Tenable Security Center
LAST UPDATED: DEC 11, 2024
Overview
Tenable.sc is a comprehensive vulnerability management solution that provides complete visibility into the security posture of the organizations' distributed and complex IT infrastructure. Tenable.sc consolidates and evaluates vulnerability data from across the entire IT infrastructure, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization.
D3 SOAR is providing REST operations to function with Tenable Security Center.
Tenable Security Center is available for use in:
Connection
To connect to Tenable Security Center from D3 SOAR, follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The base URL. | https://sc.tenalab.online |
API Access Key | The API Key for authentication | ***** |
API Secret Key | The API Secret Key for authentication | ***** |
Configuring D3 SOAR to Work with Tenable Security Center
Log in to D3 SOAR.
Find the Tenable Security Center integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Tenable Security Center in the search box to find the integration, then click it to select it.
Click New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Tenable Security Center.
Connection Name: The desired name for the connection.
Site: The site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL. The default value is https://sc.tenalab.online.
2. Input the API Access Key.3. Input the API Secret Key.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click Add to create and add the configured connection.
Commands
Tenable Security Center includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Tenable Security Center API, refer to the Tenable Security Center API reference.
Create Static IP List Asset
Creates a static asset with the specified IP addresses.
Input
Input Parameter | Required/Optional | Description | Example |
Asset Name | Required | The name of the created asset. | asset1012a7 |
Description | Optional | The description for the scan. | asset1012a desc |
IP List | Required | The IP addresses to be added into the IP List asset. |
JSON
|
Tag | Optional | The tag for the created IP List asset. | Asset Management |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Static IP List Asset failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Please specify ips for this static asset. |
Error Sample Data Create Static IP List Asset failed. Status Code: 403. Message: Please specify ips for this static asset. |
Create Scan
Adds a scan.
ALERT
This command has a known issue and should be avoided until further notice.
READER NOTE
Repository ID and Policy ID are required parameters to run this command.
Run the List Repositories command to obtain the Repository ID. Repository IDs can be found from the returned raw data at the path $.response[*].id.
Run the List Scan Policies command to obtain the Policy ID. Policy IDs can be found from the returned raw data at the path $.response.usable[*].id.
Credential IDs is an optional parameter to run this command.
Run the List Credentials command to obtain the Credential IDs. Credential IDs can be found from the returned raw data at the path $.response.usable[*].id.
Scans created by D3 are designed for specific IP targets. Although the IP List parameter is optional, if no IP addresses are provided, the Targets tab will indicate "No Items selected" for assets.
D3 lacks the credentials required to create a Zone. As a result, Zone ID cannot be obtained from D3 commands. For more information, refer to Scan Zones | Tenable Security Center.
Input
Input Parameter | Required/Optional | Description | Example |
New Scan Name | Required | The name of the scan. | testScan1011C |
Repository ID | Required | The repository ID. Repository ID can be obtained using the List Repositories command. | ***** |
Policy ID | Required | The policy ID. Policy ID can be obtained using the List Scan Policies command. | ***** |
Description | Optional | The description for the scan. | testScan1011g desc |
IP List | Optional | The IP addresses of the hosts to scan. |
CODE
|
Max Scan Time(Hour) | Optional | The maximum number of hours for the scan to complete. Valid values are integers between 1 and 120. By default, the max scan time is set to unlimited. | 1 |
Zone ID | Optional | The ID of the zone related to the data center where the device resides. | ***** |
Credential IDs | Optional | The IDs of credentials with privileges to scan a target device. Credential IDs can be obtained using the List Credentials command. |
CODE
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Scan failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Please specify a valid Repository. |
Error Sample Data Create Scan failed. Status Code: 403. Message: Please specify a valid Repository. |
Delete Assets
Deletes the specified assets using asset IDs.
READER NOTE
Asset IDs is a required parameter to run this command.
Run the List Assets command to obtain the Asset IDs. Asset IDs can be found from the returned raw data at the path $.response.usable[*].id.
Users can delete only their own assets or those from users in the groups they manage.
Input
Input Parameter | Required/Optional | Description | Example |
Asset IDs | Required | The IDs of the assets to delete. Asset IDs can be obtained using the List Assets command. |
CODE
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Assets failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: You may only delete Assets you own or can manage. |
Error Sample Data Delete Assets failed. Status Code: 403. Message: You may only delete Assets you own or can manage. |
Delete Scans
Deletes the specified scans using scan IDs.
