Web App Scanning Findings Payload Files
When the system updates, adds, or deletes web app scanning findings, Tenable Data Stream sends a payload file to your AWS bucket. In the file, updates appear in the updates array and deletions appear with a timestamp in the deletes array.
The following example shows the format of a web app scanning finding payload file. For definitions of the properties in this file, see Web App Scanning Findings Properties.
Copy
{
"payload_id": "was_finding-1744708521126-68",
"version": 1,
"type": "WAS_FINDING",
"count_updated": 1,
"count_deleted": 0,
"updates": [
{
"finding_id": "0d8c3882-870a-5777-a9ec-666879a9bdb8",
"url": "http://target2.pubtarg.tenablesecurity.com/",
"input_type": "type",
"input_name": "name",
"http_method": "SSL",
"output": "The scanner detected the lack of a correct X-Content-Type-Options header configuration in the target application response",
"proof": "sample-proof-value",
"payload": "sample-payload-value",
"state": "OPEN",
"severity": "INFO",
"severity_id": 0,
"severity_default_id": 0,
"severity_modification_type": "NONE",
"recast_reason": "NONE",
"recast_rule_uuid": "870a-5777-a9ec-666879a9bdb8",
"first_found": "2025-04-06T04:01:40Z",
"last_found": "2025-04-06T04:01:40Z",
"last_fixed": "2025-04-06T04:01:40Z",
"last_observed": "2025-04-06T04:01:40Z",
"indexed_at": "2025-04-06T04:01:47.098Z",
"plugin": {
"id": 112529,
"risk_factor": "LOW",
"original_risk_factor_num": 1,
"locale": "en",
"type": "REMOTE",
"intel_type": "SENSOR",
"name": "Missing 'X-Content-Type-Options' Header",
"version": "1",
"publication_date": "2018-11-28T00:00:00Z",
"modification_date": "2024-03-25T00:00:00Z",
"solution": "Configure your web server to include an 'X-Content-Type-Options' header with a value of 'nosniff'.",
"synopsis": "Missing 'X-Content-Type-Options' Header",
"description": "The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response away from the declared content-type.\n\nThe server did not return a correct 'X-Content-Type-Options' header, which means that this website could be at risk of a Cross-Site Scripting (XSS) attack.",
"patch_publication_date": "2018-11-28T00:00:00Z",
"exploitability_ease": "NONE",
"stig_severity": "NONE",
"public_display": 112529,
"in_the_news": false,
"exploited_by_malware": false,
"cvss2_base_score": 2.6,
"cvss2_temporal_score": 1.9,
"cvss3_base_score": 3.1,
"cvss3_temporal_score": 6.2,
"see_also": [
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options",
"https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto"
],
"bid": [
"112529"
],
"policy": [
"policy 1"
],
"xrefs": [
{
"type": "capec",
"id": [
"1",
"107",
"127",
"17",
"20",
"22",
"237",
"36",
"477",
"480",
"51",
"57",
"59",
"65",
"74",
"87"
]
},
{
"type": "hipaa",
"id": [
"164.306(a)(1)",
"164.306(a)(2)"
]
},
{
"type": "iso",
"id": [
"27001-A.14.2.5"
]
},
{
"type": "nist",
"id": [
"sp800_53-CM-6b"
]
},
{
"type": "pci_dss",
"id": [
"3.2-2.2"
]
}
],
"cpe": [
"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*"
],
"cve": [
"CVE-2015-9251"
],
"cwe": [
"693"
],
"wasc": [
"Application Misconfiguration"
],
"owasp_2010": [
"A6"
],
"owasp_2013": [
"A5"
],
"owasp_2017": [
"A6"
],
"owasp_2021": [],
"owasp_api_2019": [
"API7"
],
"vpr": {
"score": 2.15,
"drivers": {
"age_of_vuln": {
"lower_bound": 730,
"upper_bound": 897
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": true,
"cvss3_impact_score": 1.4,
"threat_intensity_last28": "LOW",
"threat_recency": {
"lower_bound": 730,
"upper_bound": 897
},
"threat_sources_last28": [
"source1",
"source2"
],
"product_coverage": "LOW"
},
"updated": "2024-06-12T06:06:31.000Z",
"updated_reason": "Update"
},
"cvss2_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:OF/RC:C"
},
"cvss2_vector": {
"access_complexity": "High",
"access_vector": "Network",
"authentication": "None required",
"availability_impact": "None",
"confidentiality_impact": "Partial",
"integrity_impact": "None",
"raw": "CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"
},
"cvss3_temporal_vector": {
"exploitability": "Unproven",
"remediation_level": "Official Fix",
"report_confidence": "Confirmed",
"raw": "E:U/RL:O/RC:C"
},
"cvss3_vector": {
"access_complexity": "High",
"access_vector": "Network",
"authentication": "None required",
"availability_impact": "None",
"confidentiality_impact": "Low",
"integrity_impact": "None",
"raw": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
},
"asset": {
"uuid": "c8dc1a55-98d3-4eef-a779-8a5978630219",
"fqdn": "target2.pubtarg.tenablesecurity.com",
"ipv4s": [],
"ipv4": null
},
"scan": {
"completed_at": "2025-04-06T04:01:40Z",
"schedule_uuid": "template-id",
"started_at": "2025-04-06T04:01:40Z",
"uuid": "3b500e25-f392-4d37-a0e5-5baacf6a1c3e",
"target": null
}
}
],
"deletes": [
{
"id": "0d8c3882-870a-5777-a9ec-25ni25275211",
"deleted_at": "2025-04-06T04:01:40Z"
}
],
"first_ts": "1744708520487",
"last_ts": "1744708520761"
}