io app allows the users to integrate with the Tenable.io API for creating, configuring, and managing scans, along with the ability to retrieve asset information from within their environment.
The Tenable.io app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get Templates | This action retrieves the list of tenable-provided scan templates. The types of scan templates to retrieve are scan, policy, or remediation. |
Get Scans List | This action retrieves the list of scans currently set in Tenable.io |
Create Basic Scan | This action creates a basic scan configuration. |
Create Configured Scan | This action creates a scan configuration |
Create Detailed Scan | This action creates a detailed scan configuration. |
Update Scan | This action updates a scan configuration. |
Create Folder | This action creates a new custom folder for the current user. |
List Policies | This action retrieves a list of policies. |
List Folders | This action retrieves the list of both tenable-provided folders and the current user's custom folders. |
List Scanners | This action retrieves the scanner list. |
List Scan Timezones | This action retrieves the time zones list for creating a recurring scan. |
List Target Groups | This action retrieves the current target groups. |
List Assets With Vulnerability | This action retrieves a list of assets with vulnerabilities. The list is limited to 5,000. Use the Export Request API to retrieve more than 5,000 assets. |
List Assets by VPR | This action retrieves a list of assets with a set VPR score. The list is limited to 5,000. |
List Assets by Severity | This action retrieves a list of assets with a set VPR score. The list is limited to 5,000. |
List Assets With Specific Vulnerability | This action retrieves a list of assets with a set plugin ID. The list is limited to 5,000. |
Get Server Status | This action retrieves the server status. |
Get Server Properties | This action retrieves the server version and other properties. |
Generic Action | This is a generic action used to make requests to any Tenable.io endpoint. |
Configuration Parameters
The following configuration parameters are required for the Tenable.io app to communicate with the Tenable.io enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access Key | Enter the API access key for authentication. Example: 2c935f507d0686382bb383e4daf92eef8b4a349b9b9de2bf85343c0f7e7265db | Password | Required | |
Secret Key | Enter the API secret key for authentication. Example: 0553ac5757e8e741d6ef034dc06618106e7855887428e662adcde8862d017cf9 | Password | Required |
Action: Create Basic Scan
This action creates a basic scan configuration.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
UUID | Enter the UUID for the tenable-provided scan template to use. Example: ua123d-1231wed1dsadase | Text | Required | You can retrieve this using the action Get Templates. |
Scan Name | Enter the name of the scan. Example: log4j_scan | Text | Required | |
Enabled | Enter your preference to enable the schedule for the scan. Example: $JSON[Yes] | Boolean | Optional | Allowed values:
Default value: False |
Extra Params | Enter the values that can be added to scan. | Key Value | Optional | Allowed values:
Default value:
|
Example Request
[
{
"uuid":"ua123d-1231wed1dsadase",
"scan_name":"log4j_scan",
"enabled": True,
"extra_params":{
"text_targets":”192.0.2.255”
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| JSON Object | Returns the scan details. |
| String | The type of tag. |
| String | The unique ID of your Tenable Vulnerability Management instance. |
| String | The unique ID of the scan owner. |
| String | The UUID of the schedule for the scan. |
| String | The user-defined scan name. |
| String | A brief user-defined description of the scan. |
| Integer | The unique ID of the policy associated with the scan. |
| String | The UUID of the scanner that the scan is configured to use, if the scan is not configured for scan routing. |
| String | The UUID of the network object that Tenable Vulnerability Management associates with the scan results if the scan is configured for scan routing. |
| String | A comma-separated list of accounts that receive the email summary report. |
| String | A comma-separated list of mobile phone numbers that receive notification of the scan. |
| Boolean | A value indicating whether the scan schedule is active (true) or inactive (false). |
| String | The name of the dashboard file associated with the scan. |
| Integer | If 1, your vulnerability remediation actions on scan targets have been successful. |
| Boolean | A value indicating whether the scan results appear in dashboards. |
| String | Depends on the type of scan: For Nessus Agent scans, scan_time_window is the time frame, in minutes, during which agents must transmit scan results to Tenable Vulnerability Management in order to be included in dashboards and reports. If your request omits this parameter, the default value is 180 minutes. For Nessus scanner scans, scan_time_window is the time frame, in minutes, after which the scan will automatically stop. If your request omits this parameter, the default value is 0 and the scan will not stop after a certain time frame. |
| String | Targets specified in the alt_targets parameter of the POST /scans/{scan_id}/launch request body used to run the scan. |
| Array of objects | For Nessus Agent scans, describes the scan triggers used when agent_scan_launch_type is set to triggered. |
| String | The type of scan launch trigger (periodic or file-exists). |
