Tenable Security Center API: Plugin Family

/pluginFamily

Methods
GET

Gets the list of Plugin Families

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
type
count*

Legend

* = always comes back
** = comes back if fields list not specified on GET all
* = The field "count" signifies how many plugins in the family match the filter (if provided), not how many plugins are in the family. To get the total count of plugins in a family, do not provide any filters.

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /plugin?filterField=id&op=eq&value=1&...

NOTE #1: The parameters below are plugin filter parameters that are applied to get a list of families that contain plugins matching the defined filters.

NOTE #2: parameter "since" refers to plugins that have been modified since a given date.

NOTE #3: The <string> portion of the "xrefs:<string>" parameter is associated with a valid Xref field type. Valid Xref types at the time of this documentation are:

 "ALAS" | "APPLE-SA" | "AUSCERT" | "BID" | "CERT" | "CERT-CC" | "CERT-FI" | "CERTA" | "CISCO-BUG-ID" | "CISCO-SA" | "CISCO-SR" | "CLSA" | "CONECTIVA" | "CVE" | "CWE" | "DSA" | "EDB-ID" | "FEDORA" | "FLSA" | "FreeBSD" | "GLSA" | "HP" | "HPSB" | "IAVA" | "IAVB" | "IAVT" | "ICS-ALERT" | "ICSA" | "MDKSA" | "MDVSA" | "MGASA" | "MSFT" | "MSVR" | "NSFOCUS" | "NessusID" | "OSVDB" | "OWASP" | "OpenPKG-SA" | "RHSA" | "SSA" | "Secunia" | "SuSE" | "TLSA" | "TSLSA" | "USN" | "VMSA" | "zone-h"

1
2
3
4
5
6
7
8
{
    "filterField" : <string>  "copyright" | "description" | "exploitAvailable" | "family" | "id" | "name" | "patchPubDate" | "patchModDate" | "pluginPubDate" | "pluginModDate" | "sourceFile" | "type" | "version" | "vulnPubDate" | "xrefs" | "xrefs:<string>" (see Note #3 above) OPTIONAL,
    "sortDirection" : <string> "ASC" | "DESC" DEFAULT "DESC",
    "sortField" : <string> "modifiedTime" | "id" | "name" | "family" | "type" DEFAULT "modifiedTime",
    "type" : <string> "active" | "all" | "compliance" | "custom" | "lce" | "notPassive" | "passive" DEFAULT "all",
    "since" : <number> (Epoch Seconds) DEFAULT 0,
    ...
}

filterField is specified and filterField is not "type"

1
2
3
4
5
{
    ...
    "op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
    "value" : <string>    ...
}

filterField is "type"

1
2
3
4
5
{
    ...
    "op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
    "value" : <string> "active" | "passive" | "lce" | "compliance" | "custom" ...
}
Filter Parameters

active - Only active Plugin Families will be returned. By default, both active and passive Plugin Families are returned.
passive - Only passive Plugin Families will be returned. By default, both active and passive Plugin Families are returned.

