Retrieve Vulnerability Data from Tenable.io
The vulnerability export APIs allow you to retrieve all vulnerabilities on each asset, including the vulnerability state, for integration into third-party tools. With these APIs, you can perform a large initial synchronization of Tenable.io with a third-party tool. You can then retrieve differentials to update on a regular basis. For example, you can use the vulnerability export APIs to retrieve all vulnerabilities that are currently active in your environment and integrate them with a ticketing system. You can then leverage the differential functionality to:
- Retrieve newly discovered vulnerabilities and create new tickets.
- Retrieve fixed vulnerabilities to automatically close open tickets.
In most implementations, Tenable.io stores vulnerability data obtained from scans it manages. However, you can also import vulnerability data from scans managed by other Tenable products, as well as a limited number of third-party applications. For more information, see the POST /api/v2/vulnerabilities import endpoint.
To retrieve vulnerability data using the Tenable.io API, Tenable recommends the following approach:
- Review the guidelines and limitations for vulnerability exports.
- Generate the export file based on the guidelines and limitations.
- Query for the export generation status and chunk identification information.
- Download completed export chunks.
You can also:
- View recent vulnerability export jobs for your Tenable.io instance.
- Cancel a vulnerability export job.
|First Export||The first time you generate an export file, you can omit filter parameters to export all current data, or use filter parameters to limit by date and other attributes.|
|Ongoing Exports||Every time you export after that, Tenable recommends that you specify parameters for a differential export, with the filter parameters set to the time you last exported data from Tenable.io.|
For example, you can use the
|Chunk Size||Tenable.io exports vulnerability data in data chunks. Configure the |
|Additional Refinements||See Refine Vulnerability Export Requests.|
|Chunk Order||Tenable.io processes export chunks in parallel, so chunk IDs may not be arranged sequentially in the completed output.|
|Synchronize Vulnerabilities and Assets||To synchronize vulnerability export data with asset export data, match the |
Tenable recommends synchronizing vulnerability export data with asset export data, because the asset data included in the vulnerability export response (for example, IPv4 address) is limited to asset attributes that plugins identified in an individual scan. Asset export data, on the other hand, provides aggregated asset data based on multiple scans.
|Vulnerabilities on Deleted or Terminated Assets||As assets are deleted or terminated in Tenable.io, you can identify those assets and related vulnerabilities using the |
Tenable recommends that you periodically run two asset export queries—(1) a query where
|Unlicensed Assets||By default, exported vulnerability data includes licensed assets only. However, to include both licensed and unlicensed assets in vulnerability exports, you can set the |
|Concurrency Limiting||There are maximum limits for concurrent vulnerability export requests per container. For more information, see Concurrency Limiting.|
|Time-based Filters||By default, vulnerability exports will only include vulnerabilities found or fixed within the last 30 days if no time-based filters (|
|Duplicate Requests||Tenable.io prevents duplicate requests. If the export request status is |
|Chunks Expiration||You can download completed export chunks for three days after completion. At that point, the chunks expire, and you must re-submit the export request.|
|PCI Scan Exports||You cannot export vulnerabilities detected by PCI scans.|
|Plugin Output Size||Output for an individual plugin is limited to 1,024 KB (1 MB).|
Updated 8 months ago