| String | Indicates the reporting mode for Nessus Agent scans: baseline—A scan that always reports all detected findings regardless of severity level. For baseline scans, the Nessus Agent creates a local cache of the plugin outputs generated by the scan. The cache is then used as the base for differential comparisons in subsequent scans. differential—A scan that produces smaller results by removing plugin outputs that have not changed since the last scan. null—A normal Nessus Agent scan that does not support baseline or differential reporting modes. |
| String | For Nessus Agent scans, indicates whether the info-level reporting setting (refresh_reporting_type) is set to scans or days. |
| Integer | For Nessus Agent scans, indicates the interval value for info-level reporting. For the scans refresh reporting interval type, values range from 2 to 10. For the days refresh reporting interval type, values range from 1 to 7. |
| String | Indicates whether or not the next Nessus Agent scan is a baseline scan. A baseline scan is a Nessus Agent scan that always reports all detected findings regardless of severity level. For baseline scans, the Nessus Agent creates a local cache of the plugin outputs generated by the scan. The cache is then used as the base for differential comparisons in subsequent scans. |
| String | For Nessus Agent scans, indicates whether the agent scan should use the scan window (scheduled) or rule-based (triggered) method for scan launches. |
| String | For one-time scans, the starting time and date for the scan. For recurrent scans, the first date on which the scan schedule is active and the time that recurring scans launch based on the rrules parameter. This attribute has the following format: YYYYMMDDTHHMMSS. |
| String | The interval at which the scan repeats. The interval is formatted as a string of three values delimited by semi-colons. These values are: the frequency (FREQ=ONETIME or DAILY or WEEKLY or MONTHLY or YEARLY), the interval (INTERVAL=1 or 2 or 3 ... x), and the days of the week (BYDAY=SU,MO,TU,WE,TH,FR,SA). For a scan that runs every three weeks on Monday Wednesday and Friday, the string would be FREQ=WEEKLY;INTERVAL=3;BYDAY=MO,WE,FR. If the scan is not scheduled to recur, this attribute is null. |
| String | The timezone of the scheduled start time for the scan. |
| Array of objects | A list of filters that Tenable Vulnerability Management applies to determine whether it sends a notification email on scan completion to the recipients specified in the emails attribute. |
| String | The attribute value Tenable Vulnerability Management filters on. For example, when filtering on severity, this attribute might specify Critical. |
| String | The operator Tenable Vulnerability Management applies to the filter value, for example, eq. |
| String | The attribute name. For example, use the risk_factor attribute if you want to filter on vulnerability severity. |
| Array of strings | The list of asset tag identifiers the scan uses to determine which assets it evaluates. |
| Boolean | If 1, the scan is shared with users other than the scan owner. The level of sharing is specified in the acls attribute of the scan details. |
| Integer | The sharing permissions for the scan. |
| Integer | The default permissions for the scan. |
| String | The owner of the scan. |
| Integer | The unique ID of the owner of the scan. |
| Integer | For newly-created scans, the date on which the scan configuration was created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was last modified. Instead, it represents the date on which the scan was last launched, in Unix time format. Tenable Vulnerability Management updates this attribute each time the scan launches. |
| Integer | For newly-created scans, the date on which the scan configuration was originally created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was originally created. Instead, it represents the date on which the scan was first launched, in Unix time format. |
| String | The type of scan. |
| Integer | The unique ID of the scan. |
Action: Create Configured Scan
This action creates a scan configuration.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
UUID | Enter the UUID for the tenable-provided scan template to use. Example: ua123d-1231wed1dsadase | Text | Required | You can retrieve this using the action Get Templates. |
Scan Name | Enter the name of the scan. Example: log4j_scan | Text | Required | |
Enabled | Enter your preference to enable the schedule for the scan. Example: $JSON[True] | Boolean | Required | Allowed values:
Default value: False |
Launch | Enter your preference to launch the scan. Example: on-demand | Text | Required | Allowed values:
|
Start Time | Enter the start time and date for the scan to begin. Enter a valid start time string per RFC 5545, minus Time Zone (see timezone below) if different than UTC, in which case use Z at the end. Example: 19970105T083000 | Text | Required | |
Timezone | The timezone of the scheduled start time for the scan. A valid time zone per RFC 5545. Example: America/New_York | Text | Required | Default value: UTC |
ACLs | An array containing permissions to apply to the scan. Example: $LIST[user, d30881ae-6b5c-4b1e-ad60-f2643d0da492, view] | List | Required | |
Recurring Rules Frequency | Enter the frequency at which the scan must repeat. The interval is formatted as texting of three values. Example: onetime | Text | Required | Allowed values:
|
Recurring Rules Interval | Enter the interval at which the scan must repeat. The interval is formatted as texting of three values. Example: 1 | Text | Required | |
