Tenable.sc API: Changelog

 

Version 5.23.x

Tenable.sc 5.23.x API includes updates for the following endpoints:

  • Hosts

    • Added /hosts/download::POST endpoint for exporting Host Assets.

Version 5.22.x

Tenable.sc 5.22.x API includes updates for the following endpoints:

  • Publishing Site

    • The ability to use a configured proxy for a publishing site was added. A checkbox was added to the Publishing Site configuration page to enable and disable the use of a proxy. The useProxy field was added to GET, POST, and PATCH requests.

  • Hosts

    • Added aes as a valid field for the /hosts::GET endpoint (used to retrieve a list of hosts). This returns the Asset Exposure Score in the response.

  • System

    • The "version" parameter for the /system::GET endpoint will only show if the user is authenticated.

  • Scanner

    • Added "statusMessage" as a valid field for /scanner::GET and /scanner/{id}::GET. This returns an additional message based on the current status (Mostly will be used if a scanner is in an error state).

    • Added "apiKeys" as an option for authType. This allows users to add scanners to Tenable.sc using API Keys as its main authentication.

Version 5.21.x

Tenable.sc 5.21.x API includes updates for the following endpoints:

  • Director Repository

    • Added a new Director endpoint /mgmt/repository::GET for getting all repositories or getting repositories by id, uuid, or SCI ID.

  • Director User

    • Added a new Director endpoint /mgmt/user::GET for getting all users or getting users by id, uuid, organization ID, or SCI ID.

  • Director Scan Policy

    • Added a new Director endpoint /mgmt/policy::GET for getting all policies or getting policies by id, uuid, or SCI ID.

    • Added a new Director endpoint /mgmt/policy::POST for creating a new policy.

    • Added a new Director endpoint /mgmt/policy::DELETE for deleting a policy by id or uuid.

  • Director Scan

    • Added a new Director endpoint /mgmt/user::GET for getting all users or getting users by id, uuid, organization ID, or SCI ID.

  • Accept Risk Rule

    • Modified /acceptRiskRule::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

    • Modified /acceptRiskRule::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

  • Agent Results Sync

    • Modified /agentResultsSync::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /agentResultsSync::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /agentResultsSync::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /agentResultsSync/copy::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

  • Alert

    • Modified /alert::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "action → definition → scan", "action → definition → assignee", "action → definition → users" and "action → users" fields.

      • Returns a "type" field in the "action → definition → scan" field.

    • Modified /alert::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "action → definition → scan", "action → definition → assignee", "action → definition → users" and "action → users" fields.

      • Returns a "type" field in the "action → definition → scan" field.

    • Modified /alert::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "action → definition → scan", "action → definition → assignee", "action → definition → users" and "action → users" fields.

      • Returns a "type" field in the "action → definition → scan" field.

    • Modified /alert/execute::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "action → definition → scan", "action → definition → assignee", "action → definition → users" and "action → users" fields.

      • Returns a "type" field in the "action → definition → scan" field.

  • ARC

    • Modified /arc::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc::PATCH.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc/import::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc/copy::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc/refresh::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

    • Modified /arc/share::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "policyStatements → baseFilters → value", "policyStatements → compliantFilters → value" and "policyStatements → drilldownFilters → value" fields if the filter (name) is "repository" or "auditFile."

  • Asset

    • Modified /asset::GET

      • Can accept the asset list resource UUID in place of the asset list ID.

      • Can accept an "orgUUID" parameter in place of the "orgID" parameter when getting a single asset while logged in as an administrator.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "operand1" and "operand2" fields if they are not a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories → repository", "viewableIPs → repository", "creator" and "owner" fields.

      • Returns a "uuid" field, in addition to the "id" field, in the "organization" field, while logged in as an administrator and viewing "Full Access" Group (#0) asset lists.

      • Returns a "type" field in the "repositories → repository" and "viewableIPs → repository" fields.

    • Modified /asset::POST

      • Can accept a UUID record, instead of an ID record, as "operand1" and "operand2" when defining a combination list.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "operand1" and "operand2" fields if they are not a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories → repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repositories → repository" and "viewableIPs → repository" fields.

    • Modified /asset::PATCH

      • Can accept the asset list resource UUID in place of the asset list ID.

      • Can accept a UUID record, instead of an ID record, as "operand1" and "operand2" when defining a combination list.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "operand1" and "operand2" fields if they are not a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories → repository", "viewableIPs → repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repositories → repository" and "viewableIPs → repository" fields.

    • Modified /asset::DELETE

      • Can accept the asset list resource UUID in place of the asset list ID.

    • Modified /asset/export::GET

      • Can accept the asset list resource UUID in place of the asset list ID.

    • Modified /asset/refresh::POST

      • Can accept the asset list resource UUID in place of the asset list ID.

      • Can accept an "orgUUID" parameter in place of the "orgID" parameter.

      • Can accept a "repUUIDs" parameter in place of the "repIDs" parameter.

    • Modified /asset/share::POST

      • Can accept the asset list resource UUID in place of the asset list ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "operand1" and "operand2" fields if they are not a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories → repository", "viewableIPs → repository", "creator" and "owner" fields.

