Common Asset Attributes
You can filter returned data from various Tenable Vulnerability Management API endpoints based on asset attributes. In addition, Vulnerability Management allows you to export asset details that include these attributes.
The asset attributes supported as filters or included in an export depend on the API endpoint you use.
For a comparison of attributes by endpoint, see Asset Attribute Availability by Endpoint.
For a full list of possible asset attributes, see Asset Attribute Definitions.
Asset Attribute Availability by Endpoint
The following table summarizes attribute availability by the following endpoints:
- GET /assets
- GET /assets/{asset_uuid}
- GET /assets/export/{export_uuid}/chunks/{chunk_id}
- GET /workbenches/assets?all_fields=default
- GET /workbenches/assets?all_fields=full
- GET /workbenches/assets/{asset_id}/info
Attribute | 1 | 2 | 3 | 4 | 5 | 6 |
---|---|---|---|---|---|---|
acr_score | yes | yes | no | yes | yes | yes |
acr_drivers | yes | yes | no | yes | yes | yes |
agent_name | yes | yes | no | yes | yes | yes |
aws_availability_zone | no | yes | yes | no | yes | yes |
aws_ec2_instance_ami_id | no | yes | yes | no | yes | yes |
aws_ec2_instance_group_name | no | yes | yes | no | yes | yes |
aws_ec2_instance_id | no | yes | yes | no | yes | yes |
aws_ec2_instance_state_name | no | yes | yes | no | yes | yes |
aws_ec2_instance_type | no | yes | yes | no | yes | yes |
aws_ec2_name | yes | yes | yes | yes | yes | yes |
aws_ec2_product_code | no | yes | yes | no | yes | yes |
aws_owner_id | no | yes | yes | no | yes | yes |
aws_region | no | yes | yes | no | yes | yes |
aws_subnet_id | no | yes | yes | no | no | yes |
aws_vpc_id | no | yes | yes | no | yes | yes |
azure_resource_id | no | yes | yes | no | yes | yes |
azure_vm_id | no | yes | yes | no | yes | yes |
bigfix_asset_id | no | yes | yes | yes | yes | yes |
bios_uuid | no | yes | yes | no | yes | yes |
counts | no | no | no | no | no | yes |
created_at | no | yes | yes | no | yes | yes |
deleted_at | no | no | yes | yes | yes | no |
deleted_by | no | no | yes | yes | yes | no |
exposure_score | yes | yes | no | yes | yes | yes |
first_scan_time | no | no | yes | no | yes | no |
first_seen | no | yes | yes | no | yes | yes |
fqdn | yes | yes | yes | yes | yes | yes |
gcp_instance_id | no | yes | yes | no | yes | yes |
gcp_project_id | no | yes | yes | no | yes | yes |
gcp_zone | no | yes | yes | no | yes | yes |
has_agent | yes | yes | yes | yes | yes | yes |
hostname | no | yes | yes | no | yes | yes |
id | yes | yes | yes | yes | yes | yes |
installed_software | no | yes | yes | no | yes | yes |
ipv4 | yes | yes | yes | yes | yes | yes |
ipv6 | yes | yes | yes | yes | yes | yes |
last_authenticated_scan_date | no | yes | yes | no | yes | yes |
last_licensed_scan_date | no | yes | yes | no | yes | yes |
last_scan_target | yes | yes | no | yes | yes | yes |
last_scan_time | no | no | yes | no | yes | no |
last_seen | yes | yes | yes | yes | yes | yes |
mac_address | yes | yes | yes | yes | yes | yes |
manufacturer_tpm_id | no | no | yes | no | yes | no |
mcafee_epo_agent_guid | no | yes | yes | no | yes | yes |
mcafee_epo_guid | no | yes | yes | no | yes | yes |
netbios_name | yes | yes | yes | yes | yes | yes |
network_id | no | yes | no | no | no | no |
network _name | no | no | no | no | no | no |
operating_system | yes | yes | yes | yes | yes | yes |
qualys_asset_id | no | yes | yes | no | yes | yes |
qualys_host_id | no | yes | yes | no | yes | yes |
scan_frequency | yes | yes | no | yes | yes | yes |
servicenow_sysid | no | yes | yes | no | yes | yes |
sources | yes | yes | yes | yes | yes | yes |
ssh_fingerprint | no | yes | yes | no | yes | yes |
symantec_ep_hardware_key | no | no | yes | no | yes | no |
system_type | no | yes | yes | no | yes | yes |
tags | no | yes | yes | no | yes | yes |
tenable_uuid | no | yes | no | no | no | yes |
terminated_at | no | no | yes | yes | yes | no |
terminated_by | no | no | yes | yes | yes | no |
time_end | no | no | no | no | no | yes |
time_start | no | no | no | no | no | yes |
updated_at | no | yes | yes | no | yes | yes |
uuid | no | no | no | no | no | yes |
Asset Attribute Definitions
Attribute | Type | Importable | Definition |
---|---|---|---|
acr_score | integer | no | The Asset Criticality Rating (ACR) for the asset. This attribute is only present if Lumin is added to your Vulnerability Management instance. For more information, see Lumin Metrics in the Tenable Vulnerability Management User Guide. |
acr_drivers | array of objects | no | The key drivers that Tenable uses to calculate an asset's Tenable-provided ACR. This attribute is only present if Lumin is added to your Vulnerability Management instance. For more information, see Lumin Metrics in the Tenable Vulnerability Management User Guide. |
agent_name | string | no | The names of any Nessus agents that scanned and identified the asset. |
aws_availability_zone | string | yes | The availability zone where Amazon Web Services hosts the virtual machine instance, for example, 'us-east-1a'. Availability zones are subdivisions of AWS regions. For more information, see "Regions and Availability Zones" in the AWS documentation. |
aws_ec2_instance_ami_id | string | yes | The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation. |
