Tenable Security Center API: Plugin Family

 

/pluginFamily

Methods
GET

Gets the list of Plugin Families

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
type
count*

Legend

* = always comes back

** = comes back if fields list not specified on GET all
* = The field "count" signifies how many plugins in the family match the filter (if provided), not how many plugins are in the family. To get the total count of plugins in a family, do not provide any filters.

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /plugin?filterField=id&op=eq&value=1&...

NOTE #1: The parameters below are plugin filter parameters that are applied to get a list of families that contain plugins matching the defined filters.

NOTE #2: parameter "since" refers to plugins that have been modified since a given date.

NOTE #3: The <string> portion of the "xrefs:<string>" parameter is associated with a valid Xref field type. Valid Xref types at the time of this documentation are:

 "ALAS" | "APPLE-SA" | "AUSCERT" | "BID" | "CERT" | "CERT-CC" | "CERT-FI" | "CERTA" | "CISCO-BUG-ID" | "CISCO-SA" | "CISCO-SR" | "CLSA" | "CONECTIVA" | "CVE" | "CWE" | "DSA" | "EDB-ID" | "FEDORA" | "FLSA" | "FreeBSD" | "GLSA" | "HP" | "HPSB" | "IAVA" | "IAVB" | "IAVT" | "ICS-ALERT" | "ICSA" | "MDKSA" | "MDVSA" | "MGASA" | "MSFT" | "MSVR" | "NSFOCUS" | "NessusID" | "OSVDB" | "OWASP" | "OpenPKG-SA" | "RHSA" | "SSA" | "Secunia" | "SuSE" | "TLSA" | "TSLSA" | "USN" | "VMSA" | "zone-h"

{
	"filterField" : <string>  "copyright" | "description" | "exploitAvailable" | "family" | "id" | "name" | "patchPubDate" | "patchModDate" | "pluginPubDate" | "pluginModDate" | "sourceFile" | "type" | "version" | "vulnPubDate" | "xrefs" | "xrefs:<string>" (see Note #3 above) OPTIONAL,
	"sortDirection" : <string> "ASC" | "DESC" DEFAULT "DESC",
	"sortField" : <string> "modifiedTime" | "id" | "name" | "family" | "type" DEFAULT "modifiedTime",
	"type" : <string> "active" | "all" | "compliance" | "custom" | "lce" | "notPassive" | "passive" DEFAULT "all",
	"since" : <number> (Epoch Seconds) DEFAULT 0,
	...
}

filterField is specified and filterField is not "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string>
	...
}

filterField is "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string> "active" | "passive" | "lce" | "compliance" | "custom"
	...
}
Filter Parameters

active - Only active Plugin Families will be returned. By default, both active and passive Plugin Families are returned.
passive - Only passive Plugin Families will be returned. By default, both active and passive Plugin Families are returned.

