Tenable.sc API: Changelog

 

Version 5.19.x

Tenable.sc 5.19.x API includes updates for the following endpoints:

  • Credential

    • Updated /credential::GET and /credential/{id}::GET to be able to return escalationAccount for "ssh" type credentials.

    • Updated /credential::POST for "ssh" type "Arcon" authType credentials so that privilegeEscalation can be provided and escalationAccount can be provided for the appropriate privilegeEscalation fields.

  • Director-Insights

    • Updated /mgmt/insights::GET endpoint to include licensing information. The data will be fetched from the SCI table. If the license information is not retrieved for a particular day, then it will consider the total and active count for that day as 0.

    • The new response will include the licenseStatusInformation attribute under chart and usage.

  • Director-System

    • New for the 5.19 release.

    • Added /mgmt/system/logFiles::GET endpoint which returns a list of log files on a linked Tenable.sc Instance that are available to the current user.

    • Added /mgmt/system/logs::POST endpoint which returns a list of log messages on a linked Tenable.sc Instance that are available to the current user based on a query parameter.

  • Lumin

    • Added a new boolean request parameter ioNetworksEnabled to the /lumin/repositories::PATCH endpoint. If "true", vulnerability data is synchronized to Lumin using a separate network for each repository. The response for this endpoint has two (2) additional parameters per repository - enabled and ioNetworkUUID. The enabled parameter can be "true" or "false", which indicates if the repository is enabled for synchronizing to Lumin. The ioNetworkUUID parameteris the UUID of the network used to synchronize the vulnerability data when ioNetworksEnabled is set to "true."

    • Added new metrics to the response parameters for the /lumin/metrics::GET endpoint including ioRemediationMaturityGrade, ioRemediationMaturityGradeDelta, ioRemediationMaturityGradeLetter, ioAssessmentMaturityGradeLetter.

  • Repository

    • Added percentCapacityCumulative and percentCapacityPatched to the typeFields returned by the /repository::GET and /repository/{id}::GET endpoints. This is a percentage of the maximum capacity of cumulative and patched data for IPv4, IPv6, and Agent repositories. The current maximum is 64GB.

  • Status

    • Added lastDbBackupStatus, lastDbBackupSuccess, and lastDbBackupFailure to the typeFields returned by the /status::GET endpoint. These fields contain the status of the last database update (0 = SUCCESS, otherwise FAILURE) and the timestamps of the last database backup success and failure.

  • System

    • Added /system/logFiles::GET endpoint which returns a list of log files available to the current user.

    • Added /system/logs::POST endpoint which returns a list of log messages available to the current user based on a query parameter.

    • Added /system/logs/download::POST which downloads a list of log messages available to the current user based on a query.

Version 5.18.x

Tenable.sc 5.18.x API includes updates for the following endpoints:

  • Blackout Window

    • Amended a feature name to comply with Tenable's inclusive language guidelines. The Blackout API's name is now changed to Freeze API in the Tenable.sc product.

  • Configuration

    • Moved vulnerability data lifetime values from /configuration to /repository. The following are no longer available with the /configuration::GET or ::PATCH endpoints: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. These values are now at the repository level and are a part of the /repository endpoints.

  • Director Insights

    • Added /mgmt/insights::GET endpoints for Director, which retrieves the trending data for Scan Results, Scanners, and Scan Zones on Tenable.sc Instances linked to Director.

  • Director Organization

    • Added /mgmt/organization endpoints for Director. GET for both /mgmt/organization and /organization/{id}, which are used to view the organization information on a linked Tenable.sc Instance. This is currently used primarily when managing Nessus Scanners through Director (see the above endpoint)

  • Director Scanner

    • Added /mgmt/scanner endpoints for Director. GET and POST for both /mgmt/scanner, which are used for adding new Nessus Scanners to the linked Tenable.sc Instance through Director. GET, PATCH, and DELETE for /mgmt/scanner/{id}, which are used to view, modify, and delete the specified Scanner on its linked Tenable.sc Instance through Director.

  • Director Scan Result

    • Added /mgmt/scanResult endpoints for Director customers and /all/scanResult endpoints for managed by Director users. GET for both /scanResult and /scanResult/{id}, and POST for /scanResult/{id}/email, /scanResult/{id}/stop, /scanResult/{id}/pause, /scanResult/{id}/resume, /scanResult/{id}/retrieve, and /scanResult/{id}/download. These endpoints are responsible for controlling Scan Results of SCIs linked to Director.