aws_ec2_instance_group_name | string | yes | The virtual machine instance's group in AWS. |
aws_ec2_instance_id | string | yes | The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation. |
aws_ec2_instance_state_name | string | yes | The state of the virtual machine instance in AWS at the time of the scan. |
aws_ec2_instance_type | string | yes | The type of instance in AWS EC2. |
aws_ec2_name | string | yes | The name of the virtual machine instance in AWS EC2. |
aws_ec2_product_code | string | yes | The product code associated with the AMI used to launch the virtual machine instance in AWS EC2. |
aws_owner_id | string | yes | The canonical user identifier for the AWS account associated with the asset. For more information, see "AWS Account Identifiers" in the AWS documentation. |
aws_region | string | yes | The region where AWS hosts the virtual machine instance, for example, 'us-east-1'. For more information, see "Regions and Availability Zones" in the AWS documentation. |
aws_subnet | string | yes | The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan. |
aws_vpc_id | string | yes | The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide. |
azure_resource_id | string | yes | The unique identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
azure_vm_id | string | yes | The unique identifier of the Microsoft Azure virtual machine instance. For more information, see "Accessing and Using Azure VM Unique ID" in the Microsoft Azure documentation. |
bios_uuid | string | yes | The BIOS UUID of the asset. |
bigfix_asset_id | string | yes | The unique identifier of the asset in HCL BigFix. For more information, see the HCL BigFix documentation. |
counts | object | no | Counts of vulnerabilities on the asset, as well as counts of audit checks performed on the asset. |
counts[].vulnerabilities | object | no | Counts of vulnerabilities on the asset. |
counts[].vulnerabilities[].total | integer | no | The total number of vulnerabilities that scans have detected on the asset. |
counts[].vulnerabilities[].severities | array of objects | no | A count of vulnerabilities by severity. |
counts[].vulnerabilities[].severities[].count | integer | no | The number of vulnerabilities with the specified severity. |
counts[].vulnerabilities[].severities[].level | integer | no | The code for the severity. Possible values include:
|
counts.vulnerabilities[].severities[].name | string | no | The severity of the vulnerability as defined using the Common Vulnerability Scoring System (CVSS) base score. Possible values include 'info' (CVSS score of 0), 'low' (CVSS score between 0.1 and 3.9), 'medium' (CVSS score between 4.0 and 6.9), 'high' (CVSS score between 7.0 and 9.9), and 'critical' (CVSS score of 10.0). |
counts[].audits | object | no | Counts of audit checks performed on the asset. For more information about audit checks, see the Tenable Vulnerability Management User Guide. |
counts[].audits[].total | integer | no | The total number of audit checks that scans have performed on the asset. |
counts[].audits[].statuses | array of objects | no | Counts of audit checks performed on the asset, grouped by audit status. |
counts[].audits[].statuses[].count | integer | no | The number of audits of the specified level that scans have performed on the asset. |
counts[].audits[].statuses[].level | integer | no | The audit status level. Possible values include:
|
counts[].audits[].statuses[].name | string | no | The name of the audit status level. Possible values include 'Passed', 'Warning', and 'Failed'." |
created_at | string | no | The ISO timestamp when Vulnerability Management created the asset record. |
deleted_at | integer | no | The Unix timestamp when a user deleted the asset. |
deleted_by | string | no | The user who deleted the asset record. |
exposure_score | integer | The Asset Exposure Score (AES) for the asset. This attribute is only present if Lumin is added to your Vulnerability Management instance. For more information, see Lumin Metrics in the Tenable Vulnerability Management User Guide. | |
first_scan_time | string | no | The ISO timestamp when a scan first ran against the asset. |
first_seen | string | no | The ISO timestamp when a scan first identified the asset. |
fqdn | string | yes | The fully-qualified domain name that a scan has associated with the asset record. |
gcp_instance_id | string | yes | The unique identifier of the virtual machine instance in GCP. |
gcp_project_id | string | yes | The customized name of the project to which the virtual machine instance belongs in Google Cloud Platform (GCP). For more information see "Creating and Managing Projects" in the GCP documentation. |
gcp_zone | string | yes | The zone where the virtual machine instance runs in GCP. For more information, see "Regions and Zones" in the GCP documentation. |
has_agent | boolean | no | A value specifying whether a Nessus agent scan detected the asset (true ). |
hostname | string or array of strings (depending on endpoint) | yes | A list of hostnames that a scan has associated with an asset. |
id | string | no | The UUID of the asset. For more information, see the uuid definition. |
installed_software | array of strings | yes | A list of Common Platform Enumeration (CPE) values that represent software applications a scan identified as present on an asset. This attribute contains data only if a scan using Nessus Plugin ID 45590 has evaluated the asset. |