      • Returns a "type" field in the "repositories → repository" and "viewableIPs → repository" fields.

  • Attribute Set

    • Modified /attributeSet::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /attributeSet::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /attributeSet::PATCH.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "creator" and "owner" fields.

  • Audit File

    • Modified /auditFile::GET

      • Can accept the audit file resource UUID in place of the audit file ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /auditFile::POST

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /auditFile::PATCH

      • Can accept the audit file resource UUID in place of the audit file ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /auditFile::DELETE

      • Can accept the audit file resource UUID in place of the audit file ID.

    • Modified /auditFile/refresh::POST

      • Can accept the audit file resource UUID in place of the audit file ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /auditFile::DELETE

      • Can accept the audit file resource UUID in place of the audit file ID.

  • Credentials

    • Modified /credential::GET

      • Can accept the credential resource UUID in place of the credential ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /credential::POST

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /credential::PATCH

      • Can accept the credential resource UUID in place of the credential ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /credential::DELETE

      • Can accept the credential resource UUID in place of the credential ID.

    • Modified /credential/share::POST

      • Can accept the audit file resource UUID in place of the audit file ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

  • Current Organization

    • Modified /currentOrganization::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "zones" field.

  • Current User

    • Modifed /currentUser::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "switchableUsers → user", "switchableUsers → organization", "responsibleAsset", "organization" and "uuid" fields. NOTE: The "switchableUsers → organization" field will not contain a UUID if the switchable user is an administrator. Likewise, the "organization" field will not contain a "uuid" if the current user is an administrator.

    • Modifed /currentUser/associateCert::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "switchableUsers → user", "switchableUsers → organization", "responsibleAsset", "organization" and "uuid" fields. NOTE: The "switchableUsers → organization" field will not contain a UUID if the switchable user is an administrator. Likewise, the "organization" field will not contain a "uuid" if the current user is an administrator.

    • Modifed /currentUser/switch::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "switchableUsers → user", "switchableUsers → organization", "responsibleAsset", "organization" and "uuid" fields. NOTE: The "switchableUsers → organization" field will not contain a UUID if the switchable user is an administrator. Likewise, the "organization" field will not contain a "uuid" if the current user is an administrator.

  • Dashboard Tab

    • Modified /dashboard::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "owner" field.

    • Modified /dashboard::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "owner" field.

    • Modified /dashboard/copy::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "owner" field.

    • Modified /dashboard/import::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "owner" field.

    • Modified /dashboard/share::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "owner" field.

  • Device Information

    • Modified /deviceInfo::GET

      • Clarified that the "dnsName" parameter may only be supplied with the "ip" parameter when a "uuid" parameter is not supplied.

      • Added a "sourceType" parameter to specify which data source, "cumulative" or "patched", to pull information from when not supplying the "scanResultID" parameter.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository" field.

  • Freeze Window

    • Modified /freeze::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "assets", "repository", "creator" and "owner" fields.

    • Modified /freeze::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "assets", "repository", "creator" and "owner" fields.

    • Modified /freeze::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "assets", "repository", "creator" and "owner" fields.

  • Group

    • Modified /group::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories", "definingAssets", "users", "assets", "policies", "credentials" and "auditFiles" fields.

      • Returns a "type" field in the "auditFiles" field.

    • Modified /group::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories", "definingAssets", "users", "assets", "policies", "credentials" and "auditFiles" fields.

      • Returns a "type" field in the "auditFiles" field.

    • Modified /group::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories", "definingAssets", "users", "assets", "policies", "credentials" and "auditFiles" fields.

      • Returns a "type" field in the "auditFiles" field.

  • Job

    • Modified /job::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "organization" and "initiator" fields.

  • LCE

    • Modified /lce::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" and "repositories" fields.

    • Modified /group::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" and "repositories" fields.

    • Modified /group::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" and "repositories" fields.

  • LDAP

    • Modified /ldap::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /ldap::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /ldap::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

  • Organization

    • Modified /organization::GET

      • Can accept the organization resource UUID in place of the organization ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" and "zones" fields.

      • Returns a "type" field in the "repositories" field.

    • Modified /organization::POST

      • Can accept UUID records, instead of ID records, in the "repositories" and "zones" fields.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" and "zones" fields.

      • Returns a "type" field in the "repositories" field.

    • Modified /organization::PATCH

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept UUID records, instead of ID records, in the "repositories" and "zones" fields.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" and "zones" fields.

      • Returns a "type" field in the "repositories" field.

    • Modified /organization::DELETE

      • Can accept the organization resource UUID in place of the organization ID.

    • Modified /organization/acceptRiskRule::GET

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the "repositoryUUIDs" field, instead of the "repositoryIDs" field.

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

    • Modified /organization/recastRiskRule::GET

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the "repositoryUUIDs" field, instead of the "repositoryIDs" field.

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

  • Organization Security Manager

    • Modified /organization/securityManager::GET

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the user resource UUID (for the Security Manager) in place of the user ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user" and "responsibleAsset" fields.

