Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Acronis
- Active Directory On-Prem
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- Alienvault OTX
- Alienvault USM
- Anthropic
- Anodot
- Any Run
- Ansible
- Anvilogic
- Apex One
- ArcSight ESM
- Area 1
- Asana
- Asset Panda
- Astrix
- Atlassian Crowd
- Atlassian User Management
- Atlassian User Provisioning
- AuditBoard
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Chorus
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cloudflare R2
- Cobalt.io
- Check Point Harmony
- Check Point Infinity Events
- Check Point Management
- Check Point XDR/XPR
- Checkmarx SAST
- Checkmarx One
- Chronicle
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- Coupa Compass
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Discord
- Docusign
- Delighted
- Delinea
- Devo
- Domo
- Drata
- Dropbox
- Dropbox Business
- druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Entrust Certificate Services
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5
- Falcon LogScale
- Falcon Surface
- Fastly
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Gemini
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Meet
- Google Looker
- Google Sheets
- Google Workspace
- Grafana
- Greenhouse
- GreyNoise
- Grip Security
- GYTPOL
- Have I Been Pwned
- HackerOne
- Halo Service Desk
- HackNotice
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM CLoud
- IBM NS1 Connect
- IBM X Force
- Imperva
- Incident.io
- Infobip
- Infoblox Cloud Services Portal
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ivanti RiskSense
- Ironscales
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- LimaCharlie
- Linear
- Litmos
- Living Security
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- Oort
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Power BI
- PowerShell
- Postman
- Postman SCIM
- Prisma Access
- Prisma Cloud
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint TRAP
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Recorded Future Triage Cloud
- Red Hat IDM
- Rippling
- runZero
- SafeBase
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- Sap Concur
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- Seemplicity
- Sekoia.io
- SemGrep
- SentinelOne
- ServiceNow
- SharePoint
- Shodan
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe IT
- Snowflake
- Snyk
- SolarWinds Information Service
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tempo
- Tenable
- Tenable
- Actions
- Overview
- Agents List
- Bulk Add Agents
- Create An Agent Group
- Create Scan
- Download Asset Chunk
- Download Vulnerabilities Chunk
- Export Assets
- Export Vulnerabilities
- Get Asset Details
- Get Asset Export Status
- Get Network Details
- Get Scan Configuration Detail
- Get Scan Details
- Get Scan Vulnerabilities
- Get Vulnerabilities Export Status
- Get Vulnerability Details
- Get Web App Scan Details
- Import Assets
- Import Vulnerabilities
- Launch Scan
- List Agents Groups
- List Assets
- List Filters For Agents
- List Networks
- List Policies
- List Scan Configurations
- List Scan Vulnerabilities
- List Scans
- List Templates
- List Users
- Scanners List
- Tenable Custom Action
- Tenable Security Center
- Terraform
- Terraform Cloud
- Tessian
- TheHive
- Thinkst Canary
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VMware vSphere
- VMware Carbon Black
- VirusTotal
- WeChat
- WhatsApp
- WhoIs
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
Get Scan Details
Returns scan results for a specific scan. If you submit a request without query parameters, Tenable.io returns results from the latest run of the specified scan. If you submit a request using the query parameters to specify a historical run of the scan, Tenable.io returns the scan results for the specified run.
**Note:** Keep in mind potential [rate limits](doc:rate-limiting) and [concurrency limits](doc:concurrency-limiting) when using this endpoint. To check the status of a scan, use the [GET /scans//latest-status](ref:scans-get-latest-status) endpoint. Tenable recommends the [GET /scans//latest-status](ref:scans-get-latest-status) endpoint especially if you are programmatically checking the status of large numbers of scans.
**Note:** This endpoint returns limited data if scan results are older than 35 days. Scans that are older than 35 days are effectively “archived”. The `info.is_archived` attribute in the response message for this endpoint serves as the indication of archival status. For complete data from archived scan results, use the [POST /scans//export](ref:scans-export-request) endpoint instead.
Requires SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions. See [Permissions](doc:permissions).
External Documentation
To learn more, visit the Tenable documentation.