Recurring Rules by Day | Enter the interval at which the scan must repeat. the interval is formatted as texting of three values. Example: MO | Text | Required | Allowed values:
|
Target Groups | Enter an array of target group IDs to scan. Example: 345 | Text | Optional | Default value:
|
Agent Group ID | Enter an array of agent group UUIDs to scan. Example: 1002 | Text | Optional | Default value:
|
Emails | Enter the email as a comma-separated list of accounts that receive the email summary report. Example: sampleuser@exampledomain.com | Text | Optional | Default value:
|
Extra Params | Enter extra parameters as key-value pairs. This action will be updated to the settings of the payload to be sent. | Key Value | Optional |
Example Request
[
{
"uuid":"ua123d-1231wed1dsadase",
"scan_name":"log4j_scan",
"enabled":false,
"launch":"DAILY",
"start_time":"19970105T083000",
"timezone":"America/New_York",
"acls":{
"user",
"d30881ae-6b5c-4b1e-ad60-f2643d0da492",
"view"
}
"rrules_frequency":"onetime",
"rrules_interval":"1",
"rrules_by_day":"MO",
"target_groups":"345",
"agent_group_id":"1002",
"emails":"sampleuser@exampledomain.com"
}
]Action: Create Detailed Scan
This action creates a detailed scan configuration.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
UUID | Enter the UUID for the tenable-provided scan template to use. Example: ua123d-1231wed1dsadase | Text | Required | You can retrieve this using the action Get Templates. |
Scan Name | Enter the name of the scan. Example: log4j_scan | Text | Required | |
Enabled | Enter your preference to enable schedules scan. Example: $JSON[True] | Boolean | Required | Allowed values:
Default value: False |
Description | Enter the description of the scan. Example: Scan for log4j vulnerability | Text | Required | |
Scanner UUID | Enter the unique ID of the scanner to use. Example: xnsooik-123dsaf | Text | Required | You can retrieve this using the action List Scanners. |
Policy ID | Enter the unique ID of the policy to use to create the scan. Example: log4jmachines | Text | Required | You can retrieve this using the action List Policies. |
Launch | Enter your preference to launch the scan. Example: DAILY | Text | Required | Allowed values:
|
Start Time | Enter the starting date and time for one-time scans. For recurrent scans, enter the first date on which the scan schedule is active and the time that recurring scans launch are based on the rrules parameter. Example: 20140826T133000 | Text | Required | Supported format: YYYYMMDDTHHMMSS |
Timezone | Enter the timezone for the scheduled start time for the scan. Example: America/New_York | Text | Required | |
Agent Group ID | Enter an array of agent group UUIDs to scan. Example: 243 | Text | Required | Default value: None |
Emails | Enter the emails as comma-separated list of accounts to receive the email summary report. Example: user@exampledomain.com | Text | Required | Default value: None |
Text Targets | Enter the list of targets to scan. Example: $LIST[machine1, machine2] | Text | Required | |
Tag Targets | Enter the list of asset tag identifiers that the scan uses to determine which assets it evaluates. Example: Windows | Text | Required | |
File Targets | Enter the name of a file containing the list of targets to scan. Example: regular_targets.txt | Text | Required | |
Scan Time Window | Enter the time frame, in minutes, during which agents must transmit scan results to tenable.io and include them in dashboards and reports. Example: 60 | Integer | Required | Default value: 180 |
ACLs | Enter an array containing permissions to apply to the scan. Example: $LIST[user, d30881ae-6b5c-4b1e-ad60-f2643d0da492, view] | List | Required | |
Recurring Rules Frequency | Enter the interval at which the scan repeats. The interval is formatted as texting of three values. Example: MONTHLY | Text | Required | Allowed values:
|
Recurring Rules Interval | Enter the interval at which the scan repeats. The interval is formatted as texting of three values. Example: 1 | Text | Required | |
Recurring Rules by Day | The interval at which the scan repeats. the interval is formatted as texting of three values. Example: MO | Text | Required | Allowed values:
|
Scanner ID | Enter the unique ID of the scanner to use. Example: 0we345rYI0-4223-Fr45-7yh6-000sjvefah78yryg9q8equkg00001 | Text | Required | You can retrieve this using the action List Scanners. |
Target Network UUID | Enter the network unique ID. This field is required if the scanner_id parameters are auto-routed. Example: 9afd5e49-b4a8-4ab3-8c44-4ed329a505c44e51e1f403febe40 | Text | Optional | Default value: None |
Folder ID | Enter the unique ID of the folder where you want to store the scan. Example: 345 | Text | Optional | You can retrieve this using the action List Folders. |
Extra Params | Enter the extra parameters as key-value of values that can be added to the scan. The parameter values will be updated to the settings of the payload to be sent. | Key Value | Optional | Default value: None |
Example Request
[
{
"uuid": "ua123d-1231wed1dsadase",
"scan_name": " log4j_scan",
"enabled": False,
"description": "Scan for log4j vulnerability",
"scanner_uuid": "xnsooik-123dsaf",
"policy_id": "log4jmachines",
"launch": "ON_DEMAND",
"starttime": "20140826T133000",
"timezone": "America/New_York",
"agent_group_id": "243",
"emails": "user@exampledomain.com",
"text_targets": {
"machine1",
"machine2"
}
"tag_targets": "Windows",
"file_targets": "regular_targets.txt",
"scan_time_window": 60,
"acls":{
"user",
"d30881ae-6b5c-4b1e-ad60-f2643d0da492",
"view"
}
"rrules_frequency": "MONTHLY",
