Skip to main content
Skip table of contents

Tenable Security Center

LAST UPDATED: DEC 11, 2024

Overview

Tenable.sc is a comprehensive vulnerability management solution that provides complete visibility into the security posture of the organizations' distributed and complex IT infrastructure. Tenable.sc consolidates and evaluates vulnerability data from across the entire IT infrastructure, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization.

D3 SOAR is providing REST operations to function with Tenable Security Center.

Tenable Security Center is available for use in:

D3 SOAR

V12.7+

Category

Vulnerability Management

Deployment Options

Option II, Option IV

Connection

To connect to Tenable Security Center from D3 SOAR, follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The base URL.

https://sc.tenalab.online

API Access Key

The API Key for authentication

*****

API Secret Key

The API Secret Key for authentication

*****

Configuring D3 SOAR to Work with Tenable Security Center

  1. Log in to D3 SOAR.

  2. Find the Tenable Security Center integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Tenable Security Center in the search box to find the integration, then click it to select it.

    4. Click New Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Tenable Security Center.

    1. Connection Name: The desired name for the connection.

    2. Site: The site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: Check the tick box to ensure the connection is available for use.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Input the Server URL. The default value is https://sc.tenalab.online.
      2. Input the API Access Key.

      3. Input the API Secret Key.

    10. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
      To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

    11. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click Add to create and add the configured connection.

Commands

Tenable Security Center includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Tenable Security Center API, refer to the Tenable Security Center API reference.

Create Static IP List Asset

Creates a static asset with the specified IP addresses.

Input

Input Parameter

Required/Optional

Description

Example

Asset Name

Required

The name of the created asset.

asset1012a7

Description

Optional

The description for the scan.

asset1012a desc

IP List

Required

The IP addresses to be added into the IP List asset.

JSON
[ "***.***.***.***, ***.***.***.***" ]

Tag

Optional

The tag for the created IP List asset.

Asset Management

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Static IP List Asset failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Please specify ips for this static asset.

Error Sample Data

Create Static IP List Asset failed.

Status Code: 403.

Message: Please specify ips for this static asset.

Create Scan

Adds a scan.

ALERT

This command has a known issue and should be avoided until further notice.

READER NOTE

Repository ID and Policy ID are required parameters to run this command.

  • Run the List Repositories command to obtain the Repository ID. Repository IDs can be found from the returned raw data at the path $.response[*].id.

  • Run the List Scan Policies command to obtain the Policy ID. Policy IDs can be found from the returned raw data at the path $.response.usable[*].id.

Credential IDs is an optional parameter to run this command.

  • Run the List Credentials command to obtain the Credential IDs. Credential IDs can be found from the returned raw data at the path $.response.usable[*].id.

Scans created by D3 are designed for specific IP targets. Although the IP List parameter is optional, if no IP addresses are provided, the Targets tab will indicate "No Items selected" for assets.

D3 lacks the credentials required to create a Zone. As a result, Zone ID cannot be obtained from D3 commands. For more information, refer to Scan Zones | Tenable Security Center.

Input

Input Parameter

Required/Optional

Description

Example

New Scan Name

Required

The name of the scan.

testScan1011C

Repository ID

Required

The repository ID. Repository ID can be obtained using the List Repositories command.

*****

Policy ID

Required

The policy ID. Policy ID can be obtained using the List Scan Policies command.

*****

Description

Optional

The description for the scan.

testScan1011g desc

IP List

Optional

The IP addresses of the hosts to scan.

CODE
[ "***.***.***.***" ] 

Max Scan Time(Hour)

Optional

The maximum number of hours for the scan to complete. Valid values are integers between 1 and 120. By default, the max scan time is set to unlimited.

1

Zone ID

Optional

The ID of the zone related to the data center where the device resides.

*****

Credential IDs

Optional

The IDs of credentials with privileges to scan a target device. Credential IDs can be obtained using the List Credentials command.

CODE
[ ***** ] 

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Scan failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Please specify a valid Repository.

Error Sample Data

Create Scan failed.

Status Code: 403.

Message: Please specify a valid Repository.

Delete Assets

Deletes the specified assets using asset IDs.

READER NOTE

Asset IDs is a required parameter to run this command.

  • Run the List Assets command to obtain the Asset IDs. Asset IDs can be found from the returned raw data at the path $.response.usable[*].id.

Users can delete only their own assets or those from users in the groups they manage.

Input

Input Parameter

Required/Optional

Description

Example

Asset IDs

Required

The IDs of the assets to delete. Asset IDs can be obtained using the List Assets command.

CODE
["*****"] 

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Assets failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: You may only delete Assets you own or can manage.

Error Sample Data

Delete Assets failed.

