Refine Vulnerability Export Requests

Refine the vulnerabilities you export from Tenable Vulnerability Management using the parameters in the request body of the /vulns/export endpoint.

The following request body examples represent commonly used export refinements.

📘

Note

The API uses different terms for vulnerability states than the user interface. The new and active states in the user interface map to the open state in the API. The resurfaced state in the user interface maps to the reopened state in the API. The fixed state is the same.

Request Body Example 1: Since Only

{
  "num_assets": 100,
  "filters": {
    "severity": [
      "low",
      "medium",
      "high",
      "critical"
      ],
    "since": 1546300800
  }
}

In this example, the request message contains a since filter specifying Jan 1, 2019, and does not contain a state filter.

The export includes vulnerabilities that meet the following criteria:

  • The state attribute in the vulnerability record is open or reopened AND the last_found attribute in the vulnerability record is 1/1/19 or later.
  • The state attribute in the vulnerability is fixed AND the last_fixed attribute in the vulnerability record is 1/1/19 or later.

Request Body Example 2: Since and State

{
  "num_assets": 100,
  "filters": {
    "severity": [
      "low",
      "medium",
      "high",
      "critical"
      ],
    "since": 1546300800,
    "state": [
      "open",
      "reopened",
      "fixed"
    ]
  }
}

In this example, the request message includes both the since and state filters.

The export includes only vulnerabilities where the state attribute in the vulnerability record is either open, reopened, or fixed, AND the since attribute in the vulnerability record is 1/1/19 or later.

Request Body Example 3: Last_fixed and State

{
  "num_assets": 100,
  "filters": {
    "severity": [
      "low",
      "medium",
      "high",
      "critical"
      ],
    "last_fixed": 1546300800,
    "state": [
      "fixed"
    ]
  }
}

In this example, the request message contains both the last_fixed and state parameters.

The export includes only vulnerabilities where the state attribute in the vulnerability record is fixed AND the since attribute in the vulnerability record is 1/1/19 or later.

Request Body Example 4: Tags

{
  "num_assets": 100,
  "filters": {
    "severity": [
      "low",
      "medium",
      "high",
      "critical"
      ],
    "tag.Location": "Headquarters"
  }
}

In this example, the export includes only vulnerabilities on assets that you assigned the "Location:Headquarters" tag.