    • Modified /organization/securityManager::POST

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the "responsibleAssetUUID" field, instead of the "responsibleAssetID" field.

      • Can accept a UUID record, instead of an ID record, as the "responsibleAsset" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user" and "responsibleAsset" fields.

    • Modified /organization/securityManager::PATCH

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the user resource UUID in place of the user ID.

      • Can accept the "responsibleAssetUUID" field, instead of the "responsibleAssetID" field.

      • Can accept a UUID record, instead of an ID record, as the "responsibleAsset" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user" and "responsibleAsset" fields.

    • Modified /organization/securityManager::DELETE

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the user resource UUID in place of the user ID.

      • Can accept the migrate user UUID in place of the migrate user ID.

  • Organization User

    • Modified /organization/user::GET

      • Can accept the organization resource UUID in place of the organization ID.

      • Can accept the user resource UUID in place of the user ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user" and "responsibleAsset" fields.

  • Passive Scanner (NNM)

    • Modified /passivescanner::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" field.

      • Returns a "type" field in the "repositories" field.

    • Modified /passivescanner::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" field.

      • Returns a "type" field in the "repositories" field.

    • Modified /passivescanner::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "repositories" field.

      • Returns a "type" field in the "repositories" field.

  • Plugin Family

    • Modified /pluginFamily::GET

      • Returns a "type" field in the "plugins" field.

  • Publishing Site

    • Modified /pubSite::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /pubSite::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /pubSite::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

  • Query

    • Modified /query::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value" field if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value", operand1" and "operand2" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "query → filters → value" field if the filter (name) is "repository" or "auditFile."

    • Modified /query::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value" field if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value", operand1" and "operand2" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "query → filters → value" field if the filter (name) is "repository" or "auditFile."

    • Modified /query::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value" field if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value", operand1" and "operand2" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "query → filters → value" field if the filter (name) is "repository" or "auditFile."

    • Modified /query/share::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value" field if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value", operand1" and "operand2" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "query → filters → value" field if the filter (name) is "repository" or "auditFile."

  • Recast Risk Rule

    • Modified /rescastRiskRule::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

    • Modified /rescastRiskRule::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

  • Report

    • Modified /report::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

  • Report Definition

    • Modified /reportDefinition::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value", operand1" and "operand2" fields of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter (name) is "repository" or "auditFile."

    • Modified /reportDefinition::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value", operand1" and "operand2" fields of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter (name) is "repository" or "auditFile."

    • Modified /reportDefinition::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "query → filters → value", operand1" and "operand2" fields if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter (name) is "repository" or "auditFile."

    • Modified /reportDefinition/copy::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value", operand1" and "operand2" fields of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter (name) is "repository" or "auditFile."

    • Modified /reportDefinition/import::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a type of asset list, audit file, policy, repository or user, whether it is a single record or multiple records.

      • Returns a "uuid" field, in addition to the "id" field, in the "filters → value", operand1" and "operand2" fields of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter is a combination of assets and they are not, themselves, a combination record.

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" and "owner" fields.

      • Returns a "type" field in the "filters → value" field of all query objects, nested under the "definition" and "xmlDefinition" fields, if the filter (name) is "repository" or "auditFile."

  • Report Image

    • Modified /report/image::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /report/image::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /report/image::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

  • Repository

    • Modified /repository::GET

      • Can accept the repository resource UUID in place of the repository ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /repository::POST

      • Can accept UUID records, instead of ID records, in the "organizations" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /repository::PATCH

      • Can accept the repository resource UUID in place of the repository ID.

      • Can accept UUID records, instead of ID records, in the "organizations" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "type" field in the "query → filters → value" field if the filter (name) is "repository" or "auditFile."

    • Modified /repository::DELETE

      • Can accept the repository resource UUID in place of the repository ID.

    • Modified /repository/acceptRiskRule::GET

      • Can accept the repository resource UUID in place of the repository ID.

      • Can accept the "organizationUUIDs" field, instead of the "organizationIDs" field.

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization", and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

    • Modified /repository/assetIntersections::GET

      • Can accept the repository resource UUID in place of the repository ID.

    • Modified /repository/export::GET

      • Can accept the repository resource UUID in place of the repository ID.

    • Modified /repository/import::POST

      • Can accept the repository resource UUID in place of the repository ID.

    • Modified /repository/deviceInfo::GET

      • Clarified that the "dnsName" parameter may only be supplied with the "ip" parameter when a "uuid" parameter is not supplied.

      • Added a "sourceType" parameter to specify which data source, "cumulative" or "patched", to pull information from.

      • Can accept the repository resource UUID in place of the repository ID.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository" field.

      • Returns a "type" field in the "repository" field.

    • Modified /repository/recastRiskRule::GET

      • Can accept the repository resource UUID in place of the repository ID.

      • Can accept the "organizationUUIDs" field, instead of the "organizationIDs" field.

      • Returns a "uuid" field, in addition to the "id" field, in the "hostValue" field if the "hostType" is "asset", and the asset list is part of your organization context.

      • Returns a "uuid" field, in addition to the "id" field, in the "repository", "organization" and "user" fields.

