/hosts
Methods
Gets the list of Hosts identified from all scan results that are on T.sc.
Fields Parameter
ExpandThe fields parameter should be specified along the query string, and it takes the syntax
?fields=<field>,...
The limit parameter should be an integer greater than 0
?limit=<number>,...
The startOffset parameter should an integer greater than 0
?startOffset=<number>,...
The endOffset parameter should an integer greater than 0
?endOffset=<number>,...
The pagination parameter should a boolean
?pagination=<boolean>,..
Allowed Fields
**id
**uuid
*tenableUUID
*name
*ipAddress
*os
*firstSeen
*lastSeen
macAddress
source
repID
netBios
netBiosWorkgroup
createdTime
modifiedTime
acr
aes
Legend
* = always comes back
** = comes back if fields list not specified on GET all
red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )
Example Response
Expand{
"type": "regular",
"response": [
{
"id": "154",
"uuid": "68262460-941b-4762-906e-47298f79911e",
"tenableUUID": "58bd0909-f66d-4248-8c20-2501b208bb65",
"name": "Aerified",
"ipAddress": "201.22.196.102",
"os": "Linux",
"firstSeen": "1770798",
"lastSeen": "1685038",
},
{
"id": "47",
"uuid": "e9344880-c32f-458c-b78e-211ce81d10cb",
"tenableUUID": "dce3a590-70f0-4530-9843-5d3c83666f75",
"name": "Windows 10",
"ipAddress": "90.248.112.168",
"os": "Windows 10",
"firstSeen": "1755893",
"lastSeen": "1221376",
}
],
"error_code": 0,
"error_msg": "",
"warnings": [],
"timestamp": 1626889388
}
/hosts/uuid
Methods
Gets the details of Host with the requested uuid.
Fields Parameter
ExpandAllowed Fields
*id
*uuid
*tenableUUID
*name
*ipAddress
*os
*firstSeen
*lastSeen
*macAddress
*source
*repID
*netBios
*netBiosWorkgroup
*createdTime
*modifiedTime
*acr
*aes
*ips
*names
*macs
*segments
*tags
Legend
* = always comes back
red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )
Example Response
Expand{
"type": "regular",
"response": {
"id": "47",
"uuid": "e9344880-c32f-458c-b78e-211ce81d10cb",
"tenableUUID": "dce3a590-70f0-4530-9843-5d3c83666f75",
"name": "Windows 10",
"ipAddress": "90.248.112.168",
"os": "Windows 10",
"firstSeen": "1755893",
"lastSeen": "1221376",
"ips": ["90.248.112.168", "90.248.112.169", "90.248.112.170" ],
"names": ["Windows 10", "Windows 10 custom name"],
"macs": ["a:b:c:d:e", "a:b:c:d:f"],
"segments": ["segment1", "segment2"],
"tags": [
{ "tagName": "tag1", "tagValue": "tagval", "tagType": "", "tagLabel": "" },
{ "tagName": "tag2", "tagValue": "tagval2", "tagType": "text", "tagLabel": "customlabel" },
]
},
"error_code": 0,
"error_msg": "",
"warnings": [],
"timestamp": 1626889388
}
/hosts/{uuid}/acr
Methods
Override the Asset Criticality Rating score and reasons for the specified Host.
Request Body Parameter
Expand{
"overwrittenScore": <int> 4,
"reasoning": [
{
"id": <int> 1-6,
"label" <string> "Why score was changed"
}
],
"notes": <string> "Some details on the score change",
"overwritten": <string> "true" | "false"
}Example Response
Expand{
"type": "regular",
"response":{
"id": "95",
"uuid": "c2953a1a-c19c-4128-b518-8b0ccc33cb3d",
"tenableUUID": null,
"name": "172.26.48.1",
"ipAddress": "172.26.48.1",
"os": null,
"firstSeen": "1632765212",
"lastSeen": "1632765212",
"dns": null,
"fqdnIndex": "0",
"netBios": null,
"netBiosWorkgroup": null,
"macAddress": null,
"systemType": "general-purpose",
"createdTime": "1632765212",
"modifiedTime": "1632765212",
"source": [
{
"type": "Nessus Scan"
}
],
"repository": {
"id": "1",
"name": "Repo",
"description": ""
},
"acr": {
"hostUUID": "c2953a1a-c19c-4128-b518-8b0ccc33cb3d",
"score": "9.0",
"overwritten": "true",
"notes": "We changed this because....",
"overwrittenScore": "10.0",
"lastEditedUserID": "1",
"lastEditedOrgID": "1",
"lastEvaluatedTime": "1",
"internetExposure": null,
"capability": null,
"reasoning": [
{
"id": "4"
}
],
"user": {
"id": "1",
"username": "qahead",
"firstname": "",
"lastname": "",
"email": ""
}
}
},
"error_code": 0,
"error_msg": "",
"warnings": [],
"timestamp": 1632923227
}
/hosts/search
Methods
Gets the Asset Criticality Rating score and reasons for the specified Host.
Fields Parameter
ExpandSearch the list of Hosts identified from all scan results that are on T.sc.
Fields Parameter
ExpandThe fields parameter should be specified along the query string, and it takes the syntax
?fields=<field>,...
The limit parameter should be an integer greater than 0
?limit=<number>,...