"rrules_interval": "1",
"rrules_by_day": "MO",
"scanner_id": "0we345rYI0-4223-Fr45-7yh6-000sjvefah78yryg9q8equkg00001",
"target_network_uuid": "9afd5e49-b4a8-4ab3-8c44-4ed329a505c44e51e1f403febe40",
"folder_id": "345"
}
]Action: Create Folder
This action creates a new custom folder for the current user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Folder Name | Enter the name of the folder. Folder names can only contain letters, numbers, underscores, hyphens, and whitespace. Example: temp_scans | Text | Required |
Example Request
[
{
"folder_name": "temp_scans"
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Integer | The ID of the created folder. |
Action: Get Scans List
This action retrieves the list of scans currently set in TenableIO.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Folder ID | Enter the folder ID you want to scan for the stored list. Example: 15 | Integer | Optional | You can retrieve this using the action List Folders. |
Last Modification Date | Enter a limit for the scan list results. This will retrieve the scans that have run since the specified time. Example: 2022-02-02 00:00:00 | Text | Optional | Supported format:
Default value:
|
Example Request
[
{
"folder_id": 15,
"last_modification_date": "2022-02-02 00:00:00"
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Array of objects | Array of scan objects |
| Object | Scan object |
| Boolean | If true, the scan has a schedule and can be launched. |
| Int32 | For newly-created scans, the date on which the scan configuration was originally created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was originally created. Instead, it represents the date on which the scan was first launched, in Unix time format. |
| Boolean | Indicates whether the scan schedule is active (true) or inactive (false). |
| Int32 | The unique ID of the scan. |
| Int32 | For newly-created scans, the date on which the scan configuration was created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was last modified. Instead, it represents the date on which the scan was last launched, in Unix time format. Tenable Vulnerability Management updates this attribute each time the scan launches. |
| Boolean | A value indicating whether the scan results were created before a change in storage method. If true, Tenable Vulnerability Management stores the results in the old storage method. If false, Tenable Vulnerability Management stores the results in the new storage method. |
| String | The name of the scan. |
| String | The owner of the scan. |
| Integer | The unique ID of the user-defined template (policy) on which the scan configuration is based. |
| Boolean | A value indicating whether the user account associated with the request message has viewed the scan in the Tenable Vulnerability Management user interface. If 1, the user account has viewed the scan results. |
| String | The UUID for a specific instance in the scan schedule. |
| Boolean | If true, the scan is shared with users other than the scan owner. The level of sharing is specified in the acls attribute of the scan details. |
| String | The status of the scan. For a list of possible values, see Scan Status. |
| String | The UUID of the template. |
| String | The type of scan. |
| Int32 | The requesting user's permissions for the scan. |
| Int32 | The sharing permissions for the scan. |
| String | The UUID of the scan. |
| String | The UUID of the Tenable-provided template used to create either the scan or the user-defined template (policy) on which the scan configuration is based. |
| Integer | The progress of the scan ranging from 0 to 100. |
| String | The timezone of the scheduled start time for the scan. |
| String | The interval at which the scan repeats. The interval is formatted as a string of three values delimited by semi-colons. These values are: the frequency (FREQ=ONETIME or DAILY or WEEKLY or MONTHLY or YEARLY), the interval (INTERVAL=1 or 2 or 3 ... x), and the days of the week (BYDAY=SU,MO,TU,WE,TH,FR,SA). For a scan that runs every three weeks on Monday Wednesday and Friday, the string would be FREQ=WEEKLY;INTERVAL=3;BYDAY=MO,WE,FR. If the scan is not scheduled to recur, this attribute is null. For more information, see rrules Format. |
| String | For one-time scans, the starting time and date for the scan. For recurrent scans, the first date on which the scan schedule is active and the time that recurring scans launch based on the rrules attribute. This attribute has the following format: YYYYMMDDTHHMMSS. |
| Integer | The total number of targets in the scan. |
| Array of objects | Array of folder objects |
| Object | Folder object |
| Integer | The unique ID of the folder. |
| String | The name of the folder. This value corresponds to the folder type as follows: main—My Scans, trash—Trash, custom—user-defined string. |
| String | The type of the folder: main—Tenable-provided folder. Contains all scans that you create but do not assign to a custom folder, as well as any scans shared with you by other users. If you do not specify a scan folder when creating a scan, Tenable Vulnerability Management stores scans in this folder by default. This folder corresponds to the My Scans folder in the Tenable Vulnerability Management user interface. trash—Tenable-provided folder. This folder corresponds to the Trash folder in the Tenable Vulnerability Management user interface. It contains all scans that the current user has moved to the trash folder. After you move a scan to the trash folder, the scan remains in the trash folder until a user with at least Can Edit [64] scan permissions permanently deletes the scan. custom—User-created folder. Contains scans as assigned by the current user. You can create custom folders to meet your organizational needs. |