ipv4 | string | yes | An IPv4 address that a scan has associated with the asset record. Note: A CIDR mask of /0 is not supported for this parameter, because that value would match all IP addresses. If you submit a /0 value for this parameter, Vulnerability Management returns a 400 Bad Request error message. |
ipv6 | string | yes | An IPv6 address that a scan has associated with the asset record. |
last_authenticated_scan_date | string | no | The ISO timestamp when a credentialed scan last ran on the asset. |
last_licensed_scan_date | string | no | The ISO timestamp of the last scan that identified the asset as licensed. Vulnerability Management categorizes an asset as licensed if a scan of that asset has returned results from a non-discovery plugin within the last 90 days. |
last_scan_target | string | The IPv4 address, IPv6 address, or FQDN that the scanner last used to evaluate the asset. | |
last_scan_time | string | no | The ISO timestamp when a scan last ran against the asset. |
last_seen | string | no | The ISO timestamp when the the asset was last observed by any source. For example, from a Nessus scan, agent scan, or a cloud connector. |
mac_address | string | yes | A MAC address that a scan has associated with the asset record. |
manufacturer_tpm_id | string | yes | The manufacturer's unique identifier of the Trusted Platform Module (TPM) associated with the asset. |
mcafee_epo_agent_guid | string | yes | The unique identifier of the McAfee ePO agent that identified the asset. For more information, see the McAfee documentation. |
mcafee_epo_guid | string | yes | The unique identifier of the asset in McAfee ePolicy Orchestrator (ePO). For more information, see the McAfee documentation. |
netbios_name | string | yes | The NetBIOS name for the asset. |
network_id | string | no | The ID of the network object to which the asset belongs. For more information about network objects, see Manage Networks. |
network_name | string | no | The name of the network object to which the asset belongs. For more information about network objects, see Manage Networks. |
operating_system | array of strings | yes | The operating systems that scans have associated with the asset record. |
qualys_asset_id | string | yes | The Asset ID of the asset in Qualys. For more information, see the Qualys documentation. |
qualys_host_id | string | yes | The Host ID of the asset in Qualys. For more information, see the Qualys documentation. |
scan_frequency | array of objects | no | Information about how often scans ran against the asset during specified intervals. This attribute is only present if Lumin is added to your Vulnerability Management instance. For more information, see Lumin Metrics in the Tenable Vulnerability Management User Guide. |
servicenow_sysid | string | yes | The unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation. |
sources | object | no | The entity that reported the asset details. Sources can include sensors, connectors, and API imports. Source names can be customized by your organization (for example, you specify a name when you import asset records). If your organization does not customize source names, system-generated names include:
|
ssh_fingerprint | string | yes | The SSH key fingerprint that a scan has associated with the asset record. |
symantec_ep_hardware_key | string | yes | The hardware key for the asset in Symantec Endpoint Protection. |
system_type | string | yes | The system types as reported by Plugin ID 54615. Possible values include 'router', 'general-purpose', 'scan-host', and 'embedded'. |
tags | object | no | Information about a tag assigned to the asset. With tags, you can categorize and create logical groupings of network assets in Vulnerability Management. For more information, see Tenable Vulnerability Management User Guide. |
tenable_uuid | array of strings | no | The UUID of the agent if an agent is present on the asset. If no agent is present on the asset, then the UUID is a unique identifier assigned by Vulnerability Management during a credentialed scan when the Create unique identifier on hosts scanned with credentials option is enabled. Note that no UUID is set for uncredentialed, non-agent scans. |
terminated_at | string | no | The ISO timestamp when a user terminated the Amazon Web Service (AWS) virtual machine instance of the asset. |
terminated_by | string | no | The user who terminated the AWS instance of the asset. |
time_end | string | no | The scan end timestamp, in ISO-8601 format, when the asset was first detected. |
time_start | string | no | The scan start timestamp, in ISO-8601 format, when the asset was first detected. |
updated_at | string | no | The ISO timestamp when the asset record was last updated. |
uuid | string | no | The UUID of the asset. Use this value as a unique key for the asset. Vulnerability Management assigns this UUID when a scan first discovers the asset. On each subsequent scan, Vulnerability Management uses multiple asset attributes to reliably identify the scanned asset (including IPv4 address, BIOS UUID, the system’s MAC Address, NetBIOS name, and FQDN). The asset UUID represents the result of Vulnerability Management's internal synchronization of asset data based on multiple scans. |
Updated 5 days ago