DocumentationAPI ExplorerRecipesCommunityChangelogRSS
Back to All
improved

New Behavior for the Since Filter in Vulnerability Exports

over 3 years ago by Stefan Millett

The behavior for the since filter, used in the Tenable.io vulnerability export API, will change on January 25, 2021.

⚠️Warning

The current behavior of the since filter will be deprecated on January 25, 2021. Please update any existing integrations that your organization has before this date.

This update affects the following endpoints:

API EndpointName
POST /vulns/exportExport vulnerabilities
GET /vulns/export/statusGet vulnerabilities export status

Deprecated behavior

Prior to the deprecation date of January 25, 2021, when exporting vulnerabilities using the since filter, the following logic was used:

A vulnerability was included in the export if the vulnerability was in an OPEN state and was first found after a given timestamp OR if the vulnerability was in a REOPENED state and was last found after a given timestamp OR if the vulnerability was in a FIXED state and was last fixed after a given timestamp.

For reference, refer to the flowchart below:

This logic had the effect of excluding vulnerabilities that have been repeatedly found but never fixed. This is undesirable, as it conflicts with data given in the workbench and gives an inaccurate picture of what vulnerabilities are still an issue on the system.

New behavior to begin on January 25, 2021

After the deprecation date of January 25, 2021, when exporting vulnerabilities using the since filter, the following logic will be used:

A vulnerability will be included in the export if the vulnerability is in an OPEN or REOPENED state and was last found after a given timestamp OR if the vulnerability is in a FIXED state and was last fixed after a given timestamp.

For reference, refer to the flowchart below:

The new behavior ensures that any vulnerabilities that are repeatedly found and never fixed are included in exports.

Preserving the deprecated functionality of the since filter

If you wish to preserve the deprecated functionality of the since filter after January 25, 2021, then you can perform a workaround by running two exports.

  1. Run an export with the state set to OPEN and the first_found filter set to an appropriate timestamp.
  2. Run an export with the state set to REOPENED, FIXED and the since filter set to an appropriate timestamp.

Using this workaround, you will be responsible for keeping track of the export results and combining the results on your end.