{"openapi":"3.0.0","info":{"version":"1.0.0","title":"Web Application Scanning v2","license":{"name":"Tenable.io"},"description":"The Tenable.io Web Application Scanning v2 API serves as a gateway for you to interact with the Tenable.io Web Application Scanning application and enables you to automate the security management for your web applications. You can safely and accurately scan web applications to provide deep visibility into vulnerabilities and context for prioritizing remediations. Use the Tenable.io Web Application Scanning v2 API endpoints to perform CRUD operations on web application scans, launch web application scans, and obtain scan and asset details.\n\n**Note:** While Tenable that you use Tenable.io Web Application Scanning API v2 for any new development. You can continue to use existing integrations that are based on Tenable.io Web Application Scanning API v1. Tenable will provide advance notice and migration guidance prior to deprecating Web Application Scanning API v1. For most up-to-date announcements, subscribe to our [RSS feed](https://feeds.feedburner.com/TenableDeveloperHub) or check the [API Changelog](https://developer.tenable.com/changelog)."},"security":[{"cloud":[]}],"tags":[{"name":"Attachments","description":"With Tenable.io Web Application Scanning API v2, you can download the attachment files generated by Tenable.io Web Application Scanning plugins during scans. The files provide additional information about identified vulnerabilities.\n\nFor background information, see the [Tenable.io Web Application Scanning User Guide](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/GettingStarted/GetStarted.htm)."},{"name":"Configurations","description":"With Tenable.io Web Application Scanning configurations, you can maintain reusable settings for running web application scans. Use the API to perform standard CRUD operations on configuration objects.\n\nFor background information, see the [Tenable.io Web Application Scanning User Guide](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/GettingStarted/GetStarted.htm)."},{"name":"Filters","description":"Some record types in Tenable.io Web Application Scanning support the use of an optional POST body that controls filtering during record retrieval. Before you submit a request containing these parameters, determine which parameters are available for a record type, which fields are available for filtering and in what ways filters parameters can be applied. \n\nUse the API to list available filters for scan configurations, user templates, asset workbench, vulnerabilities workbench, scan history, and scan finding API operations."},{"name":"Folders","description":"Tenable.io Web Application Scanning provides default folders that automatically organize scans. In addition, you can create custom folders to further organize your scans.\n\nUse the API to create, list, rename, and delete folders.\n\nFor background information about scan folders, see [Tenable.io Vulnerability Management User Guide](https://docs.tenable.com/tenableio/Content/Scans/ScanFolders.htm)."},{"name":"Plugins","description":"With Tenable.io Web Application Scanning API v2, you can return detailed information for Tenable.io Web Application Scanning plugins, including vulnerability counts by application, OWASP categories, plugin, and severity, number of scanned applications, and scan health.\n\nFor background information, see the [Organize Scans by Folder](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/GettingStarted/GetStarted.htm) in the Tenable.io Web Application Scanning User Guide."},{"name":"Scans","description":"With the Tenable.io Web Application Scanning API v2, you can run scans using existing scan configurations, list scans, get scan details, update scan status, and delete scans.\n\nFor background information, see the [Tenable.io Web Application Scanning User Guide](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/GettingStarted/GetStarted.htm)."},{"name":"Templates","description":"With Tenable.io Web Application Scanning API v2, you can list templates, get template details, create and update user templates based on your organization's web application scanning policies, and delete user templates. Templates provide default settings to create scans.\n\nFor background information, see the [Tenable-Provided Scan Templates](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/Scans/ScannerTemplates.htm) in the Tenable.io Web Application Scanning User Guide."},{"name":"Vulnerabilities","description":"With the Tenable.io Web Application Scanning API v2, you can get a filtered list of detected vulnerabilities.\n\nFor background information, see the [Tenable.io Web Application Scanning User Guide](https://docs.tenable.com/tenableio/Content/WebApplicationScanning/GettingStarted/GetStarted.htm)."}],"servers":[{"url":"https://cloud.tenable.com"}],"paths":{"/was/v2/attachments/{attachment_id}":{"get":{"summary":"Download attachment","description":"Returns the specified attachment file for a vulnerability detected by a Tenable.io Web Application Scanning scan. Attachments provide additional details for a detected vulnerability.\n\n **Note:** The `transfer-encoding` header value of the response stream is set to `chunked`.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-attachments-download","tags":["Attachments"],"parameters":[{"in":"path","name":"attachment_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the attachment to download. To determine the UUID of an attachment, use either the [GET /was/v2/vulnerabilities](ref:was-v2-vulns-list) or [GET /was/v2/scans/{scan_id}/vulnerabilities](ref:was-v2-scans-details-vulns) endpoint."}],"responses":{"200":{"description":"Returns the specified attachment file as a chunked transfer-encoded stream.","content":{"text/plain":{"schema":{"type":"string"},"examples":{"response":{"value":"PUT /tenable-wasscan-9a3511f8-7852-4096-a7c0-6065ff8ebad3 HTTP/1.1\nHost: testfire.net\nAccept-Encoding: gzip, deflate\nUser-Agent: Nessus WAS/%v\nX-Tenable-Wasscan-Id: 9a3511f8-7852-4096-a7c0-6065ff8ebad3\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nCookie: JSESSIONID=76893A2AF20FA28774258A1FF4877A86\nContent-Length: 68\nCreated by Tenable WAS scan. PUT9a3511f8-7852-4096-a7c0-6065ff8ebad3"}}},"image/png":{"schema":{"type":"string","format":"binary"}}}},"400":{"description":"Returned if your request specifies an invalid attachment ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '1234567' must be UUID type"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified attachment file.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}},"/was/v2/configs":{"post":{"summary":"Create scan configuration","description":"Creates a new scan configuration.\n\n This operation is asynchronous and returns with an immediate 202. The scan configuration is guaranteed to be created at some point in the immediate future depending on resource load. To track the status of the operation, use the [GET /was/v2/configs/{config_id}/status/{tracking_id}](ref:was-v2-config-status) endpoint. The `config_id` and `tracking_id` can be retrieved from the URI provided in the `Location` header of the `202 Accepted` response.
