Tenable Security Center API: Hosts

/hosts

Methods
GET

Gets the list of Hosts identified from all scan results that are on Tenable Security Center.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

The limit parameter should be an integer greater than 0

    ?limit=<number>,...

The startOffset parameter should an integer greater than 0

    ?startOffset=<number>,...

The endOffset parameter should an integer greater than 0

    ?endOffset=<number>,...

The pagination parameter should a boolean

    ?pagination=<boolean>,..

Allowed Fields

**id
**uuid
*tenableUUID
*name
*ipAddress
*os
*firstSeen
*lastSeen
macAddress
source
repID
netBios
netBiosWorkgroup
createdTime
modifiedTime
acr
aes

Legend

* = always comes back
** = comes back if fields list not specified on GET all
red = field is a JSON object e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Example Response
Expand 
{
    "type": "regular",
    "response": [
        {
            "id": "154",
            "uuid": "68262460-941b-4762-906e-47298f79911e",
            "tenableUUID": "58bd0909-f66d-4248-8c20-2501b208bb65",
            "name": "Aerified",
            "ipAddress": "201.22.196.102",
            "os": "Linux",
            "firstSeen": "1770798",
            "lastSeen": "1685038",
        },
        {
            "id": "47",
            "uuid": "e9344880-c32f-458c-b78e-211ce81d10cb",
            "tenableUUID": "dce3a590-70f0-4530-9843-5d3c83666f75",
            "name": "Windows 10",
            "ipAddress": "90.248.112.168",
            "os": "Windows 10",
            "firstSeen": "1755893",
            "lastSeen": "1221376",
        }
    ],
    "error_code": 0,
    "error_msg": "",
    "warnings": [],
    "timestamp": 1626889388
}

/hosts/{uuid}/acr

Methods
PATCH

Override the Asset Criticality Rating score and reasons for the specified Host.

Request Body Parameter
Expand 
{
  "overwrittenScore": <int> 4,
  "reasoning": [
    {
      "id": <int> 1-6,
      "label" <string> "Why score was changed"
    }
  ],
  "notes": <string> "Some details on the score change",
  "overwritten": <string> "true" | "false"
}
Example Response
Expand 
{
    "type": "regular",
    "response":{
        "id": "95",
        "uuid": "c2953a1a-c19c-4128-b518-8b0ccc33cb3d",
        "tenableUUID": null,
        "name": "172.26.48.1",
        "ipAddress": "172.26.48.1",
        "os": null,
        "firstSeen": "1632765212",
        "lastSeen": "1632765212",
        "dns": null,
        "fqdnIndex": "0",
        "netBios": null,
        "netBiosWorkgroup": null,
        "macAddress": null,
        "systemType": "general-purpose",
        "createdTime": "1632765212",
        "modifiedTime": "1632765212",
        "source": [
            {
                "type": "Nessus Scan"            }
        ],
        "repository": {
            "id": "1",
            "name": "Repo",
            "description": ""        },
        "acr": {
            "hostUUID": "c2953a1a-c19c-4128-b518-8b0ccc33cb3d",
            "score": "9.0",
            "overwritten": "true",
            "notes": "We changed this because....",
            "overwrittenScore": "10.0",
            "lastEditedUserID": "1",
            "lastEditedOrgID": "1",
            "lastEvaluatedTime": "1",
            "internetExposure": null,
            "capability": null,
            "reasoning": [
                {
                    "id": "4"                }
            ],
            "user": {
                "id": "1",
                "username": "qahead",
                "firstname": "",
                "lastname": "",
                "email": ""            }
        }
    },
    "error_code": 0,
    "error_msg": "",
    "warnings": [],
    "timestamp": 1632923227
}

/hosts/search

Methods
POST

Gets the Asset Criticality Rating score and reasons for the specified Host.

Fields Parameter
Expand

Search the list of Hosts identified from all scan results that are on T.sc.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

The limit parameter should be an integer greater than 0

    ?limit=<number>,...

The startOffset parameter should be an integer greater than 0

    ?startOffset=<number>,...

The endOffset parameter should be  an integer greater than 0

    ?endOffset=<number>,...

The pagination parameter should a boolean

    ?pagination=<boolean>,...