READER NOTE
Scan IDs is a required parameter to run this command.
Run the List Scans command to obtain the Scan IDs. Scan IDs can be found from the returned raw data at the path $.response.usable[*].id.
Users can delete only their own scans or those from users in the groups they manage.
Input
Input Parameter | Required/Optional | Description | Example |
Scan IDs | Required | The IDs of the scans to delete. Scan IDs can be obtained using the List Scans command. |
CODE
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Scans failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: You can only delete your own Scans or those of Users in Groups you manage. |
Error Sample Data Delete Scans failed. Status Code: 403. Message: You can only delete your own Scans or those of Users in Groups you manage. |
Get All Scan Results
Retrieves scan results.
READER NOTE
In the returned data, if the status is importing, import pending, or in progress, the API will update the status to Complete.
Input
Input Parameter | Required/Optional | Description | Example |
Start Time | Optional | Returns scan results created after this time. By default, the value is 30 days prior to the current date and time. | 11/01/2022 12:00 AM |
End Time | Optional | Returns scan results created before this time. By default, the value is the current date and time. | 11/07/2022 12:00 AM |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get All Scan Results failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data Get All Scan Results failed. Status Code: 403. Message: API Key login denied. |
Get Scan Report by Result ID
Retrieves the scan report for the specified scan result ID.
READER NOTE
Scan Result ID is a required parameter to run this command.
Run the Get All Scan Results command to obtain the Scan Result ID. Scan Result ID can be found from the returned raw data at the path $.response.usable[*].id.
Only scan results with a status of Completed should be used with this command. The scan result status can be found from the returned raw data at the path $.response.usable[*].status.
Input
Input Parameter | Required/Optional | Description | Example |
Scan Result ID | Required | The ID of the scan result for which to retrieve the scan report. Scan Result ID can be obtained using the Get All Scan Results command. | ***** |
Vulnerability Severities | Optional | The severities of the vulnerabilities to return. Available values are: 0 (Info), 1 (Low), 2 (Medium), 3 (High), 4 (Critical). Separate multiple values with commas. By default, all vulnerabilities regardless of their severity will be returned. | 3,4 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Scan Report by Result ID failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unable to process Vuln Query. Security Center could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid +groupid +tool 'sumid' +scanid '*****' +datedir \"2024-12-08\" +view 'all' +sortfield 'severity' +sortdir 'desc' +repository -acceptRisk ). Error opening file for buffer data ***** (msg: No such file or directory). |
Error Sample Data Get Scan Report by Result ID failed. Status Code: 403. Message: Unable to process Vuln Query. Security Center could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid +groupid +tool 'sumid' +scanid '*****' +datedir \"2024-12-08\" +view 'all' +sortfield 'severity' +sortdir 'desc' +repository -acceptRisk ). Error opening file for buffer data ***** (msg: No such file or directory). |
Get Vulnerabilities by Asset
Retrieves vulnerabilities associated with the specified asset.
READER NOTE
Asset ID is an optional parameter to run this command.
Run the List Assets command to obtain the Asset ID. Asset IDs can be found from the returned raw data at the path $.response.usable[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Asset ID | Optional | The ID of the asset for which to retrieve vulnerabilities. Asset ID can be obtained using the List Assets command. | ***** |
Start Offset | Optional | The starting offset of the vulnerabilities to return. By default, the value is 0. Results will include the Start Offset and exclude the End Offset. | 0 |
End Offset | Optional | The ending offset of the vulnerabilities to return. By default, the value is 100. Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99. | 100 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Vulnerabilities by Asset failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The value for Filter \"asset\" contains a record without a numeric 'id' field. |
Error Sample Data Get Vulnerabilities by Asset failed. Status Code: 403. Message: The value for Filter \"asset\" contains a record without a numeric 'id' field. |
Launch Scans
Launches the specified scans using scan IDs.
READER NOTE
Scan IDs is a required parameter to run this command.
Run the List Scans command to obtain the Scan IDs. Scan IDs can be found from the returned raw data at the path $.response.usable[*].id.
Users can launch only their own scans or those from users in the groups they manage.