Requires SCAN MANAGER [40] user permissions and CAN EDIT [64] scan permissions. Alternatively, SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan template (policy) permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-create","tags":["Configurations"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConfigInput"}}}},"responses":{"202":{"description":"The request has successfully been accepted and will be processed.","headers":{"Location":{"description":"Use the contents of this header appended to the prefix `/was/v2` to execute lookups on the current status of the resource.","schema":{"type":"string","format":"uri","example":"/configs/{config_id}/status/{tracking_id}"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanConfig"},"examples":{"response":{"value":{"settings":{"timeout":"08:00:00","debug_mode":false,"credentials":null,"scope":{"option":"all","urls":null,"exclude_file_extensions":["js","css","png","jpeg","gif","pdf","csv","svn-base","svg","jpg","ico"],"exclude_path_patterns":["logout"],"dom_depth_limit":5,"directory_depth_limit":10,"page_limit":10000,"crawl_script":null,"decompose_paths":false,"exclude_binaries":true,"auto_redundant_paths":5},"plugin":{"rate_limiter":{"requests_per_second":25,"autothrottle":true,"timeout_threshold":100},"mode":"disable","ids":[],"names":[],"families":[]},"browser":{"screen_width":1600,"screen_height":1200,"ignore_images":true,"job_timeout":30,"analysis":null,"pool_size":3},"http":{"response_max_size":500000,"request_redirect_limit":2,"user_agent":"WAS/%v","custom_user_agent":false,"request_headers":{"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5"},"include_scan_id":false,"request_concurrency":10,"request_timeout":5},"chrome":{"script_finish_wait":5000,"script_page_load_wait":30000,"script_command_wait":500},"assessment":{"rfi_remote_url":"http://rfi.nessus.org/rfi.txt","dictionary":"limited","fingerprinting":null,"enable":true},"audit":{"forms":true,"cookies":true,"ui_forms":true,"ui_inputs":true,"headers":true,"links":true,"parameter_names":false,"parameter_values":true,"jsons":true,"xmls":true}},"config_id":"77d748e5-c007-4f79-9a03-d1c35b7d95f4","container_id":"9f084368-f11e-4d69-be63-df5e2a0b2635","owner_id":"ef22f2bf-db1b-4471-984f-9507dcc083e1","template_id":"f93dfcb4-6eb2-4820-9b64-3dee8893a3f0","user_template_id":null,"name":"Scan Configuration Example","targets":["https://example.com"],"description":null,"created_at":"2020-09-01T23:36:04.289Z","updated_at":"2020-09-01T23:36:04.289Z","scanner_id":null,"schedule":null,"default_permissions":"no_access","results_visibility":"dashboard","permissions":[],"notifications":{"emails":[]}}}}}}},"400":{"description":"Returned if your request specifies invalid scan configuration parameters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InputErrorResponse"},"examples":{"response":{"value":{"code":"INPUT_FORM_VIOLATION","fields":[{"field":".name","message_type":"VALUE_MUST_BE_SPECIFIED","value":{"message":"the value must be specified"}}]}}}}}},"403":{"description":"Returned if you do not have permissions to create a scan configuration or if you attempt to assign an invalid owner to a scan configuration. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/search":{"post":{"tags":["Configurations"],"summary":"Search scan configurations","description":"Returns a list of web application scan configurations. If a scan has been run using the configuration, the list also contains information about the last scan that was run.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-search","parameters":[{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/offset"},{"$ref":"#/components/parameters/sort"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/AppliedFilters-ScanConfigs"},{"title":"Multiple Filters","type":"object","properties":{"AND":{"type":"array","description":"An array of filters that must all be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-ScanConfigs"}},"OR":{"type":"array","description":"An array of filters where at least one must be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-ScanConfigs"}}}}]}}}},"responses":{"200":{"description":"A list of web application scan configurations. If a scan has been run using the configuration, the list also contains information about the last scan that was run.","content":{"application/json":{"schema":{"type":"object","required":["pagination","items"],"properties":{"pagination":{"$ref":"#/components/schemas/PaginationResponse","type":"object"},"items":{"type":"array","description":"A list of scan configurations.","items":{"$ref":"#/components/schemas/ConfigMetadata"}}}},"examples":{"response":{"value":{"pagination":{"total":1690,"offset":0,"limit":10,"sort":[{"name":"name","order":"asc"},{"name":"created_at","order":"desc"},{"name":"updated_at","order":"desc"}]},"items":[{"config_id":"b7eb721f-5768-48a4-969f-aee8bc29ac22","owner_id":"ef22f2bf-db1b-4471-984f-9507dcc083e1","is_shared":false,"user_permissions":"configure","name":"3370","target_count":1,"description":null,"created_at":"2020-05-12T09:43:42.620Z","updated_at":"2020-05-12T09:43:42.620Z","schedule":{"timezone":"Asia/Calcutta","starttime":"20200512T153000","rrule":"FREQ=YEARLY;COUNT=1","enabled":false},"template_id":"ea71052b-5b48-4712-8255-3711d00a6514","last_scan":null,"user_template":null},{"config_id":"0aa9445f-b673-4563-b7e2-612ac37e885a","owner_id":"3e0eae98-dd3b-4c88-aa12-bac0b17567c6","is_shared":false,"user_permissions":"configure","name":"3370_WASTest","target_count":1,"description":"test","created_at":"2020-05-12T10:06:06.919Z","updated_at":"2020-05-12T10:06:50.955Z","schedule":{"timezone":"Asia/Calcutta","starttime":"20200512T160000","rrule":"FREQ=YEARLY;COUNT=1","enabled":false},"template_id":"ea71052b-5b48-4712-8255-3711d00a6514","last_scan":null,"user_template":null},{"config_id":"31b6dd5e-5edb-457d-9350-b9e31bd02bf1","owner_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","is_shared":false,"user_permissions":"configure","name":"A1_WAS_scan","target_count":1,"description":"","created_at":"2020-06-11T15:08:48Z","updated_at":"2020-06-11T15:08:48Z","schedule":null,"template_id":"f93dfcb4-6eb2-4820-9b64-3dee8893a3f0","last_scan":null,"user_template":{"user_template_id":"0c539366-172d-49bd-9c3d-90a9947ea48e","name":"A1_WAS_scan"}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/{config_id}":{"get":{"summary":"Get scan configuration details","description":"Returns details for the specified scan configuration.
Requires SCAN OPERATOR [24] user permissions and CAN EXECUTE [32] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-details","tags":["Configurations"],"parameters":[{"description":"The UUID of the scan configuration that you want to retrieve details for.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Returns details for the specified scan configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanConfig"},"examples":{"response":{"value":{"settings":{"timeout":"08:00:00","debug_mode":false,"credentials":{"credential_ids":["a982f52a-d1ee-48bf-8c94-e5d3b62804e6"]},"scope":{"option":"all","urls":[],"exclude_file_extensions":["js","css","png","jpeg","gif","pdf","csv","svn-base","svg","jpg","ico"],"exclude_path_patterns":["logout"],"dom_depth_limit":5,"directory_depth_limit":10,"page_limit":10000,"crawl_script":null,"decompose_paths":false,"exclude_binaries":true,"auto_redundant_paths":5},"plugin":{"rate_limiter":{"requests_per_second":25,"autothrottle":true,"timeout_threshold":100},"mode":"disable","ids":[],"names":[],"families":[]},"browser":{"screen_width":1600,"screen_height":1200,"ignore_images":true,"job_timeout":30,"analysis":null,"pool_size":3},"http":{"response_max_size":500000,"request_redirect_limit":2,"user_agent":"WAS/%v","custom_user_agent":false,"request_headers":{"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5"},"include_scan_id":false,"request_concurrency":10,"request_timeout":5},"chrome":{"script_finish_wait":5000,"script_page_load_wait":30000,"script_command_wait":500},"assessment":{"enable":true,"dictionary":"limited","rfi_remote_url":"http://rfi.nessus.org/rfi.txt","fingerprinting":null,"element_exclusions":[{"element_type":"dom_element","selector":"Logout","selector_type":"text"},{"element_type":"dom_element","selector":{"id_form":"login"},"selector_type":"attribute"}]},"audit":{"forms":true,"cookies":true,"ui_forms":true,"ui_inputs":true,"headers":true,"links":true,"parameter_names":false,"parameter_values":true,"jsons":false,"xmls":false}},"config_id":"f08a9605-231a-45b0-b0f8-5ab4f5510239","container_id":"9f084368-f11e-4d69-be63-df5e2a0b2635","owner_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","template_id":"f93dfcb4-6eb2-4820-9b64-3dee8893a3f0","user_template_id":null,"name":"Bank of Tenable full","targets":["http://192.0.2.119"],"description":null,"created_at":"2020-02-10T12:49:23.503Z","updated_at":"2020-03-30T17:37:29.603Z","scanner_id":36973541,"schedule":null,"folder":{"folder_id":"71bd4347-db84-41e5-9e2f-9600f8f846f2","name":"Eastern Region"},"in_trash":false,"default_permissions":"no_access","results_visibility":"dashboard","permissions":[],"notifications":{"emails":[]}}}}}}},"400":{"description":"Returned if your request specifies an invalid scan configuration ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}},"put":{"summary":"Upsert scan configuration","description":"Updates an existing scan configuration or creates a new scan configuration. \n\nThis operation is asynchronous and returns with an immediate 202. The scan configuration is guaranteed to be created at some point in the immediate future depending on resource load. To track the status of the operation, use the [GET /was/v2/configs/{config_id}/status/{tracking_id}](ref:was-v2-config-status) endpoint. The `config_id` and `tracking_id` can be retrieved from the URI provided in the `Location` header of the `202 Accepted` response. \n\n**Note:** Although this endpoint can be used to create a scan configuration, Tenable recommends the [POST /was/v2/configs](ref:was-v2-config-create) endpoint instead for the creation of scan configurations. To create a scan configuration with this endpoint, you first need to generate a UUID. Tenable recommends the `uuidgen` tool available in most Linux distributions. The `--time` option can be passed to the `uuidgen` tool to ensure that the UUID is unique.
