Web App Scanning Findings Properties

The following table defines the properties in a Tenable Data Stream web app scanning findings payload file. To see an example file, go to Web App Scanning Findings Payload Files.

Property	Data Type	Description
payload_id	string	The ID of the payload sent from Tenable Vulnerability Management.
version	integer	The version of the payload. This number increments when the payload structure changes.
type	string	The type of payload (WAS_FINDING).
count_updated	integer	The number of objects updated in the payload.
count_deleted	integer	The number of objects deleted in the payload.
updates[]	array of objects	Contains the web app scanning findings objects updated in the payload.
updates[].finding_id	string	The unique identifier of the finding (vulnerability).
updates[].url	string	The fully-qualified domain name or URL associated with the finding.
updates[].input_type	string	The type of HTML Form input associated with the finding.
updates[].input_name	string	The type of page element that's vulnerable (for example, an HTML form).
updates[].http_method	string	The HTTP method associated with the finding. .
updates[].output	string	The text output from the plugin that detected the finding.
updates[].proof	string	The output from the web application corroborating that the finding is present.
updates[].payload	string	The attack payload used to detect the finding.
updates[].state	string	The state as determined by the Tenable Web App Scanning state service. Possible values include: OPEN — The compliance finding is currently present on an asset. REOPENED — The compliance finding was previously marked as fixed on an asset but has been detected again by a new scan. FIXED — The compliance finding was present on an asset but is no longer detected. ACTIVE — The compliance finding is currently active on an asset. Note that the API uses different terms for states than the user interface. The new and active states in the user interface map to the OPEN state in the API. The resurfaced state in the user interface maps to the REOPENED state in the API. The fixed state is the same.
updates[].severity	string	The severity of the finding as defined using the Common Vulnerability Scoring System (CVSS) base score. Possible values include info (CVSS score of 0), low (CVSS score between 0.1 and 3.9), medium (CVSS score between 4.0 and 6.9), high (CVSS score between 7.0 and 9.9), and critical (CVSS score of 10.0).
updates[].severity_id	integer	The code for the severity assigned when a user recast the risk associated with the finding. Possible values include: 0 — The vulnerability has a CVSS score of 0, which corresponds to the info severity level. 1 — The vulnerability has a CVSS score between 0.1 and 3.9, which corresponds to the low severity level. 2 — The vulnerability has a CVSS score between 4.0 and 6.9, which corresponds to the medium severity level. 3 — The vulnerability has a CVSS score between 7.0 and 9.9, which corresponds to the high severity level. 4 — The vulnerability has a CVSS score of 10.0, which corresponds to the critical severity level.
updates[].severity_default_id	integer	The code for the severity originally assigned to a finding before a user recast the risk associated with the finding. Possible values are the same as for the severity_id attribute.
updates[].severity_modification_type	string	The type of modification a user made to the finding's severity. Possible values include: NONE — No modification has been made. RECASTED — A user in the Tenable Web App Scanning user interface has recast the risk associated with the finding. ACCEPTED — A user in the Tenable Web App Scanning user interface has accepted the risk associated with the finding. For more information about recast and accept rules, see Recast/Accept Rules in the Tenable Vulnerability Management User Guide.
updates[].recast_reason	string	The text that appears in the Comment field of the recast rule in the Tenable Web App Scanning user interface.
updates[].recast_rule_uuid	string	The UUID of the recast rule that applies to the plugin.
updates[].first_found	string	An ISO timestamp indicating the date and time when a scan first detected the finding on the asset.
updates[].last_found	string	An ISO timestamp indicating the date and time when a scan last detected the finding on the asset.
updates[].last_fixed	string	An ISO timestamp indicating the date and time when a scan no longer detects the previously detected finding on the asset.
updates[].last_observed	string	An ISO timestamp indicating the date and time when the finding was previously detected/observed on the asset.
updates[].indexed_at	string	An ISO timestamp indicating the date and time when the vulnerability was indexed into Tenable Web App Scanning.
updates[].plugin	object	An object containing plugin details for the finding.
updates[].plugin.epss_score	number	The Exploit Prediction Scoring System (EPSS) score of the finding.
updates[].plugin.id	integer	The ID of the plugin that identified the finding.