  • Director Scan Zone

    • Added /mgmt/zone endpoints for Director. GET and POST for both /mgmt/zone, which are used for adding new Scan Zones to the linked Tenable.sc Instance through Director. GET, PATCH, and DELETE for /mgmt/zone/{id}, which are used to view, modify and delete the specified Scan Zone on its' linked Tenable.sc Instance through Director.

  • LDAP

    • Added support for two new LDAP options, as customers can now provision their users on first-time logins and sync their attributes/metadata on every login. /ldap::POST and /ldap::PATCH calls can now configure the following parameters (1) ldapUserProvisioning and (2) ldapUserSync, though by default they are set to false.

  • Query

    • Added to the POST envelope to support a new tool, "remediationdetail" and a new filter, "solutionID."

    • Added a clarification "NOTE" specifying that the "solutionID" filter only applies to tools "sumremediation" and "remediationdetail." Specified that the latter tool must use this "filter" to function.

    • Added a clarification "NOTE" specifying that the existing "outputAssets" filter only applies to the tool "sumasset" for both the "vuln" and "lce" query types.

  • Report

    • Correction of the "/report/{id}/email" description, it was incorrectly set to the description of the /copy endpoint before it in the document. This endpoint is responsible for sharing a report result to specified users and/or list of email addresses.

  • Report Definition

    • Correction to the GET field names in API documentation, as the expected field values were creator and owner, but in API documentation it was written as CreatorID and ownerID, hence the following field names creatorID and ownerID have been changed to creator and owner.

  • Repository

    • Added vulnerability data expiration related fields to the typeFields returned by the /repository::GET and /repository/{id}::GET endpoints. For repositories with a dataFormat of "IPv4", added: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "IPv6", added: activeVulnsLifetime, passiveVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "agent", added: activeVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. The units for these fields are specified in days.

    • Added vulnerability data expiration related fields to the /repository::POST and /repository/{id}::PATCH endpoints. For repositories with a dataFormat of "IPv4", added: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "IPv6", added: activeVulnsLifetime, passiveVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "agent", added: activeVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. The units for these fields are specified in days. The default value for passiveVulnsLifetime is "7", and for the other fields is "365."

  • Scan

    • Clarifications by way of a "NOTE" stating that setting the schedule type to "template" will create a scan that will not run on a schedule.

  • Tenable.sc Instance

    • Added /sci endpoints for Director. GET and POST for both /sci, which are used for adding and viewing Tenable.sc Instances on Director. GET, PATCH, and DELETE for /sci/{id} which are used for managing the linked Tenable.sc Instances on Director.

Version 5.17.x

Tenable.sc 5.17.x API includes updates for the following endpoints:

  • Industrial-Security

    • This entire API has been deleted and is no longer functioning. Customers must use Tenable.ot, the new Industrial Security replacement.

  • Analysis

    • The /analysis endpoint now supports a "startOffset" and "endOffset" for "vuln" type requests. This is similar to the /analysis/download endpoint.

  • Asset

    • Added a new filterName value, "uuid." Supported in asset::POST for assets of type "dynamic."

  • Credential

    • Added support for a new Credential type, Centrify, available for SSH and Windows.

    • Added "Privilege Escalation" option to the SSH Thycotic Secret Server credential.

    • Applied a correction to the POST request values for privilege escalation for SSH CyberArk Vault, to match the SC 5.17.0 REST API.

    • Applied a correction to the POST request values for privilege escalation type "dzdo" for auth types other than SSH Thycotic Secret Server, to match the SC 5.17.0 REST API.

    • Added support for a new Credential type, Sybase ASE., available for Databses.

    • Added support for a new Credential type, Apache Cassandra, available for Databses.

    • Expanded CSV import support to SQL Server, MySQL, and DB2 database type credentials. On POST for these database types when Source = 'Import' added a new field for providing the CSV file name. This new field is returned on GET and can be modified using PATCH.

    • Added Escalation Username field for SSH credentials with privilege escalation of type pbrun. On POST when Privilege Escalation = 'pbrun' added a new field for providing the Escalation Username. This new field is returned on GET and can be modified using PATCH.

  • Organization

  • Scan

    • Applied a change to the "type" field. Now defaulted to "policy" as we no longer support "plugin" type policies (used for Remediation scans, which now use type "policy" as well).

  • User

    • Applied a correction to the GET endpoint description. Creating a request as an Admin, with orgID as a parameter, will retrieve all the Users within the provided organization.

