Assets Payload Files
When the system updates, adds, or deletes assets, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletions appear with a timestamp in the deletes array.
The following example shows the format of an assets payload file. For definitions of the properties in this file, see Assets Properties.
Copy
{
"payload_id": "asset-1735809383052-16-f693e786-803c-4b52-9470-2f42939e8191",
"version": 1,
"type": "ASSET",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"id": "8d84147c-7086-4707-b644-33bd6a794f3c",
"has_agent": false,
"has_plugin_results": true,
"created_at": "2024-05-16T09:54:57.453Z",
"terminated_at": null,
"terminated_by": null,
"updated_at": "2025-01-02T09:16:09.872Z",
"deleted_at": null,
"deleted_by": null,
"first_seen": "2024-05-16T09:54:53.000Z",
"last_seen": "2025-01-02T09:16:09.872Z",
"first_scan_time": "2024-05-16T09:54:53.000Z",
"last_scan_time": "2025-01-02T09:16:09.872Z",
"last_authenticated_scan_date": "2025-01-02T09:16:09.872Z",
"last_licensed_scan_date": "2025-01-02T09:16:09.872Z",
"last_scan_id": "f693e786-803c-4b52-9470-2f42939e8191",
"last_schedule_id": "template-0c0f6be8-52e7-33a8-5efe-6c56590ade7c69dc748acb78459e",
"last_scan_target": "target2.pubtarg.tenablesecurity.com",
"last_authentication_attempt_date": "2025-01-02T09:16:09.872Z",
"last_authentication_success_date": "2025-01-02T09:16:09.872Z",
"last_authentication_scan_status": "Success",
"agent_uuid": null,
"bios_uuid": null,
"network_id": "00000000-0000-0000-0000-000000000000",
"azure_vm_id": null,
"azure_resource_id": null,
"gcp_project_id": null,
"gcp_zone": null,
"gcp_instance_id": null,
"aws_ec2_instance_ami_id": null,
"aws_ec2_instance_id": null,
"network_name": null,
"aws_owner_id": null,
"aws_availability_zone": null,
"aws_region": null,
"aws_vpc_id": null,
"aws_ec2_instance_group_name": null,
"aws_ec2_instance_state_name": null,
"aws_ec2_instance_type": null,
"aws_subnet_id": null,
"aws_ec2_product_code": null,
"aws_ec2_name": null,
"mcafee_epo_guid": null,
"mcafee_epo_agent_guid": null,
"servicenow_sysid": null,
"bigfix_asset_id": null,
"agent_names": [],
"installed_software": [
"cpe:/a:apache:http_server:2.4.58",
"cpe:/a:openbsd:openssh:9.6",
"cpe:/a:openbsd:openssh:9.6p1"
],
"ipv4s": [
"35.93.112.36"
],
"ipv6s": [],
"fqdns": [
"target2.pubtarg.tenablesecurity.com"
],
"mac_addresses": [],
"netbios_names": [],
"operating_systems": [
"Linux Kernel 2.6"
],
"system_types": [
"general-purpose"
],
"hostnames": [
"target2.pubtarg.tenablesecurity.com"
],
"ssh_fingerprints": [],
"qualys_asset_ids": [],
"qualys_host_ids": [],
"manufacturer_tpm_ids": [],
"symantec_ep_hardware_keys": [],
"sources": [
{
"name": "AsgardPublisher",
"first_seen": "2024-05-16T12:33:50.393Z",
"last_seen": "2024-09-17T12:29:26.687Z"
},
{
"name": "NessusScanEnrichment",
"first_seen": "2024-09-03T13:00:27.000Z",
"last_seen": "2024-11-21T14:32:31.000Z"
},
{
"name": "NESSUS_SCAN",
"first_seen": "2024-05-16T09:54:53.000Z",
"last_seen": "2025-01-02T09:16:09.872Z"
}
],
"tags": [],
"network_interfaces": [
{
"name": "CATCH_ALL_INTERFACE",
"virtual": null,
"aliased": null,
"fqdns": [
"target2.pubtarg.tenablesecurity.com"
],
"mac_addresses": [],
"ipv4s": [
"35.93.112.36"
],
"ipv6s": []
}
],
"open_ports": [
{
"port": 22,
"protocol": "TCP",
"service_names": [
"ssh"
],
"first_seen": "2024-05-16T09:54:53.492Z",
"last_seen": "2024-11-21T14:32:31.480Z"
},
{
"port": 80,
"protocol": "TCP",
"service_names": [
"www"
],
"first_seen": "2024-09-03T13:00:27.227Z",
"last_seen": "2024-11-21T14:32:31.480Z"
}
],
"acr_score": "8",
"exposure_score": "661",
"custom_attributes": []
}
],
"deletes": [],
"first_ts": "1735809378425",
"last_ts": "1735809378425"
}