updates[].plugin.risk_factor	string	The risk factor of the finding associated with the plugin. The risk factor is determined based on the calculation of the CVSS score. The possible values are: LOW — The vulnerability has a CVSS score between 0.1 and 3.9. MEDIUM — The vulnerability has a CVSS score between 4.0 and 6.9. HIGH — The vulnerability has a CVSS score between 7.0 and 9.9. CRITICAL — The vulnerability has a CVSS score of 10.0.
updates[].plugin.original_risk_factor_num	integer	The code for the severity originally assigned to a plugin.
updates[].plugin.locale	string	The plugin language used.
updates[].plugin.type	string	The general type of plugin check (for example, LOCAL or REMOTE).
updates[].plugin.intel_type	string	The intelligence type/source for the plugin.
updates[].plugin.name	string	The name of the plugin that identified the vulnerability.
updates[].plugin.version	string	The version of the plugin used to perform the check.
updates[].plugin.publication_date	string	An ISO timestamp indicating the date and time the publication date of the plugin.
updates[].plugin.modification_date	string	An ISO timestamp indicating the date and time the last modification date of the plugin.
updates[].plugin.solution	string	Remediation information for the vulnerability.
updates[].plugin.synopsis	string	Brief description of the plugin or vulnerability.
updates[].plugin.description	string	The full text description of the plugin.
updates[].plugin.patch_publication_date	string	An ISO timestamp indicating the date and time the vendor's patch publication date for the plugin.
updates[].plugin.exploitability_ease	string	The vulnerability's ease of exploitability.
updates[].plugin.stig_severity	string	The Security Technical Implementation Guide (STIG) severity code for the vulnerability.
updates[].plugin.public_display	integer	The public display details for the plugin.
updates[].plugin.in_the_news	boolean	A value specifying whether this plugin has received media attention (for example, ShellShock, Meltdown).
updates[].plugin.exploited_by_malware	boolean	The finding discovered by this plugin is known to be exploited by malware.
updates[].plugin.cvss2_base_score	number	The CVSSv2 base score (intrinsic and fundamental characteristics of a finding that are constant over time and user environments).
updates[].plugin.cvss2_temporal_score	number	The CVSSv2 temporal score (characteristics of a finding that change over time but not among user environments).
updates[].plugin.cvss3_base_score	number	The CVSSv3 base score (intrinsic and fundamental characteristics of a finding that are constant over time and user environments).
updates[].plugin.cvss3_temporal_score	number	The CVSSv3 temporal score (characteristics of a finding that change over time but not among user environments).
updates[].plugin.see_also[]	array of strings	Links to external websites that contain helpful information about the vulnerability.
updates[].plugin.bid[]	array of integers	A list of Bugtraq IDs associated with the finding.
updates[].plugin.policy[]	array of strings	A list of policy names associated with the finding.
updates[].plugin.xrefs[]	array of objects	References to third-party information about the finding, exploit, or update associated with the plugin. Each reference includes a type and an ID (for example, capec and 2003-047).
updates[].plugin.xrefs[].type	string	The type of cross-reference (for example, capec, hipaa, or iso).
updates[].plugin.xrefs[].id[]	array of strings	A list of IDs for the cross-reference type.
updates[].plugin.cpe[]	array of strings	The Common Platform Enumeration (CPE) number for the plugin.
updates[].plugin.cve[]	array of strings	The Common Vulnerability and Exposure (CVE) ID for the plugin.
updates[].plugin.cwe[]	array of strings	The Common Weakness Enumeration (CWE) ID for the plugin.
updates[].plugin.wasc[]	array of strings	The Web Application Security Consortium (WASC) ID for the plugin.
updates[].plugin.owasp_2010[]	array of strings	A list of chapters in OWASP Categories 2010 report for the plugin.
updates[].plugin.owasp_2013[]	array of strings	A list of chapters in OWASP Categories 2013 report for the plugin.
updates[].plugin.owasp_2017[]	array of strings	A list of chapters in OWASP Categories 2017 report for the plugin.
updates[].plugin.owasp_2021[]	array of strings	A list of chapters in OWASP Categories 2021 report for the plugin.
updates[].plugin.owasp_api_2019[]	array of strings	A list of chapters in OWASP Categories API 2019 report for the plugin.
updates[].plugin.vpr_v2	object	An object containing information about the Vulnerability Priority Rating (VPRv2) for the vulnerability.
updates[].plugin.vpr_v2.score	number	The Vulnerability Priority Rating (VPRv2) for the vulnerability. If a plugin is designed to detect multiple vulnerabilities, the VPR score represents the highest value calculated for a vulnerability associated with the plugin. For more information, see Tenable Metrics in the Tenable Vulnerability Management User Guide.