Requires SCAN MANAGER [40] user permissions and CAN EDIT [64] scan permissions. Alternatively, SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan template (policy) permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-upsert","tags":["Configurations"],"parameters":[{"description":"If updating an existing scan configuration, the UUID of the scan configuration you want to update. If creating a new scan configuration, a new UUID generated with a tool like `uuidgen`.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConfigInput"}}}},"responses":{"202":{"description":"The request has successfully been accepted and will be processed.","headers":{"Location":{"description":"Use the contents of this header appended to the prefix `/was/v2` to execute lookups on the current status of the resource.","schema":{"type":"string","format":"uri","example":"/configs/{config_id}/status/{tracking_id}"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanConfig"},"examples":{"response":{"value":{"settings":{"timeout":"08:00:00","debug_mode":false,"credentials":null,"scope":{"option":"all","urls":null,"exclude_file_extensions":["js","css","png","jpeg","gif","pdf","csv","svn-base","svg","jpg","ico"],"exclude_path_patterns":["logout"],"dom_depth_limit":5,"directory_depth_limit":10,"page_limit":10000,"crawl_script":null,"decompose_paths":false,"exclude_binaries":true,"auto_redundant_paths":5},"plugin":{"rate_limiter":{"requests_per_second":25,"autothrottle":true,"timeout_threshold":100},"mode":"disable","ids":[],"names":[],"families":[]},"browser":{"screen_width":1600,"screen_height":1200,"ignore_images":true,"job_timeout":30,"analysis":null,"pool_size":3},"http":{"response_max_size":500000,"request_redirect_limit":2,"user_agent":"WAS/%v","custom_user_agent":false,"request_headers":{"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5"},"include_scan_id":false,"request_concurrency":10,"request_timeout":5},"chrome":{"script_finish_wait":5000,"script_page_load_wait":30000,"script_command_wait":500},"assessment":{"rfi_remote_url":"http://rfi.nessus.org/rfi.txt","dictionary":"limited","fingerprinting":null,"enable":true},"audit":{"forms":true,"cookies":true,"ui_forms":true,"ui_inputs":true,"headers":true,"links":true,"parameter_names":false,"parameter_values":true,"jsons":true,"xmls":true}},"config_id":"c21c9f22-f4f9-440f-a49b-aad3b694f0df","container_id":"9f084368-f11e-4d69-be63-df5e2a0b2635","owner_id":"ef22f2bf-db1b-4471-984f-9507dcc083e1","template_id":"f93dfcb4-6eb2-4820-9b64-3dee8893a3f0","user_template_id":null,"name":"LD Test 5","targets":["https://example5.com"],"description":null,"created_at":"2020-09-25T16:22:38.659Z","updated_at":"2020-09-25T16:24:38.117Z","scanner_id":null,"schedule":null,"additional_properties":null,"default_permissions":"no_access","results_visibility":"dashboard","permissions":[],"notifications":{"emails":[]}}}}}}},"400":{"description":"Returned if your request specifies invalid scan configuration parameters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InputErrorResponse"},"examples":{"response":{"value":{"code":"INPUT_FORM_VIOLATION","fields":[{"field":".target","message_type":"VALUE_MUST_BE_SPECIFIED","value":{"message":"the value must be specified"}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}},"patch":{"summary":"Move scan configuration","description":"Moves the scan configuration to the specified folder.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-move","tags":["Configurations"],"parameters":[{"description":"The UUID of the scan configuration you want to update.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConfigUpdate"}}}},"responses":{"200":{"description":"Returned if the request to move the scan configuration to another folder was successful.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"202":{"description":"The request to move the scan configuration to the Trash has successfully been accepted, and will be processed.","content":{"application/json":{"examples":{"response":{"value":{}}}}},"headers":{"Location":{"description":"Use the contents of this header appended to the prefix `/was/v2` to execute lookups on the current status of the resource","schema":{"type":"string","format":"uri","example":"/configs/:config_id/status/:tracking_id"}}}},"400":{"description":"Returned if your request body is invalid or if you specify a folder name with invalid characters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InputErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_JSON_BODY","reason":"Invalid message body: Could not decode JSON: {\n \"target\" : \"https://example45.com\",\n \"folder_name\" : \"Eastern Region 2@#$\"\n}"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified scan configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with id 'f637c8ab-3b43-427d-a32f-e668f1a4a745' not found"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}},"delete":{"summary":"Delete scan configuration","description":"Deletes the specified scan configuration and all associated scan history and vulnerabilities. You cannot delete a scan configuration if a scan based on that configuration is currently running.
