Tenable Security Center API: Plugin

/plugin

Methods
GET

Gets all the Plugins matching the filters, if provided.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
family
type
copyright
version
sourceFile
dependencies
requiredPorts
requiredUDPPorts
cpe
srcPort
dstPort
protocol
riskFactor
solution
seeAlso
synopsis
checkType
exploitEase
exploitAvailable
exploitFrameworks
cvssVector
cvssVectorBF
baseScore
temporalScore
cvssV3Vector
cvssV3VectorBF
cvssV3BaseScore
cvssV3TemporalScore
vprScore
vprContext
stigSeverity
pluginPubDate
pluginModDate
patchPubDate
patchModDate
vulnPubDate
modifiedTime
md5
agent

xrefs

Legend

* = always comes back

** = comes back if fields list not specified on GET all

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /plugin?filterField=id&op=eq&value=1&...

NOTE #1: parameter "since" refers to plugins that have been modified since a given date.

NOTE #2: The <string> portion of the "xrefs:<string>" parameter is associated with a valid Xref field type. Valid Xref types at the time of this documentation are:

 "ALAS" | "APPLE-SA" | "AUSCERT" | "BID" | "CERT" | "CERT-CC" | "CERT-FI" | "CERTA" | "CISCO-BUG-ID" | "CISCO-SA" | "CISCO-SR" | "CLSA" | "CONECTIVA" | "CVE" | "CWE" | "DSA" | "EDB-ID" | "FEDORA" | "FLSA" | "FreeBSD" | "GLSA" | "HP" | "HPSB" | "IAVA" | "IAVB" | "IAVT" | "ICS-ALERT" | "ICSA" | "MDKSA" | "MDVSA" | "MGASA" | "MSFT" | "MSVR" | "NSFOCUS" | "NessusID" | "OSVDB" | "OWASP" | "OpenPKG-SA" | "RHSA" | "SSA" | "Secunia" | "SuSE" | "TLSA" | "TSLSA" | "USN" | "VMSA" | "zone-h"

NOTE #3: The parameter "filters" allows filtering using multiple filters sent as json object.

  • The values for index filterField in filters param is same as the 'filterField' request param. 
  • The values for index filterOperator in filters param is same as the 'op' request param.

If filterField param is send in request then filters param cannot be used.

{
	"filterField" : <string>  "copyright" | "description" | "exploitAvailable" | "family" | "id" | "name" | "patchPubDate" | "patchModDate" | "pluginPubDate" | "pluginModDate" | "sourceFile" | "type" | "version" | "vulnPubDate" | "xrefs" | "xrefs:<string>" (see Note #2 above) OPTIONAL,
	"sortDirection" : <string> "ASC" | "DESC" DEFAULT "DESC",
	"sortField" : <string> "modifiedTime" | "id" | "name" | "family" | "type" DEFAULT "modifiedTime",
	"type" : <string> "active" | "all" | "compliance" | "custom" | "lce" | "notPassive" | "passive" DEFAULT "all",
	"startOffset" : <number> (positive integer) DEFAULT 0,
	"endOffset" : <number> (integer >= startOffset) DEFAULT 50,
	"since" : <number> (Epoch Seconds) DEFAULT 0,
	"filters": <string> [{"filterField":"","filterOperator":"","filterString":""}...] OPTIONAL,
	...
}

filterField is specified and filterField is not "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string>	...
}

filterField is "type"

{
	...
	"op" : <string> "eq" | "gt" | "gte" | "like" | "lt" | "lte",
	"value" : <string> "active" | "passive" | "lce" | "compliance" | "custom"	...
}
Example Response
Expand
{
	"type":"regular",
	"response":[
		{
			"id":"15000",
			"name":"Debian DSA-163-1 : mhonarc - XSS",
			"description":"Jason Molenda and Hiromitsu Takagi foundways to exploit cross site\nscripting bugs in mhonarc, a mail to HTML converter. When processing\nmaliciously crafted mails of type text\/html mhonarc does not\ndeactivate all scripting parts properly. This is fixed in upstream\nversion 2.5.3.\n\nIf you are worried about security, it is recommended that you disable\nsupport of text\/html messages in your mail archives. There is no\nguarantee that the mhtxthtml.pl library is robust enough to eliminate\nall possible exploits that can occur with HTML data.\n\nTo exclude HTML data, you can use the MIMEEXCS resource. For example :\n\n    <MIMEExcs> text\/html text\/x-html <\/MIMEExcs>\n\nThe type 'text\/x-html' is probably not used any more, but is good to\ninclude it, just-in-case.\n\nIf you are concerned that this could block out the entire contents of\nsome messages, then you could do the following instead :\n\n    <MIMEFilters> text\/html; m2h_text_plain::filter; mhtxtplain.pl\n    text\/x-html; m2h_text_plain::filter; mhtxtplain.pl <\/MIMEFilters>\n\nThis treats the HTML as text\/plain.\n\nThe above problems have been fixed in version 2.5.2-1.1 for the\ncurrent stable distribution (woody), in version 2.4.4-1.1 for the old\nstable distribution (potato) and in version 2.5.11-1 for the unstable\ndistribution (sid)."		},
		{
			"id":"15004",
			"name":"Debian DSA-167-1 : kdelibs - XSS",
			"description":"A cross site scripting problem has been discovered in Konqueror, a\nfamous browser for KDE and other programs using KHTML. The KDE team\nreportsthat Konqueror's cross site scripting protection fails to\ninitialize the domains on sub-(i)frames correctly. As a result,\nJavaScript is able to access any foreign subframe which is defined in\nthe HTML source. Users of Konqueror and other KDE software that uses\nthe KHTML rendering engine may become victim of a cookie stealing and\nother cross site scripting attacks."		}
	],
	"error_code":0,
	"error_msg":"",
	"warnings":[],
	"timestamp":1411668488
}