Input
Input Parameter | Required/Optional | Description | Example |
Scan IDs | Required | The IDs of the scans to launch. Scan IDs can be obtained using the List Scans command. |
CODE
|
Diagnostic Target | Optional | The IP address or hostname of the target to scan. If specified, it must be provided with the Diagnostic Password. | ***.***.***.*** |
Diagnostic Password | Optional | The diagnostic password for the target to secure the diagnostic file. If specified, it must be provided with Diagnostic Target. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Launch Scans failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: You can only launch your own Scans or those of Users in Groups you manage. |
Error Sample Data Launch Scans failed. Status Code: 403. Message: You can only launch your own Scans or those of Users in Groups you manage. |
List Assets
Retrieves all assets.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Assets failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Assets failed. Status Code: 403. Message: API Key login denied. |
List Credentials
Retrieves all credentials.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Credentials failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Credentials failed. Status Code: 403. Message: API Key login denied. |
List Queries
Retrieves all queries.
Input
Input Parameter | Required/Optional | Description | Example |
Query Type | Optional | The type of queries to retrieve. Available options are:
By default, all queries regardless of their type will be returned. | Vulnerability |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Queries failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Queries failed. Status Code: 403. Message: API Key login denied. |
List Scan Policies
Retrieves all scan policies.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Scan Policies failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Scan Policies failed. Status Code: 403. Message: API Key login denied. |
List Repositories
Retrieves all repositories.
Input
Input Parameter | Required/Optional | Description | Example |
Repository Type | Optional | The type of repository to retrieve. Available options are:
By default, all repositories regardless of their type will be returned. | All |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Repositories failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Repositories failed. Status Code: 403. Message: API Key login denied. |
List Scans
Retrieves all scans.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Scans failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data List Scans failed. Status Code: 403. Message: API Key login denied. |
Query Vulnerability Details
Retrieves detailed information about vulnerabilities.
Input
Input Parameter | Required/Optional | Description | Example |
Plugin Name | Optional | The name of the plugin to use as a filter. | Oracle Java SE Multiple Vulnerabilities |
Plugin IDs | Optional | The IDs of the plugins to use as a filter. Separate multiple plugin IDs with commas. |
JSON
|
Plugin Output Text | Optional | The text output of the plugin to use as a filter. | 1.7.0_60 |
cveIDs | Optional | The CVE IDs to use as a filter. Separate multiple CVE IDs with commas. |
JSON
|
VPR Score Range | Optional | The range of VPR scores to use as a filter. | 6.8-7.0 |
Minimum Severity | Optional | The minimum severity of vulnerabilities to filter. Available options are:
Selecting High Severity returns vulnerabilities marked as either High or Critical. By default, all vulnerabilities regardless of their minimum severity will be returned. | Critical Severity |
Start Offset | Optional | The starting offset of the vulnerabilities to return. By default, the value is 0. Results will include the Start Offset and exclude the End Offset. | 0 |
End Offset | Optional | The ending offset of the vulnerabilities to return. By default, the value is 100. Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99. | 100 |
Vulnerability Status | Optional | The status of the vulnerabilities to return. Available options are:
By default, the value is set to Cumulative. |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Query Vulnerability Details failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Filter 'vprScore' must be an unsigned range <num>-<num>. |
Error Sample Data Query Vulnerability Details failed. Status Code: 403. Message: Filter 'vprScore' must be an unsigned range <num>-<num>. |
Run Vulnerability Query By Query ID
Processes a vulnerability query using the specified query ID.
READER NOTE
Query ID is a required parameter to run this command.
Run the List Queries command to obtain the Query ID. Query IDs can be found from the returned raw data at the path $.response.usable[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Query ID | Required | The ID of the vulnerability query to process. Query ID can be obtained using the List Queries command. Only the Query ID of a Vulnerability-type query is supported. To retrieve these queries, select Vulnerability from the Query Type dropdown in List Queries. | ***** |
Source Type | Optional | The type of source to process the query. Available options are:
By default, the value is set to Cumulative. | Cumulative |
Start Offset | Optional | The starting offset of the vulnerabilities to return. By default, the value is 0. Results will include the Start Offset and exclude the End Offset. | 0 |
End Offset | Optional | The ending offset of the vulnerabilities to return. By default, the value is 100. Results will include the Start Offset and exclude the End Offset. For example, an End Offset of 100 includes items up to 99. | 100 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Run Vulnerability Query By Query ID failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The Query ID is not a valid vulnerability type query. |
Error Sample Data Run Vulnerability Query By Query ID failed. Status Code: 200. Message: The Query ID is not a valid vulnerability type query. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors:
You can view more details about an error in the Error tab. | String |
Error Handling
If the Return Data is failed, an Error tab will appear in the Test Result window.
The error tab contains the responses from the third-party API calls including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Tenable Security Center portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API Key login denied. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 403. Message: API Key login denied. |