| Integer | Indicates whether or not the folder is the default: 1—The folder is the default. 0—The folder is not the default. The main folder is the default folder. You cannot change the default folder. |
| Integer | Indicates whether or not the folder is a custom folder: 1—User-created folder. You can rename or delete this folder. 0—System-created folder. You cannot rename or delete this folder. |
| Integer | The number of scans in the folder that the current user has not yet viewed in the Tenable Vulnerability Management user interface. |
| Int32 | The Unix timestamp when Tenable Vulnerability Management received the list request. |
Action: Get Server Properties
This action retrieves the server version and other properties.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Object | Returns the capability details of the server, such as multi_user, multi_scanner, report_email_config, and two_factor. |
| Boolean | True if the server is enterprise. |
| Integer | Expiration time in Epoch format. Example: 1551160800 |
| Integer | Time to expire. Example: 60 |
| Integer | idle time out. Example: 30 |
| Object | License details of the server. |
| String | Loaded plugin set. Example: 201812271241 |
| Boolean | Login banner. |
| String | Nessus type. Example: Nessus Cloud |
| String | Nessus UI version. Example: 11.0.52 |
| Array of Strings | List of notifications. |
| String | Plugin set. Example: 201812271241 |
| Integer | Scanner boot time. Example: 1545191736 |
| String | Server version. Example: 6.9.1 |
| String | Server UUID. Example: b6a6d233-9f14-4ce9-b4cf-7440e027cf5c27789b39c292efc6 |
| Object | Update details of the server. |
| Object | Analytics details of the server. |
| Boolean | True if limit is enabled. |
| Boolean | MSP of the server. |
| String | Server build. Example: C20023 |
| Boolean | True if force UI reload is done. |
| String | Nessus UI build. Example: 161 |
| String | Container DB version. Example: 10.43.0 |
Action: Get Server Status
This action retrieves the server status.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Integer | Returns the HTTP status code. |
| String | Returns the server status. Status values can include:
|
Action: Get Templates
This action retrieves the list of tenable-provided scan templates. The types of scan templates to retrieve are scan, policy, or remediation.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Template Type | Enter the type of scan template to retrieve. Example: scan | Text | Optional | Allowed values:
Default value: scan |
Example Request
[
{
"template_type": "scan"
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Object | Pagination information |
| Int32 | The total number of records matching your search criteria |
| Int32 | The number of records requested (or the default value if omitted from the request) |
| Int32 | The starting record you requested (or zero if omitted) |
| Array of Objects | An array of objects representing the fields and sort order you specified in the request |
| String | The field on which Tenable Web App Scanning sorted the results |
| String | The direction of the sort order. Supported values are asc (ascending) and desc (descending) |
| Array of Objects | A list of Tenable-provided templates |
| String | The UUID of the Tenable-provided template |
| String | The name of the Tenable-provided template |
| String | The description of the Tenable-provided template |
| String | Indicates whether the user of the Tenable-provided template has the ability to redefine the settings for the template. Possible values are: locked, open |
| String | Indicates which scanners you can use to run scans based on the Tenable-provided template. Possible values are: scanner, container_group, cloud_group |
| Object | The restricted settings for the Tenable-provided template. This is a free-form object as each template can define different parameters for a configuration |
| Object | The default settings for this template |
| Array of Objects | An array of plugins available to the template |
| Integer | The ID of the plugin |
| String | The name of the plugin |
| String | The name of the plugin family |
Action: List Policies
This action retrieves a list of policies.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Integer | The unique ID of the policy. |
| String | The UUID for the Tenable-provided template used to create the policy. |
| String | The name of the policy. |
| String | The description of the policy. |
| String | The unique ID of the owner of the policy. |
| String | The username for the owner of the policy. |
| Integer | The shared status of the policy (1 if shared with users other than owner, 0 if not shared). |
| Integer | The sharing permissions for the policy. |
| Integer | The creation date of the policy in Unix time format. |
| Integer | The last modification date for the policy in Unix time format. |
| Integer | The visibility of the target (private or shared). |
| Boolean | If true, the policy configuration does not include targets. |
Action: List Folders
This action retrieves the list of both tenable-provided folders and the current user's custom folders.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Integer | The unique ID of the folder. |
| String | The name of the folder. This value corresponds to the folder type as follows:
|
| String | The type of the folder:
|
