{"openapi":"3.0.3","info":{"title":"Exposure Management","version":"1.0.0","license":{"name":"Exposure Management"}},"servers":[{"url":"https://cloud.tenable.com"}],"tags":[{"name":"Attack Path","description":"The Tenable Attack Path API enables users to retrieve details about attack path findings and attack path vectors. A Finding is an attack technique that exists in one or more attack paths that lead to one or more critical assets. The Findings tab in Attack Path Analysis takes your data and pairs it with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which enables you to understand and act on the unknowns that enable and amplify threat impact on your assets and information. For more information about findings, see [Attack Path](https://docs.tenable.com/exposure-management/Content/exposure-management/attack-path/attack-path.htm) in the _Tenable Exposure Management User Guide._","x-displayName":"Attack Path"},{"name":"Attack Path Exports","description":"The Tenable Attack Path Exports API enables users to export top attack paths and attack technique data in JSON or CSV format. For more information about attack paths and attack techniques, see [Attack Path](https://docs.tenable.com/exposure-management/Content/exposure-management/attack-path/attack-path.htm) in the _Tenable Exposure Management User Guide_.","x-displayName":"Attack Path Exports"},{"name":"Exposure View","description":"The Tenable Exposure View API enables users to search Tenable Exposure view for their organization's cards or retrieve the details for a specified card. For more information about Exposure View, see [Exposure View](https://docs.tenable.com/exposure-management/Content/exposure-management/exposure-view/exposure-view.htm) in the _Tenable Exposure Management User Guide_.","x-displayName":"Exposure View"},{"name":"Inventory","description":"The Tenable Inventory API enables users to search for their organization's assets and the software installed on those assets. Additionally, API endpoints are provided to retrieve a list of asset and software properties that can be used as filters on endpoints that support them. For more information, see [Inventory](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/inventory.htm) in the _Tenable Exposure Management User Guide_.","x-displayName":"Inventory"},{"name":"Inventory Exports","description":"The Tenable Inventory Exports API enables users to export inventory assets and findings in JSON or CSV format. For more information about exporting assets and findings from Tenable Exposure Management, see [Assets](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/assets.htm) and [Findings](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/findings.htm) in the _Tenable Exposure Management User Guide_.","x-displayName":"Inventory Exports"},{"name":"Tags","description":"The Tenable Exposure Management tags API enables users to search for their organization's tags. Additionally, API endpoints are provided to retrieve a list of asset and tag properties that can be used as filters on endpoints that support them. For more information, see [Tagging](https://docs.tenable.com/exposure-management/Content/exposure-management/tagging/tagging.htm) in the _Tenable Exposure Management User Guide_.","x-displayName":"Tags"}],"paths":{"/api/v1/t1/apa/top-attack-paths/search":{"post":{"summary":"Search attack paths","description":"Returns a list of the top attack paths leading to critical assets. The response includes details about each attack path, such as associated techniques, nodes, and metadata. This endpoint enables you to use advanced search capabilities, including filtering, sorting, and pagination.\n\n**Note:** Attack paths inherit their status from underlying techniques. To prioritize active threats, the system excludes the following statuses by default:\n- `chain_prevented` — The attack chain is partially fixed.\n- `accepted` — The risk is accepted.\n- `done` — Remediation is complete.\n\nTo retrieve all paths regardless of status, set the `exclude_resolved` parameter to `false`.\n\nFor more information, see [Top Attack Paths](https://docs.tenable.com/exposure-management/Content/attack-path/top-attack-paths.htm) in the _Exposure Management User Guide_. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.QUERY.SEARCH` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-attack-paths-search","tags":["Attack Path"],"parameters":[{"name":"limit","description":"The number of attack path records to retrieve. If omitted, the default value is `1000`. The minimum value is `100` and the maximum value is `10000`.","required":false,"in":"query","schema":{"type":"integer","default":1000,"minimum":100,"maximum":10000}},{"name":"offset","description":"The number of records to skip for offset-based pagination. If omitted, the default value is `0`.","required":false,"in":"query","schema":{"type":"integer","default":0,"minimum":0}},{"name":"sort","description":"The property and direction to sort the results by, in the format `property:direction`. For example: `name:asc`, `priority:desc`, or `path_status:asc`. \n\nSupported properties for sorting include `name`, `priority`, and `path_status`.","required":false,"in":"query","schema":{"type":"string","pattern":"^[a-zA-Z_]+:(asc|desc)$"},"example":"priority:desc"},{"name":"run_ai_summarization","description":"Indicates whether or not to run the AI summarization for missing paths. \n\nGenerative AI enables users to better understand attack paths and their associated risk, and it provides additional insight into the assets affected by the attack paths. \n\nNote that enabling the AI summarization results in slower response times.","required":false,"in":"query","schema":{"type":"string","enum":["true","false"],"default":"false"}},{"name":"exclude_resolved","description":"Excludes resolved attack paths from the results. When `true` (default), the system filters out paths with the following `path_status` values:\n\n* `done` — Remediation is complete.\n* `chain_prevented` — The attack chain is partially broken.\n* `accepted` — The risk is accepted.\n\nSet to `false` to include all attack paths regardless of status.","required":false,"in":"query","schema":{"type":"boolean","default":true}}],"requestBody":{"description":"Filter conditions for searching attack paths. Filter operators can include nested conditions and operators to create complex filtering logic.","required":false,"content":{"application/json":{"schema":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Attack-Path-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Attack-Path-Multiple-Filters"}]},"examples":{"high_priority_filter":{"summary":"Filter for high-priority attack paths","description":"This filter enables you to isolate attack paths that pose the greatest risk by targeting those with a priority score of 8 or higher that lead to critical assets.","value":{"operator":"AND","value":[{"property":"priority","operator":"gte","value":8},{"property":"critical_asset","operator":"eq","value":true}]}},"path_status_filter":{"summary":"Filter by actionable path status","description":"This filter enables you to retrieve actionable attack paths (to_do, in_progress, in_review). By default, the system excludes the following statuses:\n- `done` — Remediation is complete.\n- `chain_prevented` — The attack chain is broken.\n- `accepted` — The risk is accepted.","value":{"property":"path_status","operator":"in","value":["to_do","in_progress","in_review"]}}}}}},"responses":{"200":{"description":"Returned if the attack path search results were retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_DiscoverPageTableResponse"},"examples":{"response":{"summary":"Sample response with attack paths","description":"Example response showing attack paths with detailed information","value":{"data":[{"vectorId":"vec_123","name":"High Priority Attack Path","priority":9,"path":{"nodes":[{"name":"Source Asset","full_name":"source.example.com","asset_id":"asset-123","id":1001,"labels":["Computer","WindowsObject"]},{"name":"Target Asset","full_name":"target.example.com","asset_id":"asset-456","id":1002,"labels":["Computer","CriticalAsset"]}],"relationships":[{"type":"ATTACKS","source":1001,"target":1002}]},"techniques":[{"name":"Initial Access","full_name":"Initial Access Technique","asset_id":"asset-123","id":2001,"labels":["Procedure"],"procedure_uuid":"uuid-123"}],"summary":"Attack path description showing the route from source to critical asset","firstAES":8,"lastACR":9,"path_status":"to_do"}],"total":1}},"null_path_example":{"summary":"Response with null path field","description":"Example showing when the path field may be null","value":{"data":[{"vectorId":"vec_456","name":"Processing Attack Path","priority":7,"path":null,"techniques":[],"summary":"This attack path is still being processed","firstAES":6,"lastACR":7,"path_status":"in_progress"}],"total":1}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":400,"error":"Bad Request","message":"Invalid limit parameter. Must be between 100 and 10000."}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search attack paths.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Attack_Path_cloud":[]}]}},"/api/v1/t1/apa/top-attack-techniques/search":{"post":{"summary":"Search attack techniques","description":"Returns a paginated list of the top attack techniques identified within your organization that match the specified search criteria. This endpoint supports advanced filtering, sorting, and metadata enrichment, including MITRE ATT&CK framework mappings and recommended mitigations.\n\n**Note:** To prioritize actionable data, this endpoint applies default filters to results:\n- **Excluded Statuses** — `done`, `accepted`\n- **Excluded States** — `archive`\n\nTo retrieve all techniques, including archived or resolved items, set the `exclude_resolved` parameter to `false`.\n\nFor more information, see [Top Attack Techniques](https://docs.tenable.com/exposure-management/Content/attack-path/top-attack-techniques.htm) in the _Exposure Management User Guide_. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.QUERY.SEARCH` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-attack-techniques-search","tags":["Attack Path"],"parameters":[{"name":"limit","description":"The number of attack technique records to retrieve. If omitted, the default value is `1000`. The minimum value is `100` and the maximum value is `10000`.","required":false,"in":"query","schema":{"type":"integer","default":1000,"minimum":100,"maximum":10000}},{"name":"offset","description":"The number of records to skip for offset-based pagination. If omitted, the default value is `0`.","required":false,"in":"query","schema":{"type":"integer","default":0,"minimum":0}},{"name":"sort","description":"The property and direction to sort the results by, in the format `property:direction`. For example: `name:asc` or `priority:desc`. \n\nSupported properties for sorting include `last_updated_at`, `priority`, `mitre_id`, `name`, `technique_name`, `status`, `state`, and `vector_ount`.","required":false,"in":"query","schema":{"type":"string","pattern":"^[a-zA-Z_]+:(asc|ASC|ascending|ASCENDING|Ascending|desc|DESC|descending|DESCENDING|Descending)$"},"example":"priority:desc"},{"name":"exclude_resolved","description":"Excludes resolved attack techniques from the results. When `true` (default), the system filters out techniques with the following values:\n\n* Status — `done`, `accepted` \n* State — `archive` \n\nSet to `false` to include all techniques regardless of status or state.","required":false,"in":"query","schema":{"type":"boolean","default":true}}],"requestBody":{"description":"Filter conditions for searching attack techniques. Filter operators can include nested conditions and operators to create complex filtering logic.","required":false,"content":{"application/json":{"schema":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Attack-Technique-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Attack-Technique-Multiple-Filters"}]},"examples":{"priority_filter":{"summary":"Filter by priority","value":{"operator":"==","property":"priority","value":"high"}},"complex_filter":{"summary":"Complex filter with AND operator","value":{"operator":"and","value":[{"operator":"==","property":"priority","value":"high"},{"operator":"==","property":"state","value":"open"}]}},"nested_filter":{"summary":"Nested filter with complex logic (2 levels deep)","value":{"operator":"and","value":[{"operator":"==","property":"priority","value":"high"},{"operator":"or","value":[{"operator":"==","property":"state","value":"open"},{"operator":"==","property":"status","value":"in_progress"}]}]}}}}}},"responses":{"200":{"description":"Returned if the attack technique search results were retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_AttackTechniquesSearchResponse"},"examples":{"response":{"value":{"data":[{"mitre_id":"attack-pattern--1ecfdab8-7d59-4c98-95d4-dc41970f57fc","mitigations":["Privileged Account Management","User Training","Password Policies"],"malwares":["CosmicDuke","IceApple"],"tools":["Impacket","Pupy","CrackMapExec","gsecdump","Mimikatz","LaZagne","AADInternals"],"name":"Remote Desktop Protocol","procedureName":"Network Sniffing-10931","priority":"high","state":"open","status":"to_do","tactics":["Lateral Movement","Persistence"],"target":"ARCHIE","source":"WORKSTATION-01","cause":"Weak Authentication","created":"2024-06-01T10:30:00.000Z","last_updated_at":"2024-06-02T11:29:12.498763Z","serial_id":"RDP-001"}],"pagination":{"total":1,"offset":0,"limit":1000,"sort":{"field":"priority","order":"desc"}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":400,"error":"Bad Request","message":"Invalid limit parameter. Must be between 100 and 10000."}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search attack techniques.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Attack_Path_cloud":[]}]}},"/api/v1/export/attack-path":{"post":{"summary":"Export top attack paths","description":"Submits an export request for top attack paths that match the specified search criteria. Returns an export ID used to check the status of the export and download the results. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.EXPORT.MANAGE_OWN` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-export-attack-path","tags":["Attack Path Exports"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_Request-Export-Attack-Paths"},"examples":{"basic_export":{"summary":"Export vectors as CSV","value":{"file_format":"CSV","sort":{"property":"priority","direction":"desc"}}},"filtered_export":{"summary":"Export specific vectors with filter","value":{"file_format":"JSON","filters":{"operator":"and","value":[{"property":"priority","operator":"eq","value":"critical"}]},"vector_ids":["CC5A96068E61D0B1E5DB5D1FD9394813"],"columns":["path_name","priority","sequence_chain"]}}}}}},"responses":{"202":{"description":"Returned if the attack path export request was successfully queued.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ExportRequestId"},"examples":{"response":{"value":{"export_id":"7f58afba-3d63-4c6d-9693-9554497ea0f9"}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Invalid file_format. Must be CSV or JSON.","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to export attack paths.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}},"503":{"description":"Returned if the attack path export feature is not enabled for your account.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":503,"error":"Service Unavailable","message":"Attack path export is not enabled for this account."}}}}}}},"security":[{"Attack_Path_Exports_cloud":[]}]}},"/api/v1/export/attack-technique":{"post":{"summary":"Export attack techniques","description":"Submits an export request for attack technique data that matches the specified search criteria. Returns an export ID used to check the status of the export and download the results. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.EXPORT.MANAGE_OWN` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-export-attack-technique","tags":["Attack Path Exports"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_Request-Export-Attack-Techniques"},"examples":{"basic_export":{"summary":"Export attack techniques as CSV","value":{"file_format":"CSV","sort":{"property":"priority","direction":"desc"}}},"filtered_export":{"summary":"Export specific attack techniques with filter","value":{"file_format":"JSON","filters":{"operator":"==","key":"priority","value":"high"},"attack_technique_ids":["technique-id-1","technique-id-2"]}}}}}},"responses":{"202":{"description":"Returned if the attack technique export request was successfully queued.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ExportRequestId"},"examples":{"response":{"value":{"export_id":"a1b2c3d4-e5f6-7890-abcd-ef1234567890"}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Invalid file_format. Must be CSV or JSON.","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to export attack techniques.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}},"503":{"description":"Returned if the attack path export feature is not enabled for your account.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":503,"error":"Service Unavailable","message":"Attack path export is not enabled for this account."}}}}}}},"security":[{"Attack_Path_Exports_cloud":[]}]}},"/api/v1/export/{export_id}/status":{"get":{"summary":"Get export status","description":"Retrieves the current status of an attack path or attack technique export request. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.EXPORT.MANAGE_OWN` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-export-status","tags":["Attack Path Exports"],"parameters":[{"description":"Specifies the unique identifier (UUID) of the export request.","explode":false,"in":"path","name":"export_id","required":true,"schema":{"type":"string"},"style":"simple"}],"responses":{"200":{"description":"Returned if the status of the specified export request was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_Response-Export-Status"},"examples":{"queued":{"summary":"Export is queued","value":{"export_id":"7f58afba-3d63-4c6d-9693-9554497ea0f9","status":"QUEUED","submitted_at":"2025-07-23T22:15:25.849Z","last_refreshed_at":"2025-07-23T22:15:25.849Z"}},"finished":{"summary":"Export is finished","value":{"export_id":"7f58afba-3d63-4c6d-9693-9554497ea0f9","status":"FINISHED","submitted_at":"2025-07-23T22:15:25.849Z","last_refreshed_at":"2025-07-23T22:15:27.305Z"}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the export status.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"}}}},"404":{"description":"Returned if specified export request was not found.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"The request with id 1697e68f-7e14-41ad-9146-f2e08bd59296 was not found","status":404}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}},"503":{"description":"Returned if the attack path export feature is not enabled for your account.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":503,"error":"Service Unavailable","message":"Attack path export is not enabled for this account."}}}}}}},"security":[{"Attack_Path_Exports_cloud":[]}]}},"/api/v1/export/{export_id}/download":{"get":{"summary":"Download export","description":"Downloads the results of a completed attack path or attack technique export request. The response format depends on the `file_format` specified in the original export request. Requires the Basic [16] user role or the `ATTACK_PATH_ANALYSIS.EXPORT.MANAGE_OWN` custom role privilege. See [Roles](doc:roles) and [Permissions](doc:permissions).
","operationId":"apa-export-download","tags":["Attack Path Exports"],"parameters":[{"description":"Specifies the unique identifier (UUID) of the export request.","explode":false,"in":"path","name":"export_id","required":true,"schema":{"type":"string"},"style":"simple"}],"responses":{"200":{"description":"Returned if the specified export file was retrieved successfully.","content":{"application/octet-stream":{"schema":{"oneOf":[{"title":"Attack Path Export (JSON)","description":"The response model for attack path exports in JSON format.","type":"array","items":{"$ref":"#/components/schemas/Attack_Path_Exports_AttackPathExportRecord"}},{"title":"Attack Path Export (CSV)","description":"For the CSV response model of attack path exports, see the example CSV response.","type":"string"},{"title":"Attack Technique Export (JSON)","description":"The response model for attack technique exports in JSON format.","type":"array","items":{"$ref":"#/components/schemas/Attack_Path_Exports_AttackTechniqueExportRecord"}},{"title":"Attack Technique Export (CSV)","description":"For the CSV response model of attack technique exports, see the example CSV response.","type":"string"}]},"examples":{"Attack Path Export (JSON)":{"value":[{"path_name":"Domain Admin Compromise via Kerberoasting","priority_rating":"Critical","source_nes":8.5,"target_acr":9.2,"sequence_chain":"Workstation-01 → Kerberoasting (T1558.003) → DC-01","enablers":"Weak service account password; SPN configured on privileged account","asset_ids":"a1b2c3d4-0001-0001-0001-000000000001;a1b2c3d4-0001-0001-0001-000000000002"},{"path_name":"Lateral Movement to File Server","priority_rating":"High","source_nes":7.1,"target_acr":8,"sequence_chain":"Laptop-05 → Pass-the-Hash (T1550.002) → FileServer-02","enablers":"Cached credentials; Local admin reuse","asset_ids":"a1b2c3d4-0002-0002-0002-000000000001;a1b2c3d4-0002-0002-0002-000000000002"}]},"Attack Path Export (CSV)":{"value":"path_name,priority_rating,source_nes,target_acr,sequence_chain,enablers,asset_ids\nDomain Admin Compromise via Kerberoasting,Critical,8.5,9.2,Workstation-01 → Kerberoasting (T1558.003) → DC-01,Weak service account password; SPN configured on privileged account,a1b2c3d4-0001-0001-0001-000000000001;a1b2c3d4-0001-0001-0001-000000000002\nLateral Movement to File Server,High,7.1,8.0,Laptop-05 → Pass-the-Hash (T1550.002) → FileServer-02,Cached credentials; Local admin reuse,a1b2c3d4-0002-0002-0002-000000000001;a1b2c3d4-0002-0002-0002-000000000002"},"Attack Technique Export (JSON)":{"value":[{"mitre_id":"T1558.003","technique_name":"Kerberoasting","priority":"Critical","status":"To Do","state":"Open","through":"Weak service account password","source_names":"Workstation-01;Laptop-05","source_classes":"Windows;Windows","source_ids":"a1b2c3d4-0001-0001-0001-000000000001;a1b2c3d4-0002-0002-0002-000000000001","target_names":"DC-01;DC-02","target_classes":"Windows;Windows","target_ids":"a1b2c3d4-0001-0001-0001-000000000002;a1b2c3d4-0003-0003-0003-000000000001","tactics":"Credential Access","data_sources":"Active Directory","top_attack_path_count":5,"critical_assets_count":3}]},"Attack Technique Export (CSV)":{"value":"mitre_id,technique_name,priority,status,state,through,source_names,source_classes,source_ids,target_names,target_classes,target_ids,tactics,data_sources,top_attack_path_count,critical_assets_count\nT1558.003,Kerberoasting,Critical,To Do,Open,Weak service account password,Workstation-01;Laptop-05,Windows;Windows,a1b2c3d4-0001-0001-0001-000000000001;a1b2c3d4-0002-0002-0002-000000000001,DC-01;DC-02,Windows;Windows,a1b2c3d4-0001-0001-0001-000000000002;a1b2c3d4-0003-0003-0003-000000000001,Credential Access,Active Directory,5,3"}}}}},"204":{"description":"Returned if the specified export is not yet ready for download."},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to download exports.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"}}}},"404":{"description":"Returned if the specified export request was not found.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"The request with id 7d8a71b1-3cab-4768-8905-0040917ad451 was not found","status":404}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}},"503":{"description":"Returned if the attack path export feature is not enabled for your account.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Attack_Path_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":503,"error":"Service Unavailable","message":"Attack path export is not enabled for this account."}}}}}}},"security":[{"Attack_Path_Exports_cloud":[]}]}},"/api/v1/t1/exposure-view/cards":{"get":{"summary":"Search cards","description":"Returns a list of exposure view cards based on your search criteria. \n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `TONE_UI.TONE_EXPOSURE_CARD.READ`, `LUMIN_EXPOSURE_VIEW.EXPOSURE_CARD.READ`, and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"exposure-view-cards-search","tags":["Exposure View"],"parameters":[{"name":"is_global_card","description":"Indicates whether or not to return Tenable-provided global cards or user-created custom cards. \n\nIf `true`, only Tenable-provided global cards are returned. If `false`, only user-created custom cards are returned. If this parameter is omitted, Tenable Exposure Management returns all cards.","explode":true,"in":"query","required":false,"schema":{"type":"boolean"},"style":"form"},{"name":"text_query","description":"Filters the results by card name.","explode":true,"in":"query","required":false,"schema":{"type":"string"},"style":"form"},{"name":"sorting_order","description":"The order to sort the results by, either ascending (`asc`) or descending (`desc`).","explode":true,"in":"query","required":false,"schema":{"default":"asc","enum":["asc","desc"],"type":"string"},"style":"form"},{"name":"limit","description":"The number of card records to retrieve. The maximum value is `25`. If this parameter is omitted, Tenable Exposure Management uses the default value of `25`.","explode":true,"in":"query","required":false,"schema":{"default":25,"maximum":25,"minimum":1,"type":"integer"},"style":"form"},{"description":"The starting record to retrieve. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","explode":true,"in":"query","name":"offset","required":false,"schema":{"default":0,"minimum":0,"type":"integer"},"style":"form"}],"responses":{"200":{"description":"Returned if the list of exposure view cards was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_Response-Search-Cards"},"examples":{"response":{"value":{"data":[{"id":"12345","name":"Example Card","card_type":"GLOBAL","is_global_card":true,"ces_score":{"score":85,"grade":"A"},"sla_percentage":95,"ces_trend":[{"date":"2023-10-01T00:00:00Z","ces_score":80}],"tag_count":5,"exposure_class":["ALL","IDENTITY"],"created_at":"2023-10-01T12:00:00Z","updated_at":"2023-10-02T12:00:00Z","last_data_update_date":"2023-10-02T12:00:00Z","sources":["AWS","AZURE"]},{"id":"2ea46426-7ca3-4fe6-85c3-c16eb2ccd94b","name":"supercustom","card_type":"CUSTOM","is_global_card":false,"tag_count":0,"created_at":"2025-05-02T20:25:05.247Z","updated_at":"2025-06-10T15:35:17.499Z","ces_score":{"score":0,"grade":"A"},"sla_percentage":16.3728,"ces_trend":[{"date":"2025-05-28T00:00:00.000Z","ces_score":154},{"date":"2025-05-29T00:00:00.000Z","ces_score":154},{"date":"2025-05-30T00:00:00.000Z","ces_score":154},{"date":"2025-05-31T00:00:00.000Z","ces_score":154},{"date":"2025-06-01T00:00:00.000Z","ces_score":154},{"date":"2025-06-02T00:00:00.000Z","ces_score":481},{"date":"2025-06-03T00:00:00.000Z","ces_score":481},{"date":"2025-06-04T00:00:00.000Z","ces_score":481},{"date":"2025-06-05T00:00:00.000Z","ces_score":481},{"date":"2025-06-06T00:00:00.000Z","ces_score":481},{"date":"2025-06-07T00:00:00.000Z","ces_score":481},{"date":"2025-06-08T00:00:00.000Z","ces_score":481},{"date":"2025-06-09T00:00:00.000Z","ces_score":481},{"date":"2025-06-10T00:00:00.000Z","ces_score":0},{"date":"2025-06-11T00:00:00.000Z","ces_score":0},{"date":"2025-06-12T00:00:00.000Z","ces_score":0},{"date":"2025-06-13T00:00:00.000Z","ces_score":0},{"date":"2025-06-14T00:00:00.000Z","ces_score":0},{"date":"2025-06-15T00:00:00.000Z","ces_score":0},{"date":"2025-06-16T00:00:00.000Z","ces_score":0},{"date":"2025-06-17T00:00:00.000Z","ces_score":0},{"date":"2025-06-18T00:00:00.000Z","ces_score":0},{"date":"2025-06-19T00:00:00.000Z","ces_score":0},{"date":"2025-06-20T00:00:00.000Z","ces_score":0},{"date":"2025-06-21T00:00:00.000Z","ces_score":0},{"date":"2025-06-22T00:00:00.000Z","ces_score":0},{"date":"2025-06-23T00:00:00.000Z","ces_score":0},{"date":"2025-06-24T00:00:00.000Z","ces_score":0},{"date":"2025-06-25T00:00:00.000Z","ces_score":0},{"date":"2025-06-26T00:00:00.000Z","ces_score":0},{"date":"2025-06-27T00:00:00.000Z","ces_score":0},{"date":"2025-06-28T00:00:00.000Z","ces_score":0}],"exposure_class":["WAS","VM"],"last_data_update_date":"2025-06-28T20:32:23.493Z"}],"pagination":{"offset":0,"limit":10,"total_record_count":2}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse"},"examples":{"response":{"value":{"error":"Bad Request","message":"The requested limit size exceeds the maximum limit of 25"}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search exposure view cards."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Exposure_View_cloud":[]}]}},"/api/v1/t1/exposure-view/cards/{card_id}":{"get":{"summary":"Get card details","description":"Retrieves details for the specified exposure view card. By default, the response includes SLA efficiency and trend data for the past 30 days. You can modify the time frame using optional parameters. \n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `TONE_UI.TONE_EXPOSURE_CARD.READ`, `LUMIN_EXPOSURE_VIEW.EXPOSURE_CARD.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"exposure-view-card-details","tags":["Exposure View"],"parameters":[{"name":"card_id","description":"The unique ID of the card to retrieve details for.","explode":false,"in":"path","required":true,"schema":{"type":"string"},"style":"simple"},{"name":"trend_start_date","description":"The start date for trend data. Use this parameter in combination with the `trend_end_date` parameter to define the time frame for the trend data. \n\nThe date must be specified as a UTC timestamp in ISO 8601 format (e.g., `2025-06-28T00:00:00.000Z`).","explode":true,"in":"query","required":false,"schema":{"description":"Start date for trend data in ISO 8601 format, UTC timezone","format":"date-time","type":"string"},"style":"form"},{"name":"trend_end_date","description":"The end date for trend data. Use this parameter in combination with the `trend_start_date` parameter to define the time frame for the trend data. \n\nThe date must be specified as a UTC timestamp in ISO 8601 format (e.g., `2025-06-28T00:00:00.000Z`).","explode":true,"in":"query","required":false,"schema":{"description":"End date for trend data in ISO 8601 format, UTC timezone","format":"date-time","type":"string"},"style":"form"},{"name":"sla_efficiency_start_date","description":"The start date for SLA efficiency data. Use this parameter in combination with the `sla_efficiency_end_date` parameter to define the time frame for the SLA efficiency. \n\nThe date must be specified as a UTC timestamp in ISO 8601 format (e.g., `2025-06-28T00:00:00.000Z`).","explode":true,"in":"query","required":false,"schema":{"description":"Start date for SLA efficiency data in ISO 8601 format, UTC timezone","format":"date-time","type":"string"},"style":"form"},{"name":"sla_efficiency_end_date","description":"The end date for SLA efficiency data. Use this parameter in combination with the `sla_efficiency_start_date` parameter to define the time frame for the SLA efficiency. \n\nThe date must be specified as a UTC timestamp in ISO 8601 format (e.g., `2025-06-28T00:00:00.000Z`).","explode":true,"in":"query","required":false,"schema":{"description":"End date for SLA efficiency data in ISO 8601 format, UTC timezone","format":"date-time","type":"string"},"style":"form"},{"name":"sla_breakdown_filter","description":"Filter SLA breakdown data by `REMEDIATED`, `NON_REMEDIATED`, or `ANY`.","explode":true,"in":"query","required":false,"schema":{"default":"ANY","enum":["ANY","REMEDIATED","NON_REMEDIATED"],"type":"string"},"style":"form"},{"name":"include_trend_events","description":"Indicates whether or not to include trend events.","explode":true,"in":"query","required":false,"schema":{"default":false,"type":"boolean"},"style":"form"}],"responses":{"200":{"description":"Returned if data for the specified exposure view card was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_Response-Card-Details"},"examples":{"response":{"value":{"id":"2ea46426-7ca3-4fe6-85c3-c16eb2ccd94b","name":"supercustom","card_type":"CUSTOM","is_global_card":false,"ces_scores":{"per_exposure":[],"per_tag":[],"total":{"score":0,"grade":"A"}},"ces_trend":[{"date":"2025-06-21T00:00:00.000Z","ces_score":0},{"date":"2025-06-22T00:00:00.000Z","ces_score":0},{"date":"2025-06-23T00:00:00.000Z","ces_score":0},{"date":"2025-06-24T00:00:00.000Z","ces_score":0},{"date":"2025-06-25T00:00:00.000Z","ces_score":0},{"date":"2025-06-26T00:00:00.000Z","ces_score":0},{"date":"2025-06-27T00:00:00.000Z","ces_score":0},{"date":"2025-06-28T00:00:00.000Z","ces_score":0}],"created_at":"2025-05-02T20:25:05.247Z","updated_at":"2025-06-10T15:35:17.499Z","tag_count":3,"exposures":["WAS","VM"],"sources":[],"last_data_update_date":"2025-06-28T22:32:11.640Z","exposure_classes_details":{"VM":{"score_trend_metric":{"ces_trend":[{"date":"2025-05-29T00:00:00.000Z","ces_score":{"score":124,"grade":"A"}},{"date":"2025-05-30T00:00:00.000Z","ces_score":{"score":124,"grade":"A"}},{"date":"2025-05-31T00:00:00.000Z","ces_score":{"score":124,"grade":"A"}},{"date":"2025-06-01T00:00:00.000Z","ces_score":{"score":124,"grade":"A"}},{"date":"2025-06-02T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-03T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-04T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-05T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-06T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-07T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-08T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-09T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-10T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-11T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-12T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-13T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-14T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-15T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-16T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-17T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-18T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-19T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-20T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-21T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-22T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-23T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-24T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-25T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-26T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-27T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-28T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}}],"target_score":1000,"events":[]},"sla_efficiency":[{"sla_severity_level":"LOW","sla_inside_count":0,"sla_total_count":65,"sla_efficiency":0,"sla_efficiency_target":0},{"sla_severity_level":"MEDIUM","sla_inside_count":0,"sla_total_count":234,"sla_efficiency":0,"sla_efficiency_target":54},{"sla_severity_level":"HIGH","sla_inside_count":0,"sla_total_count":46,"sla_efficiency":0,"sla_efficiency_target":0},{"sla_severity_level":"CRITICAL","sla_inside_count":0,"sla_total_count":52,"sla_efficiency":0,"sla_efficiency_target":73},{"sla_severity_level":"OVERALL","sla_inside_count":0,"sla_total_count":397,"sla_efficiency":0,"sla_efficiency_target":0}],"sla_breakdown":{"risk_distribution":{"risks_inside_sla":{"number_of_risks":0,"percentage_of_total":0},"risks_outside_sla":{"number_of_risks":0,"percentage_of_total":0}},"risk_distribution_in_days":{"inside_sla":397,"outside_sla":0},"exposure_category_breakdown":[{"exposure_class":"VM","contribution_percentage":100}],"top_affecting_tags":[{"id":"40d64a4e-715c-4adc-9731-b957c21b7dae","name":"test"},{"id":"6742deeb-f72b-4cc9-b944-64af6ed02c95","name":"gt1"},{"id":"5ce1f0bd-4133-4fbc-9f1c-69b1ef6d48dc","name":"gt3"}]}},"ALL":{"score_trend_metric":{"ces_trend":[{"date":"2025-05-29T00:00:00.000Z","ces_score":{"score":154,"grade":"A"}},{"date":"2025-05-30T00:00:00.000Z","ces_score":{"score":154,"grade":"A"}},{"date":"2025-05-31T00:00:00.000Z","ces_score":{"score":154,"grade":"A"}},{"date":"2025-06-01T00:00:00.000Z","ces_score":{"score":154,"grade":"A"}},{"date":"2025-06-02T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-03T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-04T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-05T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-06T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-07T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-08T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-09T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-10T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-11T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-12T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-13T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-14T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-15T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-16T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-17T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-18T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-19T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-20T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-21T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-22T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-23T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-24T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-25T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-26T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-27T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-28T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}}],"target_score":202,"events":[]},"sla_efficiency":[{"sla_severity_level":"LOW","sla_inside_count":65,"sla_total_count":65,"sla_efficiency":100,"sla_efficiency_target":0},{"sla_severity_level":"MEDIUM","sla_inside_count":0,"sla_total_count":234,"sla_efficiency":0,"sla_efficiency_target":54},{"sla_severity_level":"HIGH","sla_inside_count":0,"sla_total_count":46,"sla_efficiency":0,"sla_efficiency_target":0},{"sla_severity_level":"CRITICAL","sla_inside_count":0,"sla_total_count":52,"sla_efficiency":0,"sla_efficiency_target":73},{"sla_severity_level":"OVERALL","sla_inside_count":65,"sla_total_count":397,"sla_efficiency":16.3728,"sla_efficiency_target":0}],"sla_breakdown":{"risk_distribution":{"risks_inside_sla":{"number_of_risks":65,"percentage_of_total":16.3727959697733},"risks_outside_sla":{"number_of_risks":65,"percentage_of_total":16.3727959697733}},"risk_distribution_in_days":{"inside_sla":332,"outside_sla":65},"exposure_category_breakdown":[{"exposure_class":"VM","contribution_percentage":100}],"top_affecting_tags":[{"id":"40d64a4e-715c-4adc-9731-b957c21b7dae","name":"test"},{"id":"6742deeb-f72b-4cc9-b944-64af6ed02c95","name":"gt1"},{"id":"5ce1f0bd-4133-4fbc-9f1c-69b1ef6d48dc","name":"gt3"}]}},"WAS":{"score_trend_metric":{"ces_trend":[{"date":"2025-05-29T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-05-30T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-05-31T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-01T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-02T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-03T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-04T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-05T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-06T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-07T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-08T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-09T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-10T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-11T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-12T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-13T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-14T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-15T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-16T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-17T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-18T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-19T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-20T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-21T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-22T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-23T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-24T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-25T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-26T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-27T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}},{"date":"2025-06-28T00:00:00.000Z","ces_score":{"score":0,"grade":"A"}}],"target_score":1000,"events":[]}},"CLOUD":{"score_trend_metric":{"ces_trend":[{"date":"2025-05-29T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-05-30T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-05-31T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-01T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-02T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-03T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-04T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-05T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-06T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-07T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-08T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-09T00:00:00.000Z","ces_score":{"score":481,"grade":"C"}},{"date":"2025-06-10T00:00:00.000Z"},{"date":"2025-06-11T00:00:00.000Z"},{"date":"2025-06-12T00:00:00.000Z"},{"date":"2025-06-13T00:00:00.000Z"},{"date":"2025-06-14T00:00:00.000Z"},{"date":"2025-06-15T00:00:00.000Z"},{"date":"2025-06-16T00:00:00.000Z"},{"date":"2025-06-17T00:00:00.000Z"},{"date":"2025-06-18T00:00:00.000Z"},{"date":"2025-06-19T00:00:00.000Z"},{"date":"2025-06-20T00:00:00.000Z"},{"date":"2025-06-21T00:00:00.000Z"},{"date":"2025-06-22T00:00:00.000Z"},{"date":"2025-06-23T00:00:00.000Z"},{"date":"2025-06-24T00:00:00.000Z"},{"date":"2025-06-25T00:00:00.000Z"},{"date":"2025-06-26T00:00:00.000Z"},{"date":"2025-06-27T00:00:00.000Z"},{"date":"2025-06-28T00:00:00.000Z"}],"target_score":188,"events":[]}}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted."},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to retrieve the specified exposure view card."},"404":{"description":"Returned if the specified exposure view card was not found.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse-404"},"examples":{"response":{"value":{"status":404,"message":"Not Found","errors":[{"code":"UNEXPECTED_ERROR","message":"Card Not found for 2ea46426-7ca3-4fe6-85c3-0c16eb2ccd94c"}]}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Exposure_View_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Exposure_View_cloud":[]}]}},"/api/v1/t1/inventory/assets/search":{"post":{"summary":"Search assets","operationId":"inventory-assets-search","description":"Returns a list of assets in your organization that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","tags":["Inventory"],"parameters":[{"description":"Specifies extra asset properties to include in the search results. You can provide multiple properties as a comma-separated list. \n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `created_at`, `sources`, and `fqdns` as extra properties.","explode":true,"in":"query","name":"extra_properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"The starting record to retrieve. If omitted, the default value is `0`.","explode":true,"in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"},"style":"form"},{"description":"The number of records to retrieve. If omitted, the default value is `1000`. The maximum value is `1000`.","explode":true,"in":"query","name":"limit","required":false,"schema":{"default":1000,"type":"integer","maximum":1000},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `asset_name:asc` or `acr:desc`","example":"acr:desc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"aes:desc"},"style":"form"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Request-Search-Assets"}}},"required":true},"responses":{"200":{"description":"Returned if the list of assets was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Response-Search-Assets"},"examples":{"response":{"value":{"data":[{"id":"309f87d2-9234-54a7-973f-0526600b4e91","asset_class":"ACCOUNT","name":"Administrator","aes":936,"acr":10,"extra_properties":{"created_at":"2025-03-01T13:20:22.166Z","sources":["T.IO","TIE AD"]}},{"id":"dcff2953-c93a-49a1-adbb-c387267a0995","asset_class":"DEVICE","name":"srv2","aes":883,"acr":8,"extra_properties":{"created_at":"2025-03-13T13:25:11.706Z","sources":["T.IO","TIE AD"],"fqdns":["srv2.example.com"]}},{"id":"af440e24-f0ae-4db7-aea8-24b2a126910a","asset_class":"DEVICE","name":"srv","aes":876,"acr":8,"extra_properties":{"created_at":"2025-03-03T21:28:24.202Z","sources":["T.IO","TIE MEID"],"fqdns":[]}},{"id":"bf675b12-05ee-474a-9126-0acc73d5a3de","asset_class":"DEVICE","name":"adcon","aes":875,"acr":8,"extra_properties":{"created_at":"2025-03-07T01:08:06.783Z","sources":["T.IO","TIE MEID"],"fqdns":[]}},{"id":"10242d53-8d66-5d85-8a3b-04877c20b139","asset_class":"DEVICE","name":"comm. adapter #13901","aes":841,"acr":7,"extra_properties":{"created_at":"2024-06-24T19:12:17.422Z","sources":["T.OT"],"fqdns":[]}},{"id":"6dc3c256-22ce-53b8-a7ba-8fde481b5803","asset_class":"DEVICE","name":"sith","aes":839,"acr":10,"extra_properties":{"created_at":"2024-02-14T17:09:33.771Z","sources":["T.OT"],"fqdns":[]}},{"id":"89148da3-0dbb-56a3-824c-2cc6bef8e042","asset_class":"DEVICE","name":"a10_l71","aes":839,"acr":7,"extra_properties":{"created_at":"2024-06-24T14:12:22.852Z","sources":["T.OT"],"fqdns":[]}},{"id":"2548c060-6e2e-526b-9657-2d5fe776acaa","asset_class":"DEVICE","name":"Example Name","aes":836,"acr":10,"extra_properties":{"created_at":"2024-06-24T14:12:20.665Z","sources":["T.OT"],"fqdns":[]}},{"id":"bdc262d2-a92b-5244-b23e-8d4fff081835","asset_class":"DEVICE","name":"Example Name 2","aes":833,"acr":10,"extra_properties":{"created_at":"2024-02-14T17:09:27.900Z","sources":["T.OT"],"fqdns":[]}},{"id":"cb927ee0-3e0f-5bac-9b65-0c87bad0b700","asset_class":"DEVICE","name":"Example Name 3","aes":820,"acr":10,"extra_properties":{"created_at":"2024-02-14T17:09:10.502Z","sources":["T.OT"],"fqdns":[]}}],"pagination":{"total":100,"offset":0,"limit":10,"sort":{"name":"aes","order":"desc"}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse-400"},"examples":{"response":{"value":{"message":"Requested EXAMPLE not found","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search assets."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/findings/search":{"post":{"summary":"Search findings","operationId":"inventory-findings-search","description":"Returns a list of findings in your organization that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","tags":["Inventory"],"parameters":[{"description":"Specifies extra findings properties to include in the search results. You can provide multiple properties as a comma-separated list. \n\nUse the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `asset_name`, `solution`, and `vpr_score` as extra properties.","explode":true,"in":"query","name":"extra_properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"The starting record to retrieve. If omitted, the default value is `0`.","explode":true,"in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"},"style":"form"},{"description":"The number of records to retrieve. If omitted, the default value is `1000`. The maximum value is `10000`.","explode":true,"in":"query","name":"limit","required":false,"schema":{"default":1000,"maximum":10000,"type":"integer"},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `finding_name:asc` or `severity:desc`","example":"severity:desc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"severity:desc"},"style":"form"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Request-Search-Findings"}}},"required":true},"responses":{"200":{"description":"Returned if the list of findings was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Response-Search-Findings"},"examples":{"response":{"value":{"data":[{"id":"0040b719-9b8a-4fbc-b4ce-15461d2f831b","name":"KB4497932: Security update for Adobe Flash Player (May 2019)","asset_id":"fd58d73f-0ade-4004-910c-e4a927f7486f","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"NESSUS:125068","asset_name":"sql1"}},{"id":"0069ea2d-a682-4f01-aec0-3c210fc51912","name":"MS17-009: Security Update for Microsoft Windows PDF Library (4010319)","asset_id":"fd58d73f-0ade-4004-910c-e4a927f7486f","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"NESSUS:97731","asset_name":"sql1"}},{"id":"00ed588c-09f5-4b6d-99d3-e318f7fbbb61","name":"KB5001382: Windows 8.1 and Windows Server 2012 R2 Security Update (Apr 2021)","asset_id":"fd58d73f-0ade-4004-910c-e4a927f7486f","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"NESSUS:148477","asset_name":"sql1"}},{"id":"00fcaf1f-ac6f-40d8-ae3d-d23419b3f4a7","name":"KB4034662: Security update for Adobe Flash Player (August 2017)","asset_id":"fd58d73f-0ade-4004-910c-e4a927f7486f","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"NESSUS:102266","asset_name":"sql1"}},{"id":"0147a29d-ad5c-5035-bb09-6398a17e9b8e","name":"securityHubEnabled","asset_id":"40be10a4-2681-5285-b62f-56b6e858ff8c","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"CS:AC_AWS_0631","asset_name":"ap-southeast-2"}},{"id":"01574e2c-785b-50eb-b64a-c12f7c4afdff","name":"securityHubEnabled","asset_id":"1046e6bd-8ebc-56db-ae06-1d28d597420b","state":"ACTIVE","severity":"MEDIUM","extra_properties":{"detection_id":"CS:AC_AWS_0631","asset_name":"eu-central-1"}}],"pagination":{"total":100,"offset":0,"limit":10,"sort":{"name":"id","order":"asc"}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse-400"},"examples":{"response":{"value":{"message":"Requested EXAMPLE not found","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search findings."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/software/search":{"post":{"summary":"Search software","operationId":"inventory-software-search","description":"Returns a list of software installed on your assets that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","tags":["Inventory"],"parameters":[{"description":"Specifies extra software properties include in the search results. You can provide multiple properties as a comma-separated list. \n\nUse the [List software properties](ref:inventory-software-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `cpe`, `version`, and `file_location` as extra properties.","explode":true,"in":"query","name":"extra_properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"The starting record to retrieve. If omitted, the default value is `0`.","explode":true,"in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"},"style":"form"},{"description":"The number of records to retrieve. If omitted, the default value is `1000`. The maximum value is `1000`.","explode":true,"in":"query","name":"limit","required":false,"schema":{"default":1000,"maximum":1000,"type":"integer"},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `application:asc` or `version:desc`","example":"application:asc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"application:asc"},"style":"form"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Request-Search-Software"}}},"required":true},"responses":{"200":{"description":"Returned if the list of installed software was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Response-Search-Software"},"examples":{"response":{"value":{"data":[{"application":".net_core","publisher":"microsoft","type":["APPLICATION"],"devices_count":4,"extra_properties":{"cpe":"cpe:2.3:a:microsoft:.net_core:6.0.16.32323:*:*:*:*:*:*:*","version":"6.0.16.32323","file_location":"C:\\Program Files\\dotnet\\shared\\Microsoft.NetCore.App\\6.0.16\\"}},{"application":".net_core_windows","publisher":"Any","type":["APPLICATION"],"devices_count":1,"extra_properties":{"cpe":"cpe:2.3:*:*:.net_core_windows:6.0.2.30914:*:*:*:*:*:*:-","version":"6.0.2.30914","file_location":"C:\\Program Files\\dotnet\\shared\\Microsoft.NetCore.App\\6.0.2\\"}},{"application":".net_framework","publisher":"microsoft","type":["APPLICATION"],"devices_count":19,"extra_properties":{"cpe":"cpe:2.3:a:microsoft:.net_framework:4.8.9277.0:*:*:*:*:*:*:*","version":"4.8.9277.0","file_location":"C:\\WINDOWS\\Microsoft.NET\\Framework\\v4.0.30319\\system.web.dll"}},{"application":"7-zip","publisher":"7-zip","type":["APPLICATION"],"devices_count":1,"extra_properties":{"cpe":"cpe:2.3:a:7-zip:7-zip:9.20.0.0:*:*:*:*:*:*:*","version":"9.20.0.0","file_location":"C:\\Program Files\\7-Zip"}},{"application":"acrobat_reader","publisher":"adobe","type":["APPLICATION"],"devices_count":2,"extra_properties":{"cpe":"cpe:2.3:*:adobe:acrobat_reader:11.0.0.379:*:*:*:*:*:*:-","version":"11.0.0.379","file_location":"C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader"}},{"application":"asp.net_core","publisher":"microsoft","type":["APPLICATION"],"devices_count":3,"extra_properties":{"cpe":"cpe:2.3:*:microsoft:asp.net_core:6.0.2:*:*:*:*:*:*:-","version":"6.0.2","file_location":"C:\\Program Files (x86)\\dotnet\\shared\\Microsoft.AspNetCore.App\\6.0.2"}},{"application":"azure_active_directory_connect","publisher":"microsoft","type":["APPLICATION"],"devices_count":1,"extra_properties":{"cpe":"cpe:2.3:a:microsoft:azure_active_directory_connect:2.4.131.0:*:*:*:*:*:*:*","version":"2.4.131.0","file_location":"C:\\Program Files\\Microsoft Azure Active Directory Connect\\AzureADConnect.exe"}},{"application":"azure_command-line_interface","publisher":"microsoft","type":["APPLICATION"],"devices_count":3,"extra_properties":{"cpe":"cpe:2.3:a:microsoft:azure_command-line_interface:2.65.0:*:*:*:*:*:*:*","version":"2.65.0","file_location":"C:\\Program Files (x86)\\Microsoft SDKs\\Azure\\CLI2\\wbin\\az"}},{"application":"azure_connected_machine_agent","publisher":"microsoft","type":["APPLICATION"],"devices_count":1,"extra_properties":{"cpe":"cpe:2.3:a:microsoft:azure_connected_machine_agent:1.32.02371.1114:*:*:*:*:*:*:*","version":"1.32.02371.1114","file_location":"C:\\Program Files\\AzureConnectedMachineAgent"}}],"pagination":{"total":100,"offset":0,"limit":10,"sort":{"name":"application","order":"asc"}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse-400"},"examples":{"response":{"value":{"message":"Requested EXAMPLE not found","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search software."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/assets/properties":{"get":{"summary":"List asset properties","description":"Returns a list of asset properties that can be used as filters on endpoints that support them. For example, the properties that are returned by this endpoint can be used as filters for the [Search assets](ref:inventory-assets-search) or [Export assets](ref:inventory-export-assets) endpoints.\n\n In addition to the asset properties, the results list includes the logical operators you can use with the asset properties along with the supported values.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-asset-properties-list","tags":["Inventory"],"parameters":[{"name":"asset_classes","description":"The asset classes you want to retrieve property filters for. If this parameter is omitted, Tenable Exposure Management returns property filters for all asset classes.\n\nAsset classes enable users to easily separate asset data based on its type. For more information about asset classes, see [Asset Classes](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/classes.htm) in the Tenable Exposure Management User Guide.","in":"query","required":false,"style":"form","explode":true,"schema":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_AssetClasses"}}}],"responses":{"200":{"description":"Returned if the list of asset properties was retrieved successfully.","content":{"application/json":{"schema":{"description":"A list of asset properties.","type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Properties-Object"}}}},"examples":{"response":{"value":{"properties":[{"key":"asset_id","readable_name":"Asset ID","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"01234567-abcd-ef01-2345-6789abcdef01","expression":"[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*"}},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset ID\n## A unique identifier for an asset\n\nAn asset ID is a unique identifier that is assigned to each asset in a cyber asset management system. This identifier can be used to track the asset, its associated vulnerabilities, and its security posture. Asset IDs are typically generated automatically by the asset management system, but they can also be manually assigned.\n\nHere are some key points to understand about asset IDs in the context of the cyber industry:\n- **Uniqueness**: Asset IDs must be unique within the asset management system. This ensures that each asset can be easily identified and tracked.\n- **Accuracy**: Asset IDs must be accurate and up-to-date. This ensures that the asset management system has the most accurate information about each asset.\n- **Consistency**: Asset IDs must be consistent across all systems and applications that use them. This ensures that there is no confusion about which asset is being referred to.\n\nAsset IDs are an important part of cyber asset management. They help to track assets, their associated vulnerabilities, and their security posture. Asset IDs must be unique, accurate, and consistent.\n"},{"key":"asset_class","readable_name":"Asset Class","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Account","value":"ACCOUNT","deprecated":false},{"name":"Web Application","value":"APPLICATION","deprecated":false},{"name":"Container","value":"CONTAINER","deprecated":false},{"name":"Other Resource","value":"GENERAL","deprecated":false},{"name":"Device","value":"DEVICE","deprecated":false},{"name":"Group","value":"GROUP","deprecated":false},{"name":"Infrastructure As Code","value":"IAC","deprecated":true},{"name":"Storage","value":"STORAGE","deprecated":false},{"name":"Person","value":"IDENTITY","deprecated":true},{"name":"Resource","value":"RESOURCE","deprecated":false},{"name":"Role","value":"ROLE","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset Class\n## A group of assets that share common characteristics\n\nAn asset class is a group of assets that share common characteristics. For example, all computers in an organization might be considered one asset class, while all servers might be considered another. Asset classes can be used to group assets together for reporting, analysis, and other purposes.\n\nHere are some key points to understand about asset classes in the context of the cyber industry:\n- **Asset Classes and Asset Types**: Asset classes are typically defined based on asset type. For example, all computers might be considered one asset type, while all servers might be considered another.\n- **Asset Classes and Asset Subtypes**: Asset classes can also be defined based on asset subtype. For example, all laptops might be considered one asset subtype, while all desktops might be considered another.\n- **Asset Classes and Asset Groups**: Asset classes can also be used to group assets together into asset groups. For example, all assets that are located in the same building might be considered one asset group, while all assets that are owned by the same department might be considered another.\n\nAsset classes can be a valuable tool for managing and understanding assets. By grouping assets together based on common characteristics, asset classes can make it easier to track assets, identify risks, and make informed decisions about asset management.\n"},{"key":"last_updated","readable_name":"Last Update Date","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Update Date\n## The date and time when the asset was last updated.\n\nThe last update date is a property of an asset that indicates the date and time when the asset was last modified. This can be useful for tracking changes to an asset over time, or for identifying assets that have not been updated in a while.\n\nThe last update date can be used in queries to find assets that have been updated recently, or to find assets that have not been updated in a while. It can also be used to track changes to an asset over time, by comparing the last update date to the date and time of a previous change.\n\nThe last update date is stored in the `last_updated` property of the `assets:properties` table.\n"},{"key":"asset_name","readable_name":"Asset Name","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"hostname","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset Name\n## The name of an asset\n\nThe asset name is a unique identifier for an asset. It is used to track the asset and its associated data. The asset name can be any string of characters, but it is recommended to use a name that is descriptive and easy to remember.\n\nHere are some key points to understand about asset names in the context of the cyber industry:\n- **Asset names should be unique**. This is important to ensure that each asset can be easily identified and tracked.\n- **Asset names should be descriptive**. This will help users to understand what the asset is and what it does.\n- **Asset names should be easy to remember**. This will make it easier for users to find the assets they need.\n\n## Examples of asset names:\n- **Server1**\n- **Router2**\n- **Database3**\n- **Laptop4**\n- **Printer5**\n"},{"key":"sources","readable_name":"Sources","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"AWS Connector","value":"AWS","deprecated":true},{"name":"AWS SSM agent","value":"SSM","deprecated":true},{"name":"Agent","value":"NESSUS_AGENT","deprecated":true},{"name":"Azure Connector","value":"AZURE","deprecated":true},{"name":"Azure Frictionless Assessment","value":"AZURE_FA","deprecated":true},{"name":"GCP Connector","value":"GCP","deprecated":true},{"name":"Nessus Network Monitor","value":"PVS","deprecated":true},{"name":"Nessus","value":"NESSUS_SCAN","deprecated":true},{"name":"Tenable Web Application Scanning","value":"WAS","deprecated":false},{"name":"Tenable Identity Exposure","value":"TIE","deprecated":false},{"name":"Tenable Cloud Security (Legacy)","value":"T.CS","deprecated":true},{"name":"Tenable Cloud Security","value":"CLOUD","deprecated":false},{"name":"Tenable Attack Surface Management","value":"ASM","deprecated":false},{"name":"Tenable Vulnerability Management","value":"T.IO","deprecated":false},{"name":"Tenable OT Security","value":"T.OT","deprecated":false},{"name":"Tenable Container Security","value":"CONSEC","deprecated":false},{"name":"Tenable Cloud Security (core)","value":"CORE_CLOUDRESOURCE","deprecated":true},{"name":"Qualys VMDR","value":"QUALYS","deprecated":false,"third_party":true},{"name":"SentinelOne Singularity","value":"SENTINEL_ONE","deprecated":false,"third_party":true},{"name":"Rapid7 InsightVM","value":"RAPID_7","deprecated":true},{"name":"Tenable Security Center","value":"SECURITY_CENTER","deprecated":false},{"name":"Carbon Black Workload","value":"CARBON_BLACK","deprecated":true},{"name":"Microsoft Defender","value":"MICROSOFT_DEFENDER","deprecated":false,"third_party":true},{"name":"CrowdStrike Falcon","value":"CROWDSTRIKE","deprecated":false},{"name":"ServiceNow","value":"SERVICE_NOW","deprecated":false},{"name":"Unclassified","value":"UNCLASSIFIED","deprecated":false}]},"operators":["=","!="],"sortable":true,"filterable":true,"description":"# Sources\n## The origin of the data\n\nSources are the origin of the data. They can be internal (e.g., data collected by the organization's own systems) or external (e.g., data purchased from a third-party vendor).\n\nHere are some key points to understand about sources in the context of the cyber industry:\n- **Internal Sources**: These are data collected by the organization's own systems. Examples include data from network devices, servers, endpoints, and applications.\n- **External Sources**: These are data purchased from a third-party vendor. Examples include data from vulnerability databases, threat intelligence feeds, and market research reports.\n\nSources are important because they provide context for the data. They can help to determine the accuracy, reliability, and timeliness of the data. They can also help to identify the potential risks associated with the data.\n"},{"key":"created_at","readable_name":"Created Date","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Created Date\n## The date and time an asset was created\n\nThe created date is the date and time an asset was first created in the system. This can be useful for tracking the age of assets and identifying those that may be outdated or no longer in use.\n\nHere are some key points to understand about created dates in the context of the cyber industry:\n- **Created dates can be used to track the age of assets**. This can be helpful for identifying assets that may be outdated or no longer in use.\n- **Created dates can also be used to identify assets that have been recently created**. This can be helpful for tracking down new assets that may be vulnerable to attack.\n- **Created dates can be used to identify assets that have been modified**. This can be helpful for tracking changes to assets and identifying potential security risks.\n\nCreated dates are an important part of asset management and can be used for a variety of purposes. By understanding created dates, you can better track the age, status, and security of your assets.\n"},{"key":"first_observed_at","readable_name":"First Observation Date","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# First Observation Date\n## The date when an asset was first discovered by Tenable\n\nThe first observation date is the date when an asset was first discovered by Tenable. This date is important because it can be used to track the asset's history and to identify any changes that have been made to it. The first observation date can also be used to determine the asset's age, which can be a factor in assessing its risk.\n\nHere are some key points to understand about the first observation date:\n- **Accuracy**: The first observation date is typically accurate to within a few days. However, there may be some cases where the date is not accurate, such as when an asset is discovered by Tenable but is not immediately added to the database.\n- **Relevance**: The first observation date is relevant to asset management because it can be used to track the asset's history and to identify any changes that have been made to it. The first observation date can also be used to determine the asset's age, which can be a factor in assessing its risk.\n- **Usefulness**: The first observation date can be used in a variety of ways, such as:\n * Tracking the asset's history\n * Identifying any changes that have been made to the asset\n * Determining the asset's age\n * Assessing the asset's risk\n"},{"key":"last_observed_at","readable_name":"Last Observed At","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Observed At\n## The date and time an asset was last observed\n\nThe last observed at property indicates the date and time an asset was last seen by a Tenable scanner. This information can be used to track the activity of assets over time and identify any changes in their behavior.\n\nHere are some key points to understand about the last observed at property:\n- **Date and Time**: The last observed at property is a date and time value. The date is represented in the format YYYY-MM-DD, and the time is represented in the format HH:MM:SS.\n- **Accuracy**: The accuracy of the last observed at property depends on the frequency with which assets are scanned. If assets are scanned more frequently, the last observed at property will be more accurate.\n- **Use Cases**: The last observed at property can be used to track the activity of assets over time, identify any changes in their behavior, and determine whether they are still in use.\n"},{"key":"last_licensed_at","readable_name":"Last Licensed At","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Licensed At\n## The date and time when the asset was last licensed.\n\nThe last licensed at property is a date and time value that indicates the last time the asset was licensed. This value can be used to track the asset's license status and to ensure that it is always in compliance with licensing requirements.\n\nHere are some key points to understand about the last licensed at property:\n- **Data Type**: The last licensed at property is a date and time value.\n- **Format**: The last licensed at property is stored in the following format: YYYY-MM-DD HH:MM:SS.\n- **Meaning**: The last licensed at property indicates the last time the asset was licensed.\n- **Use Cases**: The last licensed at property can be used to track the asset's license status and to ensure that it is always in compliance with licensing requirements.\n"},{"key":"fqdns","readable_name":"Host Fully Qualified DNS","control":{"type":"ARRAY","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Host Fully Qualified DNS\n## The fully qualified domain name (FQDN) of the host.\n\nThe fully qualified domain name (FQDN) is the unique name of a computer on a network. It is made up of the host name and the domain name, separated by a dot. For example, the FQDN for a computer named \"www.example.com\" would be \"www.example.com\".\n\nThe FQDN is used by network devices to route traffic to the correct computer. It is also used by security software to identify and track computers on a network.\n\nThe FQDN can be found in the \"Host Fully Qualified DNS\" property of an asset.\n"},{"key":"aes","readable_name":"AES","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"a number from 0 to 1000","expression":"^([0-9][0-9]{0,2}|1000)$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# AES\n## Asset Exposure Score\n\nThe Asset Exposure Score (AES) is a numeric score that represents the overall exposure of an asset. The AES is calculated based on a variety of factors, including the asset's criticality, vulnerabilities, and security posture. The AES can be used to prioritize assets for remediation and to track the effectiveness of security measures.\n\nHere are some key points to understand about the AES:\n- The AES is a numeric score that ranges from 0 to 100, with 100 being the most exposed.\n- The AES is calculated based on a variety of factors, including the asset's criticality, vulnerabilities, and security posture.\n- The AES can be used to prioritize assets for remediation and to track the effectiveness of security measures.\n- The AES is a valuable tool for understanding and managing asset risk.\n\ninput:\"ACR\" for assets:properties\noutput# ACR\n## Asset Criticality Rating\n\nThe Asset Criticality Rating (ACR) is a numeric score that represents the criticality of an asset. The ACR is calculated based on a variety of factors, including the asset's impact on business operations, the sensitivity of the data it contains, and the likelihood of it being attacked. The ACR can be used to prioritize assets for remediation and to track the effectiveness of security measures.\n\nHere are some key points to understand about the ACR:\n- The ACR is a numeric score that ranges from 0 to 100, with 100 being the most critical.\n- The ACR is calculated based on a variety of factors, including the asset's impact on business operations, the sensitivity of the data it contains, and the likelihood of it being attacked.\n- The ACR can be used to prioritize assets for remediation and to track the effectiveness of security measures.\n- The ACR is a valuable tool for understanding and managing asset risk.\n"},{"key":"critical_vuln_count","readable_name":"Critical Vuln Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Critical Vuln Count\n## The number of critical vulnerabilities found on an asset\n\nThe Critical Vuln Count property indicates the number of critical vulnerabilities found on an asset. This property is calculated by counting the number of vulnerabilities with a severity rating of \"Critical\" that have been found on the asset.\n\nCritical vulnerabilities are those that have the potential to cause significant damage to an asset or organization. They should be addressed as a matter of urgency.\n\nThe Critical Vuln Count property can be used to identify assets that are at a high risk of being exploited. It can also be used to track the progress of vulnerability remediation efforts.\n"},{"key":"high_vuln_count","readable_name":"High Vuln Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# High Vuln Count\n## The number of vulnerabilities found on an asset\n\nThe High Vuln Count property indicates the number of vulnerabilities found on an asset. This property is calculated by counting the number of vulnerabilities that have a severity of \"High\" or \"Critical\".\n\nThe High Vuln Count property can be used to identify assets that are at a high risk of being exploited. It can also be used to track the progress of vulnerability remediation efforts.\n\nHere are some key points to understand about the High Vuln Count property:\n- **Vulnerability Severity**: The severity of a vulnerability is a measure of the potential impact that it could have on an asset. Vulnerabilities are typically classified as \"Low\", \"Medium\", \"High\", or \"Critical\".\n- **Vulnerability Remediation**: Vulnerability remediation is the process of fixing vulnerabilities. This can be done by applying patches, updates, or other security measures.\n- **Vulnerability Management**: Vulnerability management is the process of identifying, assessing, and remediating vulnerabilities. It is a critical component of cyber security.\n"},{"key":"low_vuln_count","readable_name":"Low Vuln Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Low Vuln Count\n## The number of vulnerabilities found on an asset\n\nThe Low Vuln Count property indicates the number of vulnerabilities found on an asset. This property can be used to identify assets that are at a higher risk of being exploited.\n\nHere are some key points to understand about the Low Vuln Count property:\n- **Vulnerabilities**: A vulnerability is a weakness in an asset that can be exploited by an attacker. Vulnerabilities can be caused by software bugs, misconfigurations, or other factors.\n- **Exploit**: An exploit is a way of taking advantage of a vulnerability. Exploits can be used to gain unauthorized access to an asset, steal data, or damage an asset.\n- **Risk**: The risk of an asset being exploited is determined by the number and severity of vulnerabilities found on the asset. Assets with a high number of vulnerabilities are at a higher risk of being exploited.\n\nThe Low Vuln Count property can be used to identify assets that are at a higher risk of being exploited. This information can be used to prioritize asset patching and other security measures.\n"},{"key":"is_licensed","readable_name":"Is Licensed","control":{"type":"BOOLEAN","multiple_allowed":false},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Is Licensed\n## A property indicating if the asset is licensed\n\nThis property indicates whether the asset is licensed. This is a legacy property that is no longer used.\n"},{"key":"exposure_classes","readable_name":"Exposure Classes","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Identity Exposure","value":"IDENTITY","deprecated":false},{"name":"Web Application Security","value":"WAS","deprecated":false},{"name":"Vulnerability Management","value":"VM","deprecated":false},{"name":"Cloud Security","value":"CLOUD","deprecated":false},{"name":"OT Security","value":"OT","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Exposure Classes\n## A set of properties that describe the exposure of an asset\n\nExposure classes are a set of properties that describe the exposure of an asset. They are used to classify assets based on their potential impact to an organization. The following are some common exposure classes:\n- **Critical Assets**: These are assets that are essential to the operation of an organization and would cause significant disruption if they were to be compromised.