Web App Scanning Asset Payload Files
When the system updates, adds, or deletes web app scanning assets, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletions appear with a timestamp in the deletes array.
Note: Asset deletions (host assets and WAS assets) appear in both the assets and was_assets folders. Ignore the asset IDs that are not relevant to you.
The following example shows the format of a web app scanning asset payload file. For definitions of the properties in this file, see Web App Scanning Asset Properties.
Copy
{
"payload_id": "was_asset-1744711190422-6",
"version": 1,
"type": "WAS_ASSET",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"id": "57d474ae-5495-471a-b663-62991764bbe2",
"has_agent": false,
"has_plugin_results": false,
"is_licensed": true,
"types": [
"webapp"
],
"terminated_by": "user",
"deleted_by": "user",
"agentNames": [
"agent1",
"agent2"
],
"operating_systems": [
"Linux Kernel 3.10 on CentOS Linux release 7"
],
"system_types": [
"general-purpose"
],
"manufacturer_tpm_ids": [
"id1",
"id2"
],
"installed_software": [
"cpe:/a:openbsd:openssh:8.0",
"cpe:/a:docker:docker:23.0.1",
"cpe:/a:exiv2:exiv2:0.27.3",
"cpe:/a:gnome:gnome-shell:3.32.2",
"cpe:/a:gnupg:libgcrypt:1.8.5",
"cpe:/a:haxx:curl:7.61.1",
"cpe:/a:sqlite:sqlite:3.26.0",
"cpe:/a:tenable:nessus_agent:10.7.2",
"cpe:/a:vim:vim:8.0",
"cpe:/a:tenable:sensorproxy:1.0.7"
],
"is_public": true,
"sources": [
{
"name": "WAS",
"first_seen": "2025-04-15T09:07:23.467Z",
"last_seen": "2025-04-15T12:14:51.469Z"
}
],
"tags": [
{
"uuid": "13e8edc5-c4fa-478e-b9e7-3564406230dc",
"key": "operating_system_linux",
"value": "linux",
"added_at": "2024-12-28T16:26:50.731Z",
"added_by": "57d474ae-5495-471a-b663"
},
{
"uuid": "0ab549cf-32a4-4325-8dc9-aadf45ce00a7",
"key": "aad",
"value": "asdasd",
"added_at": "2024-11-08T17:02:57.945Z",
"added_by": "57d474ae-5495-471a-b663"
}
],
"network": {
"network_id": "00000000-0000-0000-0000-000000000000",
"network_name": "Default",
"ipv4s": [
"44.235.70.201"
],
"bios_uuid": "57d474ae-5495-471a-b663-412451525f41",
"ipv6s": [
"2001:0db8:85a3:0000:0000:8a2e:0370:7334"
],
"fqdns": [
"target4.pubtarg.tenablesecurity.com"
],
"mac_addresses": [
"00:1A:2B:3C:4D:5E"
],
"netbios_names": [
"server1"
],
"hostnames": [
"http://target4.pubtarg.tenablesecurity.com"
],
"ssh_fingerprints": [
"ssh-fingerprint-example"
],
"network_interfaces": [
{
"name": "interface-1",
"virtual": false,
"aliased": false,
"fqdns": [
"target4.pubtarg.tenablesecurity.com"
],
"mac_addresses": [
"00:1A:2B:3C:4D:5E"
],
"ipv4s": [
"44.235.70.201"
],
"ipv6s": [
"2001:0db8:85a3:0000:0000:8a2e:0370:7334"
]
}
],
"open_ports": [
{
"port": 313,
"protocol": "TCP",
"service_names": [
"service-1"
],
"first_seen": "2025-04-15T09:07:23.467Z",
"last_seen": "2025-04-15T12:14:51.469Z"
}
]
},
"scan": {
"first_scan_time": "2025-04-15T09:07:23.467Z",
"last_scan_time": "2025-04-15T12:14:51.469Z",
"last_authenticated_scan_date": "2025-04-15T12:14:51.469Z",
"last_licensed_scan_date": "2025-04-15T12:14:51.469Z",
"last_scan_id": "6be2178e-b46f-4cc1-b5e0-e4695482edcb",
"last_schedule_id": "template-6be2178e-b46f-4cc1-b5e0-e4695482edcb414",
"last_authentication_attempt_date": "2025-04-15T12:14:51.469Z",
"last_authentication_success_date": "2025-04-15T12:14:51.469Z",
"last_authentication_scan_status": "SUCCESS",
"last_scan_target": "44.235.70.201"
},
"timestamps": {
"created_at": "2025-04-15T09:15:19.295Z",
"updated_at": "2025-04-15T12:17:27.560Z",
"deleted_at": "2025-04-15T12:17:27.560Z",
"terminated_at": "2025-04-15T12:17:27.560Z",
"first_seen": "2025-04-15T09:07:23.467Z",
"last_seen": "2025-04-15T12:14:51.469Z"
},
"custom_attributes": [
{
"id": "attr1",
"value": "attrVal1"
},
{
"id": "attr2",
"value": "attrVal2"
}
],
"ratings": {
"acr": {
"score": 5.0
},
"aes": {
"score": 700.0
}
},
"acr_score": "5",
"exposure_score": "700"
}
],
"deletes": [
{
"id": "0d8c3882-870a-5777-a9ec-25ni25275211",
"deleted_at": "2025-04-06T04:01:40Z"
}
],
"first_ts": "1744708524606",
"last_ts": "1744708524606"
}