Refine Vulnerability Export Requests
Refine the vulnerabilities you export from Tenable Vulnerability Management using the parameters in the request body of the Export vulnerabilities endpoint.
The following request body examples represent commonly used export refinements.
Note
The API uses different terms for vulnerability states than the user interface. The new and active states in the user interface map to the open state in the API. The resurfaced state in the user interface maps to the reopened state in the API. The fixed state is the same.
Request Body Example 1: Since Only
{
"num_assets": 100,
"filters": {
"severity": [
"low",
"medium",
"high",
"critical"
],
"since": 1546300800
}
}
In this example, the request message contains a since filter specifying Jan 1, 2019, and does not contain a state filter. If you do not include the state filter in your request, the export includes data for OPEN and REOPENED vulnerabilities that were seen on or after the since date you specify, and FIXED vulnerabilities that were fixed on or after the since date you specify.
The export includes vulnerabilities that meet the following criteria:
- The
stateattribute in the vulnerability record isOPENorREOPENEDAND thelast_foundattribute in the vulnerability record is 1/1/19 or later. - The
stateattribute in the vulnerability isFIXEDAND thelast_fixedattribute in the vulnerability record is 1/1/19 or later.
Request Body Example 2: Since and State
{
"num_assets": 100,
"filters": {
"severity": [
"low",
"medium",
"high",
"critical"
],
"since": 1546300800,
"state": [
"OPEN",
"REOPENED",
"FIXED"
]
}
}
In this example, the request message includes both the since and state filters.
The export includes vulnerabilities that meet the following criteria:
- The
stateattribute in the vulnerability record isOPENorREOPENEDAND thelast_foundattribute in the vulnerability record is 1/1/19 or later. - The
stateattribute in the vulnerability isFIXEDAND thelast_fixedattribute in the vulnerability record is 1/1/19 or later.
Request Body Example 3: Last_fixed and State
{
"num_assets": 100,
"filters": {
"severity": [
"low",
"medium",
"high",
"critical"
],
"last_fixed": 1546300800,
"state": [
"FIXED"
]
}
}
In this example, the request message contains both the last_fixed and state parameters.
The export includes only vulnerabilities where the state attribute in the vulnerability record is FIXED AND the last_fixed attribute in the vulnerability record is 1/1/19 or later.
Request Body Example 4: Single Tag with Multiple Values
{
"num_assets": 100,
"filters": {
"severity": [
"low",
"medium",
"high",
"critical"
],
"tag.Location": [
"Austin",
"Dallas",
"Fort Worth"
]
}
}
In this example, the request message contains a tag. The tag category is Location and the tag values are Austin, Dallas, and Fort Worth. When multiple tag values are provided, the logical operation applied to the values is an OR operation.
The resulting export includes only vulnerabilities on assets that are assigned any of the following tags:
Location:AustinLocation:DallasLocation:Fort Worth
Request Body Example 5: Multiple Tags with Multiple Values
{
"num_assets": 100,
"filters": {
"severity": [
"low",
"medium",
"high",
"critical"
],
"tag.Location": [
"Austin",
"Dallas",
"Fort Worth"
],
"tag.OperatingSystem": [
"Windows",
"Linux"
]
}
}
In this example, the request message contains multiple tags. The first tag category is Location and the tag values are Austin, Dallas, and Fort Worth. The second tag category is OperatingSystem and the tag values are Windows and Linux. When multiple tag categories are provided, the logical operation applied to the tag categories is an AND operation.
The resulting export includes only vulnerabilities on assets that are assigned any of the following tags:
- [
Location.AustinORLocation.DallasORLocation.Fort Worth] AND [OperatingSystem:WindowsOROperatingSystem:Linux]
Updated 3 months ago