\n- **High-Value Assets**: These are assets that have a high monetary value or contain sensitive data.\n- **Public-Facing Assets**: These are assets that are accessible to the public and could be used to launch attacks against an organization.\n- **Internal Assets**: These are assets that are not accessible to the public but could still be used to launch attacks against an organization.\n\nExposure classes are used to prioritize assets for security testing and to determine the appropriate level of security controls that should be applied to them.\n"},{"key":"tenable_uuid","readable_name":"Tenable UUID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tenable UUID\n## A unique identifier for an asset\n\nA Tenable UUID is a unique identifier for an asset in Tenable. It is a 32-character string that is used to track and identify assets in Tenable. The Tenable UUID is generated when an asset is first discovered by Tenable and is used to track the asset throughout its lifecycle.\n\nHere are some key points to understand about Tenable UUIDs:\n- **Tenable UUIDs are unique**. No two assets in Tenable will have the same Tenable UUID.\n- **Tenable UUIDs are permanent**. Once an asset has been assigned a Tenable UUID, that UUID will never change.\n- **Tenable UUIDs can be used to track assets**. Tenable UUIDs can be used to track assets throughout their lifecycle, from discovery to retirement.\n- **Tenable UUIDs can be used to identify assets**. Tenable UUIDs can be used to identify assets in Tenable, which can be helpful for tracking and managing assets.\n"},{"key":"license_expires_at","readable_name":"License Expires At","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# License Expires At\n## The date when the license for the asset expires\n\nThe License Expires At property indicates the date when the license for the asset expires. This is important information to have, as it can help you to identify assets that are at risk of being unlicensed or unsupported.\n\nHere are some key points to understand about the License Expires At property:\n- **License Expiration Date**: This is the date on which the license for the asset expires.\n- **License Status**: This indicates whether the asset is currently licensed or not.\n- **License Type**: This indicates the type of license that is being used for the asset.\n- **License Key**: This is a unique identifier that is used to track the license for the asset.\n\nThe License Expires At property can be used to identify assets that are at risk of being unlicensed or unsupported. This information can be used to take corrective action, such as renewing the license or replacing the asset.\n"},{"key":"sensors","readable_name":"Sensors","control":{"type":"ARRAY","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Sensors\n## A way to collect data from your IT environment\nCyber Asset Management uses sensors to collect data from your IT environment. They are like small programs installed on your network or on devices that scan for vulnerabilities, configuration issues, and other security-related information.\n\nHere are some key points to understand about sensors in the context of Cyber Asset Management:\n\n- **Data Collection**: Sensors gather information about your assets, such as operating systems, installed software, network configurations, and user accounts.\n- **Vulnerability Scanning**: Sensors can scan your assets for known vulnerabilities, providing insights into potential security weaknesses.\n- **Configuration Assessment**: Sensors can check the configuration of your assets against security best practices, identifying misconfigurations that could lead to vulnerabilities.\n- **Log Collection**: Some sensors can collect and analyze log data from your assets, providing visibility into security events and suspicious activities.\n- **Cloud Visibility**: Cyber Asset Management supports cloud connectors that act as sensors to discover and monitor assets in cloud environments. \n"},{"key":"critical_weakness_count","readable_name":"Number Of Critical Weaknesses","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number Of Critical Weaknesses\n## The number of critical weaknesses found on an asset\n\nThe number of critical weaknesses found on an asset is a measure of the asset's vulnerability to attack. A high number of critical weaknesses indicates that the asset is more likely to be exploited by attackers.\n\nHere are some key points to understand about the number of critical weaknesses in the context of the cyber industry:\n- **Critical Weaknesses**: These are weaknesses that have a high potential to be exploited by attackers. They can lead to data breaches, system outages, and other serious security incidents.\n- **Vulnerabilities**: These are weaknesses in software, hardware, or firmware that can be exploited by attackers. Not all vulnerabilities are critical.\n- **Exploits**: These are tools or techniques that can be used to take advantage of vulnerabilities.\n- **Attacks**: These are attempts to exploit vulnerabilities.\n\nThe number of critical weaknesses on an asset can be calculated by scanning the asset for vulnerabilities and then determining which of those vulnerabilities are critical. This information can be used to prioritize remediation efforts and to assess the overall security of an asset.\n"},{"key":"high_weakness_count","readable_name":"Number Of High Weaknesses","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number Of High Weaknesses\n## The number of high weaknesses for an asset\n\nThe number of high weaknesses for an asset is a measure of the number of vulnerabilities that have been identified on the asset that are considered to be high risk. This information can be used to prioritize which assets should be patched first, as well as to track the progress of vulnerability remediation efforts.\n\nHere are some key points to understand about the number of high weaknesses for an asset:\n- **High-Risk Vulnerabilities**: These are vulnerabilities that are considered to be the most serious and pose the greatest risk to an asset. They should be patched as soon as possible.\n- **Vulnerability Remediation**: The process of fixing vulnerabilities on an asset. This can be done by applying software updates, patches, or other security measures.\n- **Vulnerability Management**: The process of identifying, assessing, and remediating vulnerabilities on assets. This is an important part of cyber risk management.\n"},{"key":"medium_weakness_count","readable_name":"Number Of Medium Weaknesses","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number Of Medium Weaknesses\n## The number of medium weaknesses found on an asset\n\nThis property indicates the number of medium weaknesses found on an asset. A weakness is a vulnerability that, when exploited, could lead to a security incident. The severity of a weakness is determined by its impact and exploitability. A medium weakness is one that has a moderate impact and is moderately exploitable.\n\nThe Number Of Medium Weaknesses property can be used to identify assets that are at a higher risk of being exploited. It can also be used to track the progress of remediation efforts. For example, if an asset has 10 medium weaknesses and 5 of them have been remediated, the Number Of Medium Weaknesses property would show 5.\n\nThis property is available for all asset types.\n"},{"key":"low_weakness_count","readable_name":"Number Of Low Weaknesses","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number Of Low Weaknesses\n## The number of low weaknesses for an asset\n\nThe number of low weaknesses for an asset is a measure of the number of vulnerabilities that have been identified on the asset that are considered to be low risk. This information can be used to prioritize which assets should be patched first, as well as to track the progress of vulnerability remediation efforts.\n\nHere are some key points to understand about the number of low weaknesses for an asset:\n- **Low-Risk Vulnerabilities**: These are vulnerabilities that are considered to be less likely to be exploited by attackers. They may be due to outdated software, misconfigurations, or other factors.\n- **Vulnerability Remediation**: The process of fixing vulnerabilities by applying patches or other security updates.\n- **Vulnerability Prioritization**: The process of determining which vulnerabilities should be fixed first. This is typically done by considering the risk of exploitation, the impact of an exploit, and the cost of remediation.\n\nThe number of low weaknesses for an asset can be calculated by running a vulnerability scan on the asset and then counting the number of vulnerabilities that are classified as low risk. This information can then be used to prioritize which assets should be patched first, as well as to track the progress of vulnerability remediation efforts.\n"},{"key":"total_weakness_count","readable_name":"Total Number of Weaknesses","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number Of Total Weaknesses\n## The number of weaknesses found on an asset\n\nThe number of total weaknesses is a property of an asset that indicates the number of weaknesses that have been found on the asset. This property can be used to identify assets that are at a higher risk of being exploited.\n\nHere are some key points to understand about the number of total weaknesses:\n- **Weaknesses**: A weakness is a vulnerability that can be exploited by an attacker. Weaknesses can be found in software, hardware, and configuration settings.\n- **Exploitation**: The process of using a weakness to gain unauthorized access to a system or data.\n- **Risk**: The likelihood that a weakness will be exploited and the potential impact of an exploitation.\n\nThe number of total weaknesses is a valuable metric for assessing the risk of an asset. Assets with a high number of weaknesses are more likely to be exploited and have a greater potential impact. This information can be used to prioritize remediation efforts and focus on the assets that pose the greatest risk.\n"},{"key":"tag_count","readable_name":"Associated Tags Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Associated Tags Count\n## The number of tags associated with an asset\n\nThe associated tags count is a property that indicates the number of tags associated with an asset. This can be useful for identifying assets that are important or critical to the organization, as well as for tracking the use of tags.\n\nHere are some key points to understand about associated tags count in the context of the cyber industry:\n- **Tags**: Tags are labels that can be applied to assets to provide additional information about them. Tags can be used to categorize assets, track their use, and identify assets that are important or critical to the organization.\n- **Associated Tags Count**: The associated tags count is a property that indicates the number of tags associated with an asset. This can be useful for identifying assets that are important or critical to the organization, as well as for tracking the use of tags.\n- **Tagging**: The process of applying tags to assets is known as tagging. Tagging can be done manually or automatically.\n- **Tag Management**: The process of managing tags is known as tag management. Tag management can be done manually or automatically.\n"},{"key":"tag_ids","readable_name":"Tag IDs","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"01234567-abcd-ef01-2345-6789abcdef01","expression":"[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*"}},"operators":["=","!=","exists","not exists"],"sortable":false,"filterable":true,"description":"# Tag IDs\n## A unique identifier for an asset\n\nA tag ID is a unique identifier for an asset. It is used to track and manage assets, and to associate them with other data, such as vulnerabilities, risks, and compliance requirements. Tag IDs can be alphanumeric or numeric, and they must be unique within the organization.\n\nHere are some key points to understand about tag IDs in the context of the cyber industry:\n- **Tag IDs are used to track and manage assets**. They can be used to identify assets, to track their location, and to monitor their status.\n- **Tag IDs can be associated with other data**. This data can include vulnerabilities, risks, and compliance requirements. This allows organizations to track the security posture of their assets and to identify potential risks.\n- **Tag IDs must be unique**. This ensures that there is no confusion about which asset is being referred to.\n"},{"key":"entitlement_count","readable_name":"Accessible Resources","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Entitlement Count\n## The number of entitlements associated with an asset\n\nAn entitlement is a permission or privilege that an asset has. Entitlements can be granted to assets at the individual, group, or organization level. The entitlement count is a measure of the number of entitlements associated with an asset.\n\nThe entitlement count can be used to assess the risk of an asset being compromised. A high entitlement count indicates that the asset has a lot of permissions, which makes it more likely to be exploited by an attacker. The entitlement count can also be used to track changes to an asset's entitlements. This can help to identify unauthorized changes that could be indicative of a security incident.\n\nThe entitlement count is a valuable metric for assessing the risk of an asset and tracking changes to its entitlements. It can be used to identify assets that are at high risk of compromise and to monitor for unauthorized changes.\n"},{"key":"apa_asset_critical_paths_count","readable_name":"Number Of Critical Attack Paths","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Critical Attack Paths\n## Number of attack paths with criticality higher than defined threshold\nThis metric, available in the context of attack path analysis, represents the count of potential attack paths leading to a specific asset where the overall criticality of the path exceeds a predefined threshold. \n\nHere's a breakdown:\n- **Attack Path:** A sequence of steps an attacker might take to move laterally within a network, exploiting vulnerabilities to reach a target asset.\n- **Criticality:** A measure of the potential impact or severity if an attack path is successfully exploited. Factors considered might include the sensitivity of the target asset, the vulnerabilities along the path, and the potential business impact.\n- **Threshold:** A predefined level of criticality above which an attack path is deemed critical. This threshold is typically set based on an organization's risk tolerance and security policies. \n"},{"key":"apa_asset_high_paths_count","readable_name":"Number Of High Attack Paths","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of High Attack Paths\n## Number of attack paths with a high or critical AES\nThis metric, available in the context of an asset, represents the count of attack paths classified as either \"High\" or \"Critical\" based on their Asset Exposure Score (AES). An attack path outlines the potential steps a malicious actor could take to exploit vulnerabilities and compromise an asset. \n\nHere's a breakdown:\n- **Attack Path:** A sequence of steps an attacker might take to reach a specific target within a network.\n- **Asset Exposure Score (AES):** A score calculated by Cyber Asset Management, reflecting the severity of exposure an asset faces due to potential attack paths. A higher AES indicates a more significant risk.\n- **High/Critical AES:** Attack paths categorized as \"High\" or \"Critical\" based on their AES, signifying a greater likelihood and potential impact of a successful attack. \n"},{"key":"apa_assets_medium_paths_count","readable_name":"Number Of Medium Attack Paths","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Medium Attack Paths\n## Number of attack paths with a Medium rating for a given asset.\nThis metric, available in Cyber Asset Management, represents the count of potential routes an attacker could take to compromise a specific asset, where each path is assigned a \"Medium\" severity level. \n\nHere's a breakdown:\n- **Attack Path:** A sequence of steps an attacker might take to reach a critical asset within a network.\n- **Medium Rating:** Indicates a moderate level of risk associated with the attack path. This means the path might not be trivial to exploit but is still feasible for attackers with moderate skills and resources. \n- **Asset:** Refers to any valuable resource within your IT environment, such as a server, database, or application.\n\nUnderstanding the number of medium-rated attack paths helps organizations prioritize remediation efforts by focusing on assets with a significant number of potential attack vectors. \n"},{"key":"apa_asset_low_paths_count","readable_name":"Number Of Low Attack Paths","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Low Attack Paths\n## Number of easy ways to compromise an asset\nIt represents the number of attack paths leading to an asset that are classified as \"Low\" in terms of difficulty or complexity. An attack path is a sequence of steps an attacker might take to exploit vulnerabilities and gain unauthorized access to a system or data. \n\nHere's a breakdown:\n- **Asset:** Refers to any valuable resource within your IT environment, such as a server, database, application, or network device.\n- **Attack Path:** A chain of interconnected vulnerabilities and misconfigurations that an attacker can exploit to achieve their objective.\n- **Low Difficulty:** Indicates that the attack path is relatively easy to execute, requiring minimal skill or resources from the attacker.\n\nA high number of low attack paths for an asset signifies a higher risk, as it suggests multiple easy ways for attackers to compromise that asset. Cyber Asset Management helps you identify and prioritize these attack paths, enabling you to strengthen your security posture and reduce your overall risk. \n"},{"key":"apa_asset_total_paths_count","readable_name":"Total Number of Attack Paths","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Total Number of Attack Paths\n## All attack paths leading to a specific asset\nThis metric, found in Cyber Asset Management, represents the total count of potential routes an attacker could exploit to gain unauthorized access to a particular asset within your IT environment. \n\nHere's a breakdown:\n\n- **Asset:** Refers to any valuable resource within your organization's IT infrastructure, such as a server, database, application, or network device.\n- **Attack Path:** Represents a sequence of steps an attacker might take to move laterally through your network, exploiting vulnerabilities to reach their target asset. \n- **Importance:** A high number of attack paths for an asset indicates increased risk exposure. It suggests multiple avenues for compromise, demanding attention to security posture. \n"},{"key":"apa_critical_steps_count","readable_name":"Number Of Critical Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Critical Attack Techniques\n## Number of MITRE ATT&CK techniques classified as \"Critical\" for an asset.\nThis metric, available in Cyber Asset Management, reflects how many MITRE ATT&CK techniques are deemed \"Critical\" for a specific asset. \n\nHere's a breakdown:\n- **MITRE ATT&CK**: A globally recognized framework that describes how adversaries attack and compromise systems. It categorizes these attacks into \"techniques.\"\n- **Critical**: A severity level within Cyber Asset Management, indicating a high potential impact on the asset's security.\n- **Asset**: Any device, application, user account, or other element within your IT environment.\n\nEssentially, this number helps you prioritize which assets are most vulnerable to potentially devastating attacks. \n"},{"key":"apa_high_steps_count","readable_name":"Number Of High Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of High Attack Techniques\n## Number of MITRE ATT&CK techniques classified as High for a given asset.\nThis metric, available in Cyber Asset Management, reflects the number of MITRE ATT&CK techniques, classified with a High severity level, that are applicable to a given asset. It provides insights into the potential attack paths that could be used against an asset based on its vulnerabilities. \nHere's a breakdown:\n- **MITRE ATT&CK**: A globally recognized framework that describes the tactics, techniques, and procedures (TTPs) used by adversaries in cyberattacks.\n- **Techniques**: Specific actions or methods used within an attack, categorized by MITRE ATT&CK into various tactics (e.g., initial access, lateral movement).\n- **High Severity**: Indicates techniques that pose a significant risk to an organization if successfully exploited.\nYou can use this metric in Cyber Asset Management to identify assets that are most susceptible to known attack techniques and prioritize remediation efforts accordingly. For example, you could use a query like this:\n```\nHAS AS Device\n AND Number Of High Attack Techniques > 5\n```\nThis query would return a list of devices that have more than five associated MITRE ATT&CK techniques classified as High. \n"},{"key":"apa_medium_steps_count","readable_name":"Number Of Medium Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Medium Attack Techniques\n## Number of MITRE ATT&CK techniques classified as \"Medium\" impacting an asset.\nThis metric, found in Cyber Asset Management, provides insights into the potential attack paths that could be used against a specific asset based on its vulnerabilities. Here's a breakdown:\n\n- **MITRE ATT&CK Framework:** A globally recognized knowledge base of adversary tactics and techniques based on real-world observations. It helps organizations understand how attackers operate and provides a common language for cybersecurity discussions.\n- **Attack Techniques:** Specific procedures or methods used by attackers to achieve their objectives within a broader attack strategy.\n- **Medium Classification:** Indicates the potential severity of an attack technique. In this context, \"Medium\" suggests techniques that could pose a moderate risk to the asset if exploited.\n- **Asset-Specific Context:** The number displayed represents the sum of all MITRE ATT&CK techniques classified as \"Medium\" associated with the vulnerabilities identified on that particular asset. \n"},{"key":"assets_apa_low_step_count","readable_name":"Number Of Low Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Number Of Low Attack Techniques\n## Number of low techniques to exploit a vulnerability\nThis metric, available in Cyber Asset Management, represents the number of techniques with a low attack complexity that can be used to exploit a vulnerability. It provides insights into the ease with which an attacker could potentially exploit a given weakness. \n\nHere's a breakdown:\n- **Low Attack Complexity**: Refers to techniques that are relatively easy for attackers to execute, often requiring minimal resources, skills, or time.\n- **Exploitation**: The act of taking advantage of a vulnerability to gain unauthorized access, control, or data from a system or network.\n- **Contextual Awareness**: Understanding the number of low attack techniques associated with assets helps prioritize remediation efforts based on the potential ease of exploitation. \n"},{"key":"apa_total_steps_count","readable_name":"Total Number of Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":false,"filterable":true,"description":"# Total Number of Attack Techniques\n## The sum of all attack techniques that can exploit the vulnerabilities of an asset.\nThis metric, viewable from the asset details page, provides a measurement of the potential attack surface associated with a particular asset. It considers the known vulnerabilities present on the asset and maps them to the corresponding attack techniques that could be used to exploit those vulnerabilities. \n\nHere's a breakdown:\n\n- **Asset Focus:** The metric specifically focuses on individual assets within your IT environment.\n- **Vulnerability Assessment:** It relies on vulnerability assessment data to identify weaknesses present on the asset.\n- **Attack Technique Mapping:** Each vulnerability is associated with specific attack techniques that adversaries could leverage.\n- **Cumulative Count:** The metric sums up all the unique attack techniques linked to the vulnerabilities found on the asset.\n- **Risk Indicator:** A higher number of attack techniques suggests a broader attack surface and potentially higher risk associated with that asset. \n"}]}}}}}},"400":{"description":"Returned if your request specified an invalid asset class, if your request specified invalid parameters, or if your request was improperly formatted.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"An error message indicating the invalid asset class or classes."}}},"examples":{"response":{"value":{"error":"Invalid asset class(es): EXAMPLE"}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the list of asset properties."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/findings/properties":{"get":{"summary":"List finding properties","description":"Returns a list of finding properties that can be used for filters on endpoints that support them. For example, the properties that are returned by this endpoint can be used as filters for the [Export findings](ref:inventory-export-findings) endpoint.\n\n In addition to the finding properties, the results list includes the logical operators you can use with the finding properties along with the supported values.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-finding-properties-list","tags":["Inventory"],"responses":{"200":{"description":"Returned if the list of finding properties was retrieved successfully.","content":{"application/json":{"schema":{"description":"A list of finding properties.","type":"object","properties":{"properties":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Properties-Object"}}}},"examples":{"response":{"value":{"data":[{"key":"finding_id","readable_name":"Finding ID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"01234567-abcd-ef01-2345-6789abcdef01","expression":"[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*"}},"operators":["=","!="],"sortable":true,"filterable":true,"description":"# Finding ID\n## A unique identifier for a security issue\nEach security issue identified by Tenable Exposure Management is assigned a unique Finding ID. This ID helps to track and manage individual findings throughout their lifecycle.\n\nHere's why Finding IDs are important:\n- **Unique Identification:** Each finding receives a distinct ID, preventing confusion when dealing with multiple security issues.\n- **Tracking and Management:** The ID helps track a finding's status, remediation efforts, and history over time.\n- **Reporting and Analysis:** Finding IDs enable efficient reporting and analysis of security issues, allowing you to identify trends and patterns.\n- **Integration:** Finding IDs can be integrated with other security tools and systems for streamlined workflows.\n"},{"key":"state","readable_name":"State","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Active","value":"ACTIVE","deprecated":false},{"name":"Resurfaced","value":"RESURFACED","deprecated":false},{"name":"Fixed","value":"FIXED","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# State \n\n## Current status of a security issue\n\nThe state of a finding reflects the current status of a security issue identified within your IT environment. It helps you track the progress of remediation efforts and provides insights into the overall security posture.\n\nHere are the different states for findings in Exposure Management:\n\n- **Active** — The finding is new or has not yet been addressed. It requires further investigation and potential remediation.\n- **Resurfaced**—The finding was fixed but got back.\n- **Fixed**—The issue identified in the finding has been successfully resolved.\n"},{"key":"last_updated","readable_name":"Last Updated","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Updated \n\n## Date of the last technical finding update\n\nThe \"Last Updated\" attribute for a finding in Exposure Management refers to the most recent time and date when the technical details of a specific security finding were updated. This update could be triggered by various events, such as:\n\n- **New scan data**: When a new vulnerability scan is conducted, and new information about existing findings is discovered, the \"Last Updated\" timestamp is updated to reflect the latest scan date.\n- **Vulnerability database updates**: Exposure Management relies on vulnerability databases to identify and assess security issues. When these databases are updated with new information about vulnerabilities, the \"Last Updated\" timestamp for related findings is updated accordingly.\n- **Changes in asset configuration**: If the configuration of an asset associated with a finding is modified, it might impact the status or severity of the finding. In such cases, the \"Last Updated\" timestamp is updated to reflect the time of the configuration change.\n- **Manual verification or updates**: Security teams might manually verify or update the details of a finding based on their investigations or remediation efforts. These actions would also update the \"Last Updated\" timestamp.\n"},{"key":"first_observed_at","readable_name":"First Seen","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# First Seen\n## Date of the first apparition of the asset\nThe date on which Exposure Management first identified and added an asset to its inventory. This information is valuable for understanding the age of assets, identifying potential shadow IT, and tracking the history of devices on the network. \n"},{"key":"last_observed_at","readable_name":"Last Seen","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Seen\n## Date of the last scan\nThe \"Last Seen\" attribute in Exposure Management refers to the most recent date and time when a specific asset or resource was detected as active or online within your monitored environment. \n\nHere's a breakdown of its significance:\n\n- **Asset Visibility:** It helps you understand which devices are currently active within your network.\n- **Security Posture:** Assets that haven't been seen recently might indicate potential issues like offline devices or undiscovered assets.\n- **Vulnerability Management:** Knowing when an asset was last seen helps prioritize vulnerability scanning and remediation efforts. \n"},{"key":"port","readable_name":"Port","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Port\n## A communication endpoint\nIn computer networking, a port is a communication endpoint. At the software level, within an operating system, a port is a logical construct that identifies a specific process or service. Ports are associated with IP addresses and use port numbers to differentiate between different applications or services running on a single device.\n\nHere are some key points to understand about ports:\n\n- **Purpose**: Ports allow different applications to send and receive data without interfering with each other.\n- **Numbering**: Ports are identified by numbers, ranging from 0 to 65,535.\n- **Well-known Ports**: Some ports (0-1023) are reserved for specific protocols or services, like port 80 for HTTP (web traffic) and port 443 for HTTPS (secure web traffic).\n- **Scanning and Security**: Attackers often scan systems for open and potentially vulnerable ports to exploit.\n- **Firewalls**: Firewalls can be configured to block or allow traffic on specific ports, enhancing network security. \n"},{"key":"protocol","readable_name":"Protocol","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Protocol\n## A set of rules for communication\nIn computing, a protocol refers to a set of established rules, procedures, and conventions that govern the format and transmission of data between two or more communicating entities, typically devices or software applications, over a network.\n\nHere are some key points to understand about protocols in the context of the cyber industry:\n- **Purpose**: Protocols ensure interoperability and seamless communication between different systems, regardless of their underlying hardware or software.\n- **Structure**: They define data formats, addressing schemes, error handling mechanisms, and the sequence of messages exchanged during communication.\n- **Examples**: Common protocols include TCP/IP (for internet communication), HTTP/HTTPS (for web browsing), DNS (for domain name resolution), and FTP (for file transfer).\n- **Security**: Some protocols incorporate security features like encryption and authentication to protect data confidentiality and integrity during transmission.\n- **Vulnerabilities**: Like any software, protocols can have vulnerabilities that attackers may exploit. Using outdated or insecure protocols can expose systems to risks.\n"},{"key":"finding_attributes","readable_name":"Finding Attributes","control":{"type":"OBJECT","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["=","!=","exists","not exists"],"sortable":false,"filterable":false,"description":"# Finding Attributes\n## Characteristics of a security finding\nFinding attributes are specific pieces of information or characteristics associated with a security finding. These attributes provide context, details, and insights about the finding, helping security teams understand its nature, severity, and potential impact.\n\nHere are some key points to understand about finding attributes in the context of Exposure Management:\n\n- **Provide Context**: Attributes like the affected asset, vulnerability details, and discovery source offer valuable context for understanding the finding.\n- **Facilitate Prioritization**: Attributes like severity, exploit availability, and asset criticality help prioritize remediation efforts based on risk.\n- **Enable Filtering and Reporting**: Attributes allow security teams to filter, sort, and group findings for analysis, reporting, and remediation tracking.\n- **Examples of Attributes**: Common finding attributes include severity, CVE ID, CVSS score, affected asset, first seen date, last seen date, remediation status, and more. \n"},{"key":"detection_id","readable_name":"Detection ID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"CVE-2023-45678","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Detection ID \n\n## A unique identifier for a security issue found on an asset.\n\nIt acts as a fingerprint for a specific instance of a vulnerability or misconfiguration detected on a device or application. This ID helps in tracking, managing, and remediating security issues effectively.\n\nHere's why Detection IDs are important:\n\n- **Unique Identification:** Each security issue gets a distinct ID, avoiding confusion when dealing with multiple findings.\n- **Tracking and Management:** Exposure Management uses Detection IDs to monitor the status of vulnerabilities over time.\n- **Remediation and Reporting:** Security teams use these IDs to prioritize and address the most critical risks. Detection IDs are also valuable for reporting and compliance purposes. \n"},{"key":"finding_name","readable_name":"Finding Name","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Finding Name\n## The name assigned to a specific security event or incident.\nIn Exposure Management, a Finding Name refers to the specific identifier or label given to a security finding or alert generated by a vulnerability scan or other security monitoring tools. It helps to distinguish and categorize different types of security events based on their characteristics and potential impact.\n\nHere are some key points to understand about Finding Names in Exposure Management:\n\n- **Unique Identification**: Each Finding Name represents a distinct security issue or vulnerability that has been identified.\n- **Categorization and Classification**: Finding Names often follow a standardized format or taxonomy, allowing security teams to group and prioritize similar findings.\n- **Severity Levels**: Finding Names may be associated with severity levels (e.g., Critical, High, Medium, Low) to indicate the potential impact of the identified issue.\n- **Remediation Guidance**: Finding Names are typically linked to relevant information, such as descriptions, remediation steps, and best practices, to assist security teams in addressing the identified vulnerabilities.\n"},{"key":"solution","readable_name":"Solution","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Solution \n\n## A query language to find assets\n\nIt's a powerful query language within Exposure Management that enables security and IT professionals to search for and identify specific assets or groups of assets within their organization's IT environment. \n\nHere's a breakdown of how it works:\n\n- **Targeted Asset Discovery:** Instead of manually sifting through extensive asset inventories, you can construct precise queries to pinpoint the exact assets you need to analyze.\n- **Flexible Search Criteria:** You can use a wide range of criteria, including asset attributes (e.g., operating system, IP address, installed software), security posture (e.g., vulnerabilities, misconfigurations), and business context (e.g., asset owner, criticality).\n- **Efficient Risk Management:** By quickly identifying assets with specific vulnerabilities or security gaps, organizations can prioritize remediation efforts and reduce their overall cyber risk. \n"},{"key":"severity","readable_name":"Severity","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Info","value":"Info","deprecated":false},{"name":"Low","value":"Low","deprecated":false},{"name":"Medium","value":"Medium","deprecated":false},{"name":"High","value":"High","deprecated":false},{"name":"Critical","value":"Critical","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Severity \n## How bad is this finding ?