Attack Path Analysis API Available

Documentation for the Tenable Attack Path Analysis API is now available in the Tenable Developer Portal. A new endpoint has been added that enables users to retrieve details about Attack Path Analysis findings. For more information about findings, see Findings in the Tenable Attack Path Analysis User Guide.



Only one Tenable Attack Path analysis endpoint is currently available. However, Tenable will release documentation for more Attack Path Analysis endpoints on a rolling basis in the coming months.

The new endpoint is described in the following table:

GET /apa/findings-api/v1/findingsList findingsReturns a list of Tenable Attack Path Analysis findings.

The new endpoint supports the following query parameters:

page_numberIntegerFor offset-based pagination, the result set page index to retrieve. If this parameter is omitted, Tenable Attack Path Analysis uses the default value 1.

For example, if the total number of results is 28 and the limit is set to 5, page 2 contains records 6-10.
nextStringFor offset-based pagination, the cursor position for the next page. Don't populate this value for the initial request. For subsequent requests, set this parameter to the value found in the next property of the previous response. If the next property has a value of NULL it means there are no more pages.
filterStringA JSON string filter condition in the following format:

{"operator": "$valid_operator", "value": [{}, { "operator": "$valid_operator", "key": "$valid_key", "value": "$value" }]}.

The following are valid operators: and, or, includes, excludes, in, ==, !=, <, >, >=, and <=.

The following are valid keys: tactics, status, state, priority, name, procedureName, source, target, cause, target_asset_id, cve, last_updated_at, weaknesses_ids, detection_ids, assets_ids, serial_id, and vectorCount.

For example, both of the following examples are valid filters:
  1. {"operator": "and", "value": [{"operator": "==", "key": "status", "value": "to_do"}, {"operator": "==", "key": "last_updated_at", "value": "2024-06-02T11:29:12.498763"}]}
  2. {"operator":"and","value":[{"operator":"and","value":[{"operator":"==","key":"name","value":"Remote Desktop Protocol"},{"operator":"==","key":"target","value":"ARCHIE"},{"operator":"==","key":"procedureName","value":"Network Sniffing-10931"}]},{"operator":"==","key":"state","value":"open"}]}
limitIntegerThe number of records to retrieve. If this parameter is omitted, Tenable uses the default value of 50. The maximum number of findings that can be retrieved is 10000.
sort_fieldStringThe field to sort the results by. Supported fields for sorting are last_updated_at, priority, mitre_id, name, procedureName, status, state, and vectorCount.
sort_orderStringThe order to sort the results by, either ascending (asc) or descending (desc).