      • Returns a "type" field in the "repository" and "plugin" fields.

    • Modified /repository/sync::POST

      • Can accept the repository resource UUID in place of the repository ID.

    • Modified /repository/updateMobileData::POST

      • Can accept the repository resource UUID in place of the repository ID.

  • Role

    • Modified /role::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /role::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

    • Modified /role::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "creator" field.

  • Scanner

    • Modified /scanner::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "nessusManagerOrgs" and "zones" fields.

    • Modified /scanner::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "nessusManagerOrgs" and "zones" fields.

    • Modified /scanner::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "nessusManagerOrgs" and "zones" fields.

  • Scan

    • Modified /scan::GET

      • Can accept the scan resource UUID in place of the scan ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "credentials", "policy", "repository", "zone", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /scan::POST

      • Can accept UUID records, instead of ID records, in the "auditFiles" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "credentials", "policy", "repository", "zone", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /scan::PATCH

      • Can accept the scan resource UUID in place of the scan ID.

      • Can accept UUID records, instead of ID records, in the "auditFiles" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "credentials", "policy", "repository", "zone", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /scan::DELETE

      • Can accept the scan resource UUID in place of the scan ID.

    • Modified /scan/copy::POST

      • Can accept the scan resource UUID in place of the scan ID.

      • Can accept a UUID record instead of an ID record for the "targetUser" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "credentials", "policy", "repository", "zone", "creator" and "owner" fields.

      • Returns a "type" field in the "repository" field.

    • Modified /scan/launch::POST

      • Can accept the scan resource UUID in place of the scan ID.

  • Scan Policy

    • Modified /policy::GET

      • Can accept the policy resource UUID in place of the policy ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields.

    • Modified /policy::POST

      • Can accept UUID records, instead of ID records, in the "auditFiles" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields.

    • Modified /policy::PATCH

      • Can accept the policy resource UUID in place of the policy ID.

      • Can accept UUID records, instead of ID records, in the "auditFiles" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields.

    • Modified /policy::DELETE.

      • Can accept the policy resource UUID in place of the policy ID.

    • Modified /policy/copy::POST

      • Can accept the policy resource UUID in place of the policy ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields.

    • Modified /policy/export::GET and /policy/export::POST

      • Can accept the resource UUID in place of the ID.

    • Modified /policy/import::POST

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields. (NOTE: This would be the case, however audit files are not imported when polices import. This was merely documented for possible, future necessity.)

    • Modified /policy/share::POST

      • Can accept the policy resource UUID in place of the policy ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "policy → creator", "policy → owner", "auditFiles", "creator" and "owner" fields.

      • Returns a "type" field in the "auditFiles" and "families → plugins" fields.

  • Scan Result

    • Modified /scanResult::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "scan" (if not already disassociated from the result), "repository", "initiator" and "owner" fields.

      • Returns a "type" field in the "scan" and "repository" fields.

    • Modified /scanResult/pause::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "scan" (if not already disassociated from the result), "repository", "initiator" and "owner" fields.

      • Returns a "type" field in the "scan" and "repository" fields.

    • Modified /scanResult/resume::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "scan" (if not already disassociated from the result), "repository", "initiator" and "owner" fields.

      • Returns a "type" field in the "scan" and "repository" fields.

    • Modified /policy::DELETE.

      • Can accept the policy resource UUID in place of the policy ID.

    • Modified /scanResult/stop::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "scan" (if not already disassociated from the result), "repository", "initiator" and "owner" fields.

      • Returns a "type" field in the "scan" and "repository" fields.

  • Scan Zone

    • Modified /zone::GET

      • Can accept the zone resource UUID in place of the zone ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /zone::POST

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /zone::PATCH

      • Can accept the zone resource UUID in place of the zone ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "organizations" field.

    • Modified /zone::DELETE

      • Can accept the policy resource UUID in place of the policy ID.

  • Status

    • Modified /status::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "zones" field.

  • Ticket

    • Modified /ticket::GET

      • Returns a "uuid" field, in addition to the "id" field, in the "assignee", "creator" and "owner" fields.

    • Modified /ticket::POST

      • Returns a "uuid" field, in addition to the "id" field, in the "assignee", "creator" and "owner" fields.

    • Modified /ticket::PATCH

      • Returns a "uuid" field, in addition to the "id" field, in the "assignee", "creator" and "owner" fields.

  • User

    • Modified /user::GET

      • Can accept the user resource UUID in place of the user ID.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user", "linkedUsers" and "responsibleAsset" fields.

    • Modified /user::POST

      • Can accept the "responsibleAssetUUID" field, instead of the "responsibleAssetID" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user", "linkedUsers" and "responsibleAsset" fields.

    • Modified /user::PATCH

      • Can accept the user resource UUID in place of the user ID.

      • Can accept the "responsibleAssetUUID" field, instead of the "responsibleAssetID" field.

      • Can accept a UUID record, instead of an ID record, as the "responsibleAsset" field.

      • Returns a "uuid" field, in addition to the "id" field, for the resource.