Requires SCAN MANAGER [40] user permissions and CAN EDIT [64] scan permissions. Alternatively, SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan template (policy) permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-delete","tags":["Configurations"],"parameters":[{"description":"The UUID of the scan configuration you want to delete.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"202":{"description":"Returned if Tenable.io Web Application Scanning successfully created the deletion job.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"400":{"description":"Returned if your request specifies an invalid scan configuration ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"409":{"description":"Returned if you attempt to delete a configuration in use by a running scan.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_ALLOWED","reason":"Can't delete config due to scan '9ed690de-212f-4765-94c0-57922c20536a' with status 'Pending'"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/{config_id}/status/{tracking_id}":{"get":{"summary":"Get scan configuration processing status","description":"Tracks the current status of a scan configuration creation, update, or upsert process. When creating or updating a scan configuration, this endpoint can be used to determine the current status of the request. You can poll this endpoint using a sensible pause duration between each request until a `completed` or `failed` status is returned. \n\nThe `config_id` and `tracking_id` can be retrieved from the URI provided in the `Location` header of the `202 Accepted` response from the [POST /was/v2/configs](ref:was-v2-config-create) or [PUT /was/v2/configs/{config_id}](ref:was-v2-config-upsert) request used to create or update the scan configuration.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-config-status","tags":["Configurations"],"parameters":[{"description":"The UUID of the scan configuration.\n\n**Note:** The `config_id` can be retrieved from the URI provided in the `Location` header of the `202 Accepted` response from the [POST /was/v2/configs](ref:was-v2-config-create) or [PUT /was/v2/configs/{config_id}](ref:was-v2-config-upsert) request used to create or update the scan configuration.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}},{"description":"The tracking UUID for the request you want to retrieve the status for. \n\n**Note:** The `tracking_id` can be retrieved from the URI provided in the `Location` header of the `202 Accepted` response from the [POST /was/v2/configs](ref:was-v2-config-create) or [PUT /was/v2/configs/{config_id}](ref:was-v2-config-upsert) request used to create or update the scan configuration.","in":"path","name":"tracking_id","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Returned if the status for the scan configuration was found.","content":{"application/json":{"schema":{"type":"object","required":["tracking_status"],"properties":{"tracking_status":{"description":"The status of the scan creation, update, or upsert process. Possible values are `processing`, `complete`, or `failed`.","type":"string","enum":["processing","completed","failed"]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/filters":{"get":{"summary":"List scan configuration filters","description":"Lists the filtering capabilities available for scan configurations for endpoints that support scan configuration filtering.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-filters-scan-configs-list","tags":["Filters"],"responses":{"200":{"description":"Returns the filtering capabilities for scan configurations.","content":{"application/json":{"schema":{"type":"object","properties":{"filters":{"$ref":"#/components/schemas/Filters"}}},"examples":{"response":{"value":{"filters":[{"name":"scans_status","readable_name":"scans_status","operators":["eq"],"control":{"type":"dropdown","list":["Never Run","pending","running","stopping","aborted","canceled","completed"]}},{"name":"scans_finalized_at","readable_name":"scans_finalized_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"user_template.name","readable_name":"user_template.name","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"templates.name","readable_name":"templates.name","operators":["eq","neq"],"control":{"type":"dropdown","list":["scan","overview","ssl_tls","config_audit","pci","api"]}},{"name":"configs.schedule","readable_name":"configs.schedule","operators":["eq"],"control":{"type":"dropdown","list":["Enabled","On Demand"]}},{"name":"target","readable_name":"target","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"scans_started_at","readable_name":"scans_started_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"configs.created_at","readable_name":"configs.created_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"configs.updated_at","readable_name":"configs.updated_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"folder_name","readable_name":"folder_name","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"configs.name","readable_name":"configs.name","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"configs.description","readable_name":"configs.description","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/{config_id}/scans/filters":{"get":{"summary":"List scan filters","description":"Lists the filtering capabilities available for scans for endpoints that support scan filtering.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-filters-scans-list","parameters":[{"in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the scan configuration that was used for the scan."}],"tags":["Filters"],"responses":{"200":{"description":"Returns the filtering capabilities for scans.","content":{"application/json":{"schema":{"type":"object","properties":{"filters":{"$ref":"#/components/schemas/Filters"}}},"examples":{"response":{"value":{"filters":[{"name":"started_at","readable_name":"started_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"finalized_at","readable_name":"finalized_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"status","readable_name":"status","operators":["nmatch","eq","contains","match","neq","ncontains"],"control":{"type":"dropdown","list":["pending","running","stopping","aborted","canceled","completed"]}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/user-templates/filters":{"get":{"summary":"List user-defined template filters","description":"Lists the filtering capabilities available for user-defined templates for endpoints that support user-defined template filtering.
Requires SCAN OPERATOR [24] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-filters-user-templates-list","tags":["Filters"],"responses":{"200":{"description":"Returns the filtering capabilities for user-defined templates.","content":{"application/json":{"schema":{"type":"object","properties":{"filters":{"$ref":"#/components/schemas/Filters"}}},"examples":{"response":{"value":{"filters":[{"name":"template_name","readable_name":"template_name","operators":["eq","neq"],"control":{"type":"dropdown","list":["scan","overview","ssl_tls","config_audit","pci","api"]}},{"name":"user_templates.created_at","readable_name":"user_templates.created_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"user_templates.updated_at","readable_name":"user_templates.updated_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}},{"name":"user_templates.name","readable_name":"user_templates.name","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"user_templates.description","readable_name":"user_templates.description","operators":["match","eq"],"control":{"type":"entry","regex":null,"readable_regex":null}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/vulnerabilities/filters":{"get":{"summary":"List vulnerability filters","description":"Lists the filtering capabilities available for vulnerability findings for endpoints that support vulnerability filtering.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-filters-vulns-list","tags":["Filters"],"responses":{"200":{"description":"Returns the filtering capabilities for findings.","content":{"application/json":{"schema":{"type":"object","properties":{"filters":{"$ref":"#/components/schemas/Filters"}}},"examples":{"response":{"value":{"filters":[{"name":"asset_id","readable_name":"asset_id","operators":["eq"],"control":null},{"name":"uri","readable_name":"uri","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"input_type","readable_name":"input_type","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"input_name","readable_name":"input_name","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"plugin_id","readable_name":"plugin_id","operators":["eq"],"control":{"type":"entry","regex":"^[1-9]\\d*$","readable_regex":"NUMBER"}},{"name":"output","readable_name":"output","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"vulns.created_at","readable_name":"vulns.created_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/scans/{scan_id}/vulnerabilities/filters":{"get":{"summary":"List vulnerability filters for scan","description":"Lists the filtering capabilities available for vulnerability findings on a given scan for endpoints that support vulnerability filtering.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-filters-vulns-scan-list","parameters":[{"in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the scan for which you want to list available findings filters."}],"tags":["Filters"],"responses":{"200":{"description":"Returns the filtering capabilities for findings.","content":{"application/json":{"schema":{"type":"object","properties":{"filters":{"$ref":"#/components/schemas/Filters"}}},"examples":{"response":{"value":{"filters":[{"name":"uri","readable_name":"uri","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"input_type","readable_name":"input_type","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"input_name","readable_name":"input_name","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"plugin_id","readable_name":"plugin_id","operators":["eq"],"control":{"type":"entry","regex":"^[1-9]\\d*$","readable_regex":"NUMBER"}},{"name":"output","readable_name":"output","operators":["eq","match"],"control":{"type":"entry","regex":null,"readable_regex":null}},{"name":"vulns.created_at","readable_name":"vulns.created_at","operators":["lt","lte","gt","gte"],"control":{"type":"datefield","regex":"^[0-9]{4}/[0-9]{2}/[0-9]{2}$","readable_regex":"YYYY/MM/DD"}}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/folders":{"post":{"summary":"Create folder","description":"Creates a new custom folder for the current user.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-folders-create","tags":["Folders"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","description":"The name of the folder.\n\n**Note:** Folder names can only contain letters, numbers, underscores, hyphens, and whitespace."}}}}}},"responses":{"200":{"description":"Returned if the folder was successfully created.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FolderResponse"},"examples":{"response":{"value":{"folder_id":"178fe279-4e37-49ee-a5dc-8a447dd7043a","name":"Southern Region"}}}}}},"400":{"description":"Returned if your request body is invalid or if you specify a folder name with invalid characters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_JSON_BODY","reason":"Invalid message body: Could not decode JSON: {\n \"name\" : \"asdf$#\"\n}"}]}}}}}},"403":{"description":"Returned if you do not have user permissions to create a folder. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}},"get":{"summary":"List folders","description":"Lists the current user's custom folders.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-folders-list","tags":["Folders"],"responses":{"200":{"description":"Returned if the folder list for the current user was successfully retrieved.","content":{"application/json":{"schema":{"type":"array","description":"A list of folders.","items":{"$ref":"#/components/schemas/FolderResponse"}},"examples":{"response":{"value":[{"folder_id":"d6280b0f-8cc2-4cbb-bf94-375079e94fef","name":"Western Region"},{"folder_id":"71bd4347-db84-41e5-9e2f-9600f8f846f2","name":"Eastern Region"}]}}}}},"403":{"description":"Returned if you do not have permissions to view the folder list. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}},"/was/v2/folders/{folder_id}":{"put":{"summary":"Rename folder","description":"Renames a folder for the current user. You cannot rename Tenable-provided scan folders or custom folders that belong to other users (even if your account has administrator privileges).
