DocumentationAPI ExplorerRecipesCommunityChangelogRSSSubscribe
Changelog
Back to All
added

Web Application Scanning: Advanced Search and Filtering

over 3 years ago by Lance Duvall

The Tenable.io Web Application Scanning v2 API now supports advanced search and filtering to help users refine query results. The new filtering capability allows users to pull only the data that most interests them; for example, hosts affected by a specific OWASP category, specific CVE, or even CWE.

New POST method endpoints have been added to support the advanced filtering feature. These new POST method endpoints return the same data as their equivalent GET method endpoints but allow you to filter the data that is returned. Additionally, new filter endpoints were added that list the filters available for the various POST method endpoints.

New Search Endpoints

The new search endpoints are described in the table below along with the GET method endpoints that they replace:

New Search EndpointNameDescription
POST /was/v2/configs/searchSearch scan configurationsReturns a list of web application scan configurations. If a scan has been run using the configuration, the list also contains information about the last scan that was run.

This endpoint replaces the GET /was/v2/configs endpoint.
POST /was/v2/configs/{config_id}/scans/searchSearch scansReturns a list of scans.

This endpoint replaces the GET /was/v2/scans endpoint.
POST /was/v2/user-templates/searchSearch user-defined templatesReturns a paginated list of user-defined templates that are available to be used for scan configurations.

This endpoint replaces the GET /was/v2/user-templates endpoint.
POST /was/v2/vulnerabilities/searchSearch vulnerabilitiesReturns a list of vulnerabilities detected by Tenable.io Web Application Scanning API v2 scans.

This endpoint replaces the GET /was/v2/vulnerabilities endpoint.
POST /was/v2/scans/{scan_id}/vulnerabilities/searchSearch vulnerabilities for scanReturns a list of vulnerabilities for the specified scan.

This endpoint replaces the GET /was/v2/scans/scan_id/vulnerabilities endpoint.

New Filter Endpoints

The new filter endpoints can be used to find the available filters and their associated operators and data types. The new filter endpoints are described below:

New Filter EndpointNameDescription
GET /was/v2/configs/filtersList scan configuration filtersLists the filtering capabilities available for scan configurations.
GET /was/v2/configs/{config_id}/scans/filtersList scan filtersLists the filtering capabilities available for scans.
GET /was/v2/user-templates/filtersList user-defined template filtersLists the filtering capabilities available for user-defined templates.
GET /was/v2/vulnerabilities/filtersList vulnerability filtersLists the filtering capabilities available for vulnerability findings.
GET /was/v2/scans/{scan_id}/vulnerabilities/filtersList vulnerability filters for scanLists the filtering capabilities available for vulnerability findings on a given scan.4

Examples

Some examples are provided below to illustrate how to use filters with the new search endpoints.

Example 1

List scan configurations that have a schedule enabled:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/configs/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{"field":"configs.schedule","operator":"eq","value":"Enabled"}'

Example 2

List scan configurations that are contained in a folder called Dallas that are named either Branch Scan or Office Scan:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/configs/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '
{
  "AND": [
    {
      "field": "folder_name",
      "value": "Dallas",
      "operator": "match"
    },
    {
      "OR": [
        {
          "field": "configs.name",
          "operator": "eq",
          "value": "Branch Scan"
        },
        {
          "field": "configs.name",
          "operator": "eq",
          "value": "Office Scan"
        }
      ]
    }
  ]
}'

Example 3

List user-defined templates that were created before 03/18/2021 and contain office park in the description:

curl --request POST \
  --url https://cloud.tenable.com/was/v2/user-templates/search \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '
{
  "AND": [
    {
      "field": "user_templates.description",
      "operator": "match",
      "value": "office park"
    },
    {
      "field": "user_templates.created_at",
      "operator": "lt",
      "value": "2021/03/18"
    }
  ]
}'