You are here: Analysis

/analysis

Methods

POST

Processes a query for analysis

Request Parameters

Note: If the parameter query['id'] is not specified, the query parameter will require a valid query, unless the type is "scLog". The format for the full query definition can be found in the Query section of the API.

Vuln Type

{

"type" : "vuln",

"query" : {

"id" <number> | (valid query)

},

"sortDir" : <string> "ASC" | "DESC" OPTIONAL

"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool. [Some restrictions apply.] Must accompany sortDir),

"sourceType" : <string> "individual" | "cumulative"

}

When the sourceType is "individual", a scanID must be provided in the root of the request object:

{

"type" : "vuln",

"query" : {

"id" <number> | (valid query)

},

"sortDir" : <string> "ASC" | "DESC" OPTIONAL

"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool. [Some restrictions apply.] Must accompany sortDir),

"sourceType" : "individual",

"scanID" : <number>

}

Event Type

{

"type" : "event",

"query" : {

"id" <number> | (valid query)

},

"sortDir" : <string> "ASC" | "DESC" OPTIONAL

"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool. [Some restrictions apply.] Must accompany sortDir),

"sourceType" : <string> "lce" | "archive"

}

When the sourceType is "archive", lceID and view must be provided in the root of the request object:

{

"type" : "event",

"query" : {

"id" <number> | (valid query)

},

"sortDir" : <string> "ASC" | "DESC" OPTIONAL

"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool. [Some restrictions apply.] Must accompany sortDir),

"sourceType" : "archive",

"lceID" : <number>,

"view" : <string> (silo id)

}

User Type

{

"type" : "user",

"query" : {

"id" <number> | (valid query)

}

}

SCLog Type

scLog has a unique query object with its own special filters.

{

"type" : "scLog",

"date" : scLog basename (eg. "201412") | "all",

"query": {

"startOffset" : <number>,

"endOffset" : <number>,

"filters" : [

{

"filterName" : "keywords",

"operator" : "=",

"value" : <string>

},

{

"filterName" : "severity",

"value" : {

"id" : <number> [0-2],

"operator" : "=",

"name":"INFO|WARNING|CRITICAL"

}

},

{

"filtername" : "initiator",

"operator" : "=",

"value" : {

"id" : <number>,

"username" : <string>

}

},

{

"filterName" : "module",

"operator" : "=",

"value" : <string> (eg. "auth")

},

{

"filterName" : "organization",

"value" : {

"id" : <number>

}

}

]

}

}

scLog basenames can be retrieved from the system::GET call, but only for a logged in user.

Mobile Type

{

"type" : "vuln" | "event" | "mobile" | "user" | "scLog",

"query" : {

"id" <number> | (valid query)

},

"sortDir" : <string> "ASC" | "DESC" OPTIONAL,

"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool. [Some restrictions apply.] Must accompany sortDir),

"startOffset" : <number>,

"endOffset" : <number>

}

Example Response

{

"type" : "regular",

"response" : {

"totalRecords" : "0",

"returnedRecords" : 0,

"startOffset" : "-1",

"endOffset" : "-1",

"matchingDataElementCount" : "0:0:0:0:0:0:0:0",

"results" : []

},

"error_code" : 0,

"error_msg" : "",

"warnings" : [],

"timestamp" : 1409930135

}

Copyright © 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.