updates[].plugin.vpr_v2.vpr_percentile	string	Filter on the VPR v2 score percentile ranking of the CVE, indicating its position relative to other vulnerabilities.
updates[].plugin.vpr_v2.vpr_severity	string	Filter on the VPR v2 severity categorization of the CVE. Options are Critical, High, Medium, Low, Info.
updates[].plugin.vpr_v2.exploit_probability	number	Filter on the probability of exploitation produced by the VPR v2 threat model for the CVE.
updates[].plugin.vpr_v2.cve_id	string	Filter on a specific CVE ID for the CVE that is a primary contributor to the calculated VPRv2 score for a vulnerability.
updates[].plugin.vpr_v2.exploit_code_maturity	string	Filter on current availability and maturity of exploit code. Options are High, Functional, POC, and Unproven.
updates[].plugin.vpr_v2.on_cisa_kev	boolean	Filter on whether the CVE is listed on the CISA Known Exploited Vulnerabilities list. Options are Yes, No.
updates[].plugin.vpr_v2.exploit_chain[]	array of strings	Allows filtering on CVEs that are part of an exploit chain.
updates[].plugin.vpr_v2.in_the_news_intensity_last30	string	Allows filtering on the volume of news reporting on the CVE within the last 30 days. Options are Very Low, Low, Medium, High, Very High.
updates[].plugin.vpr_v2.in_the_news_recency	string	Allows filtering on the recency of news sources reporting on the CVE. Options are No Recorded Events, 60 to 180 days, 30 to 60 days, 14 to 30 days, 7 to 14 days, 0 to 7 days.
updates[].plugin.vpr_v2.in_the_news_sources_last30[]	array of strings	Filter on categories of news sources that have referenced the CVE within the last 30 days. Select from one or more of Academic and Research Institutions, Blogs and Individual Researchers, Code Repositories, Cybersecurity News Media, Cybersecurity Vendors, Forums and Community Platforms, Government and Regulatory, Mainstream News and Media, Security Research, Technology Companies, Tools and Resources, Other.
updates[].plugin.vpr_v2.malware_observations_intensity_last30	string	Filter on the volume of observed malware exploiting the CVE within the last 30 days. Options are Very Low, Low, Medium, High, Very High.
updates[].plugin.vpr_v2.malware_observations_recency	string	Filter on the recency of observed malware exploiting the CVE. Options are No Recorded Events, 60 to 180 days, 30 to 60 days, 14 to 30 days, 7 to 14 days, 0 to 7 days.
updates[].plugin.vpr_v2.threat_summary[]	object	The object container for information about the threat posed by the vulnerability, including relevant details that contribute to its Vulnerability Priority Rating (VPR) v2 score.
updates[].plugin.vpr_v2.threat_summary[].summary	string	Information about the threat posed by the vulnerability, including relevant details that contribute to its Vulnerability Priority Rating (VPR) v2 score.
updates[].plugin.vpr_v2.threat_summary[].lastUpdated	string	Most recent update to threat summary information.
updates[].plugin.vpr_v2.remediation[]	object	The object container for information and recommended actions for mitigating or resolving the vulnerability. This may include patches, configuration changes, or other remediation guidance.
updates[].plugin.vpr_v2.remediation[].summary	string	Information and recommended actions for mitigating or resolving the vulnerability. This may include patches, configuration changes, or other remediation guidance.
updates[].plugin.vpr_v2.remediation[].last_updated	string	Most recent update to remediation summary information.
updates[].plugin.vpr_v2.targeted_industries[]	array of strings	Allows filtering on specific industries where attacks leveraging the CVE have been observed. Sample options include Banking, Technology, Government.
updates[].plugin.vpr_v2.targeted_regions[]	array of strings	Allows filtering on specific geographic regions where attacks leveraging the CVE have been observed.
updates[].plugin.vpr	object	An object containing information about the Vulnerability Priority Rating (VPR) for the vulnerability.
updates[].plugin.vpr.score	number	The Vulnerability Priority Rating (VPR) for the vulnerability. If a plugin is designed to detect multiple vulnerabilities, the VPR represents the highest value calculated for a vulnerability associated with the plugin. For more information, see Severity vs. VPR in the Tenable Vulnerability Management User Guide.
