Vulnerability Management: New Vulnerability Export Filters

New filters are now available for the Tenable Vulnerability Management Export vulnerabilities endpoint. These new filter parameters are:

source—Enables customers to filter vulnerabilities identified by the specified source. This filter is a body parameter and is specified as an array of strings.
severity_modification_type-Enables customers to filter vulnerabilities that have a modified severity from a recast or accept rule. This filter is a body parameter and is specified as an array of strings.

The new filter parameters are described in the following table:

Filter Description

Filter	Description
`source`	Returns vulnerabilities identified by the specified source. Sources can include sensors, connectors, and API imports. If your request specifies multiple sources, Tenable Vulnerability Management returns all vulnerabilities seen by any of the specified sources. The items in the `source` array must correspond to the names of the sources as defined in your organization's implementation of Tenable Vulnerability Management. Commonly used source names include: AWS—The vulnerability data was obtained from an Amazon Web Services connector. AGENT—The vulnerability data was obtained from a Tenable Nessus Agent scan. NNM—The vulnerability data was obtained from a Tenable Nessus Network Monitor (NNM) scan. NESSUS—The vulnerability data was obtained from a Tenable Nessus scan.
`severity_modification_type`	Returns vulnerabilities with the specified severity modification type. This filter can be used to return vulnerabilities with a modified severity due to a recast or accept rule. Supported case-sensitive values are: NONE—No modification to the severity has been made. RECASTED—A user has recast the risk associated with the vulnerability. ACCEPTED—A user has accepted the risk associated with the vulnerability.

source

Returns vulnerabilities identified by the specified source. Sources can include sensors, connectors, and API imports. If your request specifies multiple sources, Tenable Vulnerability Management returns all vulnerabilities seen by any of the specified sources.

The items in the source array must correspond to the names of the sources as defined in your organization's implementation of Tenable Vulnerability Management. Commonly used source names include:

AWS—The vulnerability data was obtained from an Amazon Web Services connector.
AGENT—The vulnerability data was obtained from a Tenable Nessus Agent scan.
NNM—The vulnerability data was obtained from a Tenable Nessus Network Monitor (NNM) scan.
NESSUS—The vulnerability data was obtained from a Tenable Nessus scan.

severity_modification_type

Returns vulnerabilities with the specified severity modification type. This filter can be used to return vulnerabilities with a modified severity due to a recast or accept rule. Supported case-sensitive values are:

NONE—No modification to the severity has been made.
RECASTED—A user has recast the risk associated with the vulnerability.
ACCEPTED—A user has accepted the risk associated with the vulnerability.

This update applies to the following endpoints:

Endpoint	Name
POST /vulns/export	Export vulnerabilities

Example: Filter by Source

For example, to return only vulnerabilities identified by either Tenable Nessus or a Tenable Nessus Agent, you could use the following cURL request:

curl --request POST \
     --url https://cloud.tenable.com/vulns/export \
     --header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "filters": {
    "source": [
      "NESSUS",
      "AGENT"
    ]
  }
}
'

Example: Filter by Severity Modification

For example, to return both vulnerabilities that have been accepted and recast, you could use the following cURL request:

curl --request POST \
     --url https://cloud.tenable.com/vulns/export \
     --header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "filters": {
    "severity_modification_type": [
      "RECASTED",
      "ACCEPTED"
    ]
  }
}
'

Example: Multiple Filters

For example, to filter vulnerabilities by both source and the severity modification type, you could use the following cURL request:

curl --request POST \
     --url https://cloud.tenable.com/vulns/export \
     --header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "filters": {
    "source": [
      "NESSUS",
      "AGENT"
    ],
    "severity_modification_type": [
      "RECASTED"
    ]
  }
}
'