\nThe severity of a finding, often referred to as vulnerability severity, is a classification that indicates the level of potential risk posed by a security vulnerability. It helps prioritize remediation efforts by highlighting the most critical vulnerabilities that require immediate attention.\n\nHere's a breakdown of common severity levels and their implications:\n\n- **Critical**: Critically severe vulnerabilities pose an immediate and significant risk to your organization. They often allow for remote code execution, complete system compromise, or data breaches.\n- **High**: High-severity vulnerabilities have a high likelihood of exploitation and could lead to significant damage or disruption.\n- **Medium**: Medium-severity vulnerabilities may not be easily exploitable but still represent a potential security risk. They might require specific conditions or user interaction to be exploited.\n- **Low**: Low-severity vulnerabilities pose a minimal risk to your organization. They might only result in minor inconveniences or limited impact.\n- **Informational**: Informational findings highlight potential security issues that do not directly pose a threat but could be leveraged in future attacks. \n"},{"key":"vpr_score","readable_name":"VPR Score","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^(?:\\d+\\.?)*\\d$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# VPR Score\n## Score to prioritize remediation actions\nVPR Score stands for Vulnerability Prioritization Rating Score. It's a numerical value assigned to vulnerabilities to help you prioritize remediation actions based on the severity of the vulnerability and its potential impact on your organization. \n\nHere's a breakdown of VPR Score:\n\n- **Range:** VPR Scores range from 0 to 10, with 10 being the most critical.\n- **Factors:** VPR Score considers factors like the vulnerability's exploit maturity, how easily it can be exploited, whether it's actively being exploited in the wild, and the potential impact on your organization's assets.\n- **Prioritization:** A high VPR Score indicates a vulnerability that requires immediate attention, while a lower score suggests it can be addressed with lower priority.\n- **Example Query:** `HAS AS Vulnerability VPR >= 9` would show all vulnerabilities with a VPR Score of 9 or higher. \n"},{"key":"cves","readable_name":"Cves","control":{"type":"ARRAY","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists","size =","size >=","size >","size <=","size <","size !="],"sortable":true,"filterable":true,"description":"# CVE \n\n## Known vulnerabilities and exposures for a finding\n\nA CVE (Common Vulnerabilities and Exposures) for a finding refers to a specific vulnerability or weakness identified in a software component or system configuration that has been publicly disclosed and assigned a unique CVE identifier. \n\nHere's a breakdown:\n\n- **Public Database**: CVEs are listed in a public database (maintained by MITRE) that provides detailed information about each vulnerability, including its description, severity, affected software versions, and potential impact.\n- **Standardized Identification**: Using CVE IDs helps in standardizing how vulnerabilities are identified and tracked across different security tools and organizations.\n- **Remediation Guidance**: CVE entries often include links to vendor patches, workarounds, or mitigation strategies that can be used to address the vulnerability.\n- **Contextual Awareness**: When a CVE is associated with a finding, it provides valuable context, enabling security teams to understand the specific vulnerability, its potential impact, and the urgency of remediation. \n"},{"key":"asset_id","readable_name":"Asset Id","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"01234567-abcd-ef01-2345-6789abcdef01","expression":"[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*"}},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset ID \n## Unique identifier of the asset on which the finding was discovered\nEach asset in Exposure Management is assigned a unique identifier. When a vulnerability or misconfiguration, referred to as a \"finding,\" is discovered on an asset, the \"Asset ID \" associates that finding with the specific asset it affects. This ID helps in pinpointing the affected asset and understanding its security posture.\n\nHere's why the \"Asset ID \" is important:\n\n- **Remediation**: It guides security teams directly to the asset requiring attention for vulnerability patching or configuration fixes.\n- **Risk Assessment**: By knowing which assets have findings, organizations can assess the potential impact on their business operations.\n- **Asset-Centric View**: It enables a consolidated view of all findings associated with a particular asset, providing a comprehensive understanding of its security status.\n- **Prioritization**: Understanding which assets have the most findings can help prioritize remediation efforts based on criticality and potential impact. \n"},{"key":"asset_name","readable_name":"Asset Name","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"hostname","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset Name \n\n## Name of the asset where the finding is discovered.\n\nThis field, within a finding, displays the name of the asset where the vulnerability or security issue has been identified. It helps to pinpoint the affected device or system. \n\nHere's why it's important:\n\n- **Targeted Remediation:** Knowing the asset name allows security teams to prioritize and focus their remediation efforts on the specific device or system that requires attention.\n- **Impact Assessment:** By identifying the affected asset, organizations can assess the potential impact of the finding on their business operations, data, and reputation.\n- **Asset Inventory:** The asset name helps in maintaining an accurate and up-to-date inventory of all assets within an organization's IT environment.\n- **Incident Response:** During security incidents, knowing the affected asset is crucial for rapid isolation, containment, and remediation.\n- **Risk Management:** Understanding which assets are affected by findings contributes to a comprehensive risk management strategy, enabling organizations to allocate resources effectively. \n"},{"key":"asset_class","readable_name":"Asset Class","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Account","value":"ACCOUNT","deprecated":false},{"name":"Web Application","value":"APPLICATION","deprecated":false},{"name":"Container","value":"CONTAINER","deprecated":false},{"name":"Other Resource","value":"GENERAL","deprecated":false},{"name":"Device","value":"DEVICE","deprecated":false},{"name":"Group","value":"GROUP","deprecated":false},{"name":"Infrastructure As Code","value":"IAC","deprecated":true},{"name":"Storage","value":"STORAGE","deprecated":false},{"name":"Person","value":"IDENTITY","deprecated":true},{"name":"Resource","value":"RESOURCE","deprecated":false},{"name":"Role","value":"ROLE","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset Class \n\n## Type of asset where the finding is discovered\n\nThe \"Asset Class \" refers to the specific category or type of asset within your IT environment where a security finding or vulnerability has been identified. \n\nHere's a breakdown:\n\n- **Context:** When Exposure Management scans your environment for vulnerabilities, it categorizes the findings based on the type of asset affected.\n- **Examples:** Common asset classes include \"Device,\" \"Web Application,\" \"Cloud Instance,\" \"Code Repository,\" or \"Container Image.\"\n- **Purpose:** This classification helps you understand which parts of your infrastructure are most vulnerable and prioritize remediation efforts accordingly.\n- **Filtering:** You can use the \"Asset Class \" filter in Cyber Asset Management to focus on vulnerabilities affecting specific asset types. For example: `HAS AS = \"Device\"` would show findings related to devices. \n"},{"key":"apa_total_steps_count","readable_name":"Total Number of Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Total Number of Attack Techniques \n## The number of attack techniques that can be used to exploit a vulnerability\nThis metric, found in Cyber Asset Management, represents the count of distinct attack techniques associated with a vulnerability. It provides insights into the various methods attackers could employ to exploit a specific weakness. \n\nHere's a breakdown:\n\n- **Higher numbers generally indicate a greater potential risk**, as more avenues exist for exploitation.\n- **It's crucial to prioritize vulnerabilities** with higher attack technique counts for remediation.\n- **This metric helps security teams understand the breadth of potential attack vectors** and allocate resources accordingly. \n"},{"key":"apa_low_steps_count","readable_name":"Number of Low Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number of Low Attack Techniques \n## Number of low techniques to potentially exploit a vulnerability\nThis metric, found in the Exposure Management application, counts the number of low-level techniques an attacker might use to exploit a specific vulnerability. \n\nHere's a breakdown:\n- **Low Attack Techniques:** These represent the easiest methods for attackers to exploit a vulnerability. They often require minimal technical skills or resources.\n- **Finding Exploitable Vulnerabilities:** Exposure Management helps identify vulnerabilities with a low number of attack techniques, allowing you to prioritize patching or mitigation efforts on the most easily exploitable weaknesses in your systems. \n"},{"key":"apa_medium_steps_count","readable_name":"Number of Medium Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number of Medium Attack Techniques \n\n## Number of MITRE ATT&CK techniques with a difficulty rating of \"Medium\" used to exploit a vulnerability.\n\nThis metric, found in Exposure Management, reflects the number of MITRE ATT&CK techniques classified as \"Medium\" in terms of difficulty that could be employed by an attacker to exploit a specific vulnerability present on an asset. \n\nHere's a breakdown:\n\n- **MITRE ATT&CK:** A globally recognized framework that categorizes and describes adversary tactics and techniques based on real-world observations.\n- **Techniques:** Specific procedures or methods used by attackers to achieve their objectives within a cyberattack.\n- **Difficulty Rating:** ATT&CK techniques are assigned difficulty ratings (e.g., \"Easy,\" \"Medium,\" \"Hard\") based on factors like the complexity of execution and the resources required.\n- **Exploitation:** The act of taking advantage of a vulnerability to gain unauthorized access or control over a system or data. \n"},{"key":"apa_high_steps_count","readable_name":"Number of High Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number of High Attack Techniques \n## Number of MITRE ATT&CK techniques classified as \"high\" for an asset.\nThis metric, found in Exposure Management, reflects the number of MITRE ATT&CK techniques, categorized as \"high\", associated with a specific asset. It helps to understand the potential attack surface of an asset based on known vulnerabilities and their exploitation techniques. \n\nHere's a breakdown:\n- **MITRE ATT&CK:** A globally recognized framework that describes adversary tactics and techniques based on real-world observations.\n- **Techniques:** Specific procedures or methods used by attackers to achieve their objectives within a tactic.\n- **\"High\" Classification:** Indicates techniques that are frequently used, easily exploited, or have a significant impact.\n- **Asset:** Any device, application, or system within your IT environment. \n"},{"key":"apa_critical_steps_count","readable_name":"Number of Critical Attack Techniques","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Number of Critical Attack Techniques \n## Number of MITRE ATT&CK techniques classified as \"Critical\" for an asset.\nThis metric, found in Cyber Asset Management, reflects how susceptible an asset is to attacks. It leverages the MITRE ATT&CK framework, a knowledge base of adversary tactics and techniques based on real-world observations. Each technique is assigned a severity score, and this metric specifically counts the techniques classified as \"Critical\" that apply to a given asset. The higher the count, the more vulnerable the asset is to potentially devastating attacks. \n\nHere's a breakdown:\n- **MITRE ATT&CK:** A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.\n- **Critical Severity:** Indicates techniques that have a high potential for impact and are frequently exploited by attackers.\n- **Asset Vulnerability:** A higher number of critical attack techniques associated with an asset indicates a greater susceptibility to serious cyberattacks. \n"},{"key":"sensor_type","readable_name":"Source","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"Accurics","value":"ACCURICS","deprecated":true},{"name":"Inventory","value":"INVENTORY","deprecated":true},{"name":"Rapid7 InsightVM","value":"RAPID_7","deprecated":true},{"name":"Tenable Security Center","value":"SECURITY_CENTER","deprecated":false},{"name":"Carbon Black","value":"CARBON_BLACK","deprecated":true},{"name":"Tenable Vulnerability Database","value":"TVDB","deprecated":true},{"name":"AWS Connector","value":"AWS","deprecated":true},{"name":"Tenable OT Security","value":"OT","deprecated":false},{"name":"Tenable Container Security","value":"CONSEC","deprecated":false},{"name":"Tenable Web Application Scanning","value":"WAS","deprecated":false},{"name":"Tenable Attack Surface Management","value":"ASM","deprecated":false},{"name":"Tenable Vulnerability Management","value":"NESSUS","deprecated":false},{"name":"Tenable Cloud Security","value":"CLOUD_SCAN","deprecated":false},{"name":"Tenable Identity Exposure","value":"TIE","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Source\n## Where data is coming from\nSource refers to the origin or provider of the data being used in a particular context. In Exposure Management, the source typically refers to the origin of the security data that is being used to assess and manage cyber risk.\n\nHere are some key points to understand about sources in the context of Exposure Management:\n\n- **Data Collection**: Exposure Management platforms gather data from various sources to provide a comprehensive view of an organization's security posture.\n- **Integration**: Exposure Management solutions often integrate with a wide range of third-party security tools and platforms to collect data from different sources.\n- **Data Enrichment**: Data from different sources can be combined and enriched to provide more context and insights. For example, vulnerability data can be combined with asset information to identify which systems are most critical and vulnerable.\n- **Contextual Understanding**: Understanding the source of data is crucial for interpreting the results of security assessments and making informed decisions about risk mitigation. \n"}]}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted."},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the list of finding properties."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/software/properties":{"get":{"summary":"List software properties","description":"Returns a list of software properties that can be used for filters on endpoints that support them. For example, the properties that are returned by this endpoint can be used as filters for the [Search software](ref:inventory-software-search) endpoint.\n\n In addition to the software properties, the results list includes the logical operators you can use with the tag properties along with the supported values.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-software-properties-list","tags":["Inventory"],"responses":{"200":{"description":"Returned if the list of software properties was retrieved successfully.","content":{"application/json":{"schema":{"description":"A list of software properties.","type":"object","properties":{"properties":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Properties-Object"}}}},"examples":{"response":{"value":{"data":[{"key":"cpe","readable_name":"Common Platform Enumeration","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"cpe:2.3:o:microsoft:windows_7:-:sp2:*:*:*:*:*:*","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Common Platform Enumeration\n## A software inventory technique\n\nCommon Platform Enumeration (CPE) is a software inventory technique that identifies the software installed on a device. CPE uses a standardized format to identify software, which makes it easier to track and manage software assets.\n\nHere are some key points to understand about CPE:\n- **CPE is a standard format for identifying software**. The CPE format consists of a vendor name, product name, version, and edition. This makes it easy to identify software and track changes over time.\n- **CPE can be used to identify both installed and uninstalled software**. This makes it a valuable tool for software inventory and asset management.\n- **CPE can be used to generate reports on software usage**. This information can be used to make decisions about software licensing and usage.\n\n## Example:\n```\nCPE:2.3:Microsoft:Windows_Server:2012_R2:SP1\n```\n\nThis CPE identifies Microsoft Windows Server 2012 R2 Service Pack 1.\n"},{"key":"publisher","readable_name":"Publisher (Original)","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"tenable","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Publisher (Original)\n## Organization that develops software\nA software publisher is the organization responsible for creating, distributing, and often supporting a software application. They are the entities that hold the intellectual property rights to the software and determine how it is licensed and used.\n\nHere are some key points to understand about software publishers in the context of the cyber industry:\n\n- **Development**: Publishers are involved in the entire software development lifecycle, from conceptualization and coding to testing and release.\n- **Distribution**: They determine how the software is made available to users, whether through direct downloads, app stores, or physical media.\n- **Licensing**: Publishers establish the terms of use for their software through End User License Agreements (EULAs), which define how the software can be used, copied, and distributed.\n- **Support**: Many publishers offer technical support, updates, and patches to address bugs, security vulnerabilities, and compatibility issues.\n- **Security Implications**: The reputation and security practices of a software publisher are crucial considerations in cybersecurity. Using software from reputable publishers with strong security track records can reduce the risk of vulnerabilities and malware. \n"},{"key":"application","readable_name":"Application (Original)","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"Google Chrome","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Application (Original)\n## A software program\nAn application, often called \"app,\" is a type of software program designed to perform specific tasks or functions for users or other applications. \n\nHere are some key points to understand about applications in the context of the cyber industry:\n\n- **User-facing applications:** These applications are designed for direct interaction with end-users. Examples include web browsers, email clients, word processors, spreadsheets, and games.\n- **System applications:** These applications interact with the computer system or other applications. Examples include operating systems, device drivers, programming tools, and system utilities.\n- **Web applications:** These applications run on web servers and are accessed by users through web browsers over the internet or intranet. Examples include online shopping websites, social media platforms, and online banking portals.\n- **Mobile applications:** These applications are specifically designed to run on mobile devices such as smartphones and tablets. They can be native apps (developed for a specific platform like iOS or Android) or web-based apps accessed through the device's web browser.\n- **Embedded applications:** These applications are integrated into specific devices or systems to control their functionality. Examples include firmware in routers, control systems in industrial equipment, and software in medical devices. \n"},{"key":"version","readable_name":"Version","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"154.69.0","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Version\n## The version of a software\n\nThe version of a software is a unique identifier that indicates the specific release of the software. It is typically composed of a major version number, a minor version number, and a build number. For example, the version of Windows 10 is 10.0.19041.867.\n\nThe version of a software can be important for several reasons. First, it can indicate whether the software has been patched with security updates. Second, it can indicate whether the software is compatible with other systems and applications. Third, it can be used to track changes in the software over time.\n\nIn the context of cyber security, the version of a software can be important for several reasons. First, it can be used to identify vulnerabilities in the software. Second, it can be used to determine whether the software is up-to-date with security patches. Third, it can be used to track changes in the software over time.\n"},{"key":"software_update","readable_name":"Software Update","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"3.0","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Software Update\n## A software update is a set of files that can be installed on a device to update the software on that device.\n\nSoftware updates are typically released by software vendors to fix bugs, add new features, or improve security. They can be installed manually or automatically.\n\nHere are some key points to understand about software updates in the context of the cyber industry:\n- **Importance of Software Updates**: Software updates are important because they can help to keep devices secure and up-to-date. By installing software updates, users can help to protect their devices from vulnerabilities that could be exploited by attackers.\n- **Types of Software Updates**: There are two main types of software updates: security updates and feature updates. Security updates are released to fix vulnerabilities in software. Feature updates are released to add new features or improve existing features.\n- **How to Install Software Updates**: Software updates can be installed manually or automatically. To install a software update manually, users can download the update from the software vendor's website and then install it on their device. To install a software update automatically, users can enable automatic updates in their device's settings.\n"},{"key":"edition","readable_name":"Edition","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"MacOS High Sierra","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Edition\n## A software version\n\nAn edition is a specific version of a software product. It may include additional features or functionality not found in other editions. Editions are typically named after their features or functionality, such as \"Standard Edition\" or \"Enterprise Edition.\"\n\nHere are some key points to understand about editions in the context of the cyber industry:\n- **Editions are typically named after their features or functionality**. For example, a software product may have a \"Standard Edition\" and an \"Enterprise Edition.\" The Enterprise Edition may include additional features or functionality not found in the Standard Edition.\n- **Editions are often used to differentiate between different levels of support**. For example, a software vendor may offer a higher level of support for customers who purchase the Enterprise Edition of their product.\n- **Editions can also be used to differentiate between different pricing tiers**. For example, a software vendor may charge more for the Enterprise Edition of their product than for the Standard Edition.\n"},{"key":"software_edition","readable_name":"Software Edition","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"Microsoft Power BI","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Software Edition\n## The version of a software\n\nThe software edition is the version of a software. It can be used to identify the specific features and functionality that are included in the software. For example, the software edition might be \"Enterprise\" or \"Standard.\"\n\nHere are some key points to understand about software editions in the context of the cyber industry:\n- **Software Editions and Security**: Software editions can have a significant impact on security. For example, some editions might include additional security features that are not available in other editions. It is important to select the software edition that meets your security needs.\n- **Software Editions and Compliance**: Software editions can also impact compliance. For example, some regulations might require that you use a specific software edition. It is important to select the software edition that meets your compliance requirements.\n- **Software Editions and Cost**: Software editions can also impact cost. For example, some editions might be more expensive than others. It is important to select the software edition that meets your budget.\n"},{"key":"target_software","readable_name":"Target Software","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"Enterprise","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Target Software\n## Software properties\n\nTarget Software is a software property that indicates the software that is running on a device. This property can be used to identify the specific software that is installed on a device, as well as the version of the software. This information can be used to assess the risk of a device being vulnerable to attack, as well as to determine the appropriate security measures that should be taken to protect the device.\n\nHere are some key points to understand about Target Software in the context of the cyber industry:\n- **Software Identification**: Target Software can be used to identify the specific software that is installed on a device. This information can be used to assess the risk of a device being vulnerable to attack, as well as to determine the appropriate security measures that should be taken to protect the device.\n- **Software Version**: Target Software can also be used to identify the version of the software that is installed on a device. This information can be used to determine whether the software is up-to-date with the latest security patches. If the software is not up-to-date, it may be vulnerable to attack.\n- **Software Vulnerability**: Target Software can also be used to identify vulnerabilities in the software that is installed on a device. This information can be used to assess the risk of a device being attacked and to determine the appropriate security measures that should be taken to protect the device.\n"},{"key":"target_hardware","readable_name":"Target Hardware","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"CPU","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Target Hardware\n## The hardware that a software is designed to run on\n\nTarget hardware is the hardware that a software is designed to run on. This can include specific types of processors, operating systems, and other hardware components. It is important to ensure that the target hardware is compatible with the software before installing it.\n\nHere are some key points to understand about target hardware in the context of the cyber industry:\n- **Compatibility**: The target hardware must be compatible with the software in order for it to run properly. This means that the hardware must have the necessary components and be running the correct operating system.\n- **Performance**: The target hardware will affect the performance of the software. For example, a software that is designed to run on a high-end processor will not perform well on a low-end processor.\n- **Security**: The target hardware can also affect the security of the software. For example, a software that is designed to run on a secure operating system will be more secure than a software that is designed to run on an insecure operating system.\n\nIt is important to choose the correct target hardware for the software in order to ensure compatibility, performance, and security.\n"},{"key":"software_language","readable_name":"Software Language","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"Java","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Software Language\n## The language used to write a software\n\nA software language is a set of rules that define how to write software. It is a way of communicating with a computer. Software languages are used to create programs, scripts, and other types of software.\n\nThere are many different software languages, each with its own strengths and weaknesses. Some popular software languages include Python, Java, C++, and JavaScript.\n\nSoftware languages are constantly evolving, with new languages being created and old languages being updated. This is because the needs of software developers are constantly changing.\n\nSoftware languages are an essential part of the software development process. They allow developers to communicate with computers and create the software that we use every day.\n"},{"key":"software_other","readable_name":"Software Other","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"Chrome","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Software Other\n## Properties of software\n\nSoftware Other is a category of software that does not fall into any of the other categories. It includes software that is not used for business purposes, such as games, entertainment software, and personal productivity software. It also includes software that is used for business purposes but is not critical to the operation of the organization, such as office productivity software and graphics software.\n\nSoftware Other can be a source of security vulnerabilities. It is important to keep software up to date and to install security patches as soon as they are available. It is also important to have a strong security policy in place that covers the use of Software Other.\n\nHere are some key points to understand about Software Other in the context of the cyber industry:\n- **Types of Software Other**: Software Other can include a wide variety of software, such as games, entertainment software, personal productivity software, office productivity software, and graphics software.\n- **Security Risks**: Software Other can be a source of security vulnerabilities. It is important to keep software up to date and to install security patches as soon as they are available. It is also important to have a strong security policy in place that covers the use of Software Other.\n- **Mitigation Strategies**: Mitigation strategies for Software Other include keeping software up to date, installing security patches, and having a strong security policy in place.\n"},{"key":"display_publisher","readable_name":"Publisher","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"tenable","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Publisher\n## Organization that develops software\nA software publisher is the organization responsible for creating, distributing, and often supporting a software application. They are the entities that hold the intellectual property rights to the software and determine how it is licensed and used.\n\nHere are some key points to understand about software publishers in the context of the cyber industry:\n\n- **Development**: Publishers are involved in the entire software development lifecycle, from conceptualization and coding to testing and release.\n- **Distribution**: They determine how the software is made available to users, whether through direct downloads, app stores, or physical media.\n- **Licensing**: Publishers establish the terms of use for their software through End User License Agreements (EULAs), which define how the software can be used, copied, and distributed.\n- **Support**: Many publishers offer technical support, updates, and patches to address bugs, security vulnerabilities, and compatibility issues.\n- **Security Implications**: The reputation and security practices of a software publisher are crucial considerations in cybersecurity. Using software from reputable publishers with strong security track records can reduce the risk of vulnerabilities and malware. \n"},{"key":"display_application","readable_name":"Application","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"tenable","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Application\n## A software program\nAn application, often called \"app,\" is a type of software program designed to perform specific tasks or functions for users or other applications. \n\nHere are some key points to understand about applications in the context of the cyber industry:\n\n- **User-facing applications:** These applications are designed for direct interaction with end-users. Examples include web browsers, email clients, word processors, spreadsheets, and games.\n- **System applications:** These applications interact with the computer system or other applications. Examples include operating systems, device drivers, programming tools, and system utilities.\n- **Web applications:** These applications run on web servers and are accessed by users through web browsers over the internet or intranet. Examples include online shopping websites, social media platforms, and online banking portals.\n- **Mobile applications:** These applications are specifically designed to run on mobile devices such as smartphones and tablets. They can be native apps (developed for a specific platform like iOS or Android) or web-based apps accessed through the device's web browser.\n- **Embedded applications:** These applications are integrated into specific devices or systems to control their functionality. Examples include firmware in routers, control systems in industrial equipment, and software in medical devices. \n"},{"key":"file_location","readable_name":"File location","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"/opt/nessus_agent","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# File location\n## The location of a file on a device\n\nThe file location is the path to a file on a device. It is typically represented as a series of folders and subfolders, separated by slashes (/). For example, the file location for the file \"index.html\" on the web server \"www.example.com\" would be \"/var/www/html/index.html\".\n\nThe file location is important because it determines where a file is stored on a device and how it can be accessed. For example, a file that is stored in a public location, such as the web server's root directory, can be accessed by anyone who has access to the web server. However, a file that is stored in a private location, such as a user's home directory, can only be accessed by the user who owns it.\n\nThe file location can also be used to determine the file's type and permissions. For example, a file that is stored in the \"/bin\" directory is typically an executable file, while a file that is stored in the \"/etc\" directory is typically a configuration file. The file's permissions can also be determined by its location. For example, a file that is stored in the \"/root\" directory typically has root permissions, while a file that is stored in a user's home directory typically has the user's permissions.\n"},{"key":"port_binding_count","readable_name":"Port Binding Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"6","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Port Binding Count\n## The number of ports that are bound to a software.\n\nPort binding is a security feature that helps to protect a software application from unauthorized access. When a port is bound to a software application, only that application can use the port. This helps to prevent other applications from accessing the port and potentially compromising the software application.\n\nThe port binding count is a measure of the number of ports that are bound to a software application. A high port binding count indicates that the software application is well-protected from unauthorized access. A low port binding count indicates that the software application may be vulnerable to unauthorized access.\n\nThe port binding count can be used to assess the security of a software application. A high port binding count indicates that the software application is well-protected from unauthorized access. A low port binding count indicates that the software application may be vulnerable to unauthorized access.\n"},{"key":"ports","readable_name":"Ports","control":{"type":"NUMBER","multiple_allowed":true,"regex":{"hint":"22","expression":"^\\d+$"}},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Ports\n## A network port is a logical construct that identifies a specific network service.\n\nA port is a logical construct that identifies a specific network service. It is a number that is used to identify the application or service that is running on a computer. Ports are used by the TCP/IP protocol to route data to the correct application.\n\nThere are two main types of ports: well-known ports and registered ports. Well-known ports are ports that are used by specific applications. For example, port 80 is used for HTTP, port 22 is used for SSH, and port 443 is used for HTTPS. Registered ports are ports that are assigned to specific applications by the Internet Assigned Numbers Authority (IANA).\n\nPorts can be used to identify both the source and destination of network traffic. For example, if a computer is sending data to port 80 on another computer, then the source port is the port on the sending computer and the destination port is the port on the receiving computer.