      • Returns a "uuid" field, in addition to the "id" field, in the "parent → user", "linkedUsers" and "responsibleAsset" fields.

    • Modified /user::DELETE

      • Can accept the user resource UUID in place of the user ID.

      • Can accept the "orgUUID" field instead of the "orgID" field.

      • Can accept the "migrateUserUUID" field instead of the "migrateUserID" field.

Version 5.20.x

Tenable.sc 5.20.x API includes updates for the following endpoints:

  • Hosts

    • Added /host::GET endpoint for SC Exposure (Lumin-lite capabilities), which are used to retrieve a list of hosts. If a tenableUUID field is defined, the response will also include Findings (vulnerabilities) and a list of Installed Software for that specific host.

  • Plugin

    • Added agent to the fields parameters for the /plugin::GET and /plugin/{id}::GET endpoints. Added agent to the response for the /plugin::GET endpoint. This field indicates if the plugin is agent capable.

  • Repository

    • Added networkDeleted to the response for the /repository/{id}::GET endpoint as part of luminFields. This is boolean field that indicates if the network in Tenable.io associated with the repository in Tenable.sc (as part of the Lumin Connector) has been deleted

  • Scan Policy

    • For the families fields parameter of the /policy::GET endpoint, added the Advanced Agent Scan Template (id="25") as eligible for getting families (in addition to the Advanced Scan Template (id = "1")).

    • For the /policy::POST endpoint, added the Advanced Agent Scan Template (id="25") as eligible for providing families in the request parameters. Also added agent to the policyTemplate object in the example response. This field indicates if the policy template is for agent scans.

    • For the families fields parameter of the /policy/{id}::GET endpoint, added the Advanced Agent Scan Template (id="25") as eligible for getting families (in addition to the Advanced Scan Template (id = "1")). Also added agent to the policyTemplate object in the example response. This field indicates if the policy template is for agent scans.

    • For the /policy/{id}/copy::POST endpoint, added agent to the policyTemplate object in the example response. This field indicates if the policy template is for agent scans.

    • For the /policy/{id}/share::POST endpoint, added agent to the policyTemplate object in the example response. This field indicates if the policy template is for agent scans.

  • Scan Policy Templates

    • Added agent to the fields parameters for the /policyTemplate::GET and /policyTemplate/{id}::GET endpoints. Added agent to the response for the /policyTemplate/{id}::GET endpoint. This is a boolean field that indicates if the policy template is for agent scans.

  • User

    • Added a new /user::PATCH parameter, currentPassword, that is required if password was included in the PATCH payload.

Version 5.19.x

Tenable.sc 5.19.x API includes updates for the following endpoints:

  • Credential

    • Updated /credential::GET and /credential/{id}::GET to be able to return escalationAccount for "ssh" type credentials.

    • Updated /credential::POST for "ssh" type "Arcon" authType credentials so that privilegeEscalation can be provided and escalationAccount can be provided for the appropriate privilegeEscalation fields.

  • Director-Insights

    • Updated /mgmt/insights::GET endpoint to include licensing information. The data will be fetched from the SCI table. If the license information is not retrieved for a particular day, then it will consider the total and active count for that day as 0.

    • The new response will include the licenseStatusInformation attribute under chart and usage.

  • Director-System

    • New for the 5.19 release.

    • Added /mgmt/system/logFiles::GET endpoint which returns a list of log files on a linked Tenable.sc Instance that are available to the current user.

    • Added /mgmt/system/logs::POST endpoint which returns a list of log messages on a linked Tenable.sc Instance that are available to the current user based on a query parameter.

  • Lumin

    • Added a new boolean request parameter ioNetworksEnabled to the /lumin/repositories::PATCH endpoint. If "true", vulnerability data is synchronized to Lumin using a separate network for each repository. The response for this endpoint has two (2) additional parameters per repository - enabled and ioNetworkUUID. The enabled parameter can be "true" or "false", which indicates if the repository is enabled for synchronizing to Lumin. The ioNetworkUUID parameteris the UUID of the network used to synchronize the vulnerability data when ioNetworksEnabled is set to "true."

    • Added new metrics to the response parameters for the /lumin/metrics::GET endpoint including ioRemediationMaturityGrade, ioRemediationMaturityGradeDelta, ioRemediationMaturityGradeLetter, ioAssessmentMaturityGradeLetter.

  • Repository

    • Added percentCapacityCumulative and percentCapacityPatched to the typeFields returned by the /repository::GET and /repository/{id}::GET endpoints. This is a percentage of the maximum capacity of cumulative and patched data for IPv4, IPv6, and Agent repositories. The current maximum is 64GB.

  • Status

    • Added lastDbBackupStatus, lastDbBackupSuccess, and lastDbBackupFailure to the typeFields returned by the /status::GET endpoint. These fields contain the status of the last database update (0 = SUCCESS, otherwise FAILURE) and the timestamps of the last database backup success and failure.

  • System

    • Added /system/logFiles::GET endpoint which returns a list of log files available to the current user.

    • Added /system/logs::POST endpoint which returns a list of log messages available to the current user based on a query parameter.