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-folders-update","tags":["Folders"],"parameters":[{"$ref":"#/components/parameters/folder_id"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","description":"The name of the folder.\n\n**Note:** Folder names can only contain letters, numbers, underscores, hyphens, and whitespace."}}}}}},"responses":{"200":{"description":"Returned if Tenable.io Web Application Scanning successfully renamed the folder.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FolderResponse"},"examples":{"response":{"value":{"folder_id":"91843ecb-ecb8-48a3-b623-d4682c25948c","name":"Northern Region"}}}}}},"400":{"description":"Returned if your request body is invalid or if you specify a folder name with invalid characters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_JSON_BODY","reason":"Invalid message body: Could not decode JSON: {\n \"name\" : \"Northern Region 2#$\"\n}"}]}}}}}},"403":{"description":"Returned if you do not have user permissions to modify a folder with the given ID. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}},"delete":{"summary":"Delete folder","description":"Deletes a folder. If you delete a folder that contains scans, Tenable.io Web Application Scanning automatically moves those scans to the Trash folder. You cannot delete Tenable-provided folders or custom folders that belong to other users (even if you use an administrator account).
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-folders-delete","tags":["Folders"],"parameters":[{"$ref":"#/components/parameters/folder_id"}],"responses":{"202":{"description":"Returned if the request to delete the folder was accepted.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"403":{"description":"Returned if you do not have user permissions to delete a folder with the given ID. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}},"/was/v2/plugins":{"get":{"summary":"List plugins","description":"Returns a list of plugins used in Tenable.io Web Application Scanning scans.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-plugins-list","parameters":[{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/offset"},{"$ref":"#/components/parameters/sort-plugins"}],"tags":["Plugins"],"responses":{"200":{"description":"Returns a list of plugins.","headers":{"Cache-Control":{"schema":{"type":"string"}}},"content":{"application/json":{"schema":{"type":"object","required":["pagination","items"],"properties":{"pagination":{"$ref":"#/components/schemas/PaginationResponse","type":"object"},"items":{"type":"array","description":"A list of plugins.","items":{"$ref":"#/components/schemas/Plugin"}}}},"examples":{"response":{"value":{"pagination":{"total":1266,"offset":0,"limit":10,"sort":[{"name":"plugin_id","order":"asc"}]},"items":[{"plugin_id":98000,"name":"Scan Information","family":"General","policy":[]},{"plugin_id":98003,"name":"OS Detection","family":"General","policy":[]},{"plugin_id":98007,"name":"URI Blocked Due to Exclusion Rule","family":"General","policy":[]},{"plugin_id":98009,"name":"Web Application Sitemap","family":"General","policy":[]},{"plugin_id":98019,"name":"Network Timeout Encountered","family":"General","policy":[]},{"plugin_id":98024,"name":"HTTP Server Authentication Detected","family":"Authentication & Session","policy":[]},{"plugin_id":98025,"name":"HTTP Server Authentication Succeeded","family":"Authentication & Session","policy":[]},{"plugin_id":98026,"name":"HTTP Server Authentication Failed","family":"Authentication & Session","policy":[]},{"plugin_id":98033,"name":"Login Form Detected","family":"Authentication & Session","policy":[]},{"plugin_id":98034,"name":"Login Form Authentication Failed","family":"Authentication & Session","policy":[]}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/plugins/{plugin_id}":{"get":{"tags":["Plugins"],"summary":"Get plugin details","operationId":"was-v2-plugins-details","description":"Returns details for the specified Tenable.io Web Application Scanning plugin.
Requires BASIC [16] user permissions. See [Permissions](doc:permissions).
","parameters":[{"in":"path","name":"plugin_id","required":true,"schema":{"type":"integer"},"description":"The ID of a Tenable.io Web Application Scanning plugin."}],"responses":{"200":{"description":"Returns details for the specified Tenable.io Web Application Scanning plugin.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PluginWithMetadata"},"examples":{"response":{"value":{"plugin_id":98074,"name":"Backup file","family":"Data Exposure","solution":"Do not keep obsolete versions of files under the virtual web server root.","description":"A common practice when administering web applications is to create a copy/backup\n of a particular file or directory prior to making any modification to the file.\n Another common practice is to add an extension or change the name of the original\n file to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`,\n etc.).\n\n During the initial recon stages of an attack, cyber-criminals will attempt to\n locate backup files by adding common extensions onto files already discovered on\n the webserver. By analysing the response headers from the server they are able to\n determine if the backup file exists.\n These backup files can then assist in the compromise of the web application.\n\n By utilising the same method, scanner was able to discover a possible backup file.","synopsis":"Backup file","published":"2017-03-31T00:00:00Z","patch_published":null,"plugin_modified":"2017-10-16T00:00:00Z","risk_factor":"medium","see_also":["http://www.webappsec.org/projects/threat/classes/information_leakage.shtml","https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004)"],"cvss3_base_score":5.3,"wasc":["Predictable Resource Location"],"cwe":["530"],"owasp":[{"year":"2010","category":"A6"},{"year":"2013","category":"A5"},{"year":"2017","category":"A6"}]}}}}}},"400":{"description":"Returned if your request specifies an invalid ID for a Tenable.io Web Application Scanning plugin.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of 'uniqueID' must be UUID type"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified plugin.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID '12345' not found"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/configs/{config_id}/scans":{"post":{"summary":"Launch scan","description":"Launches a scan using the specified configuration.