\n\nPorts can also be used to control access to network services. For example, a firewall can be configured to allow or deny traffic to specific ports. This can be used to block access to certain applications or services.\n\nPorts are an important part of the TCP/IP protocol and are used to route data to the correct application. They can also be used to identify the source and destination of network traffic and to control access to network services.\n"},{"key":"protocols","readable_name":"Protocols","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"TCP","expression":".*"}},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Protocols\n## A set of rules that govern the communication between two or more entities\n\nA protocol is a set of rules that govern the communication between two or more entities. It defines the format and timing of messages, as well as the rules for error handling and recovery. Protocols are used in a variety of contexts, including computer networking, telecommunications, and business.\n\nIn the context of cyber security, protocols are used to ensure that communication between devices is secure. For example, the Secure Sockets Layer (SSL) protocol is used to encrypt data that is transmitted over the internet. This helps to protect sensitive information, such as credit card numbers and passwords, from being intercepted by malicious actors.\n\nProtocols are also used to authenticate users and devices. For example, the Kerberos protocol is used to authenticate users on a network. This helps to prevent unauthorized access to resources.\n\nProtocols are an essential part of cyber security. They help to ensure that communication between devices is secure and that users and devices are properly authenticated.\n"},{"key":"last_seen_version","readable_name":"Last Seen Version","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"1.2.6","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Last Seen Version\n## The last version of the software that was seen on the device\n\nThe last seen version is the most recent version of the software that was detected on the device. This information can be used to identify outdated software that may be vulnerable to attack.\n\nHere are some key points to understand about last seen versions in the context of the cyber industry:\n- **Software Versions**: Software versions are different iterations of the same software. They typically include bug fixes, security updates, and new features.\n- **Outdated Software**: Software that is not up to date with the latest version is considered outdated. Outdated software may be vulnerable to attack and should be patched as soon as possible.\n- **Vulnerabilities**: Vulnerabilities are weaknesses in software that can be exploited by attackers. Outdated software is often more vulnerable to attack than up-to-date software.\n- **Patches**: Patches are updates that fix vulnerabilities in software. They should be installed as soon as possible to reduce the risk of attack.\n\nThe last seen version can be used to identify outdated software that may be vulnerable to attack. This information can be used to prioritize patching efforts and to identify devices that may need to be replaced.\n"},{"key":"eol_date","readable_name":"Security End Of Life","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Security End Of Life \n## Software no longer supported by vendor\nSecurity End of Life (EOL) for software refers to the point in time when a software vendor ceases to provide support, updates, and security patches for a particular software product. \n\nHere's what you need to know about Security End of Life:\n\n- **Increased Security Risks:** Without security updates, software becomes vulnerable to newly discovered threats.\n- **Compliance Violations:** Using EOL software may violate regulatory and industry compliance standards.\n- **Lack of Support:** Vendors typically don't offer assistance for issues encountered with EOL software.\n- **Compatibility Issues:** EOL software may not be compatible with newer operating systems or hardware.\n- **Data Loss and Downtime:** Exploited vulnerabilities in EOL software can lead to data breaches, system downtime, and operational disruptions. \n"},{"key":"devices_count","readable_name":"Devices Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"5","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Devices Count\n## The number of devices that have a given property\n\nThe devices count is a metric that measures the number of devices that have a given property. This can be used to track the number of devices that are running a specific software version, have a certain vulnerability, or are located in a particular geographic region.\n\nThe devices count can be used to identify potential security risks. For example, if a large number of devices are running an outdated software version, they may be vulnerable to attack. The devices count can also be used to track the effectiveness of security measures. For example, if the number of devices with a particular vulnerability decreases after a patch is released, this indicates that the patch is effective.\n\nThe devices count is a valuable metric for cyber asset management. It can be used to track the health and security of devices, identify potential risks, and measure the effectiveness of security measures.\n"},{"key":"version_count","readable_name":"Version Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"5","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Version Count\n## The number of versions of a software\n\nThe version count is the number of different versions of a software that have been released. This can be used to track the maturity of a software and to identify potential security vulnerabilities.\n\nHere are some key points to understand about version count in the context of the cyber industry:\n- **Software Versions**: A software version is a specific release of a software product. It is typically identified by a version number, which is a unique identifier that consists of one or more numbers or letters.\n- **Software Maturity**: The maturity of a software is a measure of its stability and reliability. A software that has been released in multiple versions is generally considered to be more mature than a software that has only been released in a single version.\n- **Security Vulnerabilities**: A security vulnerability is a weakness in a software that can be exploited by an attacker to gain unauthorized access to a system or to steal data. Software that has been released in multiple versions is more likely to have security vulnerabilities than software that has only been released in a single version.\n\nThe version count can be used to track the maturity of a software and to identify potential security vulnerabilities. A software that has been released in multiple versions is generally considered to be more mature than a software that has only been released in a single version. Software that has been released in multiple versions is also more likely to have security vulnerabilities than software that has only been released in a single version.\n"},{"key":"cpe_count","readable_name":"Cpe Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"5","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Cpe Count\n## The number of CPEs associated with a software\n\nA CPE (Common Platform Enumeration) is a unique identifier for a software product. It is used to track software vulnerabilities and ensure that the correct patches are applied. The CPE Count property indicates the number of CPEs associated with a given software asset. This can be useful for identifying software that is out of date or has known vulnerabilities.\n\nHere are some key points to understand about the CPE Count property:\n- **CPEs are used to track software vulnerabilities**. A CPE is a unique identifier for a software product. It is used to track software vulnerabilities and ensure that the correct patches are applied.\n- **The CPE Count property indicates the number of CPEs associated with a given software asset**. This can be useful for identifying software that is out of date or has known vulnerabilities.\n- **The CPE Count property can be used to generate reports and identify trends**. For example, you could use the CPE Count property to generate a report that shows the number of software assets with known vulnerabilities. You could also use the CPE Count property to identify trends in the number of software assets with known vulnerabilities over time.\n"},{"key":"file_location_count","readable_name":"File Location Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"5","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# File Location Count\n## The number of unique locations where a file is stored\n\nThe file location count is a property that indicates the number of unique locations where a file is stored. This can be useful for identifying files that are stored in multiple locations, which may be an indication of a security risk.\n\nFor example, if a file is stored in both the user's home directory and the system's temp directory, it may be more difficult to control who has access to the file. Additionally, if a file is stored in multiple locations, it may be more difficult to keep track of changes to the file.\n\nThe file location count can be used to identify files that are stored in multiple locations and to track changes to files. This information can be used to improve security by ensuring that files are only stored in authorized locations and that changes to files are tracked.\n"},{"key":"type","readable_name":"Type","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"Operating System","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Type\n## The type of a software\n\nThe type of a software is a classification that indicates the purpose or function of the software. Common types of software include:\n- **Application Software**: Software that is designed to perform a specific task or set of tasks. Examples include word processing software, spreadsheets, and databases.\n- **System Software**: Software that is designed to manage the operation of a computer system. Examples include operating systems, device drivers, and utilities.\n- **Middleware**: Software that acts as a bridge between application software and system software. Examples include database management systems, application servers, and web servers.\n- **Platform Software**: Software that provides a foundation for the development and execution of other software. Examples include operating systems, virtual machines, and development tools.\n\nThe type of a software can be used to identify potential vulnerabilities and risks. For example, application software is more likely to contain vulnerabilities than system software, because it is more complex and is often developed by third-party vendors.\n"},{"key":"asset_sources","readable_name":"Sources","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"AWS Connector","value":"AWS","deprecated":true},{"name":"AWS SSM agent","value":"SSM","deprecated":true},{"name":"Agent","value":"NESSUS_AGENT","deprecated":true},{"name":"Azure Connector","value":"AZURE","deprecated":true},{"name":"Azure Frictionless Assessment","value":"AZURE_FA","deprecated":true},{"name":"GCP Connector","value":"GCP","deprecated":true},{"name":"Nessus Network Monitor","value":"PVS","deprecated":true},{"name":"Nessus","value":"NESSUS_SCAN","deprecated":true},{"name":"Tenable Web Application Scanning","value":"WAS","deprecated":false},{"name":"Tenable Identity Exposure","value":"TIE","deprecated":false},{"name":"Tenable Cloud Security (Legacy)","value":"T.CS","deprecated":true},{"name":"Tenable Cloud Security","value":"CLOUD","deprecated":false},{"name":"Tenable Attack Surface Management","value":"ASM","deprecated":false},{"name":"Tenable Vulnerability Management","value":"T.IO","deprecated":false},{"name":"Tenable OT Security","value":"T.OT","deprecated":false},{"name":"Tenable Container Security","value":"CONSEC","deprecated":false},{"name":"Tenable Cloud Security (core)","value":"CORE_CLOUDRESOURCE","deprecated":true},{"name":"Qualys VMDR","value":"QUALYS","deprecated":false,"third_party":true},{"name":"SentinelOne Singularity","value":"SENTINEL_ONE","deprecated":false,"third_party":true},{"name":"Rapid7 InsightVM","value":"RAPID_7","deprecated":true},{"name":"Tenable Security Center","value":"SECURITY_CENTER","deprecated":false},{"name":"Carbon Black Workload","value":"CARBON_BLACK","deprecated":true},{"name":"Microsoft Defender","value":"MICROSOFT_DEFENDER","deprecated":false,"third_party":true},{"name":"CrowdStrike Falcon","value":"CROWDSTRIKE","deprecated":false},{"name":"ServiceNow","value":"SERVICE_NOW","deprecated":false},{"name":"Unclassified","value":"UNCLASSIFIED","deprecated":false}]},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Sources\n## The origin of a software\n\nThe source of a software is the place where it was created or obtained. It can be a software vendor, a repository, or a third-party website. The source of a software is important because it can affect its security and reliability. For example, software obtained from a reputable vendor is more likely to be secure than software obtained from an unknown source.\n\nHere are some key points to understand about sources in the context of the cyber industry:\n- **Software Vendors**: These are companies that develop and sell software. They are the primary source of software for most organizations.\n- **Repositories**: These are online storage locations where software can be downloaded. Repositories can be public or private. Public repositories are open to anyone, while private repositories are only accessible to authorized users.\n- **Third-Party Websites**: These are websites that offer software for download. They can be legitimate or malicious. Legitimate third-party websites offer software from reputable vendors, while malicious third-party websites offer software that is infected with malware.\n\nIt is important to be aware of the source of software before installing it. Software obtained from a reputable source is more likely to be secure and reliable.\n"},{"key":"last_seen","readable_name":"Last Seen","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Seen\n## The date and time when a software was last seen on a device\n\nLast seen is a property that indicates the date and time when a software was last seen on a device. This information can be used to track the movement of software across devices and to identify devices that may have been compromised.\n\nHere are some key points to understand about last seen in the context of the cyber industry:\n- **Last seen is a valuable indicator of device compromise**. If a software is seen on a device that it is not typically installed on, it may be a sign that the device has been compromised.\n- **Last seen can be used to track the movement of software across devices**. This information can be used to identify devices that may have been compromised or to track the spread of malware.\n- **Last seen can be used to identify devices that are not being used**. This information can be used to save money on energy costs or to identify devices that may be vulnerable to attack.\n"},{"key":"first_seen","readable_name":"First Seen","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# First Seen\n## The date when the software was first seen by Tenable\n\nThe first seen date is the date when the software was first seen by Tenable. This date is important because it can be used to track the age of the software and to identify any potential vulnerabilities that may have been discovered since the software was first released.\n\nHere are some key points to understand about first seen dates in the context of the cyber industry:\n- **First Seen Dates Can Be Used to Track the Age of Software**: The first seen date can be used to track the age of software. This information can be helpful in identifying potential vulnerabilities that may have been discovered since the software was first released.\n- **First Seen Dates Can Be Used to Identify Potential Vulnerabilities**: The first seen date can also be used to identify potential vulnerabilities that may have been discovered since the software was first released. This information can be helpful in prioritizing security updates and patches.\n- **First Seen Dates Can Be Used to Track the Spread of Malware**: First seen dates can also be used to track the spread of malware. This information can be helpful in identifying potential threats and in developing mitigation strategies.\n"},{"key":"category_names","readable_name":"Category","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"Browser, Web Server, etc.,","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Software Category\n## A way to classify software\nSoftware categories are used to group software based on their functionality, purpose, or target audience. This categorization helps in organizing and managing software assets, understanding their risks, and applying appropriate security controls. \n\nHere are some common software categories:\n- **Operating Systems**: Examples include Windows, macOS, Linux, Android, and iOS.\n- **Applications**: Software designed for specific tasks, such as productivity suites (Microsoft Office, Google Workspace), web browsers (Chrome, Firefox, Safari), and communication tools (Slack, Microsoft Teams).\n- **Databases**: Systems for storing, managing, and retrieving data. Examples include MySQL, PostgreSQL, MongoDB, and Microsoft SQL Server.\n- **Security Software**: Designed to protect systems and data from threats. Examples include antivirus software, firewalls, intrusion detection systems, and security information and event management (SIEM) systems.\n- **Cloud-Based Software**: Hosted and accessed over the internet. Examples include Software as a Service (SaaS) applications like Salesforce, Dropbox, and Office 365. \n"}]}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted."},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the list of software properties."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/inventory/export/assets":{"post":{"summary":"Export assets","description":"Exports assets in your organization that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-assets","tags":["Inventory Exports"],"parameters":[{"description":"Specifies which asset properties to include in the export. Provide multiple properties as a comma-separated list. \n\nBy default, if no properties are provided, the export includes the following properties: `asset_name`, `asset_id`, `asset_class`, `aes`, and `asset_criticality_rating_(acr)`\n\nUse the [List assets properties](ref:inventory-asset-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `created_at`, `sources`, and `fqdns`.","explode":true,"in":"query","name":"properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"When set to `true`, returns the human-readable names of properties instead of internal key names.","explode":true,"in":"query","name":"use_readable_name","required":false,"schema":{"default":true,"type":"boolean"},"style":"form"},{"description":"Maximum size, in bytes, for each export chunk when exporting large datasets.\n\nIf omitted, the default is `20971520` bytes (20 MB). The maximum value is `104857600` (100 MB) and the minimum value is `5242880` (5 MB).","explode":true,"in":"query","name":"max_chunk_file_size","required":false,"schema":{"type":"integer","default":20971520,"minimum":5242880,"maximum":104857600},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `asset_name:asc` or `acr:desc`","example":"acr:desc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"application:asc"},"style":"form"},{"description":"Specifies the file format for the export.\n\nDefaults to `JSON` if not provided. Valid values are `CSV` and `JSON`.","example":"CSV","explode":true,"in":"query","name":"file_format","required":false,"schema":{"$ref":"#/components/schemas/Inventory_Exports_Dataset-File-Format"},"style":"form"},{"description":"When set to `true`, the exported file is compressed using GZIP. \n\nThe compressed file retains its original format (CSV or JSON) but is smaller in size, which helps reduce download time and storage requirements. You must decompress the file with a standard GZIP tool before processing. This option is particularly useful for large exports or limited-bandwidth environments.","example":true,"explode":true,"in":"query","name":"compress","required":false,"schema":{"default":false,"type":"boolean"},"style":"form"}],"requestBody":{"required":false,"content":{"application/json":{"schema":{"type":"object","nullable":true,"properties":{"filters":{"description":"A set of asset properties used to filter the export results. \n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to view available asset properties that can be used as filters.","type":"array","nullable":true,"items":{"$ref":"#/components/schemas/Inventory_Exports_Assets-Property-Filter"}},"query":{"type":"object","description":"Filter the export results by query. A query consists of the search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. You can choose either `simple` or `advanced`.\n* `simple`—A simple query enables you to search for assets by asset name or asset ID.\n* `advanced`—An advanced query enables you to build a specific query to search for assets.","type":"string","default":"simple","enum":["simple","advanced"]},"text":{"description":"For simple searches, either an asset name or an asset ID. For advanced searches, a query string. Advanced users can use the query builder in the user interface to create a query string.\n\nFor example, some common advanced queries are:\n\n* Cloud assets with critical severity findings—`Assets HAS sources = \"CLOUD\" WITH Weakness HAS severity = \"Critical\"` \n* Cloud assets with critical severity findings and AES score above 700—`Assets HAS sources = \"CLOUD\" AND aes >= 700 WITH Weakness HAS severity = \"Critical\"` \n* Cloud assets exposing secrets and AES score above 700—`Assets HAS sources = \"CLOUD\" AND aes >= 700 WITH Weakness HAS detection_name contains \"exposing secrets\"` \n* Account assets with critical weaknesses—`Assets as Account with weakness has severity_level >= 3` \n* Assets discovered but not scanned for weaknesses—`Assets as Device has is_licensed = false and last_observed_at > \"1988-01-01\"`","type":"string","example":"Assets"}},"required":["mode","text"]}}}}}},"responses":{"200":{"description":"Returned if the asset export request was successfully queued.","content":{"application/json":{"schema":{"type":"object","properties":{"export_id":{"type":"string","description":"The unique identifier (UUID) of the asset export.","format":"uuid"}}},"examples":{"response":{"value":{"export_id":"7f58afba-3d63-4c6d-9693-9554497ea0f9"}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Export column 'prop1' is not supported.","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to export assets."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/inventory/export/findings":{"post":{"summary":"Export findings","description":"Exports findings in your organization that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-findings","tags":["Inventory Exports"],"parameters":[{"description":"Specifies which findings properties to include in the export. Provide multiple properties as a comma-separated list. \n\nBy default, if no properties are provided, the export includes the following properties: `asset_id`, `finding_id`, `finding_name`, `severity`, and `state`\n\nUse the [List findings properties](ref:inventory-finding-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `asset_name`, `solution`, and `vpr_score` as properties.","explode":true,"in":"query","name":"properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"When set to `true`, returns the human-readable names of properties instead of internal key names.","explode":true,"in":"query","name":"use_readable_name","required":false,"schema":{"default":true,"type":"boolean"},"style":"form"},{"description":"Maximum size, in bytes, for each export chunk when exporting large datasets.\n\nIf omitted, the default is `20971520` bytes (20 MB). The maximum value is `104857600` (100 MB) and the minimum value is `5242880` (5 MB).","explode":true,"in":"query","name":"max_chunk_file_size","required":false,"schema":{"type":"integer","default":20971520,"minimum":5242880,"maximum":104857600},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `finding_name:asc` or `severity:desc`","example":"severity:desc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"application:asc"},"style":"form"},{"description":"Specifies the file format for the export.\n\nDefaults to `JSON` if not provided. Valid values are `CSV` and `JSON`.","example":"JSON","explode":true,"in":"query","name":"file_format","required":false,"schema":{"$ref":"#/components/schemas/Inventory_Exports_Dataset-File-Format"},"style":"form"},{"description":"When set to `true`, the exported file is compressed using GZIP. \n\nThe compressed file retains its original format (CSV or JSON) but is smaller in size, which helps reduce download time and storage requirements. You must decompress the file with a standard GZIP tool before processing. This option is particularly useful for large exports or limited-bandwidth environments.","example":true,"explode":true,"in":"query","name":"compress","required":false,"schema":{"default":false,"type":"boolean"},"style":"form"}],"requestBody":{"required":false,"content":{"application/json":{"schema":{"type":"object","nullable":true,"properties":{"filters":{"description":"A set of asset properties used to filter the export results. \n\nUse the [List finding properties](ref:inventory-finding-properties-list) endpoint to view available finding properties that can be used as filters.","type":"array","nullable":true,"items":{"$ref":"#/components/schemas/Inventory_Exports_Findings-Property-Filter"}},"query":{"type":"object","description":"Filter the export results by query. A query consists of the search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. You can choose either `simple` or `advanced`.\n* `simple`—A simple query enables you to search for findings by finding name or finding ID.\n* `advanced`—An advanced query enables you to build a specific query to search for findings.","type":"string","default":"simple","enum":["simple","advanced"]},"text":{"description":"For simple searches, either a finding name or a finding ID. For advanced searches, a query string. Advanced users can use the query builder in the user interface to create a query string.\n\nFor example, some common advanced queries are:\n\n* Findings with a CVSSv3 base score equal to 10—`Findings HAS finding_cvss3_base_score = 10` \n* Findings last seen after a particular date—`Findings HAS last_observed_at > \"2025-11-12\"` ","type":"string","example":"Findings"}},"required":["mode","text"]}}}}}},"responses":{"200":{"description":"Returned if the findings export request was successfully queued.","content":{"application/json":{"schema":{"type":"object","properties":{"export_id":{"type":"string","description":"The unique identifier (UUID) of the findings export.","format":"uuid"}}},"examples":{"response":{"value":{"export_id":"f0b3947f-99dc-4966-b2f6-b9034f0afcad"}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Requested EXAMPLE not found","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to export findings."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/inventory/export/assets/status":{"get":{"summary":"List asset export jobs","description":"Returns a list of up to 1,000 asset export jobs submitted in the last 3 days, sorted by the most recent refresh time. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-assets-jobs","tags":["Inventory Exports"],"parameters":[{"$ref":"#/components/parameters/Inventory_Exports_status-query-param"},{"$ref":"#/components/parameters/Inventory_Exports_limit-query-param"}],"responses":{"200":{"description":"Returned if the list of asset export jobs was retrieved successfully.","content":{"application/json":{"schema":{"type":"object","properties":{"exports":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Exports_Response-Export-Job"}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus-400"}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view asset export jobs."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/inventory/export/findings/status":{"get":{"summary":"List finding export jobs","description":"Returns a list of up to 1,000 findings export jobs submitted in the last 3 days, sorted by the most recent refresh time. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-findings-jobs","tags":["Inventory Exports"],"parameters":[{"$ref":"#/components/parameters/Inventory_Exports_status-query-param"},{"$ref":"#/components/parameters/Inventory_Exports_limit-query-param"}],"responses":{"200":{"description":"Returned if the list of findings export jobs was retrieved successfully.","content":{"application/json":{"schema":{"type":"object","properties":{"exports":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Exports_Response-Export-Job"}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus-400"},"examples":{"response":{"value":{"error":"Bad Request","message":"Invalid status: completed. Supported values: QUEUED, PROCESSING, FINISHED, ERROR"}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":401,"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view findings export jobs."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/inventory/export/{export_id}/status":{"get":{"summary":"Get export status","description":"Returns the current status of an export request.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-status","tags":["Inventory Exports"],"parameters":[{"description":"The unique identifier (UUID) of the export request whose status you want to retrieve.","explode":false,"in":"path","name":"export_id","required":true,"schema":{"type":"string"},"style":"simple"}],"responses":{"200":{"description":"Returned if the status of the specified export request was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_Response-Export-Status"},"examples":{"response":{"value":{"export_id":"f69b502b-f9eb-4e17-aaa8-2f68df54fc7d","status":"FINISHED","submitted_at":"2025-07-23T22:15:25.849Z","last_refreshed_at":"2025-07-23T22:15:27.305Z","chunks_available":[1,2,3,4,5,6,7,8]}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Export column 'prop1' is not supported.","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the export status."},"404":{"description":"Returned if the specified export request was not found.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"the request with id 1697e68f-7e14-41ad-9146-f2e08bd59296 was not found","status":404}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/inventory/export/{export_id}/download/{chunk_id}":{"get":{"summary":"Download export","description":"Downloads a specific export chunk in JSON or CSV format.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-export-download","tags":["Inventory Exports"],"parameters":[{"description":"The unique identifier (UUID) of the export request for which you want to download a chunk.","explode":false,"in":"path","name":"export_id","required":true,"schema":{"type":"string"},"style":"simple"},{"description":"The specific chunk number to retrieve from the export request.\n\n**Note:** For exports in CSV format, each chunk includes a header row.","explode":false,"in":"path","name":"chunk_id","required":true,"schema":{"type":"string"},"style":"simple"}],"responses":{"200":{"description":"Returned if the assets export chunk was retrieved successfully.","content":{"application/octet-stream":{"schema":{"oneOf":[{"title":"Assets Export Chunk (JSON)","description":"The response model for asset export chunks in JSON format.\n\n**Note:** The schema below reflects the default response structure. The actual structure can vary depending on the properties specified in the asset export request.","type":"array","items":{"$ref":"#/components/schemas/Inventory_Exports_Response-Assets-Chunk-JSON"}},{"title":"Assets Export Chunk (CSV)","description":"For the CSV response model of asset export chunks, see the example CSV responses.\n\n**Note:** The structure of the response can vary based on the properties specified in the asset export request.","type":"string"},{"title":"Findings Export Chunk (JSON)","description":"The response model for findings export chunks in JSON format.\n\n**Note:** The schema below reflects the default response structure. The actual structure can vary depending on the properties specified in the asset export request.","type":"array","items":{"$ref":"#/components/schemas/Inventory_Exports_Response-Findings-Chunk-JSON"}},{"title":"Findings Export Chunk (CSV)","description":"For the CSV response model of findings export chunks, see the example CSV responses.\n\n**Note:** The structure of the response can vary based on the properties specified in the findings export request.","type":"string"}]},"examples":{"Assets Export Chunk (JSON)":{"value":[{"aes":947,"asset_class":"DEVICE","asset_criticality_rating_(acr)":9,"asset_id":"1424e7ea-0ed1-40d0-b7c7-044ddfb654d6","asset_name":"dc1"},{"aes":946,"asset_class":"DEVICE","asset_criticality_rating_(acr)":9,"asset_id":"063e6e49-e519-4f6f-acf1-85e973e772c0","asset_name":"dc"},{"aes":946,"asset_class":"DEVICE","asset_criticality_rating_(acr)":9,"asset_id":"d6d4406f-18d4-4957-b499-6190193b2f02","asset_name":"rdc2"},{"aes":937,"asset_class":"ACCOUNT","asset_criticality_rating_(acr)":10,"asset_id":"409f87d2-9234-54a7-973f-0526600b4e91","asset_name":"Administrator"},{"aes":919,"asset_class":"STORAGE","asset_criticality_rating_(acr)":3,"asset_id":"164a89ce-5122-59a1-a141-b64579780893","asset_name":"tentorage"},{"aes":889,"asset_class":"GENERAL","asset_criticality_rating_(acr)":3,"asset_id":"5cf906a6-ada6-5532-9bbe-344dee66342e","asset_name":"eks-22c9ef6b-fc3e-854e-064d-ea8d43047a4d"},{"aes":885,"asset_class":"CONTAINER","asset_criticality_rating_(acr)":3,"asset_id":"510c48df-2e9d-5da6-9061-65ac3d93ba1d","asset_name":"vulnapplication"}]},"Assets Export Chunk (CSV)":{"value":"Asset ID,Asset Name,Asset Class,AES,Asset Criticality Rating (ACR)\n1424e7ea-0ed1-40d0-b7c7-044ddfb654d6,dc1,DEVICE,947,9\n063e6e49-e519-4f6f-acf1-85e973e772c0,dc,DEVICE,946,9\nd6d4406f-18d4-4957-b499-6190193b2f02,rdc2,DEVICE,946,9\n409f87d2-9234-54a7-973f-0526600b4e91,Administrator,ACCOUNT,937,10\n164a89ce-5122-59a1-a141-b64579780893,tenstorage,STORAGE,919,3\n5cf906a6-ada6-5532-9bbe-344dee66342e,eks-22c9ef6b-fc3e-854e-064d-ea8d43047a4d,GENERAL,889,3\n510c48df-2e9d-5da6-9061-65ac3d93ba1d,vulnapplication,CONTAINER,885,3"},"Findings Export Chunk (JSON)":{"value":[{"asset_id":"be99c8e0-10d8-473f-a77a-00d0829b13e8","finding_id":"0014daff-1259-460f-86d0-47de472203f4","finding_name":"MS16-051: Cumulative Security Update for Internet Explorer (3155533)","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"f849adbf-79b9-42d6-a9d9-bf72c13bf929","finding_id":"001bb032-3373-529b-ab60-54cae8dbcb89","finding_name":"KB5025288: Windows 8.1 Embedded and Windows Server 2012 R2 Security Update (April 2023)","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"3d3bdfdb-adf9-5ceb-86f2-b5730ef2d7c0","finding_id":"0028a2d3-ffbd-52ed-b208-4b24ffaf8e16","finding_name":"Too many privileged accounts","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"431691c5-169d-4c0a-bc64-558d5c9153c8","finding_id":"0059bb07-5ade-4333-971a-b5e2dd8ad043","finding_name":"MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901)","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"c627104b-7262-428d-b442-97e6f6621c76","finding_id":"008a02ef-a97e-457e-99e2-db8a66e8e265","finding_name":"KB5013952: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2022)","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"229fef29-6dae-483e-ba6f-ce1bd401aba9","finding_id":"00bfbac6-25dd-4955-be7b-451f23d3f383","finding_name":"Debian DSA-4777-1 : freetype - security update","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"f03e8a53-a1bc-487e-b1f9-7b5cfd65c710","finding_id":"00d05744-4357-4fb7-8523-9f9889182f04","finding_name":"AlmaLinux 8 : kernel (ALSA-2022:7683)","severity":"CRITICAL","state":"ACTIVE"},{"asset_id":"bfa1f788-261d-5a7f-bdfc-cb926ead8032","finding_id":"00d6277b-3408-5bd1-b449-a07aa8291f47","finding_name":"Too many members in a privileged group","severity":"CRITICAL","state":"ACTIVE"}]},"Findings Export Chunk (CSV)":{"value":"Finding ID,Finding Name,Asset Id,State,Severity\n0014daff-1259-460f-86d0-47de472203f4,MS16-051: Cumulative Security Update for Internet Explorer (3155533),be99c8e0-10d8-473f-a77a-00d0829b13e8,ACTIVE,CRITICAL\n001bb032-3373-529b-ab60-54cae8dbcb89,KB5025288: Windows 8.1 Embedded and Windows Server 2012 R2 Security Update (April 2023),f849adbf-79b9-42d6-a9d9-bf72c13bf929,ACTIVE,CRITICAL\n0028a2d3-ffbd-52ed-b208-4b24ffaf8e16,Too many privileged accounts,3d3bdfdb-adf9-5ceb-86f2-b5730ef2d7c0,ACTIVE,CRITICAL\n0059bb07-5ade-4333-971a-b5e2dd8ad043,MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901),431691c5-169d-4c0a-bc64-558d5c9153c8,ACTIVE,CRITICAL\n008a02ef-a97e-457e-99e2-db8a66e8e265,KB5013952: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2022),c627104b-7262-428d-b442-97e6f6621c76,ACTIVE,CRITICAL\n00bfbac6-25dd-4955-be7b-451f23d3f383,Debian DSA-4777-1 : freetype - security update,229fef29-6dae-483e-ba6f-ce1bd401aba9,ACTIVE,CRITICAL\n00d05744-4357-4fb7-8523-9f9889182f04,AlmaLinux 8 : kernel (ALSA-2022:7683),f03e8a53-a1bc-487e-b1f9-7b5cfd65c710,ACTIVE,CRITICAL\n00d6277b-3408-5bd1-b449-a07aa8291f47,Too many members in a privileged group,bfa1f788-261d-5a7f-bdfc-cb926ead8032,ACTIVE,CRITICAL"}}}}},"204":{"description":"Returned if the export request chunk is not yet ready for download."},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"Export column 'prop1' is not supported.","status":400}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to download exports."},"404":{"description":"Returned if the specified export request or chunk was not found.