Web Application Scanning: Advanced Search and Filtering

The Tenable.io Web Application Scanning v2 API now supports advanced search and filtering to help users refine query results. The new filtering capability allows users to pull only the data that most interests them; for example, hosts affected by a specific OWASP category, specific CVE, or even CWE.

New POST method endpoints have been added to support the advanced filtering feature. These new POST method endpoints return the same data as their equivalent GET method endpoints but allow you to filter the data that is returned. Additionally, new filter endpoints were added that list the filters available for the various POST method endpoints.

New Search Endpoints

The new search endpoints are described in the table below along with the GET method endpoints that they replace:

New Search Endpoint	Name	Description
POST /was/v2/configs/search	Search scan configurations	Returns a list of web application scan configurations. If a scan has been run using the configuration, the list also contains information about the last scan that was run. This endpoint replaces the GET /was/v2/configs endpoint.
POST /was/v2/configs/{config_id}/scans/search	Search scans	Returns a list of scans. This endpoint replaces the GET /was/v2/scans endpoint.
POST /was/v2/user-templates/search	Search user-defined templates	Returns a paginated list of user-defined templates that are available to be used for scan configurations. This endpoint replaces the GET /was/v2/user-templates endpoint.
POST /was/v2/vulnerabilities/search	Search vulnerabilities	Returns a list of vulnerabilities detected by Tenable.io Web Application Scanning API v2 scans. This endpoint replaces the GET /was/v2/vulnerabilities endpoint.
POST /was/v2/scans/{scan_id}/vulnerabilities/search	Search vulnerabilities for scan	Returns a list of vulnerabilities for the specified scan. This endpoint replaces the GET /was/v2/scans/scan_id/vulnerabilities endpoint.

New Filter Endpoints

The new filter endpoints can be used to find the available filters and their associated operators and data types. The new filter endpoints are described below:

New Filter Endpoint	Name	Description
GET /was/v2/configs/filters	List scan configuration filters	Lists the filtering capabilities available for scan configurations.
GET /was/v2/configs/{config_id}/scans/filters	List scan filters	Lists the filtering capabilities available for scans.
GET /was/v2/user-templates/filters	List user-defined template filters	Lists the filtering capabilities available for user-defined templates.
GET /was/v2/vulnerabilities/filters	List vulnerability filters	Lists the filtering capabilities available for vulnerability findings.
GET /was/v2/scans/{scan_id}/vulnerabilities/filters	List vulnerability filters for scan	Lists the filtering capabilities available for vulnerability findings on a given scan.4

Examples

Some examples are provided below to illustrate how to use filters with the new search endpoints.

Example 1

List scan configurations that have a schedule enabled:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/configs/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{"field":"configs.schedule","operator":"eq","value":"Enabled"}'

Example 2

List scan configurations that are contained in a folder called Dallas that are named either Branch Scan or Office Scan:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/configs/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '
{
  "AND": [
    {
      "field": "folder_name",
      "value": "Dallas",
      "operator": "match"
    },
    {
      "OR": [
        {
          "field": "configs.name",
          "operator": "eq",
          "value": "Branch Scan"
        },
        {
          "field": "configs.name",
          "operator": "eq",
          "value": "Office Scan"
        }
      ]
    }
  ]
}'

Example 3

List user-defined templates that were created before 03/18/2021 and contain office park in the description:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/user-templates/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '
{
  "AND": [
    {
      "field": "user_templates.description",
      "operator": "match",
      "value": "office park"
    },
    {
      "field": "user_templates.created_at",
      "operator": "lt",
      "value": "2021/03/18"
    }
  ]
}'