Allowed Fields

**id
**uuid
*tenableUUID
*name
*ipAddress
*os
*firstSeen
*lastSeen
macAddress
source
repID
netBios
netBiosWorkgroup
createdTime
modifiedTime
acr
aes

Legend

* = always comes back
** = comes back if fields list not specified on GET all
red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Example Request
Expand 
{
  "filters": {
    "and": [
      {
        "property": "systemType",
        "operator": "eq",
        "value": "general_purpose,general-purpose"
      },
      {
        "property": "ip",
        "operator": "eq",
        "value": "172.26.48.0-172.26.48.100"
      },
      {
        "property": "repositoryAll",
        "operator": "eq",
        "value": "2,1"
      },
      {
        "property": "assetCriticalityRating",
        "operator": "eq",
        "value": "1-5"
      },
      {
        "property": "assetExposureScore",
        "operator": "eq",
        "value": "100-1000"
      },
      {
        "property": "sourceType",
        "operator": "eq",
        "value": "'Nessus Scan','Agent Scan'"
      },
      {
        "property": "hostid",
        "operator": "eq",
        "value": "74d580c7-4da4-427f-9282-591d99d3ba25,60847aad-f0b1-426c-8bf0-1e8d92da85c4"
      }
    ]
  }
}
Example Response
Expand 


{
  "type": "regular",
  "response": {
    "totalRecords": "1",
    "returnedRecords": 1,
    "startOffset": "0",
    "endOffset": "50",
    "results": [
      {
        "name": "SHAREPOINT2016",
        "ipAddress": "172.xx.xx.xx",
        "os": "Microsoft Windows 10",
        "macAddress": null,
        "firstSeen": "1655319261",
        "lastSeen": "1655319261",
        "netBios": "SHAREPOINT2016",
        "dns": "sharepoint2016.target.com",
        "id": "7",
        "uuid": "xxxx-xxxx-xxxx-xxxx-xxxx",
        "source": [
          {
            "type": "Nessus Scan"
          }
        ],
        "repository": {
          "id": "1",
          "name": "Repo",
          "description": "",
          "dataFormat": "IPv4",
          "type": "Local"
        },
        "acr": {
          "score": "4",
          "overwritten": "false",
          "notes": null,
          "overwrittenScore": "-1",
          "lastEditedUserID": null,
          "lastEditedOrgID": null,
          "lastEvaluatedTime": "1655319340",
          "internetExposure": "internal",
          "capability": "",
          "deviceType": "general_purpose",
          "reasoning": [],
          "keyDrivers": {
            "internet exposure": "internal",
            "device capability": "",
            "device type": "general_purpose"
          }
        },
        "aes": {
          "score": "496"
        },
        "systemType": "general_purpose"
      }
    ]
  },
  "error_code": 0,
  "error_msg": "",
  "warnings": [],
  "timestamp": 1655385966
}

/hosts/download

Methods
POST

Export the Host Assets data to a CSV file format.

Fields Parameter
Expand

Search the list of Hosts identified from all scan results that are on T.sc.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

The sortField parameter should be a string

    ?sortField=<field>

The sortDirection parameter should be either ASC or DESC

	?sortDirection=<string>

The startOffset parameter should be an integer greater than 0

    ?startOffset=<number>,...

The endOffset parameter should be  an integer greater than 0

    ?endOffset=<number>,...

Allowed Fields

*id
**uuid
**ipAddress
**os
**name
**lastSeen
**source
**netBios
**dns
**acr
**aes
**repository
**systemType

Legend

* = always comes back
** = comes back if fields list not specified
green = The uuid field will be renamed to "assetID" in the CSV header

Filter Parameter
Expand

Filter parameters should be posted via the request payload.

Value field for assetCriticalityRating and assetExposureScore should be a range of unsigned integers separated by a "-". Example: "1-10"

Filter Parameter
Expand 
{
  "filters": {
    "and": [
      {
        "property": <string> "systemType" | "assetCriticalityRating" | "assetExposureScore",
        "operator": <string> "eq",
        "value": <string> "systemTypeId" | "<uint>-<uint>"
      }
    ]
  }
}
Example Response (text/csv)
Expand 


"name","ipAddress","os","macAddress","firstSeen","lastSeen","netBios","dns","id","source","repository","acr","aes","systemType","assetID"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"
"ABCD-EFGH","0.0.0.0","Linux Kernel 123","a:b:c:d:e","1234567890","1234567890","ABCD-EFGH","abdc-efgh.hijk-lmnop.com","1234","Nessus Scan","ipv4","10","300","","abcd-efgh-ijkl-mnop-qrst-uvwx-yz"