Scan Export Filters
Use filter query parameters to refine the scan export data that the POST /scans/{scan_id}/export API endpoint returns.
For more information, see:
Note
Filter query parameters are not supported when exporting scan results that are older than 60 days.
Filter Parameters
For each filter you want to apply to scan export data, you must specify the following query parameters:
| Parameter | Description |
|---|---|
| filter.INDEX.filter | The name of the filter to apply to the returned data. |
| filter.INDEX.quality | The operator of the filter to apply to the returned data. |
| filter.INDEX.value | The value of the filter to apply to the returned data. |
To specify a single filter, use '0' as the INDEX value in each filter parameter name. For example:
?filter.0.filter=plugin.id&filter.0.quality=eq&filter.0.value=1234567
To specify multiple filters:
- Increment the INDEX portion of each filter parameter name. For example:
?filter.0.filter=host.id&filter.0.quality=eq&filter.0.value=d9217f91-f79d-4bd5-aadb-606f19cf5265&filter.1.quality=eq&filter.1.value=19970919
- (Optional) Include the
filter.search_typequery parameter, for example,filter.search_type=andorfilter.search_type=or. This parameter specifies whether Vulnerability Management uses the AND or the OR logical operator when matching data to the specified filters. If you omit thefilter.search_typeparameter, Vulnerability Management uses AND by default.
Supported Filters
For a list of supported scan filters, use the GET /filters/scans/reports endpoint.
Commonly-used Filters
The table below lists parameters for commmonly-used filters.
| User Interface Label | filter.INDEX.filter | filter.INDEX.quality | filter.INDEX.value |
|---|---|---|---|
| Bugtraq ID | plugin.attributes.bid | eq, neq, match, nmatch | NUMBER |
| Check Name | compliance_description | match, nmatch | TEXT |
| CERT Vulnerability ID | xref:CERT | eq, neq, match, nmatch | NUMBER |
| CPE | plugin.attributes.cpe | eq, neq, match, nmatch | TEXT |
| CVE | plugin.attributes.cve.raw | eq, neq, match, nmatch | CVE-YYYY-ID |
| CVSS Base Score | plugin.attributes.cvss_base_score | lt, gt, eq, neq, match, nmatch | NUMBER |
| CVSS Temporal Score | plugin.attributes.cvss_temporal_score | lt, gt, eq, neq, match, nmatch | NUMBER |
| CVSS Temporal Vector | plugin.attributes.cvss_temporal_vector.raw | eq, neq, match, nmatch | TEXT |
| CVSS Vector | plugin.attributes.cvss_vector.raw | eq, neq, match, nmatch | TEXT |
| CVSS v3.0 Base Score | plugin.attributes.cvss3_base_score | lt, gt, eq, neq, match, nmatch | NUMBER |
| CVSS v3.0 Temporal Score | plugin.attributes.cvss3_temporal_score | lt, gt, eq, neq, match, nmatch | NUMBER |
| CVSS v3.0 Temporal Vector | plugin.attributes.cvss3_temporal_vector.raw | eq, neq, match, nmatch | TEXT |
| CVSS v3.0 Vector | plugin.attributes.cvss3_vector.raw | eq, neq, match, nmatch | TEXT |
| CWE | xref:CWE | eq, neq, match, nmatch | NUMBER |
| Exploit Available | plugin.attributes.exploit_available | eq, neq | true, false |
| Exploitability Ease | plugin.attributes.exploitability_ease.raw | eq, neq | Exploits are available, No exploit is required, No known exploits are available |
| Exploited By Malware | plugin.attributes.exploited_by_malware | eq, neq | true, false |
| Exploited By Nessus | plugin.attributes.exploited_by_nessus | eq, neq | true, false |
| Hostname | host.hostname | eq, neq, match, nmatch | TEXT |
| IAVA ID | xref:IAVA | eq, neq, match, nmatch | YYYY-A-ID |
| IAVB ID | xref:IAVB | eq, neq, match, nmatch | YYYY-B-ID |
| IAVM Severity | plugin.attributes.stig_severity | eq, neq, match, nmatch | TEXT |
| IAVT ID | xref:IAVT | eq, neq, match, nmatch | YYYY-A-ID |
| In The News | plugin.attributes.in_the_news | eq, neq | true, false |
| Microsoft Bulletin | xref:MSFT | eq, neq, match, nmatch | MS0X-YZT |
| OSVDB ID | xref:OSVDB | eq, neq, match, nmatch | NUMBER |
| Patch Publication Date | plugin.attributes.patch_publication_date | date-lt, date-gt, date-eq, date-neq, match, nmatch | MM/DD/YYYY |
| Plugin Description | plugin.attributes.description | match, nmatch | TEXT |
| Plugin Family | plugin.family_id | eq, neq | family1, ..., familyN |
| Plugin ID | plugin.id | eq, neq, match, nmatch | NUMBER |
| Plugin Modification Date | plugin.attributes.plugin_modification_date | date-lt, date-gt, date-eq, date-neq, match, nmatch | MM/DD/YYYY |
| Plugin Name | plugin.name | eq, neq, match, nmatch | TEXT |
| Plugin Output | output | eq, neq, match, nmatch | TEXT |
| Plugin Publication Date | plugin.attributes.plugin_publication_date | date-lt, date-gt, date-eq, date-neq, match, nmatch | MM/DD/YYYY |
| Plugin Type | plugin.attributes.plugin_type | eq, neq | local, remote |
| Port | port.port | eq, neq, match, nmatch | NUMBER |
| Protocol | port.protocol | eq, neq | tcp, udp, icmp |
| See Also | plugin.attributes.see_also | eq, neq, match, nmatch | TEXT |
| Severity | severity | eq, neq | None, Low, Medium, High, Critical |
| Solution | plugin.attributes.solution | match, nmatch | TEXT |
| Synopsis | plugin.attributes.synopsis | match, nmatch | TEXT |
| Vulnerability Publication Date | plugin.attributes.vuln_publication_date | date-lt, date-gt, date-eq, date-neq, match, nmatch | MM/DD/YYYY |
Updated 22 days ago