Version 5.16.x

Tenable.sc 5.16 .x API includes updates for the following endpoints:

  • User

    • As an Administrator, when viewing a list of Administrators /user::GET, return the list of Linked Users for each Administrator showing user and organization.

    • As an Administrator, when creating a Linked User /user::POST, providing the ID for the parent Administrator is required. (NOTE: Only Administrators can create Linked Users.)

    • As an Administrator, when viewing an Administrator /user/{id}::GET, return its list of Linked Users showing user and organization.

    • As an Administrator, when viewing a Linked User /user/{id}::GET, return the parent Administrator information (user, organization).

    • As an Administrator, when locking an Administrator with Linked Users /user/{id}::PATCH(/user/{id}::PATCH), the Linked Users are locked as well.

    • As an Administrator, when editing a Linked User /user/{id}::PATCH(/user/{id}::PATCH), the following fields cannot be modified: (NOTE: Only Administrators can edit Linked Users.)

      • roleID (must be "Security Manager")
      • groupID (must be Full Access group)
      • authType (must be "linked")
      • parent (Linked Users cannot change parent Administrator)
      • password
      • mustChangePassword
    • As an Administrator, an Administrator cannot be deleted if it has Linked Users /user/{id}::DELETE. The Linked Users must be deleted first. (NOTE: Only Administrators can delete Linked Users.)

    • As an Organization User, linked users cannot be edited or deleted, and API keys cannot be created for linked users.

  • Organization Security Manager

    • Added "agentScanID" to the response of the stop, resume, and pause endpoints to indicate the ID of the Agent Scan associated with the Scan Result.

Version 5.15.x

Tenable.sc 5.15.x API includes updates for the following endpoints:

  • Status

    • Added "migrationStatus" to the response of /status::GET to indicate the status of the last migration that was run. Valid values are "Running" or "Stopped". A null value indicates that the migration was successful.

  • Scan Result

    • Added "agentScanID" to the response of the stop, resume, and pause endpoints to indicate the ID of the Agent Scan associated with the Scan Result.

Version 5.14.x

Tenable.sc 5.14.x API includes the following new functionality:

Tenable.sc 5.14.x API includes updates for the following endpoints:

  • Analysis

    • Clarified pre-existing behavior of results being inclusive of the startOffset parameter value and exclusive of the endOffset parameter value.

    • Duplicated "hostUniqueness" field to also return as original field name "uniqueness" to support integrations relying on field name.

  • Credential

    • Added new authType "Hashicorp" to "SSH", "Windows", and "Database" credentials.

    • Added new authType "Arcon" to "SSH" and "Windows" credentials.

  • Lumin

    • Updated the request parameters for the /lumin/assets::PATCH endpoint to allow for a schedule object to be provided for the start time for the daily synchronization of assets to Lumin.

    • Dynamic assets are now supported for syncing Lumin assets.

  • Configuration Section

    • For the endpoint /configSection/9::GET which returns Lumin configuration information, added a new element to the response object, "assetsSyncSchedule", which contains the schedule object for the daily synchronization of assets to IO/Lumin.

Version 5.13.x

Tenable.sc 5.13.x API includes the following new functionality:

  • Lumin

    • New endpoints /lumin/repositories::PATCH and /lumin/assets::PATCH to allow for enabling Lumin Synchronization.

Tenable.sc 5.13.x API includes updates for the following endpoints:

  • Scanner

    • Field "password" now supported for authType "certificate" in /scanner::GET, /scanner:POST, and /scanner:PATCH. The conventions will follow the password field for Nessus Scanners, and return SET when a certificate password exists.

  • Industrial Security

    • Field "password" now supported for authType "certificate" in /industrialSecurity::GET, /industrialSecurity::POST, and /industrialSecurity::PATCH. The conventions will follow the password field for Industrial Security Instances, and return SET when a certificate password exists.

  • Passive Scanner (NNM)

    • Field "password" now supported for authType "certificate" in /passivescanner::GET, /passivescanner::POST, and /passivescanner::PATCH. The conventions will follow the password field for Passive (NNM) Scanners, and return SET when a certificate password exists.

  • Configuration Section

    • /configSection::GET - Added Lumin Section for ID 9.

    • Added new configuration section: /configSection/9::GET.

    • Added new configuration section: /configSection/9::PATCH.

  • Repository

    • Added fields "luminFields" and "ipOverlaps" to /repository::GET.