Status Code: 403.

Message: You may only delete Assets you own or can manage.

Delete Scans

Deletes the specified scans using scan IDs.

READER NOTE

Scan IDs is a required parameter to run this command.

  • Run the List Scans command to obtain the Scan IDs. Scan IDs can be found from the returned raw data at the path $.response.usable[*].id.

Users can delete only their own scans or those from users in the groups they manage.

Input

Input Parameter

Required/Optional

Description

Example

Scan IDs

Required

The IDs of the scans to delete. Scan IDs can be obtained using the List Scans command.

CODE
["*****"]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Scans failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: You can only delete your own Scans or those of Users in Groups you manage.

Error Sample Data

Delete Scans failed.

Status Code: 403.

Message: You can only delete your own Scans or those of Users in Groups you manage.

Get All Scan Results

Retrieves scan results.

READER NOTE

In the returned data, if the status is importing, import pending, or in progress, the API will update the status to Complete.

Input

Input Parameter

Required/Optional

Description

Example

Start Time

Optional

Returns scan results created after this time. By default, the value is 30 days prior to the current date and time.

11/01/2022 12:00 AM

End Time

Optional

Returns scan results created before this time. By default, the value is the current date and time.

11/07/2022 12:00 AM

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get All Scan Results failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

Get All Scan Results failed.

Status Code: 403.

Message: API Key login denied.

Get Scan Report by Result ID

Retrieves the scan report for the specified scan result ID.

READER NOTE

Scan Result ID is a required parameter to run this command.

  • Run the Get All Scan Results command to obtain the Scan Result ID. Scan Result ID can be found from the returned raw data at the path $.response.usable[*].id.

Only scan results with a status of Completed should be used with this command. The scan result status can be found from the returned raw data at the path $.response.usable[*].status.

Input

Input Parameter

Required/Optional

Description

Example

Scan Result ID

Required

The ID of the scan result for which to retrieve the scan report. Scan Result ID can be obtained using the Get All Scan Results command.

*****

Vulnerability Severities

Optional

The severities of the vulnerabilities to return. Available values are: 0 (Info), 1 (Low), 2 (Medium), 3 (High), 4 (Critical). Separate multiple values with commas.

By default, all vulnerabilities regardless of their severity will be returned.

3,4

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Scan Report by Result ID failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unable to process Vuln Query. Security Center could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid +groupid +tool 'sumid' +scanid '*****' +datedir \"2024-12-08\" +view 'all' +sortfield 'severity' +sortdir 'desc' +repository -acceptRisk ). Error opening file for buffer data ***** (msg: No such file or directory).

Error Sample Data

Get Scan Report by Result ID failed.

Status Code: 403.

Message: Unable to process Vuln Query. Security Center could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid +groupid +tool 'sumid' +scanid '*****' +datedir \"2024-12-08\" +view 'all' +sortfield 'severity' +sortdir 'desc' +repository -acceptRisk ). Error opening file for buffer data ***** (msg: No such file or directory).

Get Vulnerabilities by Asset

Retrieves vulnerabilities associated with the specified asset.

READER NOTE

Asset ID is an optional parameter to run this command.

  • Run the List Assets command to obtain the Asset ID. Asset IDs can be found from the returned raw data at the path $.response.usable[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Asset ID

Optional

The ID of the asset for which to retrieve vulnerabilities. Asset ID can be obtained using the List Assets command.

*****

Start Offset

Optional

The starting offset of the vulnerabilities to return. By default, the value is 0.

Results will include the Start Offset and exclude the End Offset.

0

End Offset

Optional

The ending offset of the vulnerabilities to return. By default, the value is 100.

Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99.

100

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Vulnerabilities by Asset failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: The value for Filter \"asset\" contains a record without a numeric 'id' field.

Error Sample Data

Get Vulnerabilities by Asset failed.

Status Code: 403.

Message: The value for Filter \"asset\" contains a record without a numeric 'id' field.

Launch Scans

Launches the specified scans using scan IDs.

READER NOTE

Scan IDs is a required parameter to run this command.

  • Run the List Scans command to obtain the Scan IDs. Scan IDs can be found from the returned raw data at the path $.response.usable[*].id.

Users can launch only their own scans or those from users in the groups they manage.

Input

Input Parameter

Required/Optional

Description

Example

Scan IDs

Required

The IDs of the scans to launch. Scan IDs can be obtained using the List Scans command.

CODE
[ "*****" ] 

Diagnostic Target

Optional

The IP address or hostname of the target to scan. If specified, it must be provided with the Diagnostic Password.

***.***.***.***

Diagnostic Password

Optional

The diagnostic password for the target to secure the diagnostic file. If specified, it must be provided with Diagnostic Target.