    • Added /system/logs/download::POST which downloads a list of log messages available to the current user based on a query.

Version 5.18.x

Tenable.sc 5.18.x API includes updates for the following endpoints:

  • Blackout Window

    • Amended a feature name to comply with Tenable's inclusive language guidelines. The Blackout API's name is now changed to Freeze API in the Tenable.sc product.

  • Configuration

    • Moved vulnerability data lifetime values from /configuration to /repository. The following are no longer available with the /configuration::GET or ::PATCH endpoints: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. These values are now at the repository level and are a part of the /repository endpoints.

  • Director Insights

    • Added /mgmt/insights::GET endpoints for Director, which retrieves the trending data for Scan Results, Scanners, and Scan Zones on Tenable.sc Instances linked to Director.

  • Director Organization

    • Added /mgmt/organization endpoints for Director. GET for both /mgmt/organization and /organization/{id}, which are used to view the organization information on a linked Tenable.sc Instance. This is currently used primarily when managing Nessus Scanners through Director (see the above endpoint)

  • Director Scanner

    • Added /mgmt/scanner endpoints for Director. GET and POST for both /mgmt/scanner, which are used for adding new Nessus Scanners to the linked Tenable.sc Instance through Director. GET, PATCH, and DELETE for /mgmt/scanner/{id}, which are used to view, modify, and delete the specified Scanner on its linked Tenable.sc Instance through Director.

  • Director Scan Result

    • Added /mgmt/scanResult endpoints for Director customers and /all/scanResult endpoints for managed by Director users. GET for both /scanResult and /scanResult/{id}, and POST for /scanResult/{id}/email, /scanResult/{id}/stop, /scanResult/{id}/pause, /scanResult/{id}/resume, /scanResult/{id}/retrieve, and /scanResult/{id}/download. These endpoints are responsible for controlling Scan Results of SCIs linked to Director.

  • Director Scan Zone

    • Added /mgmt/zone endpoints for Director. GET and POST for both /mgmt/zone, which are used for adding new Scan Zones to the linked Tenable.sc Instance through Director. GET, PATCH, and DELETE for /mgmt/zone/{id}, which are used to view, modify and delete the specified Scan Zone on its' linked Tenable.sc Instance through Director.

  • LDAP

    • Added support for two new LDAP options, as customers can now provision their users on first-time logins and sync their attributes/metadata on every login. /ldap::POST and /ldap::PATCH calls can now configure the following parameters (1) ldapUserProvisioning and (2) ldapUserSync, though by default they are set to false.

  • Query

    • Added to the POST envelope to support a new tool, "remediationdetail" and a new filter, "solutionID."

    • Added a clarification "NOTE" specifying that the "solutionID" filter only applies to tools "sumremediation" and "remediationdetail." Specified that the latter tool must use this "filter" to function.

    • Added a clarification "NOTE" specifying that the existing "outputAssets" filter only applies to the tool "sumasset" for both the "vuln" and "lce" query types.

  • Report

    • Correction of the "/report/{id}/email" description, it was incorrectly set to the description of the /copy endpoint before it in the document. This endpoint is responsible for sharing a report result to specified users and/or list of email addresses.

  • Report Definition

    • Correction to the GET field names in API documentation, as the expected field values were creator and owner, but in API documentation it was written as CreatorID and ownerID, hence the following field names creatorID and ownerID have been changed to creator and owner.

  • Repository

    • Added vulnerability data expiration related fields to the typeFields returned by the /repository::GET and /repository/{id}::GET endpoints. For repositories with a dataFormat of "IPv4", added: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "IPv6", added: activeVulnsLifetime, passiveVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "agent", added: activeVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. The units for these fields are specified in days.

    • Added vulnerability data expiration related fields to the /repository::POST and /repository/{id}::PATCH endpoints. For repositories with a dataFormat of "IPv4", added: activeVulnsLifetime, passiveVulnsLifetime, lceVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "IPv6", added: activeVulnsLifetime, passiveVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. For repositories with a dataFormat of "agent", added: activeVulnsLifetime, complianceVulnsLifetime, and mitigatedVulnsLifetime. The units for these fields are specified in days. The default value for passiveVulnsLifetime is "7", and for the other fields is "365."

  • Scan

    • Clarifications by way of a "NOTE" stating that setting the schedule type to "template" will create a scan that will not run on a schedule.

  • Tenable.sc Instance

    • Added /sci endpoints for Director. GET and POST for both /sci, which are used for adding and viewing Tenable.sc Instances on Director. GET, PATCH, and DELETE for /sci/{id} which are used for managing the linked Tenable.sc Instances on Director.

Version 5.17.x

Tenable.sc 5.17.x API includes updates for the following endpoints:

  • Industrial-Security

    • This entire API has been deleted and is no longer functioning. Customers must use Tenable.ot, the new Industrial Security replacement.

  • Analysis

    • The /analysis endpoint now supports a "startOffset" and "endOffset" for "vuln" type requests. This is similar to the /analysis/download endpoint.

  • Asset

    • Added a new filterName value, "uuid." Supported in asset::POST for assets of type "dynamic."