    • Added field "luminFields" to /repository/{id}::GET.

  • Asset

    • Added admin access to /asset::GET with a limited field subset including organization and luminFields.

    • Added admin access to /asset/{id}::GET with a limited field subset including organization and luminFields.

  • Credential

    • Added fields "source" and "csv_file" to /credential::POST, /credential::PATCH, and /credential::GET.

  • Configuration

    • Added new string params “ioAccessKey” and "ioSecretKey" to /config/64::GET.

    • Added new string params “ioAccessKey” and "ioSecretKey" to /config/64::PATCH.

  • Analysis

    • Modified attribute "uniqueness" to "hostUniqueness" in the response for certain vuln types.

The following functionality was removed from Tenable.sc:

  • System

    • Removed unsupported / undocumented endpoints: /system/fips::GET and /system/fips::POST.

Version 5.12.x

Tenable.sc 5.12.x API includes the following new functionality:

  • System

    • Added new field "SerializationDisabled" and missing field "telemetryEnabled" to /system::GET response.

    • Added debug option "dbIOErrors" to /system/debug::GET.

    • Added fields "touchDebuggingEnabled" and "migrationFailure" to /system/diagnostic::GET.

  • Scanner

    • Created endpoint /scanner/{id}/bug-report.

    • Created endpoint /scanner/{id}/health.

  • Solutions (provisional)

    • Created endpoint /solutions::POST.

    • Created endpoint /solutions/{pluginID}::POST.

    • Created endpoint /solutions/{pluginID}/vuln::POST.

    • Created endpoint /solutions/{pluginID}/asset::POST.

  • AuditFile

    • filename and originalFilename now required for auditFileTemplate 'id' is '-1' instead of auditFileTemplate 'id' is not '-1' for /AuditFile::POST.

  • Report

    • Removed non-existent endpoint /report/{id}/pause::POST.

  • MDM

    • Added new MDM types Blackberry UEM and Microsoft Intune to /mdm::GET.

The following functionality was removed from Tenable.sc:

  • IP Information

    • The /ipInfo::GET endpoint was deleted and the IP Information page was removed from API documentation. This functionality is now available through the /deviceInfo::GET endpoint.

  • Repository

  • Report

    • The /report/{id}/publish::POST endpoint was deleted.

Version 5.11.x

Tenable.sc 5.11.x API includes the following new functionality:

  • Group

    • Added new field "createDefaultObjects" in /group::GET and /group/<id>::GET

    • Added new parameter "createDefaultObjects" in /group::POST and /group/<id>::PATCH

  • Credential

    • Added new field “beyondtrust_api_user” in /credential::POST and /credential/<id>::PATCH for beyondTrust credentials of type "ssh" and "windows"

    • Added new parameter "beyondtrust_api_user” in /credential::GET and /credential/<id>::GET in the typeFields for credentials of type "ssh" and "windows"

  • Scan Result

    • Added new optional filter "optimizeCompletedScans" to /scanResult::GET to skip retrieval of progress fields (completedIPs, completedChecks, totalChecks) for scans that are no longer in progress to optimize speed.

The following functionality was deprecated (marked for future removal):

  • User

    • Marked fields "importReports", "importARCs", "importDashboards", "dashboardTemplate", and "arcTemplate" in /user::POST. During the deprecation period, the default of these fields will be updated to the new "createDefaultObjects" group setting.

  • Organization Security Manager

    • Marked fields "importReports", "importARCs", "importDashboards", "dashboardTemplate", and "arcTemplate" in /user::POST. During the deprecation period, the default of these fields will be updated to the new "createDefaultObjects" group setting

Version 5.10.x

Tenable.sc 5.10 API includes the following changes:

  • System

    • Added new endpoint /system/debug::GET

    • Added new endpoint /system/debug::PATCH

  • Plugin

    • Added new field “vprContext” to /plugin::GET

    • Added new field “vprContext” to /plugin/{id}::GET

  • Plugin Family

    • Added new field “vprContext” to /pluginFamily/{id}/plugins::GET

  • Scan

    • Added new field “enabled” to the schedule object inside /scan::POST

    • Added new field “enabled” to the schedule object inside /scan/{id}::PATCH

  • Scanner

    • Added fields “accessKey” and “secretKey” to /scanner::GET

    • Added fields “accessKey” and “secretKey” to /scanner/{id}::GET

    • Added fields “accessKey” and “secretKey” to /scanner/{id}::POST