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponseStatus"},"examples":{"response":{"value":{"message":"The request with id 7d8a71b1-3cab-4768-8905-0040917ad451 was not found","status":404}}}}}},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Exports_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_Exports_cloud":[]}]}},"/api/v1/t1/tags/search":{"post":{"summary":"Search tags","operationId":"inventory-tag-search","description":"Returns a list of tags in your organization that match the specified search criteria.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","tags":["Tags"],"parameters":[{"description":"Specifies extra tag properties to include in the search results. You can provide multiple properties as a comma-separated list. \n\nUse the [List tag properties](ref:inventory-tag-properties-list) endpoint to retrieve a list of valid properties for this parameter. For example, you might include `tag_data_source`, `last_updated`, and `tag_created_by_id` as extra properties.","explode":true,"in":"query","name":"extra_properties","required":false,"schema":{"example":"prop1,prop2,prop3","pattern":"^[a-zA-Z0-9_]+(,[a-zA-Z0-9_]+)*$","type":"string"},"style":"form"},{"description":"The starting record to retrieve. If omitted, the default value is `0`.","explode":true,"in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"},"style":"form"},{"description":"The number of records to retrieve. If omitted, the default value is `1000`. The maximum value is `1000`.","explode":true,"in":"query","name":"limit","required":false,"schema":{"default":1000,"maximum":1000,"type":"integer"},"style":"form"},{"description":"The property and direction to sort the results by, in the format `property:direction`. For example: `tag_name:asc` or `last_updated:desc`","example":"tag_name:asc","explode":true,"in":"query","name":"sort","required":false,"schema":{"pattern":"^[a-zA-Z0-9_]+:(asc|desc)$","type":"string","default":"total_weakness_count:desc"},"style":"form"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Request-Search-Tags"}}},"required":true},"responses":{"200":{"description":"Returned if the list of assets was retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_Response-Search-Tags"},"examples":{"response":{"value":{"data":[{"id":"d33ae4f1-cc87-42c0-956a-045aa73c33a6","name":"Office","product":"TENABLE_IO","asset_count":5871,"weakness_severity_counts":{"low":890,"medium":4534,"high":988,"critical":168,"total":6580},"total_weakness_count":6580,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2023-05-08T14:50:36Z","aes_average":147}},{"id":"a48db7c1-9881-4e8c-af66-da38d7ccb7e9","name":"Location","product":"TENABLE_IO","asset_count":5871,"weakness_severity_counts":{"low":890,"medium":4534,"high":988,"critical":168,"total":6580},"total_weakness_count":6580,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2023-05-08T14:46:13Z","aes_average":147}},{"id":"40d64a4e-715c-4adc-9731-b957c21b7dae","name":"Device Type","product":"TENABLE_AI","asset_count":5871,"weakness_severity_counts":{"low":890,"medium":4534,"high":988,"critical":168,"total":6580},"total_weakness_count":6580,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-03T14:23:51Z","aes_average":147}},{"id":"1ad84339-7a44-4fa1-8ccd-3c32a181055a","name":"State","product":"TENABLE_IO","asset_count":5871,"weakness_severity_counts":{"low":890,"medium":4534,"high":988,"critical":168,"total":6580},"total_weakness_count":6580,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2023-05-08T14:25:32Z","aes_average":147}},{"id":"c4d3a3f9-d8f2-4629-ba7b-676a48045ff2","name":"City","product":"TENABLE_IO","asset_count":5768,"weakness_severity_counts":{"low":889,"medium":4532,"high":984,"critical":168,"total":6573},"total_weakness_count":6573,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2023-05-08T14:05:13Z","aes_average":147}},{"id":"cd9caa05-a7df-4ee2-8500-cfd7ba4c8e29","name":"Example 1","product":"TENABLE_AI","asset_count":1125,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-06T16:46:38Z","aes_average":117}},{"id":"c61016c3-4c0d-46ef-91bc-7e249ae3edf4","name":"Example 2","product":"TENABLE_AI","asset_count":1125,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-06T12:49:10Z","aes_average":117}},{"id":"c300c224-7571-4f94-b77b-d1caa334bb3e","name":"Example 3","product":"TENABLE_AI","asset_count":147,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-12T00:31:07Z","aes_average":117}},{"id":"aeffc767-000e-4387-b1b9-e1d3bf596895","name":"Example 4","product":"TENABLE_AI","asset_count":147,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-13T18:15:17Z","aes_average":117}},{"id":"92c54cee-1b53-4466-9451-724925f50fc9","name":"Example 5","product":"TENABLE_AI","asset_count":1125,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-04-30T16:45:36Z","aes_average":117}},{"id":"8c69ceb6-0c62-4050-9016-f872fb92cb3e","name":"Example 6","product":"TENABLE_AI","asset_count":1125,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-04-30T16:34:02Z","aes_average":117}},{"id":"73ecd220-f3de-4451-9427-85ad007ed7fd","name":"Example 7","product":"TENABLE_AI","asset_count":147,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-12T02:58:08Z","aes_average":117}},{"id":"63c2c299-34dd-46a0-be2f-286ef8d34555","name":"Example 8","product":"TENABLE_AI","asset_count":1125,"weakness_severity_counts":{"low":847,"medium":4501,"high":950,"critical":168,"total":6466},"total_weakness_count":6466,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-06T11:53:20Z","aes_average":117}},{"id":"401c1515-78af-4117-98b6-c36b8a8427cb","name":"Example 9","product":"TENABLE_AI","asset_count":1124,"weakness_severity_counts":{"low":846,"medium":4498,"high":949,"critical":167,"total":6460},"total_weakness_count":6460,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-17T11:54:17Z","aes_average":101}},{"id":"6b58f68b-06d7-431d-9df1-9764a490cc4c","name":"Example 10","product":"TENABLE_AI","asset_count":5740,"weakness_severity_counts":{"low":849,"medium":4459,"high":981,"critical":166,"total":6455},"total_weakness_count":6455,"type":"DYNAMIC","extra_properties":{"tag_data_source":"tenable","last_updated":"2025-03-31T19:19:38Z","aes_average":481}}],"pagination":{"total":100,"offset":0,"limit":10,"sort":{"name":"total_weakness_count","order":"desc"}}}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Bad Request","message":"Invalid request payload JSON format"}}}}}},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to search tags."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}},"/api/v1/t1/tags/properties":{"get":{"summary":"List tag properties","description":"Returns a list of tag properties that can be used for filters on endpoints that support them. For example, the properties that are returned by this endpoint can be used as filters for the [Search tags](ref:inventory-tag-search) endpoint.\n\n In addition to the tag properties, the results list includes the logical operators you can use with the tag properties along with the supported values.\n\n**Caution:** This endpoint is available for use but is currently in beta. The response structure is subject to change as we continue to enhance the data model. Requires the Basic [16] user role or the `ASSET_INVENTORY.CYBER_ASSET_MANAGEMENT.READ` and `AD.TOGGLE_AD.USE` custom role privileges. See [Roles](doc:roles).
","operationId":"inventory-tag-properties-list","tags":["Tags"],"responses":{"200":{"description":"Returned if the list of tag properties was retrieved successfully.","content":{"application/json":{"schema":{"description":"A list of tag properties.","type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Properties-Object"}}}},"examples":{"response":{"value":{"data":[{"key":"tag_id","readable_name":"Tag ID","control":{"type":"STRING","multiple_allowed":true,"regex":{"hint":"01234567-abcd-ef01-2345-6789abcdef01","expression":"[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*"}},"operators":["=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag ID \n\n## A way to group assets\n\nIn Tenable Exposure Management, a Tag ID is a unique identifier associated with a Tag. Tags are user-defined labels or markers applied to assets to categorize and organize them based on specific criteria, such as function, location, department, or risk level. \n\nHere's how Tag IDs are used:\n\n- **Grouping and Filtering:** Tag IDs enable you to easily group and filter assets based on shared characteristics. For example, you could use a Tag ID for \"High Risk\" to quickly identify all assets tagged with that specific risk level.\n- **Automation and Reporting:** Tag IDs can be used in automated workflows and reporting to streamline asset management tasks. You can generate reports on assets with specific Tag IDs to gain insights into their security posture or compliance status.\n- **Dynamic Grouping:** Tags and their associated IDs provide a flexible way to group assets dynamically. As asset attributes or risk profiles change, you can easily update their tags to reflect their current status. \n"},{"key":"tag_data_source","readable_name":"Tag Data Source","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Data Source \n## Where the tag information comes from\nTag data sources represent the origin or method by which tags are applied to assets within Tenable Exposure Management. Understanding the source of your tags is crucial for managing and interpreting tag information effectively.\n\nHere's a breakdown of tag data sources:\n\n- **Manual**: Tags added manually by users through the Tenable Exposure Management interface. This allows for flexible and customized tagging based on specific needs.\n- **Integration**: Tags automatically applied based on data fetched from integrated external systems. This ensures consistency and reduces manual effort.\n- **Rule**: Tags dynamically assigned based on predefined rules and conditions within Tenable Exposure Management. This enables automated tagging based on asset attributes or behaviors.\n- **Bulk**: Tags applied in bulk to multiple assets simultaneously, often using CSV imports or API calls. This streamlines tagging for large numbers of assets. \n"},{"key":"last_updated","readable_name":"Last Updated","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Last Updated \n\n## Date of the last tag modification\n\nThe \"Last Updated\" field in Tenable Exposure Management refers to the date and time when a specific tag associated with an asset was last modified. This timestamp helps track the recency of tag-related changes and provides insights into the asset's tagging history.\n\nHere's a breakdown of its significance:\n\n- **Tracking Tag Changes**: It allows administrators to see when a particular tag was added, removed, or modified for an asset.\n- **Auditing and Compliance**: Helps in maintaining an audit trail of tag-related activities, which can be crucial for compliance reporting.\n- **Asset Management**: Provides context about the asset's categorization and management over time. \n- **Filtering and Reporting**: Enables users to filter assets based on the last updated date of specific tags, aiding in identifying recently tagged or untagged assets. \n"},{"key":"tag_name","readable_name":"Tag Name","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Name \n## A label assigned to assets for categorization\nTag Name allows users to categorize and group assets based on specific criteria, such as department, location, sensitivity of data stored, or compliance requirements.\n\nHere are some key points to understand about Tag Name in the context of Cyber Asset Management:\n\n- **Organization and Filtering**: Tag Name enables efficient organization and filtering of assets within Tenable Exposure Management, making it easier to locate and manage specific groups of assets.\n- **Contextual Information**: Tags provide valuable contextual information about assets, aiding in risk assessment, vulnerability management, and incident response efforts.\n- **Automation and Reporting**: Tags can be used to automate tasks, such as applying security policies or generating reports based on specific asset groups.\n- **Flexibility and Customization**: Tenable Exposure Management allows users to create and assign custom tags based on their organization's specific needs and terminology.\n- **Improved Asset Visibility**: By using meaningful Tag Names, organizations can gain a clearer understanding of their asset inventory and potential security risks.\n"},{"key":"tag_description","readable_name":"Tag Description","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Description \n\n## A text used to categorize Assets\n\nA tag description provides additional context and information about a specific tag used for categorizing and organizing assets within Tenable Exposure Management. It helps users understand the purpose and meaning of the tag, making it easier to search, filter, and manage assets effectively.\n\nHere are some key points to understand about tag descriptions:\n\n- **Clarity and Conciseness**: Tag descriptions should be clear, concise, and easy to understand, providing a brief explanation of the tag's purpose.\n- **Relevance**: The description should accurately reflect the tag's intended use and the types of assets it's associated with.\n- **Contextual Information**: It can include details about the tag's scope, criteria for applying the tag, or any specific conventions used.\n- **Examples**: Providing examples of assets or asset attributes that would typically receive the tag can be helpful for users. \n"},{"key":"product","readable_name":"Product","control":{"type":"STRING","multiple_allowed":true,"selection":[{"name":"TENABLE_AI","value":"TENABLE_AI","deprecated":false},{"name":"TENABLE_IO","value":"TENABLE_IO","deprecated":false}]},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Product \n## A way to group assets by software\nIn Tenable Exposure Management, a Tag is a way to categorize and group assets based on shared characteristics. One type of tag is a \"Product,\" which allows you to associate assets with specific software products installed on them. \n\nHere's how it works:\n\n- **Tagging Assets:** When you discover assets in your environment, Cyber Asset Management automatically identifies the software installed on them. You can then create \"Product\" tags and assign them to assets based on the detected software.\n- **Grouping and Filtering:** Once tagged, you can easily group and filter assets based on the software products they have in common. For example, you can create a group of all assets with a specific version of a software product to identify potential vulnerabilities.\n- **Streamlining Management:** By using \"Product\" tags, you can streamline asset management tasks, such as vulnerability remediation, patch management, and software inventory. \n"},{"key":"tag_type","readable_name":"Tag Type","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Type \n\n## A label category for assets\n\nA tag type is a user-defined category or classification that helps organize and group tags within Cyber Asset Management. It provides a structured way to manage and apply tags to assets, making it easier to search, filter, and analyze asset data based on specific criteria.\n\nHere are some key points to understand about tag types:\n\n- **Organization**: Tag types bring order to your tags, preventing a chaotic and unmanageable collection.\n- **Standardization**: They enforce consistency in tagging, ensuring that similar assets are tagged uniformly.\n- **Filtering and Reporting**: Tag types simplify asset searching and filtering, allowing you to quickly locate assets with specific tags.\n- **Automation**: Tag types can be used to automate tagging processes, such as automatically applying tags based on asset attributes or events.\n- **Examples**: Common tag types include \"Environment\" (e.g., Production, Development, Testing), \"Location\" (e.g., New York, London, Tokyo), \"Department\" (e.g., Finance, Marketing, IT), and \"Compliance\" (e.g., PCI DSS, HIPAA, GDPR).\n"},{"key":"tag_category_id","readable_name":"Tag Category ID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Category ID \n\n## A unique identifier for a group of tags.\n\nIn Tenable Exposure Management, tags are used to categorize and organize assets based on various criteria, such as function, location, or sensitivity. To manage tags effectively, they are grouped into categories. Each tag category is assigned a unique ID, known as the Tag Category ID. This ID helps in filtering and searching for assets based on specific tag categories.\n\nHere's a breakdown:\n\n- **Tag:** A label assigned to assets to categorize them based on specific criteria.\n- **Tag Category:** A group of related tags that share a common theme or purpose.\n- **Tag Category ID:** A unique identifier assigned to each tag category for efficient management and filtering. \n"},{"key":"tag_category_name","readable_name":"Tag Category Name","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Category Name \n\n## A way to organize tags\n\nIn Cyber Asset Management, a tag category serves as a container or grouping mechanism for individual tags. It helps in organizing and managing tags effectively, making it easier to apply and search for assets based on specific criteria. \n\nHere's a breakdown:\n\n- **Organization:** Tag categories bring structure to your tags, preventing a chaotic list of unrelated terms.\n- **Filtering and Searching:** They streamline the process of finding assets with specific characteristics. For instance, a \"Compliance\" category might contain tags like \"GDPR,\" \"HIPAA,\" or \"PCI DSS.\"\n- **Standardization:** Tag categories promote consistency in tagging practices across your organization. \n"},{"key":"tag_category_description","readable_name":"Tag Category Description","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Category Description \n\n## A way to group tags in Cyber Asset Management\nTag Category Description allows users to provide a more detailed explanation or context for a specific tag category. This description helps users understand the purpose and usage of tags within that category, ensuring consistency and clarity in tag organization.\n\nHere's how Tag Category Description enhances tag management:\n\n- **Context and Purpose:** Provides a clear understanding of what the tag category represents and how it should be used.\n- **Consistency and Standardization:** Promotes uniformity in tag naming conventions and usage across the organization.\n- **Improved Searchability:** Enables users to easily find and apply relevant tags by providing descriptive information about each category.\n- **Enhanced Reporting and Analysis:** Allows for more meaningful reporting and analysis by grouping tags into logical categories. \n"},{"key":"tag_created_by_id","readable_name":"Tag Created By ID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Created By ID \n## The Entra ID of the user who created the tag in Tenable Exposure Management\nThis ID is a unique identifier associated with a user in your Entra ID. It helps track who created specific tags within Cyber Asset Management, providing an audit trail for tag management. This information can be useful for:\n- **Accountability**: Knowing who created a tag can be helpful for accountability purposes, especially if a tag is used incorrectly or needs to be modified.\n- **Troubleshooting**: If there are any issues with a tag, knowing who created it can help in troubleshooting and resolving the problem.\n- **Tag Management**: Understanding tag usage patterns based on the creator can provide insights into how tags are being used and managed within the organization. \n"},{"key":"tag_updated_by_id","readable_name":"Tag Updated By ID","control":{"type":"STRING","multiple_allowed":false,"regex":{"hint":"","expression":".*"}},"operators":["contains","not contains","=","!=","exists","not exists"],"sortable":true,"filterable":true,"description":"# Tag Updated By ID \n## The Entra ID of the user who last updated the tag\nThis attribute identifies the specific user in your organization's Entra ID system who made the most recent changes to a particular tag within the Tenable Exposure Management application. \n\nHere's a breakdown:\n\n- **Entra ID Integration:** Tenable Exposure Management integrates with your organization's Entra ID system to manage user accounts and permissions.\n- **Tracking Tag Modifications:** Every time a tag is created, modified, or deleted, the system records the Entra ID of the user responsible for the action.\n- **Auditing and Accountability:** This information is crucial for auditing purposes, allowing administrators to track who made what changes to tags over time. It helps ensure accountability and facilitates investigations in case of unauthorized or accidental modifications. \n"},{"key":"tag_created_at","readable_name":"Tag Created At","control":{"type":"DATE","multiple_allowed":false,"regex":{"hint":"timestamp","expression":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$"}},"operators":["=",">","<","between","exists","not exists","older than","newer than","within last"],"sortable":true,"filterable":true,"description":"# Tag Created At \n## Date and time a tag was created\nThis field represents the specific date and time when a particular tag was created within the Tenable Exposure Management application. It provides a timestamp indicating the moment the tag was initially defined and added to the system. \n\nHere's why this information is valuable:\n- **Tracking Tag Usage:** Understand when tags were introduced, potentially correlating them with specific projects, initiatives, or changes in asset management practices.\n- **Identifying Stale Tags:** Tags created long ago but rarely used might indicate outdated categorization or an opportunity for cleanup.\n- **Auditing and Reporting:** Provide an audit trail of tag creation, aiding in compliance efforts or investigations related to asset classification. \n"},{"key":"asset_count","readable_name":"Asset Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Asset Count \n\n## Number of assets associated with a specific tag.\n\nThis metric provides a count of assets grouped by tags within your IT environment. Tags are user-defined labels assigned to assets for categorization and easier management. \n\nHere's a breakdown:\n\n- **Asset**: Any resource or component within your IT infrastructure, such as devices, users, or applications.\n- **Tag**: A descriptive label assigned to assets, allowing for logical grouping and filtering.\n- **Count**: The total number of assets associated with a particular tag.\n\nFor example, you might have a tag named \"Production\" assigned to all assets critical for your production environment. The \"Asset Count\" metric for the \"Production\" tag would then display the total number of assets crucial for your production operations. This information is valuable for understanding the scale and distribution of assets based on your defined classifications. \n"},{"key":"critical_weakness_count","readable_name":"Critical Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Critical Weakness Count \n\n## Number of critical weaknesses for a given tag.\n\nThis metric, viewable in the **Explore** view of **Cyber Asset Management**, counts the number of critical weaknesses associated with assets grouped by a specific tag. The higher the count, the greater the potential risk posed by those assets. Here's a breakdown:\n\n- **Critical Weakness:** A security vulnerability classified as highly severe, potentially allowing attackers to gain unauthorized access, disrupt operations, or steal data.\n- **Tag:** A label assigned to assets in Tenable Exposure Management for categorization and easier management. Tags help group assets with similar characteristics or purposes.\n- **Explore View:** A feature in Tenable Exposure Management that provides insights into asset vulnerabilities and overall security posture. It allows users to analyze data, identify trends, and prioritize remediation efforts. \n"},{"key":"high_weakness_count","readable_name":"High Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# High Weakness Count \n\n## A way to filter assets with a specific tag and a high number of weaknesses.\n\nThis filter allows users to identify and focus on assets that have a specific tag applied to them and also exhibit a high number of identified weaknesses. This is useful for prioritizing remediation efforts on assets that may pose a higher risk due to the combination of their tag and weakness count.\n\nHere's a breakdown:\n\n- **Tag:** Tags are user-defined labels or categories assigned to assets in Tenable Exposure Management for better organization, grouping, and filtering.\n- **Weakness Count:** This refers to the total number of vulnerabilities or security weaknesses discovered on an asset through vulnerability assessments.\n- **High Weakness Count:** This implies a threshold set by the user to define what constitutes a \"high\" number of weaknesses. This threshold can vary based on organizational risk tolerance and security policies.\n- **Example:** A user could use this filter to find all assets tagged as \"Critical Servers\" that have a weakness count greater than 50 (`HAS Tag = Critical Servers AND HAS Weakness Count > 50`). \n"},{"key":"medium_weakness_count","readable_name":"Medium Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Medium Weakness Count \n## Number of vulnerabilities with medium severity for a specific tag.\nThis metric, available in Tenable Exposure Management, represents the aggregation of vulnerabilities classified as having a \"Medium\" severity level associated with assets grouped by a specific tag. In essence, it helps to quickly understand the concentration of potential security gaps within a particular category or grouping of assets defined by the tag. \n\nHere's a breakdown:\n\n- **Tag:** A user-defined label or category assigned to assets in Tenable Exposure Management for organizational and reporting purposes. \n- **Medium Severity:** A classification of vulnerabilities that present a moderate risk to your environment. These vulnerabilities might not be actively exploited but still require attention and remediation.\n- **Count:** The total number of vulnerabilities matching the specified criteria (medium severity and associated with the chosen tag). \n"},{"key":"low_weakness_count","readable_name":"Low Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Low Weakness Count \n\n## A tag with less than 10 weaknesses\n\nThis filter allows users to identify and focus on assets tagged with specific tags that have a relatively low number of identified weaknesses. This can be useful for prioritizing remediation efforts on assets that may be considered lower risk due to their lower weakness count.\n\nHere's how it works:\n\n- **HAS Tag**: This part of the filter specifies that the asset must have at least one tag associated with it.\n- **AS Weakness Count**: This part of the filter focuses on the number of weaknesses associated with the specified tag.\n- **< 10**: This part of the filter sets a threshold, indicating that only assets with fewer than 10 weaknesses associated with the specified tag will be included in the results. \n"},{"key":"info_weakness_count","readable_name":"Info Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Info Weakness Count \n## Number of informational weaknesses for a defined tag.\nThis metric, available in the context of Tenable Exposure Management, provides insights into the number of informational weaknesses associated with assets grouped by a specific tag. In essence, it helps you understand how many informational vulnerabilities exist within a defined subset of your IT environment.\n\nHere's a breakdown:\n\n- **Informational Weakness:** A type of vulnerability that doesn't directly lead to system compromise but highlights potential security risks or misconfigurations that could be exploited if combined with other vulnerabilities.\n- **Tag:** A label assigned to assets in Tenable Exposure Management, allowing for logical grouping and categorization based on criteria like department, location, or asset type.\n- **Use Case:** This metric helps prioritize remediation efforts by identifying tags associated with a high number of informational weaknesses, indicating areas needing attention to improve overall security posture. \n"},{"key":"total_weakness_count","readable_name":"Total Weakness Count","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# Total Weakness Count \n\n## Number of weaknesses for a given tag\n\nThis metric represents the sum of weaknesses associated with assets grouped under a specific tag within Tenable Exposure Management. Tags are user-defined labels that help categorize and manage assets based on criteria such as department, location, or risk level. \n\nHere's a breakdown:\n\n- **Asset Grouping:** Tags allow you to create logical groups of assets based on shared characteristics.\n- **Weakness Association:** Tenable Exposure Management identifies and associates vulnerabilities, misconfigurations, and other security weaknesses with individual assets.\n- **Aggregation:** The \"Total Weakness Count \" metric adds up all the weaknesses found across all assets assigned to a particular tag. \n- **Risk Insight:** This metric provides a consolidated view of risk exposure for a group of assets, enabling targeted remediation efforts. \n"},{"key":"aes_average","readable_name":"AES Average","control":{"type":"NUMBER","multiple_allowed":false,"regex":{"hint":"number >= 0","expression":"^\\d+$"}},"operators":["=",">=",">","<=","<","exists","not exists"],"sortable":true,"filterable":true,"description":"# AES Average\n## The average of all Asset Exposure Scores\nThe average AES represents the average level of cyber risk across all assets within an organization, providing a high-level view of the overall security posture.\n\nHere's a breakdown:\n- **Calculation**: The AES Average is determined by summing the AES values of all assets and dividing by the total number of assets.\n- **Range**: AES values typically range from 0 to 100, with higher scores indicating greater exposure and potential risk.\n- **Context**: A high average AES suggests that the organization faces a significant overall cyber risk, while a low average indicates a relatively lower risk posture.\n- **Use in Tenable Exposure Management**: You can use the AES Average to track changes in your organization's overall security posture over time and identify trends in asset exposure. For example, a sudden increase in the average AES might indicate a new vulnerability or a successful attack. \n"}]}}}}}},"400":{"description":"Returned if your request specified invalid parameters or if your request was improperly formatted."},"401":{"description":"Returned if the API keys specified in your request are invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"error":"Unauthorized","message":"Invalid credentials."}}}}}},"403":{"description":"Returned if you do not have permission to view the list of tag properties."},"429":{"description":"Returned if you attempt to send too many requests in a specific period of time. For more information, see [Rate Limiting](doc:rate-limiting).","content":{"text/html":{"examples":{"response":{"value":"\n\n\n 429 Too Many Requests\n\n\n\n \n 429 Too Many Requests
\n \n
\n nginx\n\n\n"}}}}},"500":{"description":"Returned if an internal error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Inventory_ErrorResponse"},"examples":{"response":{"value":{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred. Please wait a moment and try your request again."}}}}}}},"security":[{"Inventory_cloud":[]}]}}},"components":{"securitySchemes":{"Exposure_Management_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"},"Attack_Path_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"},"Attack_Path_Exports_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"},"Exposure_View_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"},"Inventory_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"},"Inventory_Exports_cloud":{"type":"apiKey","in":"header","name":"X-ApiKeys","description":"Format - accessKey=ACCESS_KEY;secretKey=SECRET_KEY"}},"parameters":{"Inventory_Exports_status-query-param":{"description":"Filters the results by export job status. \n\nSupported values include:\n\n * `QUEUED`—The request is waiting for earlier requests to complete.\n * `PROCESSING`—The request is currently being processed. \n * `FINISHED`—Processing is complete, and all chunks are available.\n * `ERROR`—An error occurred while processing. Retry the request, and if the issue persists, contact Tenable Support.","explode":true,"in":"query","name":"status","required":false,"schema":{"type":"string","enum":["QUEUED","PROCESSING","FINISHED","ERROR"]},"style":"form"},"Inventory_Exports_limit-query-param":{"description":"The maximum number of export jobs to return from the last 3 days.\n\n**Note:** Only jobs submitted within the last 3 days are returned. The actual number of results may be less than the specified limit if fewer jobs exist.\n\nIf omitted, the default is `1000`. The maximum value is `1000` and the minimum value is `1`.","explode":true,"in":"query","name":"limit","required":false,"schema":{"type":"integer","default":1000,"minimum":1,"maximum":1000},"style":"form","example":100}},"schemas":{"Attack_Path_ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","description":"The HTTP status code of the error."},"error":{"type":"string","description":"The standard HTTP error name."},"message":{"type":"string","description":"A brief message about the cause of the error."}}},"Attack_Path_NodeInfo":{"type":"object","properties":{"name":{"type":"string"},"fullname":{"type":"string"},"id":{"type":"string"},"labels":{"items":{"type":"string"},"type":"array"},"isCrownJewel":{"type":"boolean","default":false},"vulnerability_id":{"type":"string"},"asset_id":{"type":"string"}}},"Attack_Path_VectorRow":{"type":"object","properties":{"is_new":{"type":"boolean","description":"Indicates whether the vector is new or not."},"vector_id":{"type":"string","description":"The unique identifier for the vector."},"path":{"$ref":"#/components/schemas/Attack_Path_GraphPath"},"techniques":{"description":"An array of attack techniques associated with the vector row.","type":"array","items":{"$ref":"#/components/schemas/Attack_Path_AttackTechnique"}},"nodes":{"description":"An array of nodes associated with the vector.","type":"array","items":{"type":"object"}},"findings_names":{"type":"array","description":"A list of findings associated with the vector.","items":{"type":"string"}},"name":{"type":"string","description":"The name of the vector."},"summary":{"type":"string","description":"A short summary of the vector."},"first_aes":{"type":"number","description":"The AES (Asset Exposure Score) of the first node associated with the vector."},"last_acr":{"type":"number","description":"The ACR (Asset Criticality Score) of the last node associated with the vector row."},"path_status":{"type":"string","description":"The calculated lifecycle status of the attack path, derived from the statuses of its underlying techniques. This enables you to track remediation progress across the entire attack chain. The statuses are defined as follows:\n- `done` — All techniques are done.\n- `chain_prevented` — At least one technique is done or accepted, but not all.\n- `accepted` — All techniques are accepted.\n- Otherwise, the status reflects the least-advanced technique.","enum":["to_do","in_progress","in_review","done","chain_prevented","accepted"]}}},"Attack_Path_GraphPath":{"description":"Graph path information associated with the vector row, including the starting node, ending node, and the segments comprising the graph path.","type":"object","properties":{"start":{"$ref":"#/components/schemas/Attack_Path_AbstractNodeGraphNode"},"end":{"$ref":"#/components/schemas/Attack_Path_AbstractNodeGraphNode"},"segments":{"description":"Segments comprising the graph path.","type":"array","items":{"$ref":"#/components/schemas/Attack_Path_GraphPathSegment"}}}},"Attack_Path_AbstractNodeGraphNode":{"description":"Information about the nodes and segments comprising the graph path. There are starting nodes and ending nodes.","type":"object","properties":{"name":{"type":"string","description":"The name of the node."},"description":{"type":"string","description":"A short description of the node."},"_builtin":{"type":"boolean","description":"Indicates whether or not the node is built-in."},"whencreated":{"type":"number","description":"A Unix timestamp indicating the date and time when the node was created."},"acr":{"type":"number","description":"The Asset Criticality Rating (ACR) associated with the node."},"aes":{"type":"number","description":"The Asset Exposure Score (AES) associated with the node."},"avr":{"type":"number","description":"The Asset Vulnerability Rating (AVR) associated with the node."},"apa_aes":{"type":"number","description":"The Attack Path Analysis Asset Exposure Score (APA AES) associated with the node."},"asset_id":{"type":"string","description":"The unique identifier of the asset associated with the node."},"last_scanned":{"type":"number","description":"A Unix timestamp indicating the date and time when the node was last scanned."},"last_observed":{"type":"number","description":"A Unix timestamp indicating the date and time when the node was last observed."},"last_licensed":{"type":"number","description":"A Unix timestamp indicating the date and time when the node was last licensed."},"sensors":{"type":"array","description":"An array of sensors associated with the node.","items":{"type":"string"}},"sources":{"type":"array","description":"An array of sources associated with the node.","items":{"$ref":"#/components/schemas/Attack_Path_NodeInfo"}}}},"Attack_Path_GraphPathSegment":{"description":"Graph path information associated with the vector row, including the starting node and ending node of the graph path segment.","type":"object","properties":{"start":{"$ref":"#/components/schemas/Attack_Path_AbstractNodeGraphNode"},"end":{"$ref":"#/components/schemas/Attack_Path_AbstractNodeGraphNode"},"relationship":{"$ref":"#/components/schemas/Attack_Path_AbstractRelationship"}}},"Attack_Path_AbstractRelationship":{"description":"Information about the relationship between the starting and ending nodes.","type":"object","properties":{"id":{"type":"number","description":"The unique identifier of the relationship."