updates[].plugin.vpr.drivers	object	The key drivers Tenable uses to calculate a vulnerability's VPR. For more information, see Vulnerability Priority Rating Drivers.
updates[].plugin.vpr.drivers.age_of_vuln	object	A range representing the number of days since the National Vulnerability Database (NVD) published the vulnerability. The valid ranges are: 0-7 days 7-30 days 30-60 days 60-180 days 180-365 days 365-730 days More than 730 days (+731)
updates[].plugin.vpr.drivers.age_of_vuln.lower_bound	integer	The lower bound of the range. For example, for the 0-7 days range, this attribute is 0. For the highest range (more than 730 days), this value is 731.
updates[].plugin.vpr.drivers.age_of_vuln.upper_bound	integer	The upper bound of the range. For example, for the 0-7 days range, this attribute is 7. For the highest range (more than 730 days), this value is 0, which signifies that there is no higher category.
updates[].plugin.vpr.drivers.exploit_code_maturity	string	The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit). The possible values (HIGH, FUNCTIONAL, POC, or UNPROVEN) parallel the CVSS Exploit Code Maturity categories.
updates[].plugin.vpr.drivers.cvss_impact_score_predicted	boolean	A value specifying whether Tenable predicted the CVSSv3 impact score for the vulnerability because NVD did not provide one (true) or used the NVD-provided CVSSv3 impact score (false) when calculating the VPR.
updates[].plugin.vpr.drivers.cvss3_impact_score	number	The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable Vulnerability Management shows a Tenable-predicted score.
updates[].plugin.vpr.drivers.threat_intensity_last28	string	The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability. The possible values are: VERY LOW LOW MEDIUM HIGH VERY HIGH
updates[].plugin.vpr.drivers.threat_recency	object	A range representing the number of days since a threat event occurred for the vulnerability. The possible ranges are: 0-7 days 7-30 days 30-120 days 120-365 days More than 365 days (+365)
updates[].plugin.vpr.drivers.threat_recency.lower_bound	integer	The lower bound of the range. For example, for the 0-7 days range, this attribute is 0. For the highest range (more than 365 days), this value is 366.
updates[].plugin.vpr.drivers.threat_recency.upper_bound	integer	The upper bound of the range. For example, for the 0-7 days range, this attribute is 7. For the highest range (more than 730 days), this value is 0, which signifies that there is no higher category.
updates[].plugin.vpr.drivers.threat_sources_last28[]	array of strings	A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred.
updates[].plugin.vpr.drivers.product_coverage	string	The relative number of unique products affected by the vulnerability. The possible values are: LOW MEDIUM HIGH VERY HIGH
updates[].plugin.vpr.updated	string	The ISO timestamp when v last imported the VPR for this vulnerability. v imports a VPR value the first time you scan a vulnerability on your network. Then, Tenable Web App Scanning automatically re-imports new and updated VPR values daily.
updates[].plugin.vpr.updated_reason	string	The reason for the VPR update.
updates[].plugin.cvss2_temporal_vector	object	CVSSv2 temporal metrics for the vulnerability.
updates[].plugin.cvss2_temporal_vector.exploitability	string	The CVSSv2 Exploitability (E) temporal metric for the vulnerability the plugin covers. The possible values are: U — Unproven POC — Proof-of-Concept F — Functional H — High ND — Not Defined
updates[].plugin.cvss2_temporal_vector.remediation_level	string	The CVSSv2 Remediation Level (RL) temporal metric for the vulnerability the plugin covers. The valid values are: O — Official Fix T — Temporary Fix W — Workaround U — Unavailable X — Not Defined
updates[].plugin.cvss2_temporal_vector.report_confidence	string	The CVSSv2 Report Confidence (RC) temporal metric for the vulnerability the plugin covers. The possible values are: UC — Unconfirmed UR — Uncorroborated C — Confirmed ND — Not Defined
updates[].plugin.cvss2_temporal_vector.raw	string	The complete cvss_temporal_vector metrics and result values for the vulnerability the plugin covers in a condensed and coded format. For example, E:U/RL:OF/RC:C.
updates[].plugin.cvss2_vector	object	Additional CVSSv2 metrics for the vulnerability.
