Findings Payload Files
When the system adds, updates, or deletes findings associated with assets, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletes appear with a timestamp in the deletes array.
The following example shows the format of a findings payload file. For definitions of the properties in this file, see Findings Properties.
Copy
{
"payload_id": "finding-1735809381920-24-f693e786-803c-4b52-9470-2f42939e8191",
"version": 1,
"type": "FINDING",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"finding_id": "4e4d4dd2-e8a3-5c6a-9d32-f5864e8aef52",
"asset": {
"agent_uuid": null,
"bios_uuid": null,
"device_type": "general-purpose",
"fqdn": "target2.pubtarg.tenablesecurity.com",
"hostname": "target2.pubtarg.tenablesecurity.com",
"uuid": "8d84147c-7086-4707-b644-33bd6a794f3c",
"ipv4": "35.93.112.36",
"ipv6": null,
"last_authenticated_results": null,
"last_unauthenticated_results": null,
"last_scan_target": "target2.pubtarg.tenablesecurity.com",
"mac_address": null,
"netbios_name": null,
"netbios_workgroup": [],
"operating_system": [
"Linux Kernel 2.6"
],
"network_id": "00000000-0000-0000-0000-000000000000",
"tracked": true
},
"output": null,
"plugin": {
"bid": [70657],
"canvas_package": null,
"checks_for_default_account": false,
"checks_for_malware": false,
"cpe": [],
"cve": null,
"cvss4_base_score": 8.6,
"cvss4_threat_vector": {
"threat_score": 6.1,
"exploit_maturity": "Unreported",
"raw": "CVSS:4.0/E:U"
},
"cvss4_vector":{
"attack_vector":"Network",
"attack_complexity":"Low",
"attack_requirements":"None",
"privileges_required":"None",
"user_interaction":"None",
"vulnerable_system_confidentiality":"High",
"vulnerable_system_integrity":"High",
"vulnerable_system_availability":"High",
"subsequent_system_confidentiality":"None",
"subsequent_system_integrity":"None",
"subsequent_system_availability":"None",
"raw":"AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
"cvss3_base_score": null,
"cvss3_temporal_score": null,
"cvss3_temporal_vector": {
"exploitability": null,
"remediation_level": null,
"report_confidence": null,
"raw": null
},
"cvss3_vector": {
"access_complexity": null,
"access_vector": null,
"privileges_required": null,
"user_interaction": null,
"scope": null,
"availability_impact": null,
"confidentiality_impact": null,
"integrity_impact": null,
"raw": null
},
"cvss_base_score": null,
"cvss_temporal_score": null,
"cvss_temporal_vector": {
"exploitability": null,
"remediation_level": null,
"report_confidence": null,
"raw": null
},
"cvss_vector": {
"access_complexity": null,
"access_vector": null,
"authentication": null,
"availability_impact": null,
"confidentiality_impact": null,
"integrity_impact": null,
"raw": null
},
"d2_elliot_name": null,
"description": "This script detects which algorithms and languages are supported by the remote service for encrypting communications.",
"epss_score": 0.00553,
"exploit_available": false,
"exploit_framework_canvas": false,
"exploit_framework_core": false,
"exploit_framework_d2_elliot": false,
"exploit_framework_exploithub": false,
"exploit_framework_metasploit": false,
"exploitability_ease": null,
"exploited_by_malware": false,
"exploited_by_nessus": false,
"exploithub_sku": null,
"family": "Misc.",
"family_id": null,
"has_patch": false,
"id": 70657,
"in_the_news": false,
"metasploit_name": null,
"ms_bulletin": null,
"name": "SSH Algorithms and Languages Supported",
"patch_publication_date": "null",
"modification_date": "2017-08-28T00:00:00Z",
"publication_date": "2013-10-28T00:00:00Z",
"risk_factor": "info",
"see_also": [],
"solution": null,
"stig_severity": null,
"synopsis": "An SSH server is listening on this port.",
"type": "remote",
"unsupported_by_vendor": false,
"usn": null,
"version": "null",
"vuln_publication_date": "null",
"xrefs": [],
"vpr": {
"score": null,
"drivers": {
"age_of_vuln": {
"lower_bound": 0,
"upper_bound": 0
},
"exploit_code_maturity": null,
"cvss_impact_score_predicted": null,
"cvss3_impact_score": null,
"threat_intensity_last28": null,
"threat_recency": {
"lower_bound": 0,
"upper_bound": 0
},
"threat_sources_last28": [],
"product_coverage": null
},
"updated": "null"
},
"vpr_v2": {
"score": 3,
"vpr_percentile": "22.61",
"vpr_severity": "LOW",
"exploit_probability": 0,
"cve_id": "CVE-2024-23314",
"exploit_code_maturity": "UNPROVEN",
"on_cisa_kev": false,
"in_the_news_intensity_last30": "VERY LOW",
"in_the_news_recency": "NO RECORDED EVENTS",
"malware_observations_intensity_last30": "VERY LOW",
"malware_observations_recency": "NO RECORDED EVENTS",
"in_the_news_sources_last30": [
"Blogs & Individual Researchers",
"Cyber News & Media",
"Security Research, Tools & Resources"
],
"exploit_chain": [
"CVE-2024-44309"
],
"threat_summary": {
"summary": "null",
"lastUpdated": "null"
},
"remediation": {
"summary": "null",
"lastUpdated": "null"
},
"targeted_industries": [
"Energy",
"Government",
"Government - Federal",
"Government - State/Local",
"Healthcare",
"Insurance",
"Legal Services"
],
"targeted_regions": [
"Europe",
"Germany",
"North America",
"Russia",
"Ukraine",
"United States"
]
},
"workaround": "Workaround description",
"workaround_type": "Configuration Change",
"workaround_published": "2025-01-02T09:11:11.756Z",
"has_workaround": false
},
"port": {
"port": 22,
"protocol": "TCP",
"service": "ssh"
},
"recast_reason": null,
"recast_rule_uuid": null,
"scan": {
"schedule_uuid": "template-0c0f6be8-52e7-33a8-5efe-6c56590ade7c69dc748acb78459e",
"started_at": "2025-01-02T09:11:11.756Z",
"uuid": "f693e786-803c-4b52-9470-2f42939e8191",
"target": "target2.pubtarg.tenablesecurity.com"
},
"severity": "info",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"first_found": "2024-05-16T09:54:53.492Z",
"last_fixed": "2025-01-02T09:16:09.872Z",
"last_found": "2024-11-21T14:32:31.480Z",
"indexed": "2025-01-02T09:16:22.207Z",
"state": "FIXED",
"source": "NESSUS",
"resurfaced_date": "2024-12-27T11:57:24.384Z",
"time_taken_to_fix": 4045860
}
],
"deletes": [],
"first_ts": "1735809379276",
"last_ts": "1735809379276"
}