  • Credential

    • Added support for a new Credential type, Centrify, available for SSH and Windows.

    • Added "Privilege Escalation" option to the SSH Thycotic Secret Server credential.

    • Applied a correction to the POST request values for privilege escalation for SSH CyberArk Vault, to match the SC 5.17.0 REST API.

    • Applied a correction to the POST request values for privilege escalation type "dzdo" for auth types other than SSH Thycotic Secret Server, to match the SC 5.17.0 REST API.

    • Added support for a new Credential type, Sybase ASE., available for Databses.

    • Added support for a new Credential type, Apache Cassandra, available for Databses.

    • Expanded CSV import support to SQL Server, MySQL, and DB2 database type credentials. On POST for these database types when Source = 'Import' added a new field for providing the CSV file name. This new field is returned on GET and can be modified using PATCH.

    • Added Escalation Username field for SSH credentials with privilege escalation of type pbrun. On POST when Privilege Escalation = 'pbrun' added a new field for providing the Escalation Username. This new field is returned on GET and can be modified using PATCH.

  • Organization

  • Scan

    • Applied a change to the "type" field. Now defaulted to "policy" as we no longer support "plugin" type policies (used for Remediation scans, which now use type "policy" as well).

  • User

    • Applied a correction to the GET endpoint description. Creating a request as an Admin, with orgID as a parameter, will retrieve all the Users within the provided organization.

Version 5.16.x

Tenable.sc 5.16 .x API includes updates for the following endpoints:

  • User

    • As an Administrator, when viewing a list of Administrators /user::GET, return the list of Linked Users for each Administrator showing user and organization.

    • As an Administrator, when creating a Linked User /user::POST, providing the ID for the parent Administrator is required. (NOTE: Only Administrators can create Linked Users.)

    • As an Administrator, when viewing an Administrator /user/{id}::GET, return its list of Linked Users showing user and organization.

    • As an Administrator, when viewing a Linked User /user/{id}::GET, return the parent Administrator information (user, organization).

    • As an Administrator, when locking an Administrator with Linked Users /user/{id}::PATCH(/user/{id}::PATCH), the Linked Users are locked as well.

    • As an Administrator, when editing a Linked User /user/{id}::PATCH(/user/{id}::PATCH), the following fields cannot be modified: (NOTE: Only Administrators can edit Linked Users.)

      • roleID (must be "Security Manager")
      • groupID (must be Full Access group)
      • authType (must be "linked")
      • parent (Linked Users cannot change parent Administrator)
      • password
      • mustChangePassword
    • As an Administrator, an Administrator cannot be deleted if it has Linked Users /user/{id}::DELETE. The Linked Users must be deleted first. (NOTE: Only Administrators can delete Linked Users.)

    • As an Organization User, linked users cannot be edited or deleted, and API keys cannot be created for linked users.

  • Organization Security Manager

    • Added "agentScanID" to the response of the stop, resume, and pause endpoints to indicate the ID of the Agent Scan associated with the Scan Result.

Version 5.15.x

Tenable.sc 5.15.x API includes updates for the following endpoints:

  • Status

    • Added "migrationStatus" to the response of /status::GET to indicate the status of the last migration that was run. Valid values are "Running" or "Stopped." A null value indicates that the migration was successful.

  • Scan Result

    • Added "agentScanID" to the response of the stop, resume, and pause endpoints to indicate the ID of the Agent Scan associated with the Scan Result.

Version 5.14.x

Tenable.sc 5.14.x API includes the following new functionality:

Tenable.sc 5.14.x API includes updates for the following endpoints:

  • Analysis

    • Clarified pre-existing behavior of results being inclusive of the startOffset parameter value and exclusive of the endOffset parameter value.

    • Duplicated "hostUniqueness" field to also return as original field name "uniqueness" to support integrations relying on field name.

  • Credential

    • Added new authType "Hashicorp" to "SSH", "Windows", and "Database" credentials.

    • Added new authType "Arcon" to "SSH" and "Windows" credentials.

  • Lumin

    • Updated the request parameters for the /lumin/assets::PATCH endpoint to allow for a schedule object to be provided for the start time for the daily synchronization of assets to Lumin.

    • Dynamic assets are now supported for syncing Lumin assets.

  • Configuration Section

    • For the endpoint /configSection/9::GET which returns Lumin configuration information, added a new element to the response object, "assetsSyncSchedule", which contains the schedule object for the daily synchronization of assets to IO/Lumin.

Version 5.13.x

Tenable.sc 5.13.x API includes the following new functionality:

  • Lumin

    • New endpoints /lumin/repositories::PATCH and /lumin/assets::PATCH to allow for enabling Lumin Synchronization.

Tenable.sc 5.13.x API includes updates for the following endpoints:

  • Scanner

    • Field "password" now supported for authType "certificate" in /scanner::GET, /scanner:POST, and /scanner:PATCH. The conventions will follow the password field for Nessus Scanners, and return SET when a certificate password exists.

  • Industrial Security

    • Field "password" now supported for authType "certificate" in /industrialSecurity::GET, /industrialSecurity::POST, and /industrialSecurity::PATCH. The conventions will follow the password field for Industrial Security Instances, and return SET when a certificate password exists.