The startOffset parameter should be an integer greater than 0
?startOffset=<number>,...
The endOffset parameter should be an integer greater than 0
?endOffset=<number>,...
The pagination parameter should a boolean
?pagination=<boolean>,...
Allowed Fields
**id
**uuid
*tenableUUID
*name
*ipAddress
*os
*firstSeen
*lastSeen
macAddress
source
repID
netBios
netBiosWorkgroup
createdTime
modifiedTime
acr
aes
Legend
* = always comes back
** = comes back if fields list not specified on GET all
red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )
Example Request
Expand{
"filters": {
"and": [
{
"property": "systemType",
"operator": "eq",
"value": "general_purpose,general-purpose"
},
{
"property": "ip",
"operator": "eq",
"value": "172.26.48.0-172.26.48.100"
},
{
"property": "repositoryAll",
"operator": "eq",
"value": "2,1"
},
{
"property": "assetCriticalityRating",
"operator": "eq",
"value": "1-5"
},
{
"property": "assetExposureScore",
"operator": "eq",
"value": "100-1000"
},
{
"property": "sourceType",
"operator": "eq",
"value": "'Nessus Scan','Agent Scan'"
},
{
"property": "hostid",
"operator": "eq",
"value": "74d580c7-4da4-427f-9282-591d99d3ba25,60847aad-f0b1-426c-8bf0-1e8d92da85c4"
}
]
}
}Example Response
Expand{
"type": "regular",
"response": {
"totalRecords": "1",
"returnedRecords": 1,
"startOffset": "0",
"endOffset": "50",
"results": [
{
"name": "SHAREPOINT2016",
"ipAddress": "172.xx.xx.xx",
"os": "Microsoft Windows 10",
"macAddress": null,
"firstSeen": "1655319261",
"lastSeen": "1655319261",
"netBios": "SHAREPOINT2016",
"dns": "sharepoint2016.target.com",
"id": "7",
"uuid": "xxxx-xxxx-xxxx-xxxx-xxxx",
"source": [
{
"type": "Nessus Scan"
}
],
"repository": {
"id": "1",
"name": "Repo",
"description": "",
"dataFormat": "IPv4",
"type": "Local"
},
"acr": {
"score": "4",
"overwritten": "false",
"notes": null,
"overwrittenScore": "-1",
"lastEditedUserID": null,
"lastEditedOrgID": null,
"lastEvaluatedTime": "1655319340",
"internetExposure": "internal",
"capability": "",
"deviceType": "general_purpose",
"reasoning": [],
"keyDrivers": {
"internet exposure": "internal",
"device capability": "",
"device type": "general_purpose"
}
},
"aes": {
"score": "496"
},
"systemType": "general_purpose"
}
]
},
"error_code": 0,
"error_msg": "",
"warnings": [],
"timestamp": 1655385966
}
/hosts/download
Methods
Export the Host Assets data to a CSV file format.
Fields Parameter
ExpandSearch the list of Hosts identified from all scan results that are on T.sc.
Fields Parameter
ExpandThe fields parameter should be specified along the query string, and it takes the syntax
?fields=<field>,...
The sortField parameter should be a string
?sortField=<field>
The sortDirection parameter should be either ASC or DESC
?sortDirection=<string>
The startOffset parameter should be an integer greater than 0
?startOffset=<number>,...
The endOffset parameter should be an integer greater than 0
?endOffset=<number>,...
Allowed Fields
*id
**uuid
**ipAddress
**os
**name
**lastSeen
**source
**netBios
**dns
**acr
**aes
**repository
**systemType
***ips
***names
***segments
***macs
***tags
Legend
* = always comes back
** = comes back if fields list not specified
*** = comes back if fields list not specified and if atleast one of the hosts is an OT asset based on the filters applied
green = The uuid field will be renamed to "assetID" in the CSV header
Filter Parameter
ExpandFilter parameters should be posted via the request payload.
Value field for assetCriticalityRating and assetExposureScore should be a range of unsigned integers separated by a "-". Example: "1-10"
Filter Parameter
Expand{
"filters": {
"and": [
{
"property": <string> "systemType" | "assetCriticalityRating" | "assetExposureScore",
"operator": <string> "eq",
"value": <string> "systemTypeId" | "<uint>-<uint>"
}
]
}
}Example Response (text/csv)
Expand"name","ipAddress","os","macAddress","firstSeen","lastSeen","netBios","dns","id","source","repository","acr","aes","systemType","assetID"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"Example Response with atleast one OT asset (text/csv)
Expand"name","ipAddress","os","macAddress","firstSeen","lastSeen","netBios","dns","id","source","repository","acr","aes","systemType","assetID","ips","macs","names","segments","tag1","tag2","tag3"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz","0.0.0.0,1.0.0.1,2.0.0.2","a:b:c:d:e,a:b:c:d:f,a:b:c:d:g","name1,name2,name3","segment1,segment2,segment3","tagvalue1","tagvalue2","tagvalue3"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz","","","","","","",""
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz","0.0.0.0,1.0.0.1,2.0.0.2","a:b:c:d:e,a:b:c:d:f,a:b:c:d:g","name1,name2,name3","segment1,segment2,segment3","tagvalue1","tagvalue2","tagvalue3"