Example Response
Expand
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
{
    "type" : "regular",
    "response" : [
        {
            "id" : "9",
            "name" : "AIX Local Security Checks"        },
        {
            "id" : "1000022",
            "name" : "Abuse"        },
        {
            "id" : "54",
            "name" : "Amazon Linux Local Security Checks"       },
        {
            "id" : "35",
            "name" : "Backdoors"        },
        {
            "id" : "1000001",
            "name" : "Backdoors"        },
        {
            "id" : "49",
            "name" : "Brute force attacks"      },
        {
            "id" : "1000002",
            "name" : "CGI"      },
        {
            "id" : "6",
            "name" : "CGI abuses"       },
        {
            "id" : "26",
            "name" : "CGI abuses  :  XSS"       },
        {
            "id" : "33",
            "name" : "CISCO"        },
        {
            "id" : "18",
            "name" : "CentOS Local Security Checks"     },
        {
            "id" : "1000031",
            "name" : "Cloud Services"       },
        {
            "id" : "37",
            "name" : "DNS"      },
        {
            "id" : "1000004",
            "name" : "DNS Servers"      },
        {
            "id" : "1000024",
            "name" : "Data Leakage"     },
        {
            "id" : "1000003",
            "name" : "Database"     },
        {
            "id" : "31",
            "name" : "Databases"        },
        {
            "id" : "3",
            "name" : "Debian Local Security Checks"     },
        {
            "id" : "25",
            "name" : "Default Unix Accounts"        },
        {
            "id" : "22",
            "name" : "Denial of Service"        },
        {
            "id" : "19",
            "name" : "FTP"      },
        {
            "id" : "1000027",
            "name" : "FTP Clients"      },
        {
            "id" : "1000006",
            "name" : "FTP Servers"      },
        {
            "id" : "5",
            "name" : "Fedora Local Security Checks"     },
        {
            "id" : "1000005",
            "name" : "Finger"       },
        {
            "id" : "44",
            "name" : "Finger abuses"        },
        {
            "id" : "34",
            "name" : "Firewalls"        },
        {
            "id" : "13",
            "name" : "FreeBSD Local Security Checks"        },
        {
            "id" : "40",
            "name" : "Gain a shell remotely"        },
        {
            "id" : "27",
            "name" : "Gain root remotely"       },
        {
            "id" : "30",
            "name" : "General"      },
        {
            "id" : "1000007",
            "name" : "Generic"      },
        {
            "id" : "7",
            "name" : "Gentoo Local Security Checks"     },
        {
            "id" : "2",
            "name" : "HP-UX Local Security Checks"      },
        {
            "id" : "1000008",
            "name" : "IMAP Servers"     },
        {
            "id" : "1000010",
            "name" : "IRC Clients"      },
        {
            "id" : "1000026",
            "name" : "IRC Servers"      },
        {
            "id" : "1000009",
            "name" : "Internet Messengers"      },
        {
            "id" : "1000028",
            "name" : "Internet Services"        },
        {
            "id" : "50",
            "name" : "Junos Local Security Checks"      },
        {
            "id" : "21",
            "name" : "MacOS X Local Security Checks"        },
        {
            "id" : "1000030",
            "name" : "Malware"      },
        {
            "id" : "16",
            "name" : "Mandrake Local Security Checks"       },
        {
            "id" : "47",
            "name" : "Mandriva Local Security Checks"       },
        {
            "id" : "23",
            "name" : "Misc."        },
        {
            "id" : "52",
            "name" : "Mobile Devices"       },
        {
            "id" : "1000029",
            "name" : "Mobile Devices"       },
        {
            "id" : "0",
            "name" : "N\/A"     },
        {
            "id" : "46",
            "name" : "NIS"      },
        {
            "id" : "43",
            "name" : "Netware"      },
        {
            "id" : "1000011",
            "name" : "Operating System Detection"       },
        {
            "id" : "53",
            "name" : "Oracle Linux Local Security Checks"       },
        {
            "id" : "1000013",
            "name" : "POP Server"       },
        {
            "id" : "55",
            "name" : "Palo Alto Local Security Checks"      },
        {
            "id" : "32",
            "name" : "Peer-To-Peer File Sharing"        },
        {
            "id" : "1000012",
            "name" : "Peer-To-Peer File Sharing"        },
        {
            "id" : "1000023",
            "name" : "Policy"       },
        {
            "id" : "39",
            "name" : "Policy Compliance"        },
        {
            "id" : "42",
            "name" : "Port scanners"        },
        {
            "id" : "28",
            "name" : "RPC"      },
        {
            "id" : "1000014",
            "name" : "RPC"      },
        {
            "id" : "1",
            "name" : "Red Hat Local Security Checks"        },
        {
            "id" : "17",
            "name" : "Remote file access"       },
        {
            "id" : "36",
            "name" : "SCADA"        },
        {
            "id" : "1000025",
            "name" : "SCADA"        },
        {
            "id" : "1000016",
            "name" : "SMTP Clients"     },
        {
            "id" : "1000017",
            "name" : "SMTP Servers"     },
        {
            "id" : "12",
            "name" : "SMTP problems"        },
        {
            "id" : "45",
            "name" : "SNMP"     },
        {
            "id" : "1000018",
            "name" : "SNMP Traps"       },
        {
            "id" : "1000019",
            "name" : "SSH"      },
        {
            "id" : "1000015",
            "name" : "Samba"        },
        {
            "id" : "51",
            "name" : "Scientific Linux Local Security Checks"       },
        {
            "id" : "24",
            "name" : "Service detection"        },
        {
            "id" : "41",
            "name" : "Settings"     },
        {
            "id" : "15",
            "name" : "Slackware Local Security Checks"      },
        {
            "id" : "4",
            "name" : "Solaris Local Security Checks"        },
        {
            "id" : "8",
            "name" : "SuSE Local Security Checks"       },
        {
            "id" : "14",
            "name" : "Ubuntu Local Security Checks"     },
        {
            "id" : "38",
            "name" : "Useless services"     },
        {
            "id" : "48",
            "name" : "VMware ESX Local Security Checks"     },
        {
            "id" : "1000020",
            "name" : "Web Clients"      },
        {
            "id" : "11",
            "name" : "Web Servers"      },
        {
            "id" : "1000021",
            "name" : "Web Servers"      },
        {
            "id" : "20",
            "name" : "Windows"      },
        {
            "id" : "10",
            "name" : "Windows  :  Microsoft Bulletins"      },
        {
            "id" : "29",
            "name" : "Windows  :  User management"      }
    ],
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1408728112
}