Parameters
| Parameter | Description |
|---|---|
| Scan ID | The unique identifier for the scan you want to retrieve. It can be obtained by using the List Scans action. |
Example Output
{
"value": {
"comphosts": [
{
"asset_id": 5,
"critical": 86,
"high": 0,
"host_id": 5,
"host_index": 0,
"hostname": "192.0.2.57",
"info": 0,
"low": 145,
"medium": 62,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 867650,
"severity": 293,
"severitycount": {
"item": [
{
"count": 0,
"severitylevel": 0
},
{
"count": 145,
"severitylevel": 1
},
{
"count": 62,
"severitylevel": 2
},
{
"count": 0,
"severitylevel": 3
},
{
"count": 86,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
},
{
"asset_id": 3,
"critical": 45,
"high": 0,
"host_id": 3,
"host_index": 1,
"hostname": "192.0.2.57",
"info": 0,
"low": 52,
"medium": 1,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 450620,
"severity": 98,
"severitycount": {
"item": [
{
"count": 0,
"severitylevel": 0
},
{
"count": 52,
"severitylevel": 1
},
{
"count": 1,
"severitylevel": 2
},
{
"count": 0,
"severitylevel": 3
},
{
"count": 45,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
},
{
"asset_id": 9,
"critical": 64,
"high": 0,
"host_id": 9,
"host_index": 2,
"hostname": "192.0.2.57",
"info": 0,
"low": 61,
"medium": 23,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 642910,
"severity": 148,
"severitycount": {
"item": [
{
"count": 0,
"severitylevel": 0
},
{
"count": 61,
"severitylevel": 1
},
{
"count": 23,
"severitylevel": 2
},
{
"count": 0,
"severitylevel": 3
},
{
"count": 64,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
}
],
"compliance": [
{
"count": 5,
"host_id": 0,
"hostname": null,
"plugin_family": "Unix Compliance Checks",
"plugin_id": "143e17d31e1a30830fcc2c3539d803d0",
"plugin_name": "BSI-100-2: S 4.13: /etc/group consistency - Careful allocation of identifiers",
"severity": 1,
"severity_index": 0
},
{
"count": 5,
"host_id": 0,
"hostname": null,
"plugin_family": "Unix Compliance Checks",
"plugin_id": "21361aed1df4e64051bc939431ca3096",
"plugin_name": "BSI-100-2: S 4.105: No world writeable files - Preventing unauthorised acquisition of administrator rights",
"severity": 3,
"severity_index": 1
},
{
"count": 5,
"host_id": 0,
"hostname": null,
"plugin_family": "Unix Compliance Checks",
"plugin_id": "5784176f032f448cb73b6cd4d4cff8be",
"plugin_name": "BSI-100-2: S 4.105: Rlogind must be deactivated",
"severity": 3,
"severity_index": 2
}
],
"filters": [
{
"control": {
"readable_regex": "c15c917b-e722-4cbf-a666-9ea11c3a6def",
"regex": "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*",
"type": "entry"
},
"group_name": "vulnerability",
"name": "host.id",
"operators": [
"eq",
"neq",
"match",
"nmatch"
],
"readable_name": "Asset ID"
},
{
"control": {
"maxlength": 18,
"readable_regex": "NUMBER",
"regex": "^[0-9]+(,[0-9]+)*",
"type": "entry"
},
"group_name": "vulnerability",
"name": "plugin.attributes.bid",
"operators": [
"eq",
"neq",
"match",
"nmatch"
],
"readable_name": "Bugtraq ID"
},
{
"control": {
"list": [
"true",
"false"
],
"type": "dropdown"
},
"group_name": "vulnerability",
"name": "plugin.attributes.exploit_framework_canvas",
"operators": [
"eq",
"neq"
],
"readable_name": "CANVAS Exploit Framework"
}
],
"history": [
{
"alt_targets_used": false,
"creation_date": 1430933086,
"history_id": 10328682,
"is_archived": false,
"last_modification_date": 1430934526,
"owner_id": 2,
"scheduler": 0,
"status": "imported",
"type": null,
"uuid": "fd7d0d8e-c0e1-4439-97a5-d5c3a5c2d369ab8f7ecb158c480e"
}
],
"hosts": [
{
"asset_id": 5,
"critical": 0,
"high": 3,
"host_id": 5,
"host_index": 0,
"hostname": "192.0.2.57",
"info": 156,
"low": 1,
"medium": 6,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 3766,
"severity": 166,
"severitycount": {
"item": [
{
"count": 156,
"severitylevel": 0
},
{
"count": 1,
"severitylevel": 1
},
{
"count": 6,
"severitylevel": 2
},
{
"count": 3,
"severitylevel": 3