Example Response
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "9",
			"name" : "AIX Local Security Checks"
		},
		{
			"id" : "1000022",
			"name" : "Abuse"
		},
		{
			"id" : "54",
			"name" : "Amazon Linux Local Security Checks"
		},
		{
			"id" : "35",
			"name" : "Backdoors"
		},
		{
			"id" : "1000001",
			"name" : "Backdoors"
		},
		{
			"id" : "49",
			"name" : "Brute force attacks"
		},
		{
			"id" : "1000002",
			"name" : "CGI"
		},
		{
			"id" : "6",
			"name" : "CGI abuses"
		},
		{
			"id" : "26",
			"name" : "CGI abuses  :  XSS"
		},
		{
			"id" : "33",
			"name" : "CISCO"
		},
		{
			"id" : "18",
			"name" : "CentOS Local Security Checks"
		},
		{
			"id" : "1000031",
			"name" : "Cloud Services"
		},
		{
			"id" : "37",
			"name" : "DNS"
		},
		{
			"id" : "1000004",
			"name" : "DNS Servers"
		},
		{
			"id" : "1000024",
			"name" : "Data Leakage"
		},
		{
			"id" : "1000003",
			"name" : "Database"
		},
		{
			"id" : "31",
			"name" : "Databases"
		},
		{
			"id" : "3",
			"name" : "Debian Local Security Checks"
		},
		{
			"id" : "25",
			"name" : "Default Unix Accounts"
		},
		{
			"id" : "22",
			"name" : "Denial of Service"
		},
		{
			"id" : "19",
			"name" : "FTP"
		},
		{
			"id" : "1000027",
			"name" : "FTP Clients"
		},
		{
			"id" : "1000006",
			"name" : "FTP Servers"
		},
		{
			"id" : "5",
			"name" : "Fedora Local Security Checks"
		},
		{
			"id" : "1000005",
			"name" : "Finger"
		},
		{
			"id" : "44",
			"name" : "Finger abuses"
		},
		{
			"id" : "34",
			"name" : "Firewalls"
		},
		{
			"id" : "13",
			"name" : "FreeBSD Local Security Checks"
		},
		{
			"id" : "40",
			"name" : "Gain a shell remotely"
		},
		{
			"id" : "27",
			"name" : "Gain root remotely"
		},
		{
			"id" : "30",
			"name" : "General"
		},
		{
			"id" : "1000007",
			"name" : "Generic"
		},
		{
			"id" : "7",
			"name" : "Gentoo Local Security Checks"
		},
		{
			"id" : "2",
			"name" : "HP-UX Local Security Checks"
		},
		{
			"id" : "1000008",
			"name" : "IMAP Servers"
		},
		{
			"id" : "1000010",
			"name" : "IRC Clients"
		},
		{
			"id" : "1000026",
			"name" : "IRC Servers"
		},
		{
			"id" : "1000009",
			"name" : "Internet Messengers"
		},
		{
			"id" : "1000028",
			"name" : "Internet Services"
		},
		{
			"id" : "50",
			"name" : "Junos Local Security Checks"
		},
		{
			"id" : "21",
			"name" : "MacOS X Local Security Checks"
		},
		{
			"id" : "1000030",
			"name" : "Malware"
		},
		{
			"id" : "16",
			"name" : "Mandrake Local Security Checks"
		},
		{
			"id" : "47",
			"name" : "Mandriva Local Security Checks"
		},
		{
			"id" : "23",
			"name" : "Misc."
		},
		{
			"id" : "52",
			"name" : "Mobile Devices"
		},
		{
			"id" : "1000029",
			"name" : "Mobile Devices"
		},
		{
			"id" : "0",
			"name" : "N\/A"
		},
		{
			"id" : "46",
			"name" : "NIS"
		},
		{
			"id" : "43",
			"name" : "Netware"
		},
		{
			"id" : "1000011",
			"name" : "Operating System Detection"
		},
		{
			"id" : "53",
			"name" : "Oracle Linux Local Security Checks"
		},
		{
			"id" : "1000013",
			"name" : "POP Server"
		},
		{
			"id" : "55",
			"name" : "Palo Alto Local Security Checks"
		},
		{
			"id" : "32",
			"name" : "Peer-To-Peer File Sharing"
		},
		{
			"id" : "1000012",
			"name" : "Peer-To-Peer File Sharing"
		},
		{
			"id" : "1000023",
			"name" : "Policy"
		},
		{
			"id" : "39",
			"name" : "Policy Compliance"
		},
		{
			"id" : "42",
			"name" : "Port scanners"
		},
		{
			"id" : "28",
			"name" : "RPC"
		},
		{
			"id" : "1000014",
			"name" : "RPC"
		},
		{
			"id" : "1",
			"name" : "Red Hat Local Security Checks"
		},
		{
			"id" : "17",
			"name" : "Remote file access"
		},
		{
			"id" : "36",
			"name" : "SCADA"
		},
		{
			"id" : "1000025",
			"name" : "SCADA"
		},
		{
			"id" : "1000016",
			"name" : "SMTP Clients"
		},
		{
			"id" : "1000017",
			"name" : "SMTP Servers"
		},
		{
			"id" : "12",
			"name" : "SMTP problems"
		},
		{
			"id" : "45",
			"name" : "SNMP"
		},
		{
			"id" : "1000018",
			"name" : "SNMP Traps"
		},
		{
			"id" : "1000019",
			"name" : "SSH"
		},
		{
			"id" : "1000015",
			"name" : "Samba"
		},
		{
			"id" : "51",
			"name" : "Scientific Linux Local Security Checks"
		},
		{
			"id" : "24",
			"name" : "Service detection"
		},
		{
			"id" : "41",
			"name" : "Settings"
		},
		{
			"id" : "15",
			"name" : "Slackware Local Security Checks"
		},
		{
			"id" : "4",
			"name" : "Solaris Local Security Checks"
		},
		{
			"id" : "8",
			"name" : "SuSE Local Security Checks"
		},
		{
			"id" : "14",
			"name" : "Ubuntu Local Security Checks"
		},
		{
			"id" : "38",
			"name" : "Useless services"
		},
		{
			"id" : "48",
			"name" : "VMware ESX Local Security Checks"
		},
		{
			"id" : "1000020",
			"name" : "Web Clients"
		},
		{
			"id" : "11",
			"name" : "Web Servers"
		},
		{
			"id" : "1000021",
			"name" : "Web Servers"
		},
		{
			"id" : "20",
			"name" : "Windows"
		},
		{
			"id" : "10",
			"name" : "Windows  :  Microsoft Bulletins"
		},
		{
			"id" : "29",
			"name" : "Windows  :  User management"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408728112
}

