Host Audit Payload Files
When the system updates, adds, or deletes host audits, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletions appear with a timestamp in the deletes array.
The following example shows the format of a host audit payload file. For definitions of the properties in this file, see Host Audit Properties.
Copy
{
"payload_id": "host_audit_finding-1744708524728-24",
"version": 1,
"type": "HOST_AUDIT_FINDING",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"finding_id": "30f88ab0-8d20-59e7-9765-40dee1d518f0",
"asset_uuid": "5ca153b5-1402-4f0e-bad3-c300b69a4261",
"first_seen": "2025-03-17T11:42:40.162Z",
"last_seen": "2025-04-15T09:15:17.702Z",
"audit_file": "Tenable_Best_Practices_Cisco_ACI_v1.0.0.audit",
"check_id": "b6aa447a3dbc58cd0598ac3db38177cb5a2aa7617dc8a5eef652ffce0ad89412",
"check_name": "Tenable_Best_Practices_Cisco_ACI_v1.0.0.audit",
"check_info": "Info",
"expected_value": "PASSED",
"actual_value": "PASSED",
"status": "PASSED",
"reference": [
{
"framework": "framework-id",
"control": "control-id"
}
],
"see_also": "check reference",
"solution": "solution",
"check_error": "check for errors",
"profile_name": "profile information",
"db_type": "sqlite",
"plugin_id": 137785,
"state": "ACTIVE",
"description": "\"Tenable_Best_Practices_Cisco_ACI_v1.0.0.audit: [PASSED]\"\n\nPolicy Value:\nPASSED\n\nError:\n",
"audit_description": "check audit description",
"compliance_benchmark_name": "Custom",
"compliance_benchmark_version": "2",
"compliance_control_id": "fabiub43551ri1bf3",
"compliance_full_id": "124c1c4124c124c124",
"compliance_functional_id": "c1412c4c41c412c",
"compliance_informational_id": "c1241241c555c1",
"synopsis": "Compliance checks for Cisco ACI devices.",
"last_fixed": "2025-04-15T09:15:17.702Z",
"last_observed": "2025-04-15T09:15:17.702Z",
"metadata_id": "d5fa5292952f366f922d9b4a06c3e970dcb1ef62518ac948f8e1ac01e692f053",
"uname_output": "output value",
"indexed_at": "2025-04-15T09:15:25.225Z",
"plugin_name": "Cisco ACI Compliance Checks",
"asset": {
"id": "5ca153b5-1402-4f0e-bad3-c300b69a4261",
"ipv4_addresses": [
"44.241.160.134"
],
"ipv6_addresses": [
"2001:0db8:85a3:0000:0000:8a2e:0370:7334"
],
"fqdns": [
"target3.pubtarg.tenablesecurity.com"
],
"name": "target3.pubtarg.tenablesecurity.com",
"agent_name": "agent-name",
"agent_uuid": "4f0e-bad3-c300b69a4261",
"tags": [
{
"category": "category-id-1",
"value": "value-id-1"
}
],
"mac_addresses": [
"00:1A:2B:3C:4D:5E"
],
"operating_systems": [
"Linux Kernel 3.13 on Ubuntu 14.04 (trusty)"
],
"system_type": "general-purpose",
"network_id": "00000000-0000-0000-0000-000000000000"
},
"scan": {
"completed_at": "2025-04-15T09:15:17.702Z",
"schedule_uuid": "9fb5426c-3190-4a4a-aeff-8b6e45b92b08",
"started_at": "2025-04-15T09:15:17.702Z",
"uuid": "09753677-c85e-d017-7ac9-54bde5c266d61a99ef02f5844cba",
"target": "41.151.155.44"
}
}
],
"deletes": [
{
"id": "0d8c3882-870a-5777-a9ec-25ni25275211",
"deleted_at": "2025-04-06T04:01:40Z"
}
],
"first_ts": "1744708524606",
"last_ts": "1744708524606"
}