Import vulnerabilities v2

post

https://cloud.tenable.com/api/v2/vulnerabilities

Imports a list of vulnerabilities in JSON format. The request cannot exceed 15 MB in total size. In addition, the request can contain a maximum of 50 asset objects. For request body examples, see Add Vulnerability Data to Vulnerability Management.

Note: This endpoint can only import Tenable scan data. It cannot import vulnerability information from third-party vendors.

Requires the Administrator [64] user role. See Roles.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

vendor

string

required

The company that owns the product that is the source of the vulnerability data. To categorize the imported vulnerabilities in the same way that Tenable Vulnerability Management categorizes vulnerabilities detected in scans it manages, use the following values:

tenable—A Nessus scan identified the vulnerabilities you want to import. Use this value for all Nessus scans, regardless of the scan manager (Tenable Vulnerability Management, Tenable Security Center, or Nessus Manager).

product

string

required

The name of the product from the vendor that is the source of the vulnerability data being imported.

Tenable Security Center—The vulnerability data source is Tenable Security Center.

data_type

string

required

The type of scan that identified the vulnerabilities you want to import. To categorize the imported vulnerabilities in the same way that Tenable Vulnerability Management categorizes vulnerabilities detected in scans it manages, use the following values:

vm—A Vulnerability Management scan identified the vulnerabilities.

source

string

required

A unique string value used to track the set of assets and vulnerabilities that Tenable Vulnerability Management is importing and processing. For data imported from Tenable Security Center via Lumin synchronization, this value has the following format:
scan_uuid:scan_chunk_uuid

where scan_uuid is the unique identifier for the scan in Tenable Security Center (equivalent to the scan id used in Tenable Security Center API requests), and scan_chunk_uuid is the unique identifier that Tenable Security Center assigns to individual chunks of scan data during the Lumin synchronization process.

assets

array of objects

required

An array of asset objects with vulnerabilities information. A valid asset record requires at least one valid network_interface object.

Note: Tenable Vulnerability Management supports a maximum of 50 individual asset objects per request message. In addition, because Tenable Vulnerability Management supports a total size limit of 15 MB for the request message, you may want to limit the number of asset objects you include in an individual request, depending on the number of vulnerabilities identified on the assets and the size of the related vulnerability output.

Note: This endpoint does not support the network_id attribute in asset objects for import. Tenable Vulnerability Management automatically assigns imported assets to the default network object. For more information about network objects, see Manage Networks.

assets*

coverage

object

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

400

Returned if you submit an invalid request.

403

Returned if you do not have permission to import vulnerabilities.

500

Returned if Tenable Vulnerability Management encounters an internal server error. Wait a moment, and try your request again.

503

Returned if a Tenable Vulnerability Management service is unavailable. Wait a moment, and try your request again.

200Returned if Tenable Vulnerability Management successfully imports the vulnerabilities. Currently all responses will not have a job id.

429Returned if you attempt to send too many requests in a specific period of time. For more information, see Rate Limiting.