Requires SCAN OPERATOR [24] user permissions and CAN EXECUTE [32] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-launch","tags":["Scans"],"parameters":[{"description":"The UUID of the scan configuration to use to launch a scan.","in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"202":{"description":"Returned if Tenable.io Web Application Scanning successfully launches the scan.","content":{"application/json":{"schema":{"type":"object","properties":{"scan_id":{"type":"string","description":"The UUID of the scan. Retain this UUID to [view the scan details](ref:was-v2-scans-details), including the scan status."}}},"examples":{"response":{"value":{"scan_id":"7b1438f9-321f-4f74-b39b-5e183794984f"}}}}}},"403":{"description":"Returned if you do not have either user permissions to launch the scan or scan permissions to use the scan configuration. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified scan configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND"}]}}}}}},"409":{"description":"Returned if a scan is already is a running for the specified configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_ALLOWED","reason":"This configuration already has a running scan: '695dddfa-d5fd-40ab-a82e-1615ca3a84bd'"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}},"/api/v3/was/import":{"post":{"summary":"Import scan","description":"Imports a scan that was previously exported in JSON format.\n\n**Note:** Attachments and scan files in DB format can't be imported.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v3-scans-import","tags":["Scans"],"x-readme":{"explorer-enabled":false},"requestBody":{"required":true,"content":{"multipart/form-data":{"schema":{"type":"object","properties":{"Filedata":{"type":"string","description":"The scan import JSON file to upload.","format":"binary"}}}}}},"responses":{"202":{"description":"Returned if the scan was imported successfully.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"400":{"description":"Returned if any UUIDs in the JSON file are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"403":{"description":"Returned if you do not have permissions to import a scan. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred in Tenable.io Web Application Scanning.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}},"/was/v2/configs/{config_id}/scans/search":{"post":{"summary":"Search scans","description":"Returns a list of scans.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-search","tags":["Scans"],"parameters":[{"in":"path","name":"config_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the config that was used for the scan."},{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/offset"},{"$ref":"#/components/parameters/sort"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/AppliedFilters-Vulnerabilities"},{"title":"Multiple Filters","type":"object","properties":{"AND":{"type":"array","description":"An array of filters that must all be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-Scans"}},"OR":{"type":"array","description":"An array of filters where at least one must be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-Scans"}}}}]}}}},"responses":{"200":{"description":"Returns a list of scans.","content":{"application/json":{"schema":{"type":"object","required":["pagination","items"],"properties":{"pagination":{"$ref":"#/components/schemas/PaginationResponse","type":"object"},"items":{"type":"array","description":"A list of scans.","items":{"$ref":"#/components/schemas/Scan"}}}},"examples":{"response":{"value":{"pagination":{"total":2098,"offset":0,"limit":10,"sort":[{"name":"created_at","order":"desc"}]},"items":[{"scan_id":"0d94f5b4-f811-44cb-802a-7f1c600818c3","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"988cd296-58b0-419e-bd43-0d884080daf6","asset_id":"f8598420-1e33-4aed-abd0-56d114e96d3e","target":"http://example.com/","created_at":"2020-12-07T20:00:14.319827Z","updated_at":"2020-12-07T20:01:19.815217Z","started_at":"2020-12-07T20:01:00.386897Z","finalized_at":"2020-12-07T20:01:19.808199Z","requested_action":"start","status":"completed","metadata":{"found_urls":1,"queued_urls":0,"scan_status":"running","audited_urls":1,"queued_pages":0,"audited_pages":1,"request_count":163,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"config_audit"},{"scan_id":"864b8026-ac4e-4b25-b895-bf264cfc59cc","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"e3467cb8-4d1f-44d1-ac77-fe261022db0b","asset_id":"5cf19656-afc6-4290-b685-cb29b750e020","target":"http://192.0.2.119/","created_at":"2020-12-07T14:30:41.342350Z","updated_at":"2020-12-07T18:30:49.565002Z","started_at":null,"finalized_at":"2020-12-07T18:30:49.508707Z","requested_action":"start","status":"aborted","metadata":null,"scanner":null,"template_name":"scan"},{"scan_id":"c8ee70c3-d81f-47c3-97b0-f1fabf5f9b18","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"55cdee55-56a5-40c4-9d03-dee2ec7dfdb2","asset_id":"5cf19656-afc6-4290-b685-cb29b750e020","target":"http://192.0.2.119/","created_at":"2020-12-07T14:30:41.246525Z","updated_at":"2020-12-07T14:41:49.778380Z","started_at":"2020-12-07T14:31:20.876292Z","finalized_at":"2020-12-07T14:41:49.766614Z","requested_action":"start","status":"completed","metadata":{"found_urls":26,"queued_urls":0,"scan_status":"running","audited_urls":11,"queued_pages":0,"audited_pages":18,"request_count":2725,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"scan"},{"scan_id":"086da4cc-a3bc-42a4-864b-9d97a794923e","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"69a86d77-1e7d-4489-8a7a-0a501b1d0d0a","asset_id":"5cf19656-afc6-4290-b685-cb29b750e020","target":"https://192.0.2.119","created_at":"2020-12-07T12:00:28.818222Z","updated_at":"2020-12-07T12:00:53.051974Z","started_at":"2020-12-07T12:00:47.479393Z","finalized_at":"2020-12-07T12:00:53.032269Z","requested_action":"start","status":"aborted","metadata":null,"scanner":{"group_name":"US Cloud Scanner"},"template_name":"scan"},{"scan_id":"4e59f5c1-c530-4455-b585-908f144e28c2","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"42900a9a-335c-44bc-a80b-a0616b899d47","asset_id":"5cf19656-afc6-4290-b685-cb29b750e020","target":"http://192.0.2.119/","created_at":"2020-12-07T12:00:28.731409Z","updated_at":"2020-12-07T12:11:23.354890Z","started_at":"2020-12-07T12:00:46.467506Z","finalized_at":"2020-12-07T12:11:23.339756Z","requested_action":"start","status":"completed","metadata":{"found_urls":48,"queued_urls":0,"scan_status":"running","audited_urls":23,"queued_pages":0,"audited_pages":30,"request_count":4333,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"scan"},{"scan_id":"0c8a726d-fe66-4672-9bae-61d22aefd372","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"988cd296-58b0-419e-bd43-0d884080daf6","asset_id":"f8598420-1e33-4aed-abd0-56d114e96d3e","target":"http://example.com/","created_at":"2020-12-06T20:00:46.137448Z","updated_at":"2020-12-06T20:01:18.982088Z","started_at":"2020-12-06T20:01:00.475819Z","finalized_at":"2020-12-06T20:01:18.977261Z","requested_action":"start","status":"completed","metadata":{"found_urls":1,"queued_urls":0,"scan_status":"running","audited_urls":1,"queued_pages":0,"audited_pages":1,"request_count":163,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"config_audit"},{"scan_id":"3ccf83ef-13fe-49ff-aad0-9f5af1b2d39a","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"988cd296-58b0-419e-bd43-0d884080daf6","asset_id":"f8598420-1e33-4aed-abd0-56d114e96d3e","target":"http://example.com/","created_at":"2020-12-05T20:00:18.679060Z","updated_at":"2020-12-05T20:00:53.905932Z","started_at":"2020-12-05T20:00:35.450322Z","finalized_at":"2020-12-05T20:00:53.899011Z","requested_action":"start","status":"completed","metadata":{"found_urls":1,"queued_urls":0,"scan_status":"running","audited_urls":1,"queued_pages":0,"audited_pages":1,"request_count":163,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"config_audit"},{"scan_id":"6f1ed550-7894-40b3-a6ea-3be06f9338a4","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"988cd296-58b0-419e-bd43-0d884080daf6","asset_id":"f8598420-1e33-4aed-abd0-56d114e96d3e","target":"http://example.com/","created_at":"2020-12-04T20:00:20.058359Z","updated_at":"2020-12-04T20:01:34.843822Z","started_at":"2020-12-04T20:01:15.837083Z","finalized_at":"2020-12-04T20:01:34.831731Z","requested_action":"start","status":"completed","metadata":{"found_urls":1,"queued_urls":0,"scan_status":"running","audited_urls":1,"queued_pages":0,"audited_pages":1,"request_count":162,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"config_audit"},{"scan_id":"db2e705d-d9e1-44f8-af8c-895096b214b0","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"42900a9a-335c-44bc-a80b-a0616b899d47","asset_id":"5cf19656-afc6-4290-b685-cb29b750e020","target":"http://192.0.2.119/","created_at":"2020-12-04T12:00:39.733492Z","updated_at":"2020-12-04T12:11:32.035955Z","started_at":"2020-12-04T12:00:56.278028Z","finalized_at":"2020-12-04T12:11:32.029569Z","requested_action":"start","status":"completed","metadata":{"found_urls":48,"queued_urls":0,"scan_status":"running","audited_urls":23,"queued_pages":0,"audited_pages":30,"request_count":4248,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"scan"},{"scan_id":"55cb0d87-c835-4263-86dd-7c157f8fd2fa","user_id":"01c924ee-e6ab-4d55-b283-dffba6dcce4c","config_id":"988cd296-58b0-419e-bd43-0d884080daf6","asset_id":"f8598420-1e33-4aed-abd0-56d114e96d3e","target":"http://example.com/","created_at":"2020-12-03T20:00:23.578614Z","updated_at":"2020-12-03T20:01:25.441773Z","started_at":"2020-12-03T20:01:06.985067Z","finalized_at":"2020-12-03T20:01:25.434118Z","requested_action":"start","status":"completed","metadata":{"found_urls":1,"queued_urls":0,"scan_status":"running","audited_urls":1,"queued_pages":0,"audited_pages":1,"request_count":162,"response_time":0},"scanner":{"group_name":"US Cloud Scanner"},"template_name":"config_audit"}]}}}}}},"400":{"description":"Returned if your request specifies invalid query parameter values.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_JSON_BODY","reason":"Query decoding Instant failed: Text '2019-06-24T19:48:00' could not be parsed at index 19"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/scans/{scan_id}":{"get":{"summary":"Get scan details","description":"Returns scan details.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-details","tags":["Scans"],"parameters":[{"in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the scan for which you want to view details."}],"responses":{"200":{"description":"Returns scan details.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Scan"},"examples":{"response":{"value":{"scan_id":"7f2fc25a-bdd8-4ad4-91dd-b9563ed69560","user_id":"53e1d711-f18f-4a75-a86e-1c47bccff1b7","config_id":"a772daba-3d6d-412c-8ee0-3279b19650b2","target":"http://192.0.2.119","created_at":"2020-02-05T23:11:49.342Z","updated_at":"2020-02-05T23:22:15.510Z","requested_action":"start","status":"completed","metadata":{"queued_urls":0,"scan_status":"stopping","crawled_urls":1,"queued_pages":0,"audited_pages":1,"request_count":74,"response_time":0}}}}}}},"400":{"description":"Returned if your request specifies an invalid scan ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified scan.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}},"patch":{"summary":"Update scan status","description":"Update the `requested_action` attribute for a scan. The requested action must be valid for the scan's current status. For example, you can stop a scan if it has a status of `running`. Otherwise, Tenable.io Web Application Scanning returns a 409 reponse code. This request creates an asynchronous update job.