updates[].plugin.cvss2_vector.access_complexity	string	The CVSSv2 Access Complexity (AC) metric for the vulnerability the plugin covers. The possible values are: H — High M — Medium L — Low
updates[].plugin.cvss2_vector.access_vector	string	The CVSSv2 Access Vector (AV) metric for the vulnerability the plugin covers. The possible values are: L — Local A — Adjacent Network N — Network
updates[].plugin.cvss2_vector.authentication	string	The CVSSv2 Authentication (Au) metric for the vulnerability the plugin covers. The possible values are: N — None Required S — Single M — Multiple
updates[].plugin.cvss2_vector.availability_impact	string	The CVSSv2 availability impact metric for the vulnerability the plugin covers. The possible values are: N — None P — Partial C — Complete
updates[].plugin.cvss2_vector.confidentiality_impact	string	The CVSSv2 confidentiality impact metric for the vulnerability the plugin covers.The possible values are: N — None P — Partial C — Complete
updates[].plugin.cvss2_vector.integrity_impact	string	The CVSSv2 integrity impact metric for the vulnerability the plugin covers. The possible values are: N — None P — Partial C — Complete
updates[].plugin.cvss2_vector.raw	string	The complete cvss_vector metrics and result values for the vulnerability the plugin covers in a condensed and coded format. For example, AV:N/AC:M/Au:N/C:C/I:C/A:C.
updates[].plugin.cvss3_temporal_vector	object	An object containing the CVSS v3 temporal vector details.
updates[].plugin.cvss3_temporal_vector.exploitability	string	The CVSSv3 Exploit Maturity Code (E) for the vulnerability the plugin covers. The possible values are: Unproven — Corresponds to the Unproven (U) value for the E metric. Proof-of-concept — Corresponds to the Proof-of-Concept (POC) value for the E metric. Functional — Corresponds to the Functional (F) value for the E metric. High — Corresponds to the High (H) value for the E metric. Not-defined — Corresponds to the Not Defined (ND) value for the E metric.
updates[].plugin.cvss3_temporal_vector.remediation_level	string	The CVSSv3 Remediation Level (RL) temporal metric for the vulnerability the plugin covers. The valid values are: O — Official Fix T — Temporary Fix W — Workaround U — Unavailable X — Not Defined
updates[].plugin.cvss3_temporal_vector.report_confidence	string	The CVSSv3 Report Confidence (RC) temporal metric for the vulnerability the plugin covers. The possible values are: U — Unknown R — Reasonable C — Confirmed X — Not Defined
updates[].plugin.cvss3_temporal_vector.raw	string	The complete cvss3_temporal_vector metrics and result values for the vulnerability the plugin covers in a condensed and coded format. For example, E:U/RL:OF/RC:C.
updates[].plugin.cvss3_vector	object	Additional CVSSv3 metrics for the vulnerability.
updates[].plugin.cvss3_vector.access_complexity	string	The CVSSv3 Access Complexity (AC) metric for the vulnerability the plugin covers. The possible values are: H — High M — Medium L — Low
updates[].plugin.cvss3_vector.access_vector	string	The CVSSv3 Attack Vector (AV) metric for the vulnerability the plugin covers. The possible values are: Network — Corresponds to the Network (N) value for the AV metric. Adjacent Network — Corresponds to the Adjacent Network (A) value for the AV metric. Local — Corresponds to the Local (L) value for the AV metric.
updates[].plugin.cvss3_vector.authentication	string	The CVSSv3 Authentication (Au) metric for the vulnerability the plugin covers. The possible values are: None required — Corresponds to the None (N) value for the Au metric. Requires-single-instance — Corresponds to the Single (S) value for the Au metric. Requires-multiple-instances — Corresponds to the Multiple (M) value for the Au metric.
updates[].plugin.cvss3_vector.availability_impact	string	The CVSSv3 availability impact metric for the vulnerability the plugin covers. The possible values are: H — High L — Low N — None
updates[].plugin.cvss3_vector.confidentiality_impact	string	The CVSSv3 confidentiality impact metric for the vulnerability the plugin covers.The possible values are: H — High L — Low N — None
updates[].plugin.cvss3_vector.integrity_impact	string	The CVSSv3 integrity impact metric for the vulnerability the plugin covers. The possible values are: H — High L — Low N — None
updates[].plugin.cvss3_vector.raw	string	The complete cvss3_vector metrics and result values for the vulnerability the plugin covers in a condensed and coded format. For example, AV:N/AC:M/Au:N/C:C/I:C/A:C.
updates[].plugin.cvss4_base_score	number	The CVSS v4.0 base score (intrinsic and fundamental characteristics of a finding that are constant over time and user environments).