  • Passive Scanner (NNM)

    • Field "password" now supported for authType "certificate" in /passivescanner::GET, /passivescanner::POST, and /passivescanner::PATCH. The conventions will follow the password field for Passive (NNM) Scanners, and return SET when a certificate password exists.

  • Configuration Section

    • /configSection::GET - Added Lumin Section for ID 9.

    • Added new configuration section: /configSection/9::GET.

    • Added new configuration section: /configSection/9::PATCH.

  • Repository

    • Added fields "luminFields" and "ipOverlaps" to /repository::GET.

    • Added field "luminFields" to /repository/{id}::GET.

  • Asset

    • Added admin access to /asset::GET with a limited field subset including organization and luminFields.

    • Added admin access to /asset/{id}::GET with a limited field subset including organization and luminFields.

  • Credential

    • Added fields "source" and "csv_file" to /credential::POST, /credential::PATCH, and /credential::GET.

  • Configuration

    • Added new string params “ioAccessKey” and "ioSecretKey" to /config/64::GET.

    • Added new string params “ioAccessKey” and "ioSecretKey" to /config/64::PATCH.

  • Analysis

    • Modified attribute "uniqueness" to "hostUniqueness" in the response for certain vuln types.

The following functionality was removed from Tenable.sc:

  • System

    • Removed unsupported / undocumented endpoints: /system/fips::GET and /system/fips::POST.

Version 5.12.x

Tenable.sc 5.12.x API includes the following new functionality:

  • System

    • Added new field "SerializationDisabled" and missing field "telemetryEnabled" to /system::GET response.

    • Added debug option "dbIOErrors" to /system/debug::GET.

    • Added fields "touchDebuggingEnabled" and "migrationFailure" to /system/diagnostic::GET.

  • Scanner

    • Created endpoint /scanner/{id}/bug-report.

    • Created endpoint /scanner/{id}/health.

  • Solutions (provisional)

    • Created endpoint /solutions::POST.

    • Created endpoint /solutions/{pluginID}::POST.

    • Created endpoint /solutions/{pluginID}/vuln::POST.

    • Created endpoint /solutions/{pluginID}/asset::POST.

  • AuditFile

    • filename and originalFilename now required for auditFileTemplate 'id' is '-1' instead of auditFileTemplate 'id' is not '-1' for /AuditFile::POST.

  • Report

    • Removed non-existent endpoint /report/{id}/pause::POST.

  • MDM

    • Added new MDM types Blackberry UEM and Microsoft Intune to /mdm::GET.

The following functionality was removed from Tenable.sc:

  • IP Information

    • The /ipInfo::GET endpoint was deleted and the IP Information page was removed from API documentation. This functionality is now available through the /deviceInfo::GET endpoint.

  • Repository

  • Report

    • The /report/{id}/publish::POST endpoint was deleted.

Version 5.11.x

Tenable.sc 5.11.x API includes the following new functionality:

  • Group

    • Added new field "createDefaultObjects" in /group::GET and /group/<id>::GET

    • Added new parameter "createDefaultObjects" in /group::POST and /group/<id>::PATCH

  • Credential

    • Added new field “beyondtrust_api_user” in /credential::POST and /credential/<id>::PATCH for beyondTrust credentials of type "ssh" and "windows"

    • Added new parameter "beyondtrust_api_user” in /credential::GET and /credential/<id>::GET in the typeFields for credentials of type "ssh" and "windows"

  • Scan Result

    • Added new optional filter "optimizeCompletedScans" to /scanResult::GET to skip retrieval of progress fields (completedIPs, completedChecks, totalChecks) for scans that are no longer in progress to optimize speed.

The following functionality was deprecated (marked for future removal):

  • User

    • Marked fields "importReports", "importARCs", "importDashboards", "dashboardTemplate", and "arcTemplate" in /user::POST. During the deprecation period, the default of these fields will be updated to the new "createDefaultObjects" group setting.

  • Organization Security Manager

    • Marked fields "importReports", "importARCs", "importDashboards", "dashboardTemplate", and "arcTemplate" in /user::POST. During the deprecation period, the default of these fields will be updated to the new "createDefaultObjects" group setting

Version 5.10.x

Tenable.sc 5.10 API includes the following changes:

  • System

    • Added new endpoint /system/debug::GET

    • Added new endpoint /system/debug::PATCH

  • Plugin

    • Added new field “vprContext” to /plugin::GET

    • Added new field “vprContext” to /plugin/{id}::GET

  • Plugin Family

    • Added new field “vprContext” to /pluginFamily/{id}/plugins::GET

  • Scan

    • Added new field “enabled” to the schedule object inside /scan::POST

    • Added new field “enabled” to the schedule object inside /scan/{id}::PATCH

  • Scanner

    • Added fields “accessKey” and “secretKey” to /scanner::GET

    • Added fields “accessKey” and “secretKey” to /scanner/{id}::GET

    • Added fields “accessKey” and “secretKey” to /scanner/{id}::POST