Device Security
Tenable IO Attribute Reference
Table of Contents
Expand All
|
Collapse All
Device Security Docs
Tenable IO Attribute Reference
This reference lists the attributes that Device Security collects from Tenable IO,
their names as stored in Device Security, and the Device Security fields they map to.
When Device Security integrates with Tenable.io, it enhances
vulnerability management for your devices. The attributes in this reference cover asset
records from vulnerability exports, agent data, asset export details, scanner records,
network interfaces, and individual vulnerability findings.
The third-party attribute name in Device Security refers to the attribute name
as it appears in the Assets Inventory table and in Query Engine. This follows the format
of third-party-name.attribute-name.
When viewing the attribute name in the Assets Inventory table column selector or on a
Device Details page, where the third-party name can be found as a header for the
attributes section, then the third-party name is removed from the attribute name.
For example, micrsoft_defender_xdr.macAddress would appear in the
Query Builder and in the Assets Inventory table, but under Device DetailsAttributesIntegration Specific AttributesMicrosoft Defender, the attribute would appear as macAddress.
Asset (Vulnerability Export) Attributes
Device Security collects asset attributes from the Tenable IO vulnerability export API.
Each record describes a scanned asset as seen in the context of vulnerability export data.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
scan.started_at | tenable_io.scan.started_at | — | Scan started at |
scan_details.template_uuid | tenable_io.scan.template_uuid | — | Scan template UUID |
scan_details.status | tenable_io.scan.status | — | Scan status |
scan_details.total_targets | tenable_io.scan.total_targets | — | Scan total targets |
scan_details.type | tenable_io.scan.type | — | Scan type |
scan_details.schedule_uuid | tenable_io.scan.schedule_uuid | — | Scan schedule UUID |
scan_details.owner | tenable_io.scan.owner | — | Scan owner |
scan_details.creation_date | tenable_io.scan.creation_date | — | Scan creation date |
scan_details.name | tenable_io.scan.name | — | Scan name |
plugin.cpe | tenable_io.cpe | third_party_learned_installed_software | Common Platform enumeration |
asset.tracked | tenable_io.tracked | — | Tracked |
asset.operating_system | tenable_io.operating_system | raw_os | Operating system |
asset.last_scan_target | tenable_io.last_scan_target | — | Last scan target |
asset.last_authenticated_results | tenable_io.last_authenticated_results | — | Last authenticated results |
asset.ipv6 | tenable_io.ipv6 | — | IPv6 address |
asset.ipv4 | tenable_io.ipv4 | ipv4_address | IPv4 address |
asset.hostname | tenable_io.hostname | Hostname | Hostname |
asset.device_type | tenable_io.device_type | — | Device type |
asset.agent_uuid | tenable_io.agent_uuid | — | Agent UUID |
asset.mac_address | tenable_io.asset.mac_address | ID, MAC | MAC address |
Agent Attributes
Device Security collects agent attributes from the Tenable IO agents API. Each record
describes a Tenable Nessus agent deployed on a managed endpoint.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
runtime_scanning_health | tenable_io.agent.runtime_scanning_health | — | Agent runtime scanning health |
nessus_scanning_health | tenable_io.agent.nessus_scanning_health | — | Agent nessus scanning health |
name | tenable_io.agent_name; tenable_io.agent.name | — | Agent name |
distro | tenable_io.agent.distro | raw_os | Agent distribution |
last_connect | — | Last Activity | Last third-party activity timestamp |
uuid | tenable_io.agent.uuid | — | Agent UUID |
supports_remote_settings | tenable_io.agent.supports_remote_settings | — | Agent supports remote settings |
linked_on | tenable_io.agent.linked_on | — | Agent linked on |
health | tenable_io.agent.health | — | Agent health |
asset_uuid | tenable_io.agent.asset_uuid | — | Agent asset UUID |
status | tenable_io.agent.status | — | Agent status |
profile_name | tenable_io.agent.profile_name | — | Agent profile name |
network_name | tenable_io.agent.network_name | — | Agent network name |
id | tenable_io.agent.id | — | Agent ID |
health_state_name | tenable_io.agent.health_state_name | — | Agent health state name |
core_version | tenable_io.agent.core_version | — | Agent core version |
core_build | tenable_io.agent.core_build | — | Agent core build |
platform | tenable_io.agent.platform | — | Agent platform |
ip | tenable_io.agent.ip | ipv4_address; id | Agent IP |
Asset Export Attributes
Device Security collects asset attributes from the Tenable IO assets export API.