/pluginFamily/{id}

Methods
GET

Gets the Plugin Family associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
type
count
plugins

Legend

* = always comes back

** = comes back if fields list not specified on GET all

red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000030",
		"name" : "Malware",
		"type" : "passive",
		"plugins" : [],
		"count" : 0
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408728549
}

/pluginFamily/{id}/plugins::GET

Methods
GET

Gets the Plugins associated with Family {id} matching the filters, if provided.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

*id
**name
**description
family
type
copyright
version
sourceFile
source
dependencies
requiredPorts
requiredUDPPorts
cpe
srcPort
dstPort
protocol
riskFactor
solution
seeAlso
synopsis
checkType
exploitEase
exploitAvailable
exploitFrameworks
cvssVector
cvssVectorBF
baseScore
temporalScore
cvssV3Vector
cvssV3VectorBF
cvssV3BaseScore
cvssV3TemporalScore
vprScore
vprContext
stigSeverity
pluginPubDate
pluginModDate
patchPubDate
patchModDate
vulnPubDate
modifiedTime
md5
xrefs

Legend

* = always comes back

** = comes back if fields list not specified on GET all

red = field is a JSON object ( e.g. "SCI" : {"id" : "2", "name" : "SCI Name", "description" : "Description"} )

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /plugin?filterField=id&op=eq&value=1&...

NOTE #1: parameter "since" refers to plugins that have been modified since a given date.

NOTE #2: The <string> portion of the "xrefs:<string>" parameter is associated with a valid Xref field type. Valid Xref types at the time of this documentation are:

 "ALAS" | "APPLE-SA" | "AUSCERT" | "BID" | "CERT" | "CERT-CC" | "CERT-FI" | "CERTA" | "CISCO-BUG-ID" | "CISCO-SA" | "CISCO-SR" | "CLSA" | "CONECTIVA" | "CVE" | "CWE" | "DSA" | "EDB-ID" | "FEDORA" | "FLSA" | "FreeBSD" | "GLSA" | "HP" | "HPSB" | "IAVA" | "IAVB" | "IAVT" | "ICS-ALERT" | "ICSA" | "MDKSA" | "MDVSA" | "MGASA" | "MSFT" | "MSVR" | "NSFOCUS" | "NessusID" | "OSVDB" | "OWASP" | "OpenPKG-SA" | "RHSA" | "SSA" | "Secunia" | "SuSE" | "TLSA" | "TSLSA" | "USN" | "VMSA" | "zone-h"

{
	"filterField" : <string>  "copyright" | "description" | "exploitAvailable" | "family" | "id" | "name" | "patchPubDate" | "patchModDate" | "pluginPubDate" | "pluginModDate" | "sourceFile" | "type" | "version" | "vulnPubDate" | "xrefs" | "xrefs:<string>" (see Note #2 above) OPTIONAL,
	"sortDirection" : <string> "ASC" | "DESC" DEFAULT "DESC",
	"sortField" : <string> "modifiedTime" | "id" | "name" | "family" | "type" DEFAULT "modifiedTime",
	"type" : <string> "active" | "all" | "compliance" | "custom" | "lce" | "notPassive" | "passive" DEFAULT "all",
	"startOffset" : <number> (positive integer) DEFAULT 0,
	"endOffset" : <number> (integer >= startOffset) DEFAULT 50,
	"since" : <number> (Epoch Seconds) DEFAULT 0,
	...
}

filterField is specified and filterField is not "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string>
	...
}

filterField is "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string> "active" | "passive" | "lce" | "compliance" | "custom"
	...
}
Example Response
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "27063",
			"name" : "HP-UX PHSS_36869 : HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
			"description" : "s700_800 11.11 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."
		},
		{
			"id" : "27064",
			"name" : "HP-UX PHSS_36870 : HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
			"description" : "s700_800 11.23 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."
		},
		{
			"id" : "27065",
			"name" : "HP-UX PHSS_36871  :  HP System Management Homepage (SMH) for HP-UX, XSS (HPSBMA02274 SSRT071445 rev.3)",
			"description" : "s700_800 11.31 HP System Management Homepage A.2.2.6.2 : \n\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) for HP-UX. These vulnerabilities could by\nexploited remotely to allow cross site scripting (XSS)."
		}
	],
	"error_code" : 0,"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1411997624
}