Requires SCAN OPERATOR [24] user permissions and CAN EXECUTE [32] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-status-update","tags":["Scans"],"parameters":[{"in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the scan for which you want to update status."}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["requested_action"],"properties":{"requested_action":{"type":"string","description":"The action to apply to the scan. The only supported action is `stop`.","enum":["stop"],"example":"stop"}}}}}},"responses":{"202":{"description":"Returned if Tenable.io Web Application Scanning successfully creates an update job.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"404":{"description":"Returned if Tenable.io Web Application Scanning cannot find the specified scan.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"409":{"description":"Returned if the requested action update is invalid for the current scan status.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_ALLOWED","reason":"Can't update scan '6453b06e-116f-431d-9f94-945bfaae0bfb' with status 'Stopped'"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}},"delete":{"summary":"Delete scan","description":"Removes the specified scan and all vulnerabilities it detected. This request creates an asynchronous deletion job.
Requires SCAN MANAGER [40] user permissions and CAN EDIT [64] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-delete","tags":["Scans"],"parameters":[{"in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"},"description":"The UUID of the scan for which you want to delete."}],"responses":{"202":{"description":"Returned if Tenable.io Web Application Scanning successfully creates the deletion job.","content":{"application/json":{"examples":{"response":{"value":{}}}}}},"404":{"description":"Returned if Tenable.io cannot find the specified scan.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_FOUND","reason":"Resource with ID 'b29f198c-eac6-4107-b046-c621f542cd39' not found"}]}}}}}},"409":{"description":"Returned if you attempt to delete a running scan.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"NOT_ALLOWED","reason":"Can't delete scan '33e6fb4f-ea5a-4141-b564-0c95adbecc3d' with status 'Running'"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/scans/{scan_id}/notes":{"get":{"summary":"Get scan notes","description":"Returns a list of notes for the specified scan.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-notes-list","parameters":[{"description":"The UUID of the scan for which you want to view notes.","in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"}},{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/offset"},{"$ref":"#/components/parameters/sort"}],"tags":["Scans"],"responses":{"200":{"description":"A list of scan notes for the requested scan.","content":{"application/json":{"schema":{"type":"object","required":["pagination","items"],"properties":{"pagination":{"$ref":"#/components/schemas/PaginationResponse","type":"object"},"items":{"type":"array","description":"A list of scan notes.","items":{"$ref":"#/components/schemas/ScanNote"}}}},"examples":{"response":{"value":{"pagination":{"total":1,"offset":0,"limit":10,"sort":[{"name":"created_at","order":"desc"}]},"items":[{"scan_note_id":"79c83486-d589-4568-9bdb-5cdccc315ccb","scan_id":"e51094c7-ebe2-4296-a978-ba2563d0cb66","created_at":"2020-04-07T00:17:37Z","severity":"high","title":"Authentication Failed","message":"The scanner was unable to authenticate to the web application using the given options."}]}}}}}},"400":{"description":"Returned if your request specifies an invalid scan UUID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"403":{"description":"Returned if you do not have permissions for the scan. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/scans/{scan_id}/vulnerabilities/search":{"post":{"summary":"Search vulnerabilities for scan","description":"Returns a list of vulnerabilities for the specified scan.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-details-vulns-search","parameters":[{"description":"The UUID of the scan for which you want to view vulnerabilities.","in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"}},{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/offset"},{"$ref":"#/components/parameters/sort"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/AppliedFilters-VulnerabilitiesByScan"},{"title":"Multiple Filters","type":"object","properties":{"AND":{"type":"array","description":"An array of filters that must all be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-VulnerabilitiesByScan"}},"OR":{"type":"array","description":"An array of filters where at least one must be satisfied.","items":{"$ref":"#/components/schemas/AppliedFilters-VulnerabilitiesByScan"}}}}]}}}},"tags":["Scans"],"responses":{"200":{"description":"A list of scan vulnerabilities for the requested scan.","content":{"application/json":{"schema":{"type":"object","required":["pagination","items"],"properties":{"pagination":{"$ref":"#/components/schemas/PaginationResponse","type":"object"},"items":{"type":"array","description":"A list of vulnerabilities.","items":{"$ref":"#/components/schemas/Vulnerability"}}}},"examples":{"response":{"value":{"pagination":{"total":30,"offset":0,"limit":10,"sort":[{"name":"created_at","order":"desc"}]},"items":[{"vuln_id":"3072f8d9-a0c2-443f-bca8-b47e63ebaa80","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98009,"created_at":"2020-02-05T23:25:31Z","uri":"http://192.0.2.119","is_page":false,"details":{"input_name":null,"input_type":null,"output":"The scan has discovered 23 distinct URLs, 11 of which are in the target scope.\n\nFrom these 11 URLs, 21 have been effectively crawled.\n\nResponse times ranged between 0.003519s and 0.143464s.\n\nHere is the distribution of URL types for this web application:\n- 11 as \"text/html\"\n- 1 as \"text/css\"\n- 2 as \"text/javascript\"\n- 3 as \"image/png\"\n- 4 as \"image/jpeg\"\n\nYou can access the complete list of URLs with the information collected by the scan as an attachment to this plugin.","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[{"attachment_id":"b13a9fb5-cb0d-47d8-a6c1-063fbe6f8250","created_at":"2020-02-05T23:25:33.740Z","attachment_name":"sitemap.csv","md5":"md5:b2e06491f801f7f5b5f229bbf6efd7e9","file_type":"text/plain","size":0}]},{"vuln_id":"a1dc9d88-44de-4f5c-9258-3dbb02baa010","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98000,"created_at":"2020-02-05T23:25:31Z","uri":"http://192.0.2.119","is_page":false,"details":{"input_name":null,"input_type":null,"output":"\nEngine Version 0.41.0_INIT_SITEMAP_SNAPSHOT-6\nScan ID 7f3428c5-0f5a-4812-a728-fffbcbf7c132\n\nStart Time 2020-02-05 23:23:36 +0000\nDuration 00:01:52\n\nRequests 664\nRequests/s 59.2445\nMean Response Time 0.0542s\n\nBandwidth