Add Vulnerability Data to Tenable.io

Add vulnerability data to Tenable.io using the POST /api/v2/vulnerabilities endpoint. This endpoint allows you to import vulnerability data in JSON format.

🛈

Note

This endpoint can only import Tenable scan data. It cannot import vulnerability information from third-party vendors.

When constructing the request body, observe the following guidelines:

  • A valid asset object requires at least one valid network interface object.
  • A valid network interface object must contain at least one of the following parameters: ipv4, netbios_name, fqdn.
  • A valid vulnerability object must contain at least one of the following parameters: tenable_plugin_id, qualys_id, or cve.

Caution

Tenable.io supports a maximum of 50 individual asset objects per request message. In addition, because Tenable.io supports a total size limit of 15 MB for the request message, you may want to limit the number of asset objects you include in an individual request, depending on the number of vulnerabilities identified on the assets and the size of the related vulnerability output.

Request Body Example: Tenable Scan Data

{
  "vendor": "tenable",
  "product": "tenable.sc",
  "data_type": "vm",
  "source": "75c6c4c3-1626-4b57-9095-71b58ff8999e:e9b89d18-87cc-4fd5-8e6f-27a1d24fa2ac0",
  "assets": [
    {
      "network_interfaces": {
        "ipv4": [
          "192.0.2.57",
          "192.0.2.177"
        ]
      },
      "hostname": "windsmb.server.example.com",
      "bios_uuid": "9c60da51-762a-4b9b-8504-411056c2f696",
      "netbios_name": "JUPITER",
      "vulnerabilities": [
        {
          "tenable_plugin_id": "97737",
          "last_found": 1568086236,
          "output": "Description: The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148) - An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147) ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE. ..."
        }
      ]
    }
  ]
}

Did this page help you?