*****

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Launch Scans failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: You can only launch your own Scans or those of Users in Groups you manage.

Error Sample Data

Launch Scans failed.

Status Code: 403.

Message: You can only launch your own Scans or those of Users in Groups you manage.

List Assets

Retrieves all assets.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Assets failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Assets failed.

Status Code: 403.

Message: API Key login denied.

List Credentials

Retrieves all credentials.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Credentials failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Credentials failed.

Status Code: 403.

Message: API Key login denied.

List Queries

Retrieves all queries.

Input

Input Parameter

Required/Optional

Description

Example

Query Type

Optional

The type of queries to retrieve. Available options are:

  • Alert

  • LCE

  • Mobile

  • Ticket

  • User

  • Vulnerability

By default, all queries regardless of their type will be returned.

Vulnerability

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Queries failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Queries failed.

Status Code: 403.

Message: API Key login denied.

List Scan Policies

Retrieves all scan policies.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Scan Policies failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Scan Policies failed.

Status Code: 403.

Message: API Key login denied.

List Repositories

Retrieves all repositories.

Input

Input Parameter

Required/Optional

Description

Example

Repository Type

Optional

The type of repository to retrieve. Available options are:

  • All

  • Local

  • Remote

  • Offline

By default, all repositories regardless of their type will be returned.

All

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Repositories failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Repositories failed.

Status Code: 403.

Message: API Key login denied.

List Scans

Retrieves all scans.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Scans failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

List Scans failed.

Status Code: 403.

Message: API Key login denied.

Query Vulnerability Details

Retrieves detailed information about vulnerabilities.

Input

Input Parameter

Required/Optional

Description

Example

Plugin Name

Optional

The name of the plugin to use as a filter.

Oracle Java SE Multiple Vulnerabilities

Plugin IDs

Optional

The IDs of the plugins to use as a filter. Separate multiple plugin IDs with commas.

JSON
[ *****,***** ]

Plugin Output Text

Optional

The text output of the plugin to use as a filter.

1.7.0_60

cveIDs

Optional

The CVE IDs to use as a filter. Separate multiple CVE IDs with commas.

JSON
[
    "CVE-2014-6587",
    "CVE-2014-6601"
]

VPR Score Range

Optional

The range of VPR scores to use as a filter.

6.8-7.0

Minimum Severity

Optional

The minimum severity of vulnerabilities to filter. Available options are:

  • Critical Severity

  • High Severity

  • Medium Severity

  • Low Severity

  • Informative

Selecting High Severity returns vulnerabilities marked as either High or Critical.

By default, all vulnerabilities regardless of their minimum severity will be returned.

Critical Severity

Start Offset

Optional

The starting offset of the vulnerabilities to return. By default, the value is 0.

Results will include the Start Offset and exclude the End Offset.

0

End Offset

Optional

The ending offset of the vulnerabilities to return. By default, the value is 100.

Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99.

100

Vulnerability Status

Optional

The status of the vulnerabilities to return. Available options are:

  • Cumulative

  • Mitigated

By default, the value is set to Cumulative.

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Query Vulnerability Details failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Filter 'vprScore' must be an unsigned range <num>-<num>.

Error Sample Data

Query Vulnerability Details failed.

Status Code: 403.

Message: Filter 'vprScore' must be an unsigned range <num>-<num>.

Run Vulnerability Query By Query ID

Processes a vulnerability query using the specified query ID.

READER NOTE

Query ID is a required parameter to run this command.

  • Run the List Queries command to obtain the Query ID. Query IDs can be found from the returned raw data at the path $.response.usable[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Query ID

Required

The ID of the vulnerability query to process. Query ID can be obtained using the List Queries command.

Only the Query ID of a Vulnerability-type query is supported. To retrieve these queries, select Vulnerability from the Query Type dropdown in List Queries.

*****

Source Type

Optional

The type of source to process the query. Available options are:

  • Cumulative

  • Patched

By default, the value is set to Cumulative.

Cumulative

Start Offset

Optional

The starting offset of the vulnerabilities to return. By default, the value is 0.

Results will include the Start Offset and exclude the End Offset.

0

End Offset

Optional

The ending offset of the vulnerabilities to return. By default, the value is 100.

Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99.

100

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Run Vulnerability Query By Query ID failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 200.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: The Query ID is not a valid vulnerability type query.

Error Sample Data

Run Vulnerability Query By Query ID failed.

Status Code: 200.

Message: The Query ID is not a valid vulnerability type query.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

String

Error Handling

If the Return Data is failed, an Error tab will appear in the Test Result window.

The error tab contains the responses from the third-party API calls including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: API Key login denied.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 403.

Message: API Key login denied.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.