Tenable has released new Exposure Management Attack Path endpoints that provide advanced filtering capabilities, making it easier to retrieve the top attack paths leading to critical assets and the top attack techniques in your environment.

Tenable has deprecated and subsequently removed the Attack Path Analysis "List attack paths" and "List findings" endpoints. This deprecation was previously announced in Attack Path Analysis: Upcoming Changes.

Tenable has added a new boolean query parameter, compress, to the Tenable One Inventory Export assets and Export findings endpoints. This parameter enables GZIP compression for exported files.

Tenable has released the Recast Rules API, which enables users to create, view, update, and delete recast and accept rules that modify the severity of vulnerabilities and host audit results. This functionality allows organizations to adjust vulnerability risk ratings and audit severity to align with their internal policies and risk management practices.

Tenable has added the immediate_plugin_updates parameter to the Tenable Vulnerability Management agent profile API calls.

Tenable has published new documentation that provides a high-level overview of key considerations and recommendations for integrating third-party products with Tenable Cloud Security. This guide covers essential topics to ensure successful and scalable integrations, including:

Tenable Web App Scanning now supports SOAP API scanning, extending existing REST and GraphQL API support. With this update, you can assess all major types of API applications, ensuring broader coverage of the API attack surface. For more information, see Launch an API Scan in the Tenable Web App Scanning User Guide.

Tenable is deprecating the legacy acr_score and exposure_score properties returned by the Download assets chunk endpoint. These properties have been superseded by the enhanced v3 ACR and AES scores introduced in New ACR and AES Scores in Assets Exports on April 9, 2025.

Tenable has enhanced the Vulnerability Management vulnerabilities export and Web App Scanning findings export APIs with new filters and additional response data. These updates provide greater flexibility for querying and analyzing vulnerabilities, adding new filters and returning expanded scoring metrics in export responses.

The following v2 filter endpoints are deprecated and are tentatively scheduled for removal on November 5. Tenable recommends transitioning to the replacement endpoints listed below. While the replacements are versioned as v1, they are the current and actively supported endpoints moving forward.