Each record describes a network asset from the Tenable IO asset inventory.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
mac_addresses | tenable_io.mac_addresses | MAC; id | MAC addresses |
first_seen | tenable_io.first_seen | First Seen | First seen timestamp |
network_interfaces | tenable_io.network_interfaces | third_party_learned_network_interfaces | Third party learned network interfaces |
fqdns | tenable_io.fqdns | — | Fully qualified domain names |
netbios_names | tenable_io.netbios_names | — | NetBIOS names |
hostnames | tenable_io.hostnames | Hostname | Hostnames |
installed_software | tenable_io.installed_software | third_party_learned_installed_software | Installed software |
ipv4s | tenable_io.ipv4s | ipv4_address | IPv4 addresses |
ipv6s | tenable_io.ipv6s | — | IPv6 addresses |
operating_systems | tenable_io.operating_systems | raw_os | Operating systems |
has_agent | tenable_io.has_agent | — | Has agent |
id | tenable_io.asset_id | — | Asset ID |
first_scan_time | tenable_io.first_scan_time | — | First scan time |
last_authenticated_scan_date | tenable_io.last_authenticated_scan_date | — | Last authenticated scan date |
last_scan_time | tenable_io.last_scan_time | — | Last scan time |
last_scan_id | tenable_io.last_scan_id | — | Last scan ID |
last_seen | tenable_io.last_seen | Last Activity | Last seen |
network_id | tenable_io.network_id | — | Network ID |
open_ports | tenable_io.open_ports | — | Open ports |
sources | tenable_io.sources | — | Sources |
tags | tenable_io.tags | — | Tags |
last_scan_target | tenable_io.last_scan_target | — | Last scan target |
last_licensed_scan_date | tenable_io.last_licensed_scan_date | — | Last licensed scan date |
last_schedule_id | tenable_io.last_schedule_id | — | Last schedule ID |
network_name | tenable_io.network_name | — | Network name |
agent_names | tenable_io.agent_names | — | Agent names |
last_authentication_scan_status | tenable_io.last_authentication_scan_status | — | Last authentication scan status |
Scanner Attributes
Device Security collects scanner attributes from the Tenable IO scanners API. Each
record describes a Tenable scanner deployed in the environment.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
source | tenable_io.scanner.source | — | Source |
user_permissions | tenable_io.scanner.user_permissions | — | User permissions |
last_connect | tenable_io.scanner.last_connect | Last Activity | Scanner last connect |
distro | tenable_io.scanner.distro | raw_os | Scanner distribution |
ip_addresses | tenable_io.scanner.ip_addresses | id; ipv4_address | Scanner IP addresses |
supports_remote_logs | tenable_io.scanner.supports_remote_logs | — | Scanner supports remote logs |
supports_webapp | tenable_io.scanner.supports_webapp | — | Scanner supports web application |
supports_remote_settings | tenable_io.scanner.supports_remote_settings | — | Scanner supports remote settings |
uuid | tenable_io.scanner.uuid | — | Scanner UUID |
type | tenable_io.scanner.type | — | Scanner type |
status | tenable_io.scanner.status | — | Scanner status |
scan_count | tenable_io.scanner.scan_count | — | Scanner scan count |
platform | tenable_io.scanner.platform | — | Scanner platform |
owner_name | tenable_io.scanner.owner_name | — | Scanner owner name |
num_scans | tenable_io.scanner.num_scans | — | Scanner number of scans |
network_name | tenable_io.scanner.network_name | — | Scanner network name |
name | tenable_io.scanner.name | — | Scanner name |
loaded_plugin_set | tenable_io.scanner.loaded_plugin_set | — | Scanner loaded plugin set |
linked | tenable_io.scanner.linked | — | Scanner linked |
last_modification_date | tenable_io.scanner.last_modification_date | — | Scanner last modification date |
id | tenable_io.scanner.id | — | Scanner ID |
hostname | tenable_io.scanner.hostname | Hostname | Scanner hostname |
group | tenable_io.scanner.group | — | Scanner group |
engine_version | tenable_io.scanner.engine_version | — | Scanner engine version |
creation_date | tenable_io.scanner.creation_date | — | Scanner creation date |
Interface Attributes
Device Security collects network interface attributes from Tenable IO asset export
interface data. Each record describes a network interface on a scanned asset.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
network_interfaces | tenable_io.network_interfaces | third_party_learned_network_interfaces | Third party learned network interfaces |
ipv4s | tenable_io.ipv4s | ipv4_address | IPv4 addresses |
mac_addresses | tenable_io.mac_addresses | MAC; id | MAC addresses |
Vulnerability Attributes
Device Security collects vulnerability attributes from the Tenable IO vulnerability
export API. Each record describes an individual vulnerability finding on a scanned asset.
The following table lists each Tenable IO attribute, its name as stored in
Device Security, and the Device Security field it maps to (if applicable).
Tenable IO Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
|---|---|---|---|
plugin.id | — | vulnerability_id | Vulnerability identifier |
severity | tenable_io.severity | risk_level; severity | Vulnerability severity |
first_found | tenable_io.first_found | detected_time; First Seen | First found |
plugin.cvss_base_score | tenable_io.cvss_base_score | cvss_base_score | CVSS base score |
plugin.cvss3_base_score | tenable_io.cvss3_base_score | cvss_v3base_score | CVSS v3 base score |
scan.started_at | tenable_io.scan.started_at | — | Scan started at |
scan_details.template_uuid | tenable_io.scan.template_uuid | — | Scan template UUID |
scan_details.status | tenable_io.scan.status | — | Scan status |
scan_details.total_targets | tenable_io.scan.total_targets | — | Scan total targets |
scan_details.type | tenable_io.scan.type | — | Scan type |
scan_details.schedule_uuid | tenable_io.scan.schedule_uuid | — | Scan schedule UUID |
scan_details.owner | tenable_io.scan.owner | — | Scan owner |
scan_details.creation_date | tenable_io.scan.creation_date | — | Scan creation date |
scan_details.name | tenable_io.scan.name | — | Scan name |
port | tenable_io.port | — | Port |
plugin.description | tenable_io.plugin.description | Description | Plugin description |
asset.ipv4 | tenable_io.ipv4 | ipv4_address | IPv4 address |
plugin.has_workaround | tenable_io.plugin.has_workaround | — | Plugin has workaround |
plugin.has_patch | tenable_io.plugin.has_patch | — | Plugin has patch |
plugin.name | tenable_io.plugin.name | title | Plugin name |
plugin.modification_date | tenable_io.plugin.modification_date | — | Plugin modification date |
plugin.publication_date | tenable_io.plugin.publication_date | — | Plugin publication date |
plugin.solution | tenable_io.plugin.solution | solution | Plugin solution |
plugin.version | tenable_io.plugin.version | — | Plugin version |
port.protocol | tenable_io.protocol | — | Protocol |
last_found | tenable_io.last_found | last_seen | Last found |
* Only some attributes map to a Device Security Common Attribute.