Export findings

post

https://cloud.tenable.com/was/v1/export/vulns

Exports Tenable Web App Scanning findings that match the request criteria.

Users need at least BASIC [16] user permissions and the Can View access control permission for the asset objects they want to export. You can set the Can View permission for the All Assets object for all assets. ADMINISTRATOR [64] users can export without the explicit Can View access control permissions.

Caution: The vpr_v2_score filter parameter is scheduled for deprecation on July 1, 2026 as part of the transition to VPR v2. To ensure continued functionality, update all integrations to use the vpr_score filter parameter. On the deprecation date, the system will update vpr_score to support the new VPR model. For more information, see Vulnerability Priority Rating: Transition to VPR Version 2.

Note: There are limits for concurrent export requests. For more information, see Concurrency Limiting and Rate Limiting.

Requires the Basic [16] user role and the Can View access control permission for the asset objects to be exported. Administrator [64] users can export without the explicit Can View access control permissions. See Roles.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

num_assets

int32

50 to 5000

Defaults to 50

Specifies the number of assets used to chunk the findings. The findings export is split up by number of asset IDs in a chunk. The exported data of a chunk is the sum of all the findings for each asset in that chunk. The range for number of assets in a chunk is a minimum of 50 (the default size) to a maximum of 5,000. If you specify a value outside this range, the system uses the upper or lower-bound value.

include_unlicensed

boolean

Defaults to false

Specifies whether or not to include unlicensed assets. The default is false when no parameter is specified.

filters

object

Specifies filters to apply to the findings export.

Note: By default, vulnerability exports will only include accepted and non-accepted vulnerabilities found or fixed within the last 30 days if no time-based filters are submitted with the request.

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

400

Returned if your request specified invalid parameters or if your request was improperly formatted.

403

Returned if you do not have permission to export WAS findings.

200Returned if Tenable Web App Scanning successfully queued a WAS findings export request.

409Returned if your request was a duplicate of an ongoing export that was already submitted. Tenable Web App Scanning prevents duplicate exports from running concurrently. For example, export requests with the same filters.

429Returned if you attempt to send too many requests in a specific period of time. For more information, see Rate Limiting and Concurrency Limiting.