/pluginFamily/{id}

Methods
GET

Gets the Plugin Family associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
type
count
plugins

Legend

* = always comes back
** = comes back if fields list not specified on GET all

red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Request Parameters

None

Example Response
Expand
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
    "type" : "regular",
    "response" : {
        "id" : "1000030",
        "name" : "Malware",
        "type" : "passive",
        "plugins" : [],
        "count" : 0
    },
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1408728549
}

/pluginFamily/{id}/plugins::GET

Methods
GET

Gets the Plugins associated with Family {id} matching the filters, if provided.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

*id
**name
**description
family
type
copyright
version
sourceFile
source
dependencies
requiredPorts
requiredUDPPorts
cpe
srcPort
dstPort
protocol
riskFactor
solution
seeAlso
synopsis
checkType
exploitEase
exploitAvailable
exploitFrameworks
cvssVector
cvssVectorBF
baseScore
temporalScore
cvssV3Vector
cvssV3VectorBF
cvssV3BaseScore
cvssV3TemporalScore
vprScore
vprContext
stigSeverity
pluginPubDate
pluginModDate
patchPubDate
patchModDate
vulnPubDate
modifiedTime
md5
xrefs

Legend

* = always comes back

** = comes back if fields list not specified on GET all

red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /plugin?filterField=id&op=eq&value=1&...

NOTE #1: parameter "since" refers to plugins that have been modified since a given date.

NOTE #2: The <string> portion of the "xrefs:<string>" parameter is associated with a valid Xref field type. Valid Xref types at the time of this documentation are:

 "ALAS" | "APPLE-SA" | "AUSCERT" | "BID" | "CERT" | "CERT-CC" | "CERT-FI" | "CERTA" | "CISCO-BUG-ID" | "CISCO-SA" | "CISCO-SR" | "CLSA" | "CONECTIVA" | "CVE" | "CWE" | "DSA" | "EDB-ID" | "FEDORA" | "FLSA" | "FreeBSD" | "GLSA" | "HP" | "HPSB" | "IAVA" | "IAVB" | "IAVT" | "ICS-ALERT" | "ICSA" | "MDKSA" | "MDVSA" | "MGASA" | "MSFT" | "MSVR" | "NSFOCUS" | "NessusID" | "OSVDB" | "OWASP" | "OpenPKG-SA" | "RHSA" | "SSA" | "Secunia" | "SuSE" | "TLSA" | "TSLSA" | "USN" | "VMSA" | "zone-h"

1
2
3
4
5
6
7
8
9
10
{
    "filterField" : <string>  "copyright" | "description" | "exploitAvailable" | "family" | "id" | "name" | "patchPubDate" | "patchModDate" | "pluginPubDate" | "pluginModDate" | "sourceFile" | "type" | "version" | "vulnPubDate" | "xrefs" | "xrefs:<string>" (see Note #2 above) OPTIONAL,
    "sortDirection" : <string> "ASC" | "DESC" DEFAULT "DESC",
    "sortField" : <string> "modifiedTime" | "id" | "name" | "family" | "type" DEFAULT "modifiedTime",
    "type" : <string> "active" | "all" | "compliance" | "custom" | "lce" | "notPassive" | "passive" DEFAULT "all",
    "startOffset" : <number> (positive integer) DEFAULT 0,
    "endOffset" : <number> (integer >= startOffset) DEFAULT 50,
    "since" : <number> (Epoch Seconds) DEFAULT 0,
    ...
}

filterField is specified and filterField is not "type"

1
2
3
4
5
{
    ...
    "op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
    "value" : <string>    ...
}

filterField is "type"

1
2
3
4
5
{
    ...
    "op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
    "value" : <string> "active" | "passive" | "lce" | "compliance" | "custom" ...
}
Example Response
Expand
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
{
    "type" : "regular",
    "response" : [
        {
            "id" : "27063",
            "name" : "HP-UX PHSS_36869 : HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
            "description" : "s700_800 11.11 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."     },
        {
            "id" : "27064",
            "name" : "HP-UX PHSS_36870 : HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
            "description" : "s700_800 11.23 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."     },
        {
            "id" : "27065",
            "name" : "HP-UX PHSS_36871  :  HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
            "description" : "s700_800 11.31 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."     }
    ],
    "error_code" : 0,"error_msg" : "",
    "warnings" : [],
    "timestamp" : 1411997624
}