},
{
"count": 0,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
},
{
"asset_id": 3,
"critical": 32,
"high": 58,
"host_id": 3,
"host_index": 1,
"hostname": "192.0.2.57",
"info": 52,
"low": 11,
"medium": 100,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 388162,
"severity": 253,
"severitycount": {
"item": [
{
"count": 52,
"severitylevel": 0
},
{
"count": 11,
"severitylevel": 1
},
{
"count": 100,
"severitylevel": 2
},
{
"count": 58,
"severitylevel": 3
},
{
"count": 32,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
},
{
"asset_id": 9,
"critical": 16,
"high": 45,
"host_id": 9,
"host_index": 2,
"hostname": "192.0.2.57",
"info": 115,
"low": 5,
"medium": 21,
"numchecksconsidered": 100,
"progress": "100-100/200-200",
"scanprogresscurrent": 100,
"scanprogresstotal": 100,
"score": 207265,
"severity": 202,
"severitycount": {
"item": [
{
"count": 115,
"severitylevel": 0
},
{
"count": 5,
"severitylevel": 1
},
{
"count": 21,
"severitylevel": 2
},
{
"count": 45,
"severitylevel": 3
},
{
"count": 16,
"severitylevel": 4
}
]
},
"totalchecksconsidered": 100
}
],
"info": {
"acls": [
{
"display_name": null,
"id": null,
"name": null,
"owner": null,
"permissions": 0,
"type": "default"
},
{
"display_name": "user2@example.com",
"id": 2,
"name": "user2@example.com",
"owner": 1,
"permissions": 128,
"type": "user"
}
],
"alt_targets_used": null,
"control": false,
"edit_allowed": false,
"folder_id": 9,
"hasaudittrail": true,
"haskb": true,
"hostcount": 10,
"is_archived": false,
"name": "KitchenSinkScan",
"no_target": false,
"object_id": 11,
"owner": "user2@example.com",
"pci-can-upload": null,
"policy": null,
"scan_end": 1430934526,
"scan_start": 1430933086,
"scan_type": null,
"scanner_end": null,
"scanner_name": null,
"scanner_start": null,
"schedule_uuid": "b0eeabbe-a612-429a-a60e-0f68eafb8c36f60557ee0e264228",
"shared": false,
"status": "imported",
"tag_targets": [
"1cf4f3a3-9878-44ce-9fa7-3a969c602e28",
"9808942a-2053-43a7-8580-7caebdfb959f"
],
"targets": null,
"timestamp": 1430934526,
"user_permissions": 128,
"uuid": "fd7d0d8e-c0e1-4439-97a5-d5c3a5c2d369ab8f7ecb158c480e"
},
"notes": [
{
"message": "One or more AirWatch API settings are not set",
"title": "MDM501 AirWatch API settings misconfiguration"
},
{
"message": "Unable to connect to the ActiveSync server.",
"title": "MDM501 ActiveSync connection error"
},
{
"message": "ADSI server (example.com) could not connect to server.",
"title": "adsi_enum_directory_trusts.nbin: ADSI error"
}
],
"remediations": {
"num_cves": 2536,
"num_hosts": 10,
"num_impacted_hosts": 8,
"num_remediated_cves": 2283,
"remediations": [
{
"hosts": 1,
"remediation": "FreeBSD : gpgme -- heap-based buffer overflow in gpgsm status handler (f166dd0b-6845-4830-a9fe-d9af0467fc30): Update the affected package.",
"value": "96a449d372af3d23ca9a4f9f9a2ea73e",
"vulns": 1
},
{
"hosts": 1,
"remediation": "FreeBSD : mozilla -- multiple vulnerabilities (8e3ca454-2405-4dc0-abed-2bc43690fbf8): Update the affected packages.",
"value": "319a8ba9e264c876028b2a5abf5a1b0e",
"vulns": 296
},
{
"hosts": 1,
"remediation": "RHEL 6 / 7 : postgresql (RHSA-2015:0750): Update the affected packages.",
"value": "c22105fdc2756d11c39d1380e58c8fbc",
"vulns": 0
}
]
},
"vulnerabilities": [
{
"count": 68,
"plugin_family": "Port scanners",
"plugin_id": 34220,
"plugin_name": "Netstat Portscanner (WMI)",
"severity": 0,
"vuln_index": 1
},
{
"count": 65,
"plugin_family": "Windows",
"plugin_id": 34252,
"plugin_name": "Microsoft Windows Remote Listeners Enumeration (WMI)",
"severity": 0,
"vuln_index": 2
},
{
"count": 41,
"plugin_family": "Port scanners",
"plugin_id": 14272,
"plugin_name": "netstat portscanner (SSH)",
"severity": 0,
"vuln_index": 3
}
]
}
}Workflow Library Example
Get Scan Details with Tenable and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
On this page
Assistant
Responses are generated using AI and may contain mistakes.