},"start":{"type":"number","description":"The identifier of the starting node."},"end":{"type":"number","description":"The identifier of the ending node."},"type":{"type":"string","description":"Type of the relationship."},"properties":{"description":"Properties associated with the relationship.","type":"object"}}},"Attack_Path_AttackTechnique":{"type":"object","properties":{"nodes":{"description":"An array of nodes associated with the attack technique.","type":"array","items":{"type":"string"}},"method":{"$ref":"#/components/schemas/Attack_Path_ProcedureGraphNode"},"technique":{"type":"string","description":"Name of the attack technique."},"source_information":{"type":"string","description":"Information about the sources related to the attack technique."},"weaknessesIds":{"type":"array","items":{"type":"string"},"description":"Array of weakness identifiers associated with the attack technique."},"external_id":{"type":"string","description":"External identifier associated with the attack technique."},"target":{"type":"string","description":"Target of the attack technique."}}},"Attack_Path_ProcedureGraphNode":{"description":"The procedure node representing the method used in the attack technique.","type":"object","properties":{"name":{"type":"string","description":"The name of the procedure."},"uuid":{"type":"string","description":"The unique identifier of the procedure."},"vector_count":{"type":"number","description":"The number of attack vectors associated with the procedure."},"status":{"type":"string","description":"The current status of the procedure.","enum":["to_do","in_progress","in_review","done","accepted"]},"state":{"type":"string","description":"The current state of the procedure.","enum":["open","archive"]},"metadata":{"type":"object","description":"Metadata associated with the procedure."},"priority_score":{"type":"number","description":"The priority score assigned to the procedure."},"source_information":{"type":"string","description":"Information about the sources related to the procedure."},"_updated":{"type":"number","description":"A Unix timestamp indicating the date and time when the procedure was last updated."}}},"Attack_Path_Attack-Path-Single-Filter":{"description":"Defines a single filter condition used to narrow the search results for attack paths.","type":"object","properties":{"property":{"type":"string","description":"Specifies the property used to filter the results. For example: `priority`, `name`, or `technique`.","enum":["priority","name","summary","steps","asset_exposure","blast_radius","asset_id","freetext","finding_id","technique","weakness_id","critical_asset","data_source","apa_aes","acr","path_status"]},"operator":{"type":"string","description":"Specifies the comparison operator applied to the property filter. For example: `eq` (equals), `ne` (not equals), or `contains`.","enum":["eq","ne","gt","gte","lt","lte","contains","not_contains","in","not_in"]},"value":{"description":"Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.","oneOf":[{"title":"Single String Value","type":"string"},{"title":"Multiple String Values","type":"array","items":{"type":"string"}},{"title":"Single Integer Value","type":"integer"},{"title":"Multiple Integer Values","type":"array","items":{"type":"integer"}},{"title":"Single Boolean Value","type":"boolean","enum":[true,false]}]}}},"Attack_Path_Attack-Path-Multiple-Filters-Nested":{"description":"Specifies a compound filter that combines multiple conditions. Use this structure to create complex, multi-level filtering logic using logical operators.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine multiple filter conditions.","enum":["AND","OR"],"default":"AND"},"value":{"type":"array","description":"Contains an array of single filter conditions.","items":{"$ref":"#/components/schemas/Attack_Path_Attack-Path-Single-Filter"}}},"required":["value"]},"Attack_Path_DiscoverPageTableResponse":{"description":"Response format for the V2 endpoint, providing paginated attack path data","type":"object","properties":{"data":{"description":"An array of attack paths representing the search results","type":"array","items":{"$ref":"#/components/schemas/Attack_Path_VectorRow"}},"total":{"description":"The total number of attack paths that match the search criteria","type":"integer"}},"required":["data"]},"Attack_Path_Attack-Technique-Single-Filter":{"description":"Defines a single filter condition used to narrow the search results for attack techniques.","type":"object","properties":{"property":{"type":"string","description":"Specifies the property used to filter the results. For example: `priority`, `name`, or `last_updated_at`.","enum":["priority","state","status","name","procedureName","mitre_id","tactics","target","source","cause","last_updated_at","created","serial_id"]},"operator":{"type":"string","description":"Specifies the comparison operator applied to the property filter. For example: `eq` (equals), `ne` (not equals), or `contains`.","enum":["eq","ne","gt","gte","lt","lte","contains","not_contains","in","not_in"]},"value":{"description":"Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.","oneOf":[{"title":"Single String Value","type":"string"},{"title":"Multiple String Values","type":"array","items":{"type":"string"}},{"title":"Single Integer Value","type":"integer"},{"title":"Multiple Integer Values","type":"array","items":{"type":"integer"}},{"title":"Single Boolean Value","type":"boolean","enum":[true,false]}]}}},"Attack_Path_Attack-Technique-Multiple-Filters":{"description":"Specifies a compound filter that combines multiple conditions. Use this structure to create complex, multi-level filtering logic using logical operators.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine multiple filter conditions.","enum":["and","or"]},"value":{"type":"array","description":"Contains an array of filter objects. Each item can be a single filter condition or a nested operator object.","items":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Attack-Technique-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Attack-Technique-Multiple-Filters-Nested"}]}}},"required":["operator","value"],"title":"AttackTechniqueFilterOperator"},"Attack_Path_Attack-Technique-Multiple-Filters-Nested":{"description":"Defines a nested logical operator used within a compound filter. This enables deep filtering logic while preventing circular references.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine the nested conditions.","enum":["and","or"]},"value":{"type":"array","description":"Contains an array of single filter conditions.","items":{"$ref":"#/components/schemas/Attack_Path_Attack-Technique-Single-Filter"}}},"required":["operator","value"],"title":"Attack-Technique-Multiple-Filters-Nested"},"Attack_Path_AttackTechniqueSearchResult":{"type":"object","properties":{"mitre_id":{"type":"string","description":"MITRE ATT&CK technique ID"},"mitigations":{"type":"array","items":{"type":"string"},"description":"List of mitigations"},"malwares":{"type":"array","items":{"type":"string"},"description":"List of associated malwares"},"tools":{"type":"array","items":{"type":"string"},"description":"List of associated tools"},"name":{"type":"string","description":"Name of the attack technique"},"procedureName":{"type":"string","description":"Name of the procedure"},"priority":{"type":"string","description":"Priority level","enum":["low","medium","high","critical"]},"state":{"type":"string","description":"Current state","enum":["open","archive"]},"status":{"type":"string","description":"Current status","enum":["to_do","in_progress","in_review","done","accepted"]},"tactics":{"type":"array","items":{"type":"string"},"description":"MITRE ATT&CK tactics"},"target":{"type":"string","description":"Target of the attack technique"},"source":{"type":"string","description":"Source of the attack technique"},"cause":{"type":"string","description":"Cause of the attack technique"},"created":{"type":"string","format":"date-time","description":"Creation timestamp"},"last_updated_at":{"type":"string","format":"date-time","description":"Last update timestamp"},"serial_id":{"type":"string","description":"Serial identifier"}},"required":["mitre_id","name","priority","state","status","created","last_updated_at","serial_id"],"title":"AttackTechniqueSearchResult","description":"Attack technique search result information"},"Attack_Path_AttackTechniquesSearchResponse":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Attack_Path_AttackTechniqueSearchResult"},"description":"Array of attack techniques"},"pagination":{"$ref":"#/components/schemas/Attack_Path_AttackTechniquePaginationInfo"}},"required":["data","pagination"],"title":"AttackTechniquesSearchResponse","description":"Response model for attack techniques search endpoint"},"Attack_Path_AttackTechniquePaginationInfo":{"type":"object","properties":{"total":{"type":"integer","description":"Total number of attack techniques that match the search criteria"},"offset":{"type":"integer","description":"Number of items skipped for pagination"},"limit":{"type":"integer","description":"Number of items per page"},"sort":{"$ref":"#/components/schemas/Attack_Path_AttackTechniqueSortInfo"}},"required":["total","offset","limit","sort"],"title":"AttackTechniquePaginationInfo","description":"Pagination information for attack techniques search"},"Attack_Path_AttackTechniqueSortInfo":{"type":"object","properties":{"field":{"type":"string","description":"Field used for sorting","enum":["last_updated_at","priority","mitre_id","name","procedureName","status","state","vectorCount"]},"order":{"type":"string","description":"Sort order","enum":["asc","desc"]}},"required":["field","order"],"title":"AttackTechniqueSortInfo","description":"Sort information for attack techniques search"},"Attack_Path_Attack-Path-Multiple-Filters":{"description":"A filter operator that combines multiple filter conditions for attack paths. The value array can contain both filter conditions and nested filter operators to create complex filtering logic.","type":"object","properties":{"operator":{"type":"string","description":"The logical operator to combine conditions","enum":["AND","OR"],"default":"AND"},"value":{"type":"array","description":"Array of filter conditions or operators. This can contain a mix of Attack-Path-Single-Filter objects and nested filter operators to create complex nested filtering logic.","items":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Attack-Path-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Attack-Path-Multiple-Filters-Nested"}]}}},"required":["value"]},"Attack_Path_Exports_Request-Export-Attack-Paths":{"type":"object","required":["file_format"],"properties":{"file_format":{"$ref":"#/components/schemas/Attack_Path_Exports_FileFormat"},"filters":{"description":"Specifies filter conditions for the export. You can provide a single filter condition or multiple nested conditions.","oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Path-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Path-Multiple-Filters"}]},"vector_ids":{"description":"Specifies an optional list of attack path vector IDs (UUIDs) to export. If specified, the system only exports the vectors matching these IDs. If omitted, the system exports all vectors matching the filter criteria.","type":"array","items":{"type":"string"}},"columns":{"description":"Specifies optional columns to include in the export. Use this parameter to limit the exported data to specific fields. If omitted, the system includes all available columns.","type":"array","example":["path_name"],"items":{"type":"string","enum":["path_name","priority","source_nes","target_acr","sequence_chain","enabler_list","asset_ids"]}},"file_name":{"description":"Specifies a custom name for the exported file. If omitted, the system automatically generates a default name.","type":"string","maxLength":100},"sort":{"$ref":"#/components/schemas/Attack_Path_Exports_ExportSortParams"}}},"Attack_Path_Exports_Request-Export-Attack-Techniques":{"type":"object","required":["file_format"],"properties":{"file_format":{"$ref":"#/components/schemas/Attack_Path_Exports_FileFormat"},"filters":{"description":"Specifies filter conditions for the export. You can provide a single filter condition or multiple nested conditions.","oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Technique-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Technique-Multiple-Filters"}]},"attack_technique_ids":{"description":"An optional list of specific attack technique UUIDs to export. When specified, only the techniques matching these IDs are included. If omitted, all techniques matching the filter criteria are exported.","type":"array","items":{"type":"string"}},"columns":{"description":"Specifies optional columns to include in the export. Use this parameter to limit the exported data to specific fields. If omitted, the system includes all available columns.","type":"array","example":["mitre_id"],"items":{"type":"string","enum":["mitre_id","technique_name","priority","status","state","through","source_names","source_classes","source_ids","target_names","target_classes","target_ids","tactics","data_sources","top_attack_path_count","critical_assets_count"]}},"file_name":{"description":"Specifies a custom name for the exported file. If omitted, the system automatically generates a default name.","type":"string","maxLength":100},"sort":{"$ref":"#/components/schemas/Attack_Path_Exports_ExportSortParams"}}},"Attack_Path_Exports_AttackPathExportRecord":{"type":"object","description":"A single attack path record in the export results.","properties":{"path_name":{"type":"string","description":"The name assigned to the attack path. For many paths, the system uses generative AI to create a descriptive name based on the potential threat."},"priority_rating":{"type":"string","description":"The priority level assigned to the attack path. Possible values include `Critical`, `High`, `Medium`, and `Low`."},"source_nes":{"type":"number","description":"The Node Exposure Score (NES) of the starting node in the attack path."},"target_acr":{"type":"number","description":"The Asset Criticality Rating (ACR) of the final destination asset in the attack path."},"sequence_chain":{"type":"string","description":"The structured progression of the attack path, showing the sequence of assets and techniques from source to destination."},"enablers":{"type":"string","description":"A semicolon-separated list of the primary security gaps or configurations (enablers) that facilitate the attack path."},"asset_ids":{"type":"string","description":"A semicolon-separated list of the unique identifiers (UUIDs) for all assets involved in the attack path, listed in order of progression."}}},"Attack_Path_Exports_AttackTechniqueExportRecord":{"type":"object","description":"A single attack technique record in the export results.","properties":{"mitre_id":{"type":"string","description":"The MITRE ATT&CK technique identifier (for example, `T1003`)."},"technique_name":{"type":"string","description":"The descriptive name of the attack technique."},"priority":{"type":"string","description":"The priority level assigned to the attack technique. Possible values include `Critical`, `High`, `Medium`, and `Low`."},"status":{"type":"string","description":"The current workflow status of the attack technique. Possible values include `to_do`, `in_progress`, `in_review`, `done`, and `accepted`."},"state":{"type":"string","description":"The operational state of the attack technique. Possible values include `open` and `archive`."},"through":{"type":"string","description":"The primary security gap or enabler that facilitates this technique."},"source_names":{"type":"string","description":"A semicolon-separated list of names for the originating source assets."},"source_classes":{"type":"string","description":"A semicolon-separated list of asset classes for the originating source assets."},"source_ids":{"type":"string","description":"A semicolon-separated list of the unique identifiers (UUIDs) for the originating source assets."},"target_names":{"type":"string","description":"A semicolon-separated list of names for the destination target assets."},"target_classes":{"type":"string","description":"A semicolon-separated list of asset classes for the destination target assets."},"target_ids":{"type":"string","description":"A semicolon-separated list of the unique identifiers (UUIDs) for the destination target assets."},"tactics":{"type":"string","description":"A semicolon-separated list of the associated MITRE ATT&CK tactics."},"data_sources":{"type":"string","description":"A semicolon-separated list of the data sources that provided information for this technique."},"top_attack_path_count":{"type":"integer","description":"The total number of top attack paths in which this technique appears."},"critical_assets_count":{"type":"integer","description":"The total number of critical assets that could be compromised using this technique."}}},"Attack_Path_Exports_Attack-Path-Single-Filter":{"description":"Defines a single filter condition used to narrow the search results for attack paths.","type":"object","properties":{"property":{"type":"string","description":"Specifies the property used to filter the results. For example: `priority`, `name`, or `technique`.","enum":["priority","name","summary","steps","asset_exposure","blast_radius","asset_id","freetext","finding_id","technique","weakness_id","critical_asset","data_source","apa_aes","acr","path_status"]},"operator":{"type":"string","description":"Specifies the comparison operator applied to the property filter. For example: `eq` (equals), `ne` (not equals), or `contains`.","enum":["eq","ne","gt","gte","lt","lte","contains","not_contains","in","not_in"]},"value":{"description":"Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.","oneOf":[{"title":"Single String Value","type":"string"},{"title":"Multiple String Values","type":"array","items":{"type":"string"}},{"title":"Single Integer Value","type":"integer"},{"title":"Multiple Integer Values","type":"array","items":{"type":"integer"}},{"title":"Single Boolean Value","type":"boolean","enum":[true,false]}]}}},"Attack_Path_Exports_Attack-Path-Multiple-Filters":{"description":"Specifies a compound filter that combines multiple conditions. Use this structure to create complex, multi-level filtering logic using logical operators.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine multiple filter conditions.","enum":["and","or"],"default":"and"},"value":{"type":"array","description":"Contains an array of filter objects. Each item can be a single filter condition or a nested operator object.","items":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Path-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Path-Multiple-Filters-Nested"}]}}},"required":["value"]},"Attack_Path_Exports_Attack-Path-Multiple-Filters-Nested":{"description":"Defines a nested logical operator used within a compound filter. This enables deep filtering logic while preventing circular references.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine the nested conditions.","enum":["and","or"],"default":"and"},"value":{"type":"array","description":"Contains an array of single filter conditions.","items":{"$ref":"#/components/schemas/Attack_Path_Exports_Attack-Path-Single-Filter"}}},"required":["value"]},"Attack_Path_Exports_Attack-Technique-Single-Filter":{"description":"Defines a single filter condition used to narrow the search results for attack techniques.","type":"object","properties":{"property":{"type":"string","description":"Specifies the property used to filter the results. For example: `priority`, `name`, or `last_updated_at`.","enum":["priority","state","status","name","procedureName","mitre_id","tactics","target","source","cause","last_updated_at","created","serial_id"]},"operator":{"type":"string","description":"Specifies the comparison operator applied to the property filter. For example: `eq` (equals), `ne` (not equals), or `contains`.","enum":["eq","ne","gt","gte","lt","lte","contains","not_contains","in","not_in"]},"value":{"description":"Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.","oneOf":[{"title":"Single String Value","type":"string"},{"title":"Multiple String Values","type":"array","items":{"type":"string"}},{"title":"Single Integer Value","type":"integer"},{"title":"Multiple Integer Values","type":"array","items":{"type":"integer"}},{"title":"Single Boolean Value","type":"boolean","enum":[true,false]}]}}},"Attack_Path_Exports_Attack-Technique-Multiple-Filters":{"description":"Specifies a compound filter that combines multiple conditions. Use this structure to create complex, multi-level filtering logic using logical operators.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine multiple filter conditions.","enum":["and","or"]},"value":{"type":"array","description":"Contains an array of filter objects. Each item can be a single filter condition or a nested operator object.","items":{"oneOf":[{"title":"Single Filter","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Technique-Single-Filter"},{"title":"Multiple Filters","$ref":"#/components/schemas/Attack_Path_Exports_Attack-Technique-Multiple-Filters-Nested"}]}}},"required":["operator","value"],"title":"AttackTechniqueFilterOperator"},"Attack_Path_Exports_Attack-Technique-Multiple-Filters-Nested":{"description":"Defines a nested logical operator used within a compound filter. This enables deep filtering logic while preventing circular references.","type":"object","properties":{"operator":{"type":"string","description":"Specifies the logical operator used to combine the nested conditions.","enum":["and","or"]},"value":{"type":"array","description":"Contains an array of single filter conditions.","items":{"$ref":"#/components/schemas/Attack_Path_Exports_Attack-Technique-Single-Filter"}}},"required":["value"]},"Attack_Path_Exports_ExportSortParams":{"type":"object","description":"Specifies how the system sorts the exported results.","required":["property","direction"],"properties":{"property":{"description":"Specifies the property used to sort the results.","type":"string"},"direction":{"description":"Specifies the sort direction, either ascending (`asc`) or descending (`desc`).","type":"string","enum":["asc","desc"]}}},"Attack_Path_Exports_ExportRequestId":{"type":"object","properties":{"export_id":{"description":"The unique identifier (UUID) for the export request. Use this ID to check the status of the export and download the results.","type":"string","format":"uuid"}}},"Attack_Path_Exports_Response-Export-Status":{"type":"object","properties":{"export_id":{"description":"The unique identifier (UUID) for the export request. Use this ID to check the status of the export and download the results.","type":"string","format":"uuid"},"status":{"description":"The current status of the export request. Possible values include:\n\n* `QUEUED` — The request is waiting for earlier requests to complete.\n* `PROCESSING` — The system is currently processing the export request.\n* `FINISHED` — The system has completed processing the export request. The file is available for download.\n* `ERROR` — An error occurred while processing the export request. Retry the request; if the error persists, contact Tenable Support.\n* `CANCELLED` — The export request was cancelled.","type":"string","enum":["QUEUED","PROCESSING","FINISHED","ERROR","CANCELLED"]},"submitted_at":{"description":"A timestamp in ISO 8601 format indicating the date and time the export request was submitted.","format":"date-time","type":"string"},"last_refreshed_at":{"description":"A timestamp in ISO 8601 format indicating when the export status was last updated. Compare this value with `submitted_at` to gauge total processing time.","format":"date-time","type":"string"}}},"Attack_Path_Exports_FileFormat":{"description":"Specifies the file format for the exported data.","enum":["CSV","JSON"],"type":"string"},"Attack_Path_Exports_ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","description":"The HTTP status code of the error."},"error":{"type":"string","description":"The standard HTTP error name."},"message":{"type":"string","description":"A brief message about the cause of the error."}}},"Attack_Path_Exports_ErrorResponseStatus":{"type":"object","properties":{"message":{"type":"string","description":"An error message indicating the invalid parameter or value."},"status":{"type":"integer","description":"The HTTP response status code."}}},"Exposure_View_ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","description":"The HTTP status code of the error."},"error":{"type":"integer","description":"The standard HTTP error name."},"message":{"type":"string","description":"A brief message about the cause of the error."}}},"Exposure_View_ErrorResponse-404":{"type":"object","properties":{"status":{"type":"integer","description":"The HTTP status code of the error."},"message":{"type":"string","description":"The standard HTTP error name."},"error":{"type":"array","items":{"type":"object","properties":{"code":{"description":"The error code. For example, `UNEXPECTED_ERROR`.","type":"string"},"message":{"description":"A brief message about the cause of the specific error.","type":"string"}}}}}},"Exposure_View_Response-Search-Cards":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Exposure_View_Response-Search-Cards-Object"}},"pagination":{"$ref":"#/components/schemas/Exposure_View_PaginationResponseData"}}},"Exposure_View_Response-Search-Cards-Object":{"type":"object","properties":{"id":{"description":"The unique ID of the exposure view card.","type":"string"},"name":{"description":"The name of the exposure view card.","type":"string"},"card_type":{"$ref":"#/components/schemas/Exposure_View_CardType"},"is_global_card":{"description":"Indicates whether or not the exposure view card is a Tenable-provided global card (`true`) or a user-created custom card (`false`).","type":"boolean"},"tag_count":{"description":"The number of tags associated with the exposure view card.","type":"integer"},"created_at":{"description":"A timestamp in ISO 8601 format indicating the date and time when the exposure view card was created.","type":"string","format":"date-time"},"updated_at":{"description":"A timestamp in ISO 8601 format indicating the date and time when the exposure view card was last updated.","type":"string","format":"date-time"},"ces_score":{"$ref":"#/components/schemas/Exposure_View_CESScore"},"sla_percentage":{"description":"The overall Service Level Agreement (SLA) percentage. SLA represents the acceptable time frame between when a finding is discovered and when it fixed or remediated. For information about how an SLA percentage is calculated, see the Remediation SLA section on the [Exposure View](https://docs.tenable.com/exposure-management/Content/exposure-management/exposure-view/exposure-view.htm) page in the _Tenable Exposure Management User Guide_.","format":"double","type":"number"},"ces_trend":{"description":"An array of Cyber Exposure Score (CES) values along with their timestamps.","type":"array","items":{"$ref":"#/components/schemas/Exposure_View_CESTrendDataPoint"}},"exposure_class":{"$ref":"#/components/schemas/Exposure_View_ExposureClassArray"},"last_data_update_date":{"description":"A timestamp in ISO 8601 format indicating the date and time when the data for the exposure view card was last updated.","type":"string","format":"date-time"},"sources":{"$ref":"#/components/schemas/Exposure_View_AssetSource"}}},"Exposure_View_Response-Card-Details":{"type":"object","properties":{"id":{"description":"The unique ID of the exposure view card.","type":"string"},"name":{"description":"The name of the exposure view card.","type":"string"},"card_type":{"$ref":"#/components/schemas/Exposure_View_CardType"},"is_global_card":{"description":"Indicates whether or not the exposure view card is a Tenable-provided global card (`true`) or a user-created custom card (`false`).","type":"boolean"},"ces_scores":{"$ref":"#/components/schemas/Exposure_View_CESScores"},"ces_trend":{"description":"An array of Cyber Exposure Score (CES) values along with their timestamps.","type":"array","items":{"$ref":"#/components/schemas/Exposure_View_CESTrendDataPoint"}},"created_at":{"description":"A timestamp in ISO 8601 format indicating the date and time when the exposure view card was created.","type":"string","format":"date-time"},"updated_at":{"description":"A timestamp in ISO 8601 format indicating the date and time when the exposure view card was last updated.","type":"string","format":"date-time"},"tag_count":{"description":"The number of tags associated with the exposure view card.","type":"integer"},"exposures":{"$ref":"#/components/schemas/Exposure_View_ExposureClassArray"},"sources":{"$ref":"#/components/schemas/Exposure_View_AssetSource"},"last_data_update_date":{"description":"A timestamp in ISO 8601 format indicating the date and time when the data for the exposure view card was last updated.","type":"string","format":"date-time"},"exposure_classes_details":{"description":"Metrics, breakdowns, and efficiency data for each exposure class. Exposure classes include `VM`, `WAS`, `CLOUD`, `OT`, `IDENTITY`, and `ALL`. For each exposure class, score benchmarks, asset risk breakdowns, score trend metrics, SLA efficiency, and SLA breakdowns are included.","type":"object","additionalProperties":{"type":"object","properties":{"score_benchmark":{"$ref":"#/components/schemas/Exposure_View_Score-Benchmark"},"asset_risk_breakdown":{"$ref":"#/components/schemas/Exposure_View_Asset-Risk-Breakdown"},"score_trend_metric":{"$ref":"#/components/schemas/Exposure_View_Score-Trend-Metric"},"sla_efficiency":{"type":"array","items":{"$ref":"#/components/schemas/Exposure_View_SeveritySummaryStat"}},"sla_breakdown":{"$ref":"#/components/schemas/Exposure_View_SLA-Breakdown"}}}}}},"Exposure_View_Score-Benchmark":{"description":"Data indicating how your Cyber Exposure Score (CES) compares to your industry and total population.","type":"object","properties":{"industry_benchmark":{"description":"Data indicating how your Cyber Exposure Score (CES) compares to your industry.","type":"object","properties":{"industry_id":{"description":"The numerical ID of the industry.","format":"int32","type":"integer"},"ces_score":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}},"population_benchmark":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}},"Exposure_View_SLA-Breakdown":{"type":"object","properties":{"risk_distribution":{"$ref":"#/components/schemas/Exposure_View_SLAOverallRiskBreakdown"},"risk_distribution_in_days":{"type":"object","properties":{"inside_sla":{"type":"integer"},"outside_sla":{"type":"integer"}}},"exposure_category_breakdown":{"items":{"$ref":"#/components/schemas/Exposure_View_BusinessContextExposureClassDistribution"},"type":"array"},"top_affecting_tags":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}}}}}},"Exposure_View_Asset-Risk-Breakdown":{"description":"The percentage of assets in each risk severity level.","type":"object","properties":{"critical":{"description":"The percentage of your assets associated with vulnerabilities of critical severity.","format":"double","type":"number"},"high":{"description":"The percentage of your assets associated with vulnerabilities of high severity.","format":"double","type":"number"},"medium_low":{"description":"The percentage of your assets associated with vulnerabilities of medium or low severity.","format":"double","type":"number"}}},"Exposure_View_PaginationResponseData":{"properties":{"offset":{"description":"The requested starting record of the result set to retrieve. Offsets are used to paginate through the result set. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","type":"integer"},"limit":{"description":"The requested number of records to retrieve from the result set. The maximum value is `25`. If this parameter is omitted, Tenable Exposure Management uses the default value of `25`.","type":"integer"},"total_record_count":{"description":"The total number of exposure view card records included in the result set of the search.","type":"integer"}}},"Exposure_View_CardType":{"type":"string","description":"The type of exposure view card. Global cards are Tenable-provided cards. Custom cards are user-created cards.","enum":["GLOBAL","CATEGORY","EXPOSURE","CUSTOM"]},"Exposure_View_CESScore":{"description":"The numerical Cyber Exposure Score (CES) and its grade.","type":"object","properties":{"score":{"type":"integer","description":"An integer between 0 and 1000 indicating the Cyber Exposure Score (CES). For more information about CES and how it's calculated, see the Cyber Exposure Score (CES) section on the [Lumin Metrics](https://docs.tenable.com/vulnerability-management/Content/Lumin/LuminMetrics.htm) page in the _Tenable Vulnerability Management User Guide_."},"grade":{"$ref":"#/components/schemas/Exposure_View_CESGrade"}}},"Exposure_View_CESTrendDataPoint":{"type":"object","properties":{"date":{"description":"A timestamp in ISO 8601 format indicating the date of the Cyber Exposure Score (CES).","format":"date-time","type":"string"},"ces_score":{"description":"An integer between 0 and 1000 indicating the Cyber Exposure Score (CES). For more information about CES and how it's calculated, see the Cyber Exposure Score (CES) section on the [Lumin Metrics](https://docs.tenable.com/vulnerability-management/Content/Lumin/LuminMetrics.htm) page in the _Tenable Vulnerability Management User Guide_.","type":"integer"}}},"Exposure_View_ExposureClass":{"description":"The exposure class is determined by the sensor that assessed the asset or detected the finding. For more information about exposure classes, see [Scoring (Beta)](https://docs.tenable.com/tenableone/scoring-explained/Content/ScoringExplained/new-scoring.htm).","type":"string","enum":["ALL","IDENTITY","WAS","VM","CLOUD","OT"]},"Exposure_View_ExposureClassArray":{"description":"The exposure class is determined by the sensor that assessed the asset or detected the finding. For more information about exposure classes, see [Scoring (Beta)](https://docs.tenable.com/tenableone/scoring-explained/Content/ScoringExplained/new-scoring.htm).","items":{"type":"string"},"enum":["ALL","IDENTITY","WAS","VM","CLOUD","OT"]},"Exposure_View_CESGrade":{"type":"string","description":"The Cyber Exposure Score (CES) grade as it compares to your industry and total population. For more information about CES grades, see [Exposure View](https://docs.tenable.com/exposure-management/Content/exposure-management/exposure-view/exposure-view.htm) in the _Tenable Exposure Management User Guide_.","enum":["A","B","C","D","F","None"]},"Exposure_View_AssetSource":{"description":"The sources that supply data for the card.","type":"array","items":{"type":"string"},"enum":["ACUNETIX_360","ACUNETIX_PREMIUM","AQUA_CSPM","AQUA_CWPP","ARMIS","ASM","AWS","AWS_CONFIG","AWS_EC2","AWS_INSPECTOR_CLASSIC","AWS_INSPECTOR_V2","AWS_SECURITY_HUB","AXONIUS","AZURE","AZURE_FA","BIT_SIGHT","BURPSUITE","CARBON_BLACK","CLONE_SYSTEMS","CLOUD","CONSEC","CORE_CLOUDRESOURCE","CORTEX_XDR","CROWDSTRIKE","CROWDSTRIKE_ENTERPRISE","CYCOGNITO","DETECTIFY","FORTIFY_DAST","GCP","HACKER_ONE","INTUNE","JAMF","MICROSOFT_AZURE","MICROSOFT_DEFENDER","MICROSOFT_DEFENDER_CLOUD","MICROSOFT_TVM","NESSUS_AGENT","NESSUS_SCAN","NETSPARKER","NODE_ZERO","ORCA","OUTPOST24","PRISMACLOUD","PRISMACLOUD_CSPM","PURPLEMET","PVS","QUALYS","QUALYS_WAS","RAPID7_INSIGHT_APP_SEC","RAPID7_INSIGHTVM","RAPID7_INSIGHTVM_CLOUD","RAPID_7","RED_HAT_INSIGHTS","RISK_RECON","SECURITY_CENTER","SECURITY_SCORE_CARD","SENTINEL_ONE","SERVICE_NOW","SSM","T.CS","T.IO","T.OT","TANIUM","TIE AD","TIE MEID","TIE","UNCLASSIFIED","VERACODE_DAST","WAS","WHITEHAT","WIZ_CONFIGURATION","WIZ_ISSUES","WIZ_VULNERABILITY_MANAGEMENT"]},"Exposure_View_CESScores":{"description":"An object containing Cyber Exposure Scores (CES) per exposure, per tag, and total.","type":"object","properties":{"per_exposure":{"description":"An array of Cyber Exposure Scores (CES) per exposure. Both the exposure class and its associated score are indicated.","type":"array","items":{"type":"object","properties":{"exposure_class":{"$ref":"#/components/schemas/Exposure_View_ExposureClass"},"ces_score":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}}},"per_tag":{"description":"An array of Cyber Exposure Scores (CES) per tag. Both the tag and it's associated score are indicated.","type":"array","items":{"type":"object","properties":{"tag":{"$ref":"#/components/schemas/Exposure_View_Tag"},"ces_score":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}}},"total":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}},"Exposure_View_Tag":{"description":"Information about the tag associated with the exposure view card.","type":"object","properties":{"id":{"description":"The unique ID of the tag.","type":"string"},"name":{"description":"The name of the tag.","type":"string"},"origin":{"description":"The origin product of the tag.","type":"string","enum":["TENABLE_IO","TENABLE_AD","TENABLE_AI","TENABLE_WAS","TENABLE_CS","TENABLE_APA"]},"category_id":{"description":"The unique ID of the tag category to which the tag value belongs.","type":"string"},"category_name":{"description":"The name of the tag category to which the tag value belongs.","type":"string"},"dynamic":{"description":"Indicates whether or not the tag is dynamic. Dynamic tags are tags that are automatically applied to assets based on defined tag rules.","type":"boolean"},"asset_count":{"description":"The number of assets associated with the tag.","type":"integer"},"asset_query":{"$ref":"#/components/schemas/Exposure_View_AssetQueryV2"},"avg_ces_score":{"description":"The average Cyber Exposure Score (CES) for assets associated with the tag. CES is an integer between 0 and 1000. For more information about CES and how it's calculated, see [Lumin Metrics](https://docs.tenable.com/vulnerability-management/Content/Lumin/LuminMetrics.htm) in the _Tenable Vulnerability Management User Guide_.","type":"integer"}}},"Exposure_View_AssetQueryV2":{"description":"For dynamic tags, the filters applied to define the tag rule.","type":"object","properties":{"filters_expression":{"description":"Indicates the tag filters and whether a logical `and` or `or` is applied.","type":"object","properties":{"logical_operator":{"description":"The logical operators applied to the tag filters, either `and` or `or`.","type":"string","enum":["and","or"]},"operands":{"description":"The tag filters applied to define the tag rule.","type":"array","items":{"description":"The property to filter on for the tag rule, the comparison operator used for the filter, and the value used for the comparison.","type":"object","properties":{"property":{"description":"The property that was filtered on.","type":"string"},"operator":{"description":"The comparison operator to applied to the filter.","type":"string","enum":["eq","neq","lte","gte","lt","gt","wc","nwc","between",">",">=","=","!