updates[].plugin.cvss4_threat_vector	object	An object representing the CVSS v4.0 Threat metrics for the vulnerability. These metrics provide context on current, observed threat activity in the wild, such as evidence of exploitation or the presence of available exploit code. Threat metrics can help refine the severity and prioritization of vulnerabilities beyond their intrinsic characteristics. For more details, see the CVSS v4.0 Specification.
updates[].plugin.cvss4_threat_vector.exploit_maturity	string	The CVSS v4.0 Exploit Maturity (E) metric, indicating the current development status of exploit techniques or code for the vulnerability. For more details, see the CVSS v4.0 Specification.
updates[].plugin.cvss4_threat_vector.raw	string	The complete cvss4_threat_vector metrics and their result values for the vulnerability, expressed as a concise, coded string. This threat vector is typically appended to the CVSSv4 Base vector. For example, CVSS:4.0/E:U. For more details, see the CVSS v4.0 Specification.
updates[].plugin.cvss4_threat_vector.threat_score	string	The CVSS v4.0 threat score (CVSS-T), which adjusts the base score by incorporating real-world threat intelligence, such as the presence of active exploitation, exploit code availability, or observed malware activity. This score reflects the current threat landscape for the vulnerability. For more details, see the CVSS v4.0 Specification.
updates[].plugin.cvss4_vector	object	Additional CVSS v4.0 metrics for the vulnerability.
updates[].plugin.cvss4_vector.attack_vector	string	The context where vulnerability exploitation is possible, such as Network or Local.
updates[].plugin.cvss4_vector.attack_complexity	string	The conditions beyond the attacker's control that must exist to exploit the vulnerability.
updates[].plugin.cvss4_vector.attack_requirements	string	The resources, access, or specialized conditions required for an attacker to exploit the vulnerability.
updates[].plugin.cvss4_vector.privileges_required	string	The permission level attackers require to exploit the vulnerability. Options are High, Low, or None. For example, None means attackers need no permissions in your environment and can exploit the vulnerability while unauthorized.
updates[].plugin.cvss4_vector.user_interaction	string	The level of user involvement required for an attacker to exploit the vulnerability.
updates[].plugin.cvss4_vector.vulnerable_system_availability	string	The impact on the availability of the vulnerable system when successfully exploited.
updates[].plugin.cvss4_vector.vulnerable_system_confidentiality	string	The impact on the confidentiality of the vulnerable system when successfully exploited.
updates[].plugin.cvss4_vector.vulnerable_system_integrity	string	The impact on the integrity of the vulnerable system when successfully exploited.
updates[].plugin.cvss4_vector.subsequent_system_availability	string	The impact on the availability of systems that can be impacted after the vulnerable system is exploited.
updates[].plugin.cvss4_vector.subsequent_system_confidentiality	string	The impact on the confidentiality of systems that can be impacted after the vulnerable system is exploited.
updates[].plugin.cvss4_vector.subsequent_system_integrity	string	The impact on the integrity of systems that can be impacted after the vulnerable system is exploited.
updates[].plugin.cvss4_vector.raw	string	The complete cvss4_vector metrics and result values for the vulnerability the plugin covers in a condensed and coded format. For example, AV:N/AC:M/Au:N/C:C/I:C/A:C.
updates[].asset	object	Information about the asset where the scan detected the vulnerability.
updates[].asset.uuid	string	The UUID of the asset where a scan found the vulnerability.
updates[].asset.fqdn	string	The fully qualified domain name for the asset.
updates[].asset.ipv4s[]	array of strings	This value always returns as null.
updates[].asset.ipv4	string	This value always returns as null.
updates[].scan	object	Information about the latest scan that detected the vulnerability.
updates[].scan.completed_at	string	The ISO timestamp when the scan completed.
updates[].scan.schedule_uuid	string	The schedule UUID for the scan that found the vulnerability.
updates[].scan.started_at	string	The ISO timestamp when the scan started.
updates[].scan.uuid	string	The UUID of the scan that found the vulnerability.
updates[].scan.target	string or null	The target IP or hostname of the scan.
deletes[]	array of objects	Contains the host audit objects deleted in the payload.
deletes[].id	string	The ID of the deleted host audit.
deletes[].deleted_at	string	An ISO timestamp indicating the date and time when the host audit was deleted.
first_ts	string	A Unix timestamp indicating the date and time of the first entry in the payload.
last_ts	string	A Unix timestamp indicating the date and time of the last entry in the payload.