Usage\n- Data to Target 200 KB\n- Data from Target 546 KB\n\nNetwork TimeOuts 0\nBrowser TimeOuts 0\nProtocols HTTP/HTTPs\n\nAuthentication\n- None\n\nPlugins Included:\n- 98000 \"Scan Information\"\n- 98003 \"OS Detection\"\n- 98009 \"Web Application Sitemap\"\n- 98019 \"Network Timeout Encountered\"\n- 98024 \"HTTP Server Authentication Detected\"\n- 98025 \"HTTP Server Authentication Succeeded\"\n- 98026 \"HTTP Server Authentication Failed\"\n- 98033 \"Login Form Detected\"\n- 98034 \"Login Form Authentication Failed\"\n- 98035 \"Login Form Authentication Succeeded\"\n- 98043 \"Scan logged-out intermittently\"\n- 98044 \"Scan aborted after being logged out\"\n- 98050 \"Interesting response\"\n- 98056 \"Missing HTTP Strict Transport Security Policy\"\n- 98057 \"Insecure 'Access-Control-Allow-Origin' header\"\n- 98059 \"Technologies Detected\"\n- 98060 \"Missing 'X-Frame-Options' Header\"\n- 98062 \"Cookie set for parent domain\"\n- 98063 \"Cookie Without HttpOnly Flag Detected\"\n- 98064 \"Cookie Without Secure Flag Detected\"\n- 98077 \"Private IP address disclosure\"\n- 98078 \"E-mail address disclosure\"\n- 98079 \"CVS/SVN user disclosure\"\n- 98080 \"Form-based File Upload\"\n- 98081 \"Password field with auto-complete\"\n- 98082 \"Unencrypted password form\"\n- 98083 \"CAPTCHA Detection\"\n- 98084 \"Directory Listing\"\n- 98091 \"Mixed Resource Detection\"\n- 98092 \"HTML Object\"\n- 98129 \"Credit card number disclosure\"\n- 98136 \"Target Information\"\n- 98137 \"Scan aborted after too many timeouts\"\n- 98138 \"Screenshot\"\n- 98139 \"Cookie Authentication Succeeded\"\n- 98140 \"Cookie Authentication Failed\"\n- 98141 \"Selenium Authentication Succeeded\"\n- 98142 \"Selenium Authentication Failed\"\n- 98143 \"Selenium Crawl Succeeded\"\n- 98145 \"Selenium Crawl Failed\"\n- 98526 \"Missing Feature Policy\"\n- 98527 \"Missing Referrer Policy\"\n- 98611 \"Error Message\"\n- 98612 \"Missing 'Expect-CT' Header\"\n- 98615 \"Basic Authentication Without HTTPS\"\n- 98618 \"HTTP Header Information Disclosure\"\n- 98647 \"Missing Subresource Integrity (SRI)\"\n- 98648 \"Missing 'Content-Type' Header\"\n- 98649 \"Invalid Subresource Integrity\"\n- 98715 \"Permissive HTTP Strict Transport Security Policy Detected\"\n- 98772 \"XHR Detection\"\n- 112526 \"Missing 'X-XSS-Protection' Header\"\n- 112527 \"Disabled 'X-XSS-Protection' Header\"\n- 112529 \"Missing 'X-Content-Type-Options' Header\"\n- 112550 \"Full Path Disclosure\"\n- 112551 \"Missing Content Security Policy\"\n- 112552 \"Deprecated Content Security Policy\"\n- 112553 \"Missing 'Cache-Control' Header\"\n- 112554 \"Permissive Content Security Policy Detected\"\n- 112555 \"Report Only Content Security Policy Detected\"\n- 115540 \"Cookie Without SameSite Flag Detected\"","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"8cc6151b-c26d-4904-99b6-2526b63a516e","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98059,"created_at":"2020-02-05T23:25:31Z","uri":"http://192.0.2.119","is_page":false,"details":{"input_name":null,"input_type":null,"output":"The framework has detected the following technologies in the target application:\n\n- Bootstrap (v3.3.5)\n- jQuery (v2.1.3)\n- PHP (v5.3.3)\n- Apache (v2.2.15)","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[{"attachment_id":"97cd4d98-1ab9-46f4-b405-f4e31a20ddc4","created_at":"2020-02-05T23:25:33.641Z","attachment_name":"technologies.csv","md5":"md5:99ec79c6a05d25316f75caa93692ecda","file_type":"text/plain","size":0}]},{"vuln_id":"c345437b-a4e8-4e56-bdfe-9fadff9d6490","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98078,"created_at":"2020-02-05T23:25:28Z","uri":"http://192.0.2.119","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Number of Email Addresses Collected: 1\n\nListed below are each email address and the number of URLs where the email address has been found:\njane.doe@example.com found on 4 URLs \n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":"(?i-mx:(https?:\\/\\/)?([A-Za-z0-9]*:)?([A-Z0-9._%+-]+(?:@|\\s*\\[at\\]\\s*)[A-Z0-9.-]+(?:\\.|\\s*\\[dot\\]\\s*)[A-Z]{2,4}))","request":null,"response":null},"attachments":[{"attachment_id":"f6f09764-405d-4f2d-a702-6a1e2416559d","created_at":"2020-02-05T23:25:33.639Z","attachment_name":"emails.csv","md5":"md5:f98d48f3b1f07becbe9a3911d2759767","file_type":"text/plain","size":0}]},{"vuln_id":"3015b090-2eea-4fe5-9f81-49677ebf1505","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:21Z","uri":"http://192.0.2.119/search.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"6813fc1a-ec08-44f7-b237-a15195fe657c","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:17Z","uri":"http://192.0.2.119/Privacy.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"971fdb37-4572-4a92-84a6-bc2a36ee6a6c","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:14Z","uri":"http://192.0.2.119/TermsOfService.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"371474e0-eace-4c86-8f6b-aa3a8e013f33","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:10Z","uri":"http://192.0.2.119/information/stockTrading.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"2519c22d-5763-432e-8ad1-cbf37df69b9b","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:06Z","uri":"http://192.0.2.119/information/corpBusiness.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]},{"vuln_id":"e08d4b20-6075-42a5-9eba-b2a3071588d3","scan_id":"7f3428c5-0f5a-4812-a728-fffbcbf7c132","plugin_id":98647,"created_at":"2020-02-05T23:24:02Z","uri":"http://192.0.2.119/information/smallBusinessBanking.php","is_page":false,"details":{"input_name":null,"input_type":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \n\n\n","proof":null,"payload":null,"selector":null,"selector_url":null,"signature":null,"request":null,"response":null},"attachments":[]}]}}}}}},"400":{"description":"Returned if your request specifies an invalid scan UUID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"},"examples":{"response":{"value":{"reasons":[{"code":"INVALID_ID_FORMAT","reason":"The provided ID of '10-ABC' must be UUID type"}]}}}}}},"403":{"description":"Returned if you do not have permissions for the scan. For more information, see [Permissions](doc:permissions).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n
\n

429 Too Many Requests

\n
\n
\n
nginx
\n\n\n"}}}}}}}},"/was/v2/scans/{scan_id}/report":{"put":{"summary":"Export scan results","description":"Generates a scan report for the specified scan.
Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
","operationId":"was-v2-scans-export","parameters":[{"description":"The UUID of the scan for which you want to generate a report.","in":"path","name":"scan_id","required":true,"schema":{"type":"string","format":"uuid"}},{"description":"The format you want the report returned in. You can request reports in one of the following formats: