Scan Export Filters

Use filter query parameters to refine the scan export data that the POST /scans/{scan_id}/export API endpoint returns.

For more information, see:

🛈

Note

Filter query parameters are not supported when exporting scan results that are older than 60 days.

Filter Parameters

For each filter you want to apply to scan export data, you must specify the following query parameters:

ParameterDescription
filter.INDEX.filterThe name of the filter to apply to the returned data.
filter.INDEX.qualityThe operator of the filter to apply to the returned data.
filter.INDEX.valueThe value of the filter to apply to the returned data.

To specify a single filter, use '0' as the INDEX value in each filter parameter name. For example:

?filter.0.filter=plugin.id&filter.0.quality=eq&filter.0.value=1234567

To specify multiple filters:

  1. Increment the INDEX portion of each filter parameter name. For example:
?filter.0.filter=host.id&filter.0.quality=eq&filter.0.value=d9217f91-f79d-4bd5-aadb-606f19cf5265&filter.1.quality=eq&filter.1.value=19970919
  1. (Optional) Include the filter.search_type query parameter, for example, filter.search_type=and or filter.search_type=or. This parameter specifies whether Tenable.io uses the AND or the OR logical operator when matching data to the specified filters. If you omit the filter.search_type parameter, Tenable.io uses AND by default.

Supported Filters

For a list of supported scan filters, use the GET /filters/scans/reports endpoint.

Commonly-used Filters

The table below lists parameters for commmonly-used filters.

User Interface Labelfilter.INDEX.filterfilter.INDEX.qualityfilter.INDEX.value
Bugtraq IDplugin.attributes.bideq, neq, match, nmatchNUMBER
Check Namecompliance_descriptionmatch, nmatchTEXT
CERT Vulnerability IDxref:CERTeq, neq, match, nmatchNUMBER
CPEplugin.attributes.cpeeq, neq, match, nmatchTEXT
CVEplugin.attributes.cve.raweq, neq, match, nmatchCVE-YYYY-ID
CVSS Base Scoreplugin.attributes.cvss_base_scorelt, gt, eq, neq, match, nmatchNUMBER
CVSS Temporal Scoreplugin.attributes.cvss_temporal_scorelt, gt, eq, neq, match, nmatchNUMBER
CVSS Temporal Vectorplugin.attributes.cvss_temporal_vector.raweq, neq, match, nmatchTEXT
CVSS Vectorplugin.attributes.cvss_vector.raweq, neq, match, nmatchTEXT
CVSS v3.0 Base Scoreplugin.attributes.cvss3_base_scorelt, gt, eq, neq, match, nmatchNUMBER
CVSS v3.0 Temporal Scoreplugin.attributes.cvss3_temporal_scorelt, gt, eq, neq, match, nmatchNUMBER
CVSS v3.0 Temporal Vectorplugin.attributes.cvss3_temporal_vector.raweq, neq, match, nmatchTEXT
CVSS v3.0 Vectorplugin.attributes.cvss3_vector.raweq, neq, match, nmatchTEXT
CWExref:CWEeq, neq, match, nmatchNUMBER
Exploit Availableplugin.attributes.exploit_availableeq, neqtrue, false
Exploitability Easeplugin.attributes.exploitability_ease.raweq, neqExploits are available, No exploit is required, No known exploits are available
Exploited By Malwareplugin.attributes.exploited_by_malwareeq, neqtrue, false
Exploited By Nessusplugin.attributes.exploited_by_nessuseq, neqtrue, false
Hostnamehost.hostnameeq, neq, match, nmatchTEXT
IAVA IDxref:IAVAeq, neq, match, nmatchYYYY-A-ID
IAVB IDxref:IAVBeq, neq, match, nmatchYYYY-B-ID
IAVM Severityplugin.attributes.stig_severityeq, neq, match, nmatchTEXT
IAVT IDxref:IAVTeq, neq, match, nmatchYYYY-A-ID
In The Newsplugin.attributes.in_the_newseq, neqtrue, false
Microsoft Bulletinxref:MSFTeq, neq, match, nmatchMS0X-YZT
OSVDB IDxref:OSVDBeq, neq, match, nmatchNUMBER
Patch Publication Dateplugin.attributes.patch_publication_datedate-lt, date-gt, date-eq, date-neq, match, nmatchMM/DD/YYYY
Plugin Descriptionplugin.attributes.descriptionmatch, nmatchTEXT
Plugin Familyplugin.family_ideq, neqfamily1, ..., familyN
Plugin IDplugin.ideq, neq, match, nmatchNUMBER
Plugin Modification Dateplugin.attributes.plugin_modification_datedate-lt, date-gt, date-eq, date-neq, match, nmatchMM/DD/YYYY
Plugin Nameplugin.nameeq, neq, match, nmatchTEXT
Plugin Outputoutputeq, neq, match, nmatchTEXT
Plugin Publication Dateplugin.attributes.plugin_publication_datedate-lt, date-gt, date-eq, date-neq, match, nmatchMM/DD/YYYY
Plugin Typeplugin.attributes.plugin_typeeq, neqlocal, remote
Portport.porteq, neq, match, nmatchNUMBER
Protocolport.protocoleq, neqtcp, udp, icmp
See Alsoplugin.attributes.see_alsoeq, neq, match, nmatchTEXT
Severityseverityeq, neqNone, Low, Medium, High, Critical
Solutionplugin.attributes.solutionmatch, nmatchTEXT
Synopsisplugin.attributes.synopsismatch, nmatchTEXT
Vulnerability Publication Dateplugin.attributes.vuln_publication_datedate-lt, date-gt, date-eq, date-neq, match, nmatchMM/DD/YYYY

Did this page help you?