| Integer | Indicates whether or not the folder is the default:
The main folder is the default folder. You cannot change the default folder. |
| Integer | Indicates whether or not the folder is a custom folder:
|
| Integer | The number of scans in the folder that the current user has not yet viewed in the Tenable Vulnerability Management user interface. |
Action: List Scanners
This action retrieves the scanner list.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Integer | The Unix timestamp when the scanner was created. This attribute specifies the original creation date if the scanner was migrated. |
| String | The scanner operating system distribution. |
| Boolean | Indicates whether the scanner belongs to a scanner group ('true') or not ('false'). |
| String | The hostname of the scanner. |
| Integer | The unique ID of the scanner. |
| Array of Strings | A list of IP addresses associated with the scanner. |
| String | The linking key, that is, the alpha-numeric sequence of characters you use to link a scanner to Tenable Vulnerability Management. For more information about linking a scanner, see the Link a Sensor in the Tenable Vulnerability Management User Guide. |
| String | The Unix timestamp when any of the scanner's tasks have provided its last update. |
| Integer | The Unix timestamp when the scanner was last modified. |
| String | The version of the scanner. |
| String | The current plugin set on the scanner. |
| String | The registration code of the scanner. |
| Object | License object |
| Integer | Specifies whether you disabled (0) or enabled (1) the scanner. For more information, see the PUT /scanners/{scanner_id}/link endpoint. |
| String | The user-defined name of the scanner. |
| String | The name of the network object associated with the scanner. For more information about network objects, see Manage Networks. |
| Integer | The number of scans (tasks) the scanner is currently executing. |
| String | The owner of the scanner. |
| Integer | The ID of the owner of the scanner. |
| String | The username of the owner of the scanner. |
| String | The UUID of the owner of the scanner. |
| String | The platform of the scanner. |
| Boolean | Indicates whether the scanner is part of a scanner group ('true') or not ('false'). For more information about scanner groups, see the Scanner Groups endpoints. |
| Integer | The number of scans that the scanner is currently running. |
| Boolean | Indicates whether anyone other than the scanner owner has explicit access to the scanner (1). |
| String | Always set to service. |
| String | The status of the scanner (on or off). |
| Integer | Equivalent to the last_modification_date attribute. |
| String | The type of scanner (local, managed, managed_pvs, pool, remote, or webapp). |
| Integer | The backend build of Nessus that is running on the scanner. |
| String | The backend version of Nessus that is running on the scanner. |
| Integer | The permissions you (the current user) have been assigned for the scanner. See Permissions. |
| String | The UUID of the scanner. |
| String | The UUID of the Nessus installation on the scanner. |
| Boolean | Indicates if the scanner supports remote logging. |
| Boolean | Indicates if the scanner supports Tenable Web App Scanning. |
| Integer | Specifies how often, in minutes, the scanner checks in with Tenable Vulnerability Management (Amazon Web Services scanners only). |
Action: List Scan Timezones
This action retrieves the timezones list for creating a recurring scan.
Action Input Parameters
This action does not require any input parameter.
Action: List Target Groups
This action retrieves the current target groups.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Array of Objects | The Access Control Lists applicable to the group |
| String | The type of permission (default, user, group) |
| Integer | The unique ID of the user or group |
| String | The UUID of the owner of the object |
| String | The name of the user or group |
| String | The display-friendly name of the user or group |
| Int32 | The permission value to grant access as described in Permissions |
| Integer | The ID of the owner of the object |
| Integer | The unique ID of the group |
| Boolean | If true, this group is the default |
| String | The name of the group |
| String | The members of the group |
| String | The group type (user or system). Note that the system group type is deprecated. Tenable recommends that you create only user target groups |
| String | The name of the owner of the group. A user of nessus_ms_agent indicates it is a system target group |
| Integer | The unique ID of the owner of the group |
| Integer | The last modification date for the group in unixtime |
| Integer | The shared status of the group |
| Integer | The current user permissions for the group |
Action: List Assets With Vulnerability
This action retrieves a list of assets with vulnerabilities. The list is limited to 5,000. Use the Export Request API to retrieve more than 5,000 assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Date Range | Enter the number of days of data prior to and including today to return, defaults to none. Example: 24 | Integer | Optional | |
Filter Set | Enter the filter set to apply to the exported scan report. Example: $LIST[$JSON[{'filter':'severity', 'quality': 'eq', 'value': '4'}], $JSON[{'filter':'severity', 'quality': 'eq', 'value': '5'}]] | List | Optional | Default value: None |
Example Request
[
{
"date_range":24,
"filter_set":[
{
"filter":"Severity",
"Quality":"eq",
"value":4
},
{
"filter":"Severity",
"quality":"eq",
"value":5
}
]
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| String | The UUID of the asset |
| Array of Objects | A count of vulnerabilities by severity |
| Integer | The number of vulnerabilities with the specified severity |
| Integer | The code for the severity. Possible values include: 0, 1, 2, 3, 4 |
| String | The severity of the vulnerability as defined using the Common Vulnerability Scoring System (CVSS) base score. Possible values include info, low, medium, high, critical |
| Integer | The total number of vulnerabilities detected on the asset |
| Array of Strings | A list of fully-qualified domain names (FQDNs) for the asset |
| Array of Strings | A list of IPv4 addresses for the asset |
| Array of Strings | A list of IPv6 addresses for the asset |
| String | The ISO timestamp of the scan that most recently detected the asset |
| Array of Strings | The NetBIOS name for the asset |
| Array of Strings | The names of any Nessus agents that scanned and identified the asset |
Action: List Assets by VPR
This action retrieves a list of assets with a set VPR score. The list is limited to 5,000.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
VPR Score | Enter the vulnerability priority rating score. Example: 3.5 | Float | Optional | |
Date Range | Enter the number of days of data prior to and including today that should be returned. Example: 24 | Integer | Optional | Default value: None |
Example Request
[
{
"vpr_score": 3.5,
"date_range": 24
}
]Action: List Assets by Severity
This action retrieves a list of assets with a set VPR score. The list is limited to 5,000.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Severity | Enter the severity of the vulnerability if any present in the asset. Example: 4 | Integer | Optional | Allowed values:
|
Date Range | Enter the number of days of data prior to and including today that should be returned. Example: 24 | Integer | Optional | Default value: None |
Example Request
[
{
"severity": 4,
"date_range": 24
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Array of Objects | An array of asset objects |
| String | The UUID of the asset |
| Boolean | A value specifying whether a Nessus agent scan detected the asset (true) |
| String | The ISO timestamp of the scan that most recently detected the asset |
| String | The IPv4 address, IPv6 address, or FQDN that the scanner last used to evaluate the asset |
| Array of Objects | A list of sources for the asset record |
| String | The name of the entity that reported the asset details. Sources can include sensors, connectors, and API imports |
| String | The ISO timestamp when the source first reported the asset |
| String | The ISO timestamp when the source last reported the asset |
| Integer | The Asset Criticality Rating (ACR) for the asset |
| Array of Objects | The key drivers that Tenable uses to calculate an asset's Tenable-provided ACR |
| Integer | The Asset Exposure Score (AES) for the asset |
| Array of Objects | Information about how often scans ran against the asset during specified intervals |
| Boolean | Indicates whether the asset was licensed at the time of the identified scans |
| Array of Strings | A list of IPv4 addresses for the asset |
| Array of Strings | A list of IPv6 addresses for the asset |
| Array of Strings | A list of fully-qualified domain names (FQDNs) for the asset |
| Array of Strings | The NetBIOS name for the asset |
| Array of Strings | The operating system installed on the asset |
| Array of Strings | The names of any Nessus agents that scanned and identified the asset |
| Array of Strings | The name of the virtual machine instance in AWS EC2 |
| Array of Strings | A list of MAC addresses for the asset |
| Array of Strings | The unique identifier of the asset in HCL BigFix |
| Integer | The total count of returned assets |
Action: List Assets With Specific Vulnerability
This action retrieves a list of assets with a set plugin ID. The list is limited to 5,000.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Plugin ID | Enter the plugin ID that is assigned to a vulnerability. Example: 154783 | Integer | Optional | |
Date Range | Enter the number of days of data prior to and including today that should be returned. Example: 24 | Integer | Optional |
Example Request
[
{
"plugin_id": 154783,
"date_range": 24
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Array of JSON Objects | Returns the list of assets with vulnerabilities. |
| String | The UUID of the asset. Example: b822ac94-663b-4f85-bd8c-fd1310ccff44 |
| Array of Objects | A count of vulnerabilities by severity. |
| Integer | The number of vulnerabilities with the specified severity. |
| Integer | The code for the severity. Possible values include:
|
| String | The severity of the vulnerability as defined using the Common Vulnerability Scoring System (CVSS) base score. Possible values include info (CVSS score of 0), low (CVSS score between 0.1 and 3.9), medium (CVSS score between 4.0 and 6.9), high (CVSS score between 7.0 and 9.9), and critical (CVSS score of 10.0). |
| Integer | The total number of vulnerabilities detected on the asset. Example: 1 |
| Array of Strings | A list of fully qualified domain names (FQDNs) for the asset. Example: |
| Array of Strings | A list of IPv4 addresses for the asset. Example: 192.0.2.57 |
| Array of Strings | A list of IPv6 addresses for the asset. Example: 0000:0000:0000:0000:0000:ffff:c000:0239 |
| String | The ISO timestamp of the scan that most recently detected the asset. Example: 2018-12-31T17:28:28.000Z |
| Array of Strings | The NetBIOS name for the asset. Example: contoso |
