The behavior for the since filter, used in the Tenable.io vulnerability export API, will change on January 25, 2021.

🛑

Caution

The information in this changelog is outdated. The referenced endpoints have been deprecated. This changelog remains publicly available for historical reference only. For the official deprecation announcement, see Vulnerability Management: Deprecated Filter Endpoints.

The Tenable.io Web Application Scanning v2 API page request and response format has been updated to match the Tenable.io Vulnerability Management format. This change brings consistent pagination across the various Tenable.io APIs. The old page request and response format has been deprecated in favor of the new page request and response format.

The scan report format for the Web Application Scanning v2 API endpoint GET /was/v2/scans/{scan_id}/report has been updated from version 1.0 to version 1.1. Previously, in scan report report format version 1.0, all cross-references were returned within the xrefs object. In scan report format version 1.1, all cross-references are returned as structured references to make parsing easier for the user.

Tenable.io Vulnerability Management now limits the number of scans you can create to 10,000 scans. If you're close to the maximum limit, Tenable recommends you re-use scheduled scans instead of creating new scans. An HTTP 403 error is returned if you attempt to create a scan after you have already reached the scan limit of 10,000.

Tenable.io now offers the option to automatically delete assets in a network after a specified number of days. The assets_ttl_days body parameter can be specified when creating or updating a network. Additionally, a new endpoint has been added that allows you to return the total number of assets in a network along with the number of assets that have not been seen for a specified number of days.

The Tenable.io Web Application Scanning v2 API now supports HTML and PDF scan exports. The HTML and PDF exports contain the list of targets, scan results, and scan notes.

The Tenable.io Web Application Scanning v2 API now supports email notifications upon scan completion. You can configure email notifications when you create a scan configuration. Email notifications are sent upon scan completion for both on-demand and scheduled scans.

The default behavior for vulnerability exports has changed. By default, vulnerability exports will now only include vulnerabilities found or fixed within the last 30 days if no time-based filters (last_fixed, last_found, or first_found) are submitted with the request. Previously, the default behavior was all vulnerabilities since Unix epoch time.

Tenable recommends the use of a standard User-Agent string in request headers when building integrations with the Tenable.io API. A standard User-Agent string helps Tenable to identify your integrations and API calls, and it assists in debugging and troubleshooting if you have issues with the API, rate limits, or concurrency limits.