=","exists","nexists"]},"value":{"description":"The values used for comparison in the filtering operation.","type":"array","items":{"type":"string"}}}}}}},"text_query":{"description":"Text search on asset names","type":"string"},"mode":{"type":"string","enum":["advanced","simple"]}}},"Exposure_View_DataCategory":{"enum":["GLOBAL","WEB_APPLICATIONS","COMPUTING_RESOURCES","IDENTITIES","CLOUD_RESOURCES","OPERATIONAL_TECH"],"type":"string"},"Exposure_View_SLASeverityLevel":{"enum":["LOW","MEDIUM","HIGH","CRITICAL","OVERALL"],"type":"string"},"Exposure_View_BusinessContextDrivers":{"type":"object","properties":{"top_affecting_tags":{"items":{"$ref":"#/components/schemas/Exposure_View_Tag"},"type":"array"},"category_distribution":{"items":{"$ref":"#/components/schemas/Exposure_View_BusinessContextCategoryDistribution"},"type":"array"},"exposure_class_distribution":{"items":{"$ref":"#/components/schemas/Exposure_View_BusinessContextExposureClassDistribution"},"type":"array"}}},"Exposure_View_BusinessContextExposureClassDistribution":{"type":"object","properties":{"exposure_class":{"$ref":"#/components/schemas/Exposure_View_ExposureClass"},"contribution_percentage":{"format":"double","type":"number"}}},"Exposure_View_BusinessContextCategoryDistribution":{"type":"object","properties":{"data_category":{"$ref":"#/components/schemas/Exposure_View_DataCategory"},"contribution_percentage":{"format":"double","type":"number"}}},"Exposure_View_SLAOverallRiskBreakdown":{"type":"object","properties":{"risks_inside_sla":{"$ref":"#/components/schemas/Exposure_View_RiskBreakdownCategory"},"risks_outside_sla":{"$ref":"#/components/schemas/Exposure_View_RiskBreakdownCategory"}}},"Exposure_View_RiskBreakdownCategory":{"type":"object","properties":{"number_of_risks":{"type":"integer"},"percentage_of_total":{"format":"double","type":"number"},"business_context":{"$ref":"#/components/schemas/Exposure_View_BusinessContextDrivers"}}},"Exposure_View_SeveritySummaryStat":{"type":"object","properties":{"sla_severity_level":{"$ref":"#/components/schemas/Exposure_View_SLASeverityLevel"},"sla_inside_count":{"format":"int32","type":"integer"},"sla_total_count":{"format":"int32","type":"integer"},"sla_efficiency":{"format":"double","type":"number"},"sla_efficiency_target":{"format":"double","type":"number"}}},"Exposure_View_Score-Trend-Metric":{"description":"An object containing Cyber Exposure Score (CES) trends over time, target scores, and events.","type":"object","properties":{"ces_trend":{"description":"An array of Cyber Exposure Score (CES) values, grades, and timestamps to indicate how your score has trended over time.","type":"array","items":{"type":"object","properties":{"date":{"description":"A timestamp in ISO 8601 format indicating the date of the Cyber Exposure Score (CES).","format":"date-time","type":"string"},"ces_score":{"$ref":"#/components/schemas/Exposure_View_CESScore"}}}},"target_score":{"description":"Your baseline target.","type":"integer"},"events":{"description":"An object containing data about specific events that have contributed to your CES score.","type":"array","items":{"type":"object","properties":{"timestamp":{"description":"A timestamp in ISO 8601 indicate the date and time of the event.","format":"date-time","type":"string"},"description":{"description":"A description of the event.","type":"string"},"event_detail":{"type":"array","items":{"type":"object","properties":{"affected_points":{"description":"The number of points the event affected your CES.","type":"integer"},"risk_categories":{"description":"The risk category associated with the event.","type":"array","items":{"$ref":"#/components/schemas/Exposure_View_DataCategory"}},"exposure_classes":{"$ref":"#/components/schemas/Exposure_View_ExposureClassArray"},"description":{"type":"object","properties":{"rank":{"description":"The numeric value of the rank.","type":"integer"},"change_title":{"description":"The title of the change.","type":"string"},"change_label":{"description":"The label for the change.","type":"string"},"value_before":{"description":"The value before the change.","type":"string"},"value_after":{"description":"The value before the change.","type":"string"}}}}}},"executive_summary":{"description":"A summary of the event.","type":"string"}}}}}},"Inventory_ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","description":"The HTTP status code of the error."},"error":{"type":"integer","description":"The standard HTTP error name."},"message":{"type":"string","description":"A brief message about the cause of the error."}}},"Inventory_ErrorResponse-400":{"type":"object","properties":{"message":{"type":"string","description":"An error message indicating the invalid parameter or value."},"status":{"type":"integer","description":"The HTTP response response status code."}}},"Inventory_Request-Search-Assets":{"description":"An object containing a query and/or filters for a Tenable Exposure Management asset search.","type":"object","properties":{"query":{"type":"object","description":"Filter the search results by query. A query consists of search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. You can choose either `simple` or `advanced`.\n* `simple`—A simple query enables you to search for assets by asset name or asset ID.\n* `advanced`—An advanced query enables you to build a specific query to search for assets.","type":"string","default":"simple","enum":["simple","advanced"]},"text":{"description":"For simple searches, either an asset name or an asset ID. For advanced searches, a query string. Advanced users can use the query builder in the user interface to create a query string.\n\nFor example, some common advanced queries are:\n\n* Cloud assets with critical severity findings—`Assets HAS sources = \"CLOUD\" WITH Weakness HAS severity = \"Critical\"` \n* Cloud assets with critical severity findings and AES score above 700—`Assets HAS sources = \"CLOUD\" AND aes >= 700 WITH Weakness HAS severity = \"Critical\"` \n* Cloud assets exposing secrets and AES score above 700—`Assets HAS sources = \"CLOUD\" AND aes >= 700 WITH Weakness HAS detection_name contains \"exposing secrets\"` \n* Account assets with critical weaknesses—`Assets as Account with weakness has severity_level >= 3` \n* Assets discovered but not scanned for weaknesses—`Assets as Device has is_licensed = false and last_observed_at > \"1988-01-01\"`","type":"string","example":"Microsoft"}},"required":["mode","text"]},"filters":{"description":"A set of asset properties used to filter the search results. \n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to view available asset properties that can be used as filters.","type":"array","items":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The asset property to filter on.\n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve a list of valid asset properties for filtering. For example, you might filter by `created_at`, `sources`, or `fqdns`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter. \n\nFor example: `=`, `!=`, `match`, etc. Use the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter. \n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}}}}},"Inventory_Public-Sort-Object":{"description":"An object specifying how the current result set is sorted, including the property by which the results were sorted and the sort direction.","type":"object","properties":{"name":{"description":"The property used to sort the results.","type":"string"},"order":{"description":"The sort direction for the results. `asc` for ascending or `desc` for descending.","type":"string","enum":["asc","desc"]}}},"Inventory_Response-Search-Assets":{"description":"The asset search results.","type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Inventory_Response-Search-Assets-Object"},"type":"array"},"pagination":{"description":"An object containing pagination information for the current result set.","properties":{"total":{"description":"The total number of assets included in the result set of the search.","type":"integer"},"offset":{"description":"The requested starting record of the result set to retrieve. Offsets are used to paginate through the result set. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","type":"integer","format":"int32"},"limit":{"description":"The requested number of records to retrieve from the result set. The maximum value is `1000`. If this parameter is omitted, Tenable Exposure Management uses the default value of `1000`.","type":"integer","format":"int32","default":1000},"sort":{"$ref":"#/components/schemas/Inventory_Public-Sort-Object"}},"required":["limit","offset","total","sort"],"type":"object"}}},"Inventory_Response-Search-Assets-Object":{"properties":{"id":{"description":"The unique identifier (UUID) of the asset in Tenable Exposure Management. Use this value as the unique key for the asset.","type":"string"},"asset_class":{"description":"The class that Tenable Exposure Management has assigned to the asset. Asset classes enable users to easily separate asset data based on its type. For more information about asset classes, see [Asset Classes](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/classes.htm) in the Tenable Exposure Management User Guide.","type":"string","enum":["ACCOUNT","APPLICATION","CONTAINER","DEVICE","GENERAL","GROUP","IAC","IDENTITY","RESOURCE","ROLE","STORAGE","UNKNOWN"]},"name":{"description":"The name of the asset.","type":"string"},"aes":{"description":"The Tenable-defined Asset Exposure Score (AES) for the asset. This metric weighs an asset's [Vulnerability Priority Rating (VPR)](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Vulnerability-Priority-Rating-(VPR)) and [Asset Criticality Rating (AES)](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Asset-Exposure-Score-(AES)) and then assigns a number from 1 to 1000, with higher numbers for more exposed assets. For more information, see [Tenable Exposure Management Metrics](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm) in the _Tenable Exposure Management User Guide_.","type":"integer","maximum":1000,"minimum":0},"acr":{"description":"The Tenable-defined Asset Criticality Rating (ACR) for the asset. With Lumin, Tenable uses an algorithm based on the [asset class](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/classes.htm) to assign a metric rating the importance of an asset to your organization from 1 to 10, with higher numbers for more critical assets. For more information, see [Tenable Exposure Management Metrics](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Asset-Criticality-Rating-(ACR)) in the _Tenable Exposure Management User Guide_.","type":"integer","maximum":10,"minimum":0},"extra_properties":{"description":"Additional information about the assets as requested in the `extra_properties` parameter of the search request. \n\nYou can use the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve a list of properties that can be used as values for the `extra_properties` parameter. For example, you may want to include `created_at`, `sources`, and `fqdns` as extra properties.","type":"object"}},"required":["asset_class","id","tag_count","weakness_severity_counts"],"type":"object"},"Inventory_Request-Search-Findings":{"description":"An object containing a query and/or filters for a Tenable Exposure Management finding search.","type":"object","properties":{"query":{"type":"object","description":"Filter the search results by query. A query consists of search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. Currently, the findings search only supports the `simple` mode.","type":"string","default":"simple","enum":["simple"]},"text":{"description":"For simple searches, either a finding name or a finding ID. This parameter value can be left empty to search all software, for example `\"text\": \"\"`","type":"string","example":"Microsoft"}},"required":["mode","text"]},"filters":{"description":"A set of finding properties used to filter the search results. \n\nUse the [List finding properties](ref:inventory-finding-properties-list) endpoint to view available finding properties that can be used as filters.","type":"array","items":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The finding property to filter on.\n\n Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve a list of valid finding properties for filtering. For example, you might filter by `asset_name`, `solution`, or `vpr_score`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter. \n\nFor example: `=`, `!=`, `match`, etc. Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter.\n\n Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}}}}},"Inventory_Response-Search-Findings":{"description":"The findings search results.","type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Inventory_Response-Search-Findings-Object"},"type":"array"},"pagination":{"description":"An object containing pagination information for the current result set.","properties":{"total":{"description":"The total number of findings included in the result set of the search.","type":"integer"},"offset":{"description":"The requested starting record of the result set to retrieve. Offsets are used to paginate through the result set. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","type":"integer","format":"int32"},"limit":{"description":"The requested number of records to retrieve from the result set. The maximum value is `1000`. If this parameter is omitted, Tenable Exposure Management uses the default value of `1000`.","type":"integer","format":"int32","default":1000},"sort":{"$ref":"#/components/schemas/Inventory_Public-Sort-Object"}},"required":["limit","offset","total","sort"],"type":"object"}}},"Inventory_Response-Search-Findings-Object":{"type":"object","properties":{"id":{"description":"The unique identifier (UUID) of the finding in Tenable Exposure Management. Use this value as the unique key for the finding.","type":"string"},"name":{"description":"The name of the finding. This typically corresponds with the plugin name that detected the finding.","type":"string"},"asset_id":{"description":"The unique identifier (UUID) of the asset on which the finding was identified.","type":"string"},"state":{"description":"The current status of the finding.\n\nThe state of a finding reflects the current status of a security issue or vulnerability identified within your IT environment. It helps you track the progress of remediation efforts and provides insights into the overall security posture.\n\nThe following are the different states for findings in Tenable Exposure Management:\n\n- **ACTIVE** — The finding is new or has not yet been addressed. It requires further investigation and potential remediation.\n- **RESURFACED**—The finding was fixed but got back.\n- **FIXED**—The issue identified in the finding has been successfully resolved.","type":"string","enum":["ACTIVE","RESURFACED","FIXED"]},"severity":{"description":"Indicates the level of risk posed to your organization. The severity of a finding, often referred to as vulnerability severity, is a classification that indicates the level of potential risk posed by a security vulnerability. It helps prioritize remediation efforts by highlighting the most critical vulnerabilities that require immediate attention.\n\nHere's a breakdown of common severity levels and their implications:\n\n- **CRITICAL**—Critically severe vulnerabilities pose an immediate and significant risk to your organization. They often allow for remote code execution, complete system compromise, or data breaches.\n- **HIGH**—High-severity vulnerabilities have a high likelihood of exploitation and could lead to significant damage or disruption.\n- **MEDIUM**—Medium-severity vulnerabilities may not be easily exploitable but still represent a potential security risk. They might require specific conditions or user interaction to be exploited.\n- **LOW**—Low-severity vulnerabilities pose a minimal risk to your organization. They might only result in minor inconveniences or limited impact.\n- **INFO**—Informational findings highlight potential security issues that do not directly pose a threat but could be leveraged in future attacks.","type":"string","enum":["CRITICAL","HIGH","MEDIUM","LOW","INFO"]},"extra_properties":{"description":"Additional information about the finding as requested in the `extra_properties` parameter of the search request. \n\nYou can use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve a list of properties that can be used as values for the `extra_properties` parameter. For example, you may want to include `asset_name`, `solution`, and `vpr_score` as extra properties.","type":"object","additionalProperties":true,"properties":{}}}},"Inventory_Request-Search-Software":{"description":"An object containing a query and/or filters to search for installed software on your assets.","type":"object","properties":{"query":{"type":"object","description":"Filter the search results by query. A query consists of search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. Currently, the software search only supports the `simple` mode.","type":"string","default":"simple","enum":["simple"]},"text":{"description":"The application name or publisher to search for. This parameter value can be left empty to search all software, for example `\"text\": \"\"`","type":"string","example":"Microsoft"}},"required":["mode","text"]},"filters":{"description":"A set of software properties used to filter the search results.\n\nUse the [List software properties](ref:inventory-software-properties-list) endpoint to view available software properties that can be used as filters.","type":"array","items":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The software property to filter on.\n\nUse the [List software properties](ref:inventory-software-properties-list) endpoint to retrieve a list of valid software properties for filtering. For example, you might filter by `cpe`, `version`, or `file_location`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter. \n\nFor example: `=`, `!=`, `match`, etc. Use the [List software properties](ref:inventory-software-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter.\n\n Use the [List software properties](ref:inventory-software-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}}}}},"Inventory_Response-Search-Software":{"description":"The software search results.","type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Response-Search-Software-Object"}},"pagination":{"description":"An object containing pagination information for the current result set.","properties":{"total":{"description":"The total number of software included in the result set of the search.","type":"integer"},"offset":{"description":"The requested starting record of the result set to retrieve. Offsets are used to paginate through the result set. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","type":"integer","format":"int32"},"limit":{"description":"The requested number of records to retrieve from the result set. The maximum value is `1000`. If this parameter is omitted, Tenable Exposure Management uses the default value of `1000`.","type":"integer","format":"int32","default":1000},"sort":{"$ref":"#/components/schemas/Inventory_Public-Sort-Object"}},"required":["limit","offset","total","sort"],"type":"object"}}},"Inventory_Response-Search-Software-Object":{"type":"object","properties":{"application":{"description":"The most common and recognizable name or title of the installed software product.","type":"string"},"publisher":{"description":"The company, organization, or person that manufactured or created the installed software product.","type":"string"},"type":{"description":"The type of software, either application, operating system, or hardware. This value is decoded from CPE string position 2 referred to as \"part\" in the CPE specification.","type":"array","items":{"type":"string","enum":["APPLICATION","OPERATING_SYSTEM","HARDWARE"]}},"devices_count":{"description":"The number of devices with the software installed.","type":"integer"},"extra_properties":{"description":"Additional information about the software as requested in the `extra_properties` parameter of the search request. \n\nYou can use the [List software properties](ref:inventory-software-properties-list) endpoint to retrieve a list of properties that can be used as values for the `extra_properties` parameter. For example, you may want to include `cpe`, `version`, and `file_location` as extra properties.","type":"object"}}},"Inventory_AssetClasses":{"enum":["ACCOUNT","APPLICATION","CONTAINER","DEVICE","GENERAL","GROUP","IAC","IDENTITY","RESOURCE","ROLE","STORAGE","UNKNOWN"],"type":"string"},"Inventory_Properties-Object":{"type":"object","properties":{"key":{"description":"The unique property that can be used as a filter.","type":"string"},"readable_name":{"description":"The human-readable property name.","type":"string"},"control":{"$ref":"#/components/schemas/Inventory_Control"},"operators":{"type":"array","description":"The logical operators that be used for the property filter.","items":{"type":"string"},"enum":["=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"sortable":{"description":"Indicates whether or not the property is sortable.","type":"boolean"},"filterable":{"description":"Indicates whether or not the property is filterable.","type":"boolean"},"description":{"description":"An AI-generated description of the property.","type":"string"}}},"Inventory_Control":{"type":"object","properties":{"type":{"description":"Indicates the data type of the property's value.","type":"string","enum":["STRING","NUMBER","DATE","BOOLEAN","ARRAY","OBJECT"]},"multiple_allowed":{"description":"Indicates whether or not the property can have multiple values.","type":"boolean"},"selection":{"description":"A list of possible values for the property if the property if multiple values are allowed.","type":"array","items":{"type":"object","properties":{"name":{"description":"The human-readable name of the value.","type":"string"},"value":{"description":"One possible value for the property.","type":"string"},"deprecated":{"description":"Indicates whether or not the value is deprecated.","type":"boolean"},"third_party":{"description":"Indicates whether or not the value is sourced from a third party.","type":"boolean"}}}},"regex":{"type":"object","properties":{"hint":{"description":"An example value.","type":"string"},"expression":{"description":"Defines a regular expression matching the property's possible values.","type":"string"}}}}},"Inventory_Exports_ErrorResponse":{"type":"object","properties":{"statusCode":{"type":"integer","description":"The HTTP status code of the error."},"error":{"type":"integer","description":"The standard HTTP error name."},"message":{"type":"string","description":"A brief message about the cause of the error."}}},"Inventory_Exports_ErrorResponseStatus":{"type":"object","properties":{"message":{"type":"string","description":"An error message indicating the invalid parameter or value."},"status":{"type":"integer","description":"The HTTP response response status code."}}},"Inventory_Exports_ErrorResponseStatus-400":{"type":"object","properties":{"error":{"type":"integer","description":"The HTTP response response status."},"message":{"type":"string","description":"An error message indicating the invalid parameter or value."}}},"Inventory_Exports_Response-Export-Status":{"type":"object","properties":{"export_id":{"description":"The unique identifier (UUID) of the export request.","type":"string","format":"uuid"},"submitted_at":{"description":"A timestamp in ISO 8601 format indicating the date and time the export request was submitted.","format":"date-time","type":"string"},"last_refreshed_at":{"description":"A timestamp in ISO 8601 format indicating the date and time the export request was last checked for completion.","format":"date-time","type":"string"},"status":{"description":"The status of the export request. Possible values include\n\n * `QUEUED`—Tenable Exposure Management has queued the export request until earlier requests have completed.\n * `PROCESSING`—Tenable Exposure Management is currently processing the export request. \n * `FINISHED`—Tenable Exposure Management has completed processing the export request. All chunks are available.\n * `ERROR`—An error occurred while processing the export request. Retry the request. If the error persists, contact Tenable Support.","type":"string","enum":["QUEUED","PROCESSING","FINISHED","ERROR"]},"chunks_available":{"type":"array","description":"A list of completed chunk numbers available for download. Each integer represents a chunk file that can be downloaded. If no chunks are available, the list will be empty.","items":{"type":"integer"}}}},"Inventory_Exports_Response-Export-Job":{"type":"object","properties":{"export_id":{"description":"The unique identifier (UUID) of the export request.","type":"string","format":"uuid"},"submitted_at":{"description":"A timestamp in ISO 8601 format indicating the date and time the export request was submitted.","format":"date-time","type":"string"},"last_refreshed_at":{"description":"A timestamp in ISO 8601 format indicating the date and time the export request was last checked for completion.","format":"date-time","type":"string"},"status":{"description":"The status of the export request. Possible values include\n\n * QUEUED—The request is waiting for earlier requests to complete.\n * PROCESSING—The request is currently being processed. \n * FINISHED—Processing is complete, and all chunks are available.\n * ERROR—An error occurred while processing. Retry the request, and if the issue persists, contact Tenable Support.","type":"string","enum":["QUEUED","PROCESSING","FINISHED","ERROR"]},"export_type":{"description":"The type of export request. Possible values are `assets` or `findings`.","type":"string","enum":["assets","findings"]}}},"Inventory_Exports_Response-Assets-Chunk-JSON":{"type":"object","additionalProperties":true,"properties":{"aes":{"description":"The Tenable-defined Asset Exposure Score (AES) for the asset. This metric weighs an asset's [Vulnerability Priority Rating (VPR)](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Vulnerability-Priority-Rating-(VPR)) and [Asset Criticality Rating (AES)](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Asset-Exposure-Score-(AES)) and then assigns a number from 1 to 1000, with higher numbers for more exposed assets. For more information, see [Tenable Exposure Management Metrics](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm) in the _Tenable Exposure Management User Guide_.","type":"integer","maximum":1000,"minimum":0},"asset_class":{"description":"The class that Tenable Exposure Management has assigned to the asset. Asset classes enable users to easily separate asset data based on its type. For more information about asset classes, see [Asset Classes](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/classes.htm) in the Tenable Exposure Management User Guide.","type":"string","enum":["ACCOUNT","APPLICATION","CONTAINER","DEVICE","GENERAL","GROUP","IAC","IDENTITY","RESOURCE","ROLE","STORAGE","UNKNOWN"]},"asset_criticality_rating_(acr)":{"description":"The Tenable-defined Asset Criticality Rating (ACR) for the asset. With Lumin, Tenable uses an algorithm based on the [asset class](https://docs.tenable.com/exposure-management/Content/exposure-management/inventory/classes.htm) to assign a metric rating the importance of an asset to your organization from 1 to 10, with higher numbers for more critical assets. For more information, see [Tenable Exposure Management Metrics](https://docs.tenable.com/exposure-management/Content/exposure-management/getting-started/metrics.htm#Asset-Criticality-Rating-(ACR)) in the _Tenable Exposure Management User Guide_.","type":"integer","maximum":10,"minimum":0},"asset_id":{"description":"The unique identifier (UUID) of the asset in Tenable Exposure Management. Use this value as the unique key for the asset.","type":"string"},"asset_name":{"description":"The name of the asset.","type":"string"}}},"Inventory_Exports_Response-Findings-Chunk-JSON":{"type":"object","additionalProperties":true,"properties":{"asset_id":{"description":"The unique identifier (UUID) of the asset on which the finding was identified.","type":"string"},"finding_id":{"description":"The unique identifier (UUID) of the finding in Tenable Exposure Management. Use this value as the unique key for the finding.","type":"string"},"finding_name":{"description":"The name of the finding. This typically corresponds with the plugin name that detected the finding.","type":"string"},"severity":{"description":"Indicates the level of risk posed to your organization. The severity of a finding, often referred to as vulnerability severity, is a classification that indicates the level of potential risk posed by a security vulnerability. It helps prioritize remediation efforts by highlighting the most critical vulnerabilities that require immediate attention.\n\nHere's a breakdown of common severity levels and their implications:\n\n- **CRITICAL**—Critically severe vulnerabilities pose an immediate and significant risk to your organization. They often allow for remote code execution, complete system compromise, or data breaches.\n- **HIGH**—High-severity vulnerabilities have a high likelihood of exploitation and could lead to significant damage or disruption.\n- **MEDIUM**—Medium-severity vulnerabilities may not be easily exploitable but still represent a potential security risk. They might require specific conditions or user interaction to be exploited.\n- **LOW**—Low-severity vulnerabilities pose a minimal risk to your organization. They might only result in minor inconveniences or limited impact.\n- **INFO**—Informational findings highlight potential security issues that do not directly pose a threat but could be leveraged in future attacks.","type":"string","enum":["CRITICAL","HIGH","MEDIUM","LOW","INFO"]},"state":{"description":"The current status of the finding.\n\nThe state of a finding reflects the current status of a security issue or vulnerability identified within your IT environment. It helps you track the progress of remediation efforts and provides insights into the overall security posture.\n\nThe following are the different states for findings in Tenable Exposure Management:\n\n- **ACTIVE** — The finding is new or has not yet been addressed. It requires further investigation and potential remediation.\n- **RESURFACED**—The finding was fixed but got back.\n- **FIXED**—The issue identified in the finding has been successfully resolved.","type":"string","enum":["ACTIVE","RESURFACED","FIXED"]}}},"Inventory_Exports_Assets-Property-Filter":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The asset property to filter on.\n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve a list of valid asset properties for filtering. For example, you might filter by `created_at`, `sources`, or `fqdns`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter. \n\nFor example: `=`, `!=`, `match`, etc. Use the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["","=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter. \n\nUse the [List asset properties](ref:inventory-asset-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}},"Inventory_Exports_Findings-Property-Filter":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The finding property to filter on.\n\n Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve a list of valid finding properties for filtering. For example, you might filter by `asset_name`, `solution`, or `vpr_score`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter. \n\nFor example: `=`, `!=`, `match`, etc. Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["","=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter.\n\n Use the [List finding properties](ref:inventory-finding-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}},"Inventory_Exports_Dataset-File-Format":{"default":"JSON","enum":["CSV","JSON"],"type":"string"},"Inventory_Request-Search-Tags":{"description":"An object containing a query and/or filters to search for tags.","type":"object","properties":{"query":{"type":"object","description":"The search mode and query text.","properties":{"mode":{"description":"The mode to use for the query. Currently, the tag search only supports the `simple` mode.","type":"string","default":"simple","enum":["simple"]},"text":{"description":"The tag category or tag value to search for. This parameter value can be left empty to search all tags, for example `\"text\": \"\"`","type":"string","example":"Microsoft"}},"required":["mode","text"]},"filters":{"description":"A set of tag properties used to filter the search results. \n\nUse the [List tag properties](ref:inventory-tag-properties-list) endpoint to view available tag properties that can be used as filters.","type":"array","items":{"type":"object","required":["operator","property","value"],"properties":{"property":{"description":"The tag property to filter on.\n\n Use the [List tag properties](ref:inventory-tag-properties-list) endpoint to retrieve a list of valid tag properties for filtering. For example, you might filter by `tag_data_source`, `last_updated`, or `tag_created_by_id`.","type":"string"},"operator":{"type":"string","description":"The comparison operator to apply to the filter.\n\n For example: `=`, `!=`, `match`, etc. Use the [List tag properties](ref:inventory-tag-properties-list) endpoint to retrieve supported comparison operators for the selected filter.","enum":["=","!=","<=","between","match",">=","<",">","contains","not contains","exists","not exists","older than","newer than","within last"]},"value":{"description":"The value to use for comparison in the filter.\n\n Use the [List tag properties](ref:inventory-software-properties-list) endpoint to retrieve the supported values for the selected filter.","type":"array","items":{"type":"string"}}}}}}},"Inventory_Response-Search-Tags":{"description":"The tag search results.","type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Inventory_Response-Search-Tags-Object"}},"pagination":{"description":"An object containing pagination information for the current result set.","properties":{"total":{"description":"The total number of tags included in the result set of the search.","type":"integer"},"offset":{"description":"The requested starting record of the result set to retrieve. Offsets are used to paginate through the result set. If this parameter is omitted, Tenable Exposure Management uses the default value of `0`.","type":"integer","format":"int32"},"limit":{"description":"The requested number of records to retrieve from the result set. The maximum value is `1000`. If this parameter is omitted, Tenable Exposure Management uses the default value of `1000`.","type":"integer","format":"int32","default":1000},"sort":{"$ref":"#/components/schemas/Inventory_Public-Sort-Object"}},"required":["limit","offset","total","sort"],"type":"object"}}},"Inventory_Response-Search-Tags-Object":{"type":"object","properties":{"id":{"description":"The unique ID (UUID) of the tag.","type":"string","format":"uuid"},"name":{"description":"The name of the tag.","type":"string"},"product":{"description":"The Tenable product associated with the tag.","type":"string","enum":["TENABLE_IO","TENABLE_AD","TENABLE_AI","TENABLE_WAS","TENABLE_CS","TENABLE_APA"]},"asset_count":{"description":"The total number of assets that are associated with the tag.","type":"integer","format":"int32"},"weakness_severity_counts":{"description":"The total number of weaknesses associated with the tag by severity levels. This structure is applicable only for Tenable Vulnerability Management, Tenable Web App Scanning, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security assets.","type":"object","properties":{"low":{"description":"The total number of low severity weaknesses.","format":"int32","type":"integer"},"medium":{"description":"The total number of medium severity weaknesses.","format":"int32","type":"integer"},"high":{"description":"The total number of high severity weaknesses.","format":"int32","type":"integer"},"critical":{"description":"The total number of critical severity weaknesses.","format":"int32","type":"integer"},"total":{"description":"The total number of all weaknesses.","format":"int32","type":"integer"}}},"total_weakness_count":{"description":"The total number of weaknesses.","format":"int32","type":"integer"},"type":{"description":"The type of tag, either `DYNAMIC` or `STATIC`. Dynamic tags are tags that are automatically applied to assets based on defined tag rules. Static tags are tags that are applied manually.","type":"string"},"extra_properties":{"description":"Additional information about the software as requested in the `extra_properties` parameter of the search request. \n\nYou can use the [List tag properties](ref:inventory-tag-properties-list) endpoint to retrieve a list of properties that can be used as values for the `extra_properties` parameter. For example, you may want to include `tag_data_source`, `last_updated`, and `tag_created_by_id` as extra properties.","type":"object"}}}}},"x-readme":{"proxy-enabled":false,"samples-languages":["python","curl","node","powershell","ruby","javascript","objectivec","java","php","csharp","go","swift","kotlin"]}}