| Array of Strings | The names of any Nessus agents that scanned and identified the asset. |
Action: Update Scan
This action updates a scan configuration.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
UUID | Enter the UUID for the tenable-provided scan template to use. Example: 9afd5e49-b4a8-4ab3-8c44-4ed329a505c44e51e1f403febe40 | Text | Required | You can retrieve this using the action Get Templates. |
Scan Name | Enter the name of the scan. Example: Log4j Scan | Text | Required | |
Enabled | Enter your preference to enable the schedule for the scan. Example: $JSON[Yes] | Boolean | Required | Allowed values:
Default value: False |
Extra Params | Enter the extra parameters as key values that can be added to the scan. The parameters will be updated to the settings of the payload to be sent. | Key Value | Optional |
Example Request
[
{
"uuid": "9afd5e49-b4a8-4ab3-8c44-4ed329a505c44e51e1f403febe40",
"scan_name": "Log4j Scan",
"enabled": False
}
]Action Response Parameters
Parameter | Field Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| String | The type of tag |
| String | The unique ID of your Tenable Vulnerability Management instance |
| String | The unique ID of the scan owner |
| String | The UUID of the schedule for the scan |
| String | The user-defined scan name |
| String | A brief user-defined description of the scan |
| Integer | The unique ID of the policy associated with the scan |
| String | The UUID of the scanner that the scan is configured to use, if the scan is not configured for scan routing |
| String | The UUID of the network object that Tenable Vulnerability Management associates with the scan results if the scan is configured for scan routing |
| String | A comma-separated list of accounts that receive the email summary report |
| String | A comma-separated list of mobile phone numbers that receive notification of the scan |
| Boolean | A value indicating whether the scan schedule is active (true) or inactive (false) |
| String | The name of the dashboard file associated with the scan |
| Integer | If 1, your vulnerability remediation actions on scan targets have been successful |
| Boolean | A value indicating whether the scan results appear in dashboards |
| String | Depends on the type of scan |
| String | Targets specified in the alt_targets parameter of the POST /scans/{scan_id}/launch request body used to run the scan |
| Array of Objects | For Nessus Agent scans, describes the scan triggers used when agent_scan_launch_type is set to triggered |
| String | The type of scan launch trigger (periodic or file-exists) |
| Object | Options object |
| String | Indicates the reporting mode for Nessus Agent scans |
| String | For Nessus Agent scans, indicates whether the info-level reporting setting (refresh_reporting_type) is set to scans or days |
| Integer | For Nessus Agent scans, indicates the interval value for info-level reporting |
| String | Indicates whether or not the next Nessus Agent scan is a baseline scan |
| String | For Nessus Agent scans, indicates whether the agent scan should use the scan window (scheduled) or rule-based (triggered) method for scan launches |
| String | For one-time scans, the starting time and date for the scan. For recurrent scans, the first date on which the scan schedule is active and the time that recurring scans launch based on the rrules parameter |
| String | The interval at which the scan repeats |
| String | The timezone of the scheduled start time for the scan |
| Array of Objects | A list of filters that Tenable Vulnerability Management applies to determine whether it sends a notification email on scan completion to the recipients specified in the emails attribute |
| String | The attribute value Tenable Vulnerability Management filters on |
| String | The operator Tenable Vulnerability Management applies to the filter value |
| String | The attribute name |
| Array of Strings | The list of asset tag identifiers the scan uses to determine which assets it evaluates |
| Boolean | If 1, the scan is shared with users other than the scan owner. The level of sharing is specified in the acls attribute of the scan details |
| Int32 | The sharing permissions for the scan |
| Int32 | The default permissions for the scan |
| String | The owner of the scan |
| Integer | The unique ID of the owner of the scan |
| Int32 | For newly-created scans, the date on which the scan configuration was created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was last modified. Instead, it represents the date on which the scan was last launched, in Unix time format. Tenable Vulnerability Management updates this attribute each time the scan launches |
| Int32 | For newly-created scans, the date on which the scan configuration was originally created. For scans that have been launched at least once, this attribute does not represent the date on which the scan configuration was originally created. Instead, it represents the date on which the scan was first launched, in Unix time format |
| String | The type of scan |
| Int32 | The unique ID of the scan |
Action: Generic Action
This is a generic action used to make requests to any Tenable.io endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to use while making the request. Example: GET | Text | Required | |
Endpoint | Enter the endpoint to make the request. Example: /api/v2/detections | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload for the request. | Any | Optional | |
Extra Fields | Enter any additional fields to pass to the API. | Key Value | Optional |