Findings Payload Files

When the system adds, updates, or deletes findings associated with assets, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletes appear with a timestamp in the deletes array.

The following example shows the format of a findings payload file. For definitions of the properties in this file, see Findings Properties.

Copy 
{
  "payload_id": "finding-1735809381920-24-f693e786-803c-4b52-9470-2f42939e8191",
  "version": 1,
  "type": "FINDING",
  "count_updated": 1,
  "count_deleted": 0,
  "updates": [
    {
      "finding_id": "4e4d4dd2-e8a3-5c6a-9d32-f5864e8aef52",
      "asset": {
        "agent_uuid": null,
        "bios_uuid": null,
        "device_type": "general-purpose",
        "fqdn": "target2.pubtarg.tenablesecurity.com",
        "hostname": "target2.pubtarg.tenablesecurity.com",
        "uuid": "8d84147c-7086-4707-b644-33bd6a794f3c",
        "ipv4": "35.93.112.36",
        "ipv6": null,
        "last_authenticated_results": null,
        "last_unauthenticated_results": null,
        "last_scan_target": "target2.pubtarg.tenablesecurity.com",
        "mac_address": null,
        "netbios_name": null,
        "netbios_workgroup": [],
        "operating_system": [
          "Linux Kernel 2.6"
        ],
        "network_id": "00000000-0000-0000-0000-000000000000",
        "tracked": true
      },
      "output": null,
      "plugin": {
        "bid": [70657],
        "canvas_package": null,
        "checks_for_default_account": false,
        "checks_for_malware": false,
        "cpe": [],
        "cve": null,
        "cvss3_base_score": null,
        "cvss3_temporal_score": null,
        "cvss3_temporal_vector": {
          "exploitability": null,
          "remediation_level": null,
          "report_confidence": null,
          "raw": null
        },
        "cvss3_vector": {
          "access_complexity": null,
          "access_vector": null,
          "privileges_required": null,
          "user_interaction": null,
          "scope": null,
          "availability_impact": null,
          "confidentiality_impact": null,
          "integrity_impact": null,
          "raw": null
        },
        "cvss_base_score": null,
        "cvss_temporal_score": null,
        "cvss_temporal_vector": {
          "exploitability": null,
          "remediation_level": null,
          "report_confidence": null,
          "raw": null
        },
        "cvss_vector": {
          "access_complexity": null,
          "access_vector": null,
          "authentication": null,
          "availability_impact": null,
          "confidentiality_impact": null,
          "integrity_impact": null,
          "raw": null
        },
        "d2_elliot_name": null,
        "description": "This script detects which algorithms and languages are supported by the remote service for encrypting communications.",
        "exploit_available": false,
        "exploit_framework_canvas": false,
        "exploit_framework_core": false,
        "exploit_framework_d2_elliot": false,
        "exploit_framework_exploithub": false,
        "exploit_framework_metasploit": false,
        "exploitability_ease": null,
        "exploited_by_malware": false,
        "exploited_by_nessus": false,
        "exploithub_sku": null,
        "family": "Misc.",
        "family_id": null,
        "has_patch": false,
        "id": 70657,
        "in_the_news": false,
        "metasploit_name": null,
        "ms_bulletin": null,
        "name": "SSH Algorithms and Languages Supported",
        "patch_publication_date": "null",
        "modification_date": "2017-08-28T00:00:00Z",
        "publication_date": "2013-10-28T00:00:00Z",
        "risk_factor": "info",
        "see_also": [],
        "solution": null,
        "stig_severity": null,
        "synopsis": "An SSH server is listening on this port.",
        "type": "remote",
        "unsupported_by_vendor": false,
        "usn": null,
        "version": "null",
        "vuln_publication_date": "null",
        "xrefs": [],
        "vpr": {
          "score": null,
          "drivers": {
            "age_of_vuln": {
              "lower_bound": 0,
              "upper_bound": 0
            },
            "exploit_code_maturity": null,
            "cvss_impact_score_predicted": null,
            "cvss3_impact_score": null,
            "threat_intensity_last28": null,
            "threat_recency": {
              "lower_bound": 0,
              "upper_bound": 0
            },
            "threat_sources_last28": [],
            "product_coverage": null
          },
          "updated": "null"
        },
        "workaround": "Workaround description",
        "workaround_type": "Configuration Change",
        "workaround_published": "2025-01-02T09:11:11.756Z",
        "has_workaround": false
      },
      "port": {
        "port": 22,
        "protocol": "TCP",
        "service": "ssh"
      },
      "recast_reason": null,
      "recast_rule_uuid": null,
      "scan": {
        "schedule_uuid": "template-0c0f6be8-52e7-33a8-5efe-6c56590ade7c69dc748acb78459e",
        "started_at": "2025-01-02T09:11:11.756Z",
        "uuid": "f693e786-803c-4b52-9470-2f42939e8191",
        "target": "target2.pubtarg.tenablesecurity.com"
      },
      "severity": "info",
      "severity_id": 0,
      "severity_default_id": 0,
      "severity_modification_type": "NONE",
      "first_found": "2024-05-16T09:54:53.492Z",
      "last_fixed": "2025-01-02T09:16:09.872Z",
      "last_found": "2024-11-21T14:32:31.480Z",
      "indexed": "2025-01-02T09:16:22.207Z",
      "state": "FIXED",
      "source": "NESSUS"
    }
  ],
  "deletes": [],
  "first_ts": "1735809379276",
  "last_ts": "1735809379276"
}