improved

Web Application Scanning: New Model for Input Errors

The Web Application Scanning v2 API now returns more specific error messages when validating user input. The new error model helps users to quickly identify and correct input errors.

added

Tenable.io: New Filters Available for Asset Export Endpoints

Two new asset filters were added to the Tenable.io API to help filter deleted and terminated assets. The new filters are is_deleted and is_terminated. If these filters are set to true, the Tenable.io API will return all assets that have been deleted or terminated.

deprecated

WAS: Deprecation Notice for settings.target and application_uri Parameters

The Web Application Scanning v2 API has been updated to make targets a primary entity. You can now define target in the main body of your request instead of within the settings object. This change allows users to create a scan configuration with no settings block if they wish to use the default settings. Tenable recommends that you use the target parameter in the main body instead. This change affects the POST /was/v2/configs and PUT /was/v2/configs/{config_id} endpoints.

added

Tenable.io Scan Routing

With scan routing, you can automatically dispatch scanning across multiple scanner groups according to the areas of your network that each group is configured to access. Scan routing reduces scan configuration and management overhead by eliminating the need to configure specific scanners for each individual scan. This feature can represent a significant benefit in large deployments. In addition, you can improve operational efficiency by tasking higher-privilege team members with managing scanner pools, which lower-privilege team members can then use in scan configuration.

added

List Plugins

Documentation is now available for the GET /plugins/plugin endpoint. This endpoint returns a paginated list of Tenable plugins with detailed plugin information. The response list is sorted by plugin ID.

added

Lumin ACR and AES Returned in Export API

The Tenable.io export API now returns the Asset Criticality Rating (ACR) and Asset Exposure Score (AES) if you have a Lumin license. The GET /assets/export/{export_uuid}/chunks/{chunk_id} endpoint returns the following attributes:

improved

Tenable.io: New Filter for Vulnerability Exports

You can now filter Tenable.io vulnerability exports by plugin_id. The plugin_id body parameter accepts a list of plugin IDs for which you want to filter the vulnerabilities returned in the vulnerability export.

added

Tenable.io: Convert Credentials

You can now use the Tenable.io API to convert scan-specific credentials to managed credentials.

deprecated

Tenable.io: Session API Deprecation

The Tenable.io Session API is deprecated. On August 1, 2020, documentation related to the session endpoints will be removed from the Tenable developer portal. If your organization's integrations with the Tenable.io API previously used session tokens, Tenable recommends that you use the PUT /users/{user_id}/keys endpoint to generate API keys instead. This deprecation also affects the POST /user/{user_id}/impersonate endpoint as well, as it is dependent on session tokens.

added

Web Application Scanning: Create Scan Configuration

You can now use the Tenable.io Web Application Scanning v2 API to easily create a WAS scan configuration.