Assets Payload Files
When the system updates, adds, or deletes assets, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletions appear with a timestamp in the deletes array.
Note: Asset deletions (host assets and WAS assets) appear in both the assets and was_assets folders. Ignore the asset IDs that are not relevant to you.
The following example shows the format of an assets payload file. For definitions of the properties in this file, see Assets Properties.
Copy
{
"payload_id": "asset-1735809383052-16-f693e786-803c-4b52-9470-2f42939e8191",
"version": 1,
"type": "ASSET",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"id": "8d84147c-7086-4707-b644-33bd6a794f3c",
"has_agent": false,
"has_plugin_results": true,
"created_at": "2024-05-16T09:54:57.453Z",
"terminated_at": null,
"terminated_by": null,
"updated_at": "2025-01-02T09:16:09.872Z",
"deleted_at": null,
"deleted_by": null,
"first_seen": "2024-05-16T09:54:53.000Z",
"last_seen": "2025-01-02T09:16:09.872Z",
"first_scan_time": "2024-05-16T09:54:53.000Z",
"last_scan_time": "2025-01-02T09:16:09.872Z",
"last_authenticated_scan_date": "2025-01-02T09:16:09.872Z",
"last_licensed_scan_date": "2025-01-02T09:16:09.872Z",
"last_scan_id": "f693e786-803c-4b52-9470-2f42939e8191",
"last_schedule_id": "template-0c0f6be8-52e7-33a8-5efe-6c56590ade7c69dc748acb78459e",
"last_scan_target": "target2.pubtarg.tenablesecurity.com",
"last_authentication_attempt_date": "2025-01-02T09:16:09.872Z",
"last_authentication_success_date": "2025-01-02T09:16:09.872Z",
"last_authentication_scan_status": "Success",
"agent_uuid": null,
"bios_uuid": null,
"network_id": "00000000-0000-0000-0000-000000000000",
"azure_vm_id": null,
"azure_resource_id": null,
"gcp_project_id": null,
"gcp_zone": null,
"gcp_instance_id": null,
"aws_ec2_instance_ami_id": null,
"aws_ec2_instance_id": null,
"network_name": null,
"aws_owner_id": null,
"aws_availability_zone": null,
"aws_region": null,
"aws_vpc_id": null,
"aws_ec2_instance_group_name": null,
"aws_ec2_instance_state_name": null,
"aws_ec2_instance_type": null,
"aws_subnet_id": null,
"aws_ec2_product_code": null,
"aws_ec2_name": null,
"mcafee_epo_guid": null,
"mcafee_epo_agent_guid": null,
"servicenow_sysid": null,
"bigfix_asset_id": null,
"agent_names": [],
"installed_software": [
"cpe:/a:apache:http_server:2.4.58",
"cpe:/a:openbsd:openssh:9.6",
"cpe:/a:openbsd:openssh:9.6p1"
],
"ipv4s": [
"35.93.112.36"
],
"ipv6s": [],
"fqdns": [
"target2.pubtarg.tenablesecurity.com"
],
"mac_addresses": [],
"netbios_names": [],
"operating_systems": [
"Linux Kernel 2.6"
],
"system_types": [
"general-purpose"
],
"hostnames": [
"target2.pubtarg.tenablesecurity.com"
],
"ssh_fingerprints": [],
"qualys_asset_ids": [],
"qualys_host_ids": [],
"manufacturer_tpm_ids": [],
"symantec_ep_hardware_keys": [],
"sources": [
{
"name": "AsgardPublisher",
"first_seen": "2024-05-16T12:33:50.393Z",
"last_seen": "2024-09-17T12:29:26.687Z"
},
{
"name": "NessusScanEnrichment",
"first_seen": "2024-09-03T13:00:27.000Z",
"last_seen": "2024-11-21T14:32:31.000Z"
},
{
"name": "NESSUS_SCAN",
"first_seen": "2024-05-16T09:54:53.000Z",
"last_seen": "2025-01-02T09:16:09.872Z"
}
],
"tags": [],
"network_interfaces": [
{
"name": "CATCH_ALL_INTERFACE",
"virtual": null,
"aliased": null,
"fqdns": [
"target2.pubtarg.tenablesecurity.com"
],
"mac_addresses": [],
"ipv4s": [
"35.93.112.36"
],
"ipv6s": []
}
],
"open_ports": [
{
"port": 22,
"protocol": "TCP",
"service_names": [
"ssh"
],
"first_seen": "2024-05-16T09:54:53.492Z",
"last_seen": "2024-11-21T14:32:31.480Z"
},
{
"port": 80,
"protocol": "TCP",
"service_names": [
"www"
],
"first_seen": "2024-09-03T13:00:27.227Z",
"last_seen": "2024-11-21T14:32:31.480Z"
}
],
"acr_score": "8",
"exposure_score": "661",
"custom_attributes": []
}
],
"deletes": [],
"first_ts": "1735809378425",
"last_ts": "1735809378425"
}