/plugin/{id}

Methods
GET

Gets the Plugin associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
family
type
copyright
version
sourceFile
source
dependencies
requiredPorts
requiredUDPPorts
cpe
srcPort
dstPort
protocol
riskFactor
solution
seeAlso
synopsis
checkType
exploitEase
exploitAvailable
exploitFrameworks
cvssVector
cvssVectorBF
baseScore
temporalScore
cvssV3Vector
cvssV3VectorBF
cvssV3BaseScore
cvssV3TemporalScore
vprScore
vprContext
stigSeverity
pluginPubDate
pluginModDate
patchPubDate
patchModDate
vulnPubDate
modifiedTime
md5
agent

xrefs

Legend

* = always comes back

** = comes back if fields list not specified on GET all

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "0",
		"name" : "Open Port",
		"description" : "",
		"type" : "active",
		"copyright" : "",
		"version" : "",
		"sourceFile" : "",
		"dependencies" : "",
		"requiredPorts" : "",
		"requiredUDPPorts" : "",
		"cpe" : "",
		"srcPort" : null,
		"dstPort" : null,
		"protocol" : "",
		"riskFactor" : "",
		"solution" : "",
		"seeAlso" : "",
		"synopsis" : "",
		"checkType" : "",
		"exploitEase" : "",
		"exploitAvailable" : "",
		"exploitFrameworks" : "",
		"cvssVector" : "",
		"cvssVectorBF" : "0",
		"baseScore" : null,
		"temporalScore" : null,
		"cvssV3Vector" : "",
		"cvssV3VectorBF" : "0",
		"cvssV3BaseScore" : null,
		"cvssV3TemporalScore" : null,
		"vprScore" : "6.1",
        "vprContext" : [
			{
				"id" : "age_of_vuln",
				"name" : "Vulnerability Age",
				"value" : "730 days +",
				"type" : "string"			},
			{
				"id" : "cvssV3_impactScore",
				"name" : "CvssV3 Impact Score",
				"value" : 5.5,
				"type" : "number"			},
			{
				"id" : "exploit_code_maturity",
				"name" : "Exploit Code Maturity",
				"value" : "PoC",
				"type" : "string"			},
			{
				"id" : "generated_at",
				"name" : "Generated At",
				"value" : 1551695021993,
				"type" : "number"			},
			{
				"id" : "predicted_impactScore",
				"name" : "Predicted Impact Score",
				"value" : true,
				"type" : "boolean"			},
			{
				"id" : "product_coverage",
				"name" : "Product Coverage",
				"value" : "Low",
				"type" : "string"			},
			{
				"id" : "threat_model_type",
				"name" : "Threat Model Type",
				"value" : "non_early_life",
				"type" : "string"			},
			{
				"id" : "threat_model_version",
				"name" : "Threat Model Version",
				"value" : "v0",
				"type" : "string"			},
			{
				"id" : "threat_intensity_last_28",
				"name" : "Threat Intensity Last 28",
				"value" : "Very Low",
				"type" : "string"			},
			{
				"id" : "threat_recency",
				"name" : "Threat Recency",
				"value" :  "No recorded events",
				"type" : "string"			},
			{
				"id" : "threat_sources_last_28",
				"name" : "Threat Sources Last 28",
				"value" : "No recorded events",
				"type" : "string"			}
		],
		"stigSeverity" : null,
		"pluginPubDate" : "-1",
		"pluginModDate" : "-1",
		"patchPubDate" : "-1",
		"patchModDate" : "-1",
		"vulnPubDate" : "-1",
		"modifiedTime" : "1400516102",
		"md5" : "",
		"agent" : "false",
		"xrefs" : "",
		"source" : "",
		"family" : {
			"id" : "42",
			"name" : "Port scanners",
			"type" : "active"		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408727888
}