This is the list of fields available through the API: https://docs.tenable.com/security-center/api/Plugin.htm#plugin_GET
the plugin output is the supplemental information we are looking to get from Tenable, into ServiceNow VULs hopefully through the API, but we are not sure if it is available or where it is going.
Thank you
Hi Ezpata,
What fields are you trying to identify exactly? When looking over the Tenable API document it shows a list of fields that is available.
You may have to look directly at the 'Third-Party' table (sn_vul_third_party_entry) and identify the exact Tenable ID that you are looking for. Doing some quick research, I found TEN-185887 that has the cumulative patch 5031990 listed under the 'Vulnerability References' tab.
Please mark helpful if this helps!
William
Hey there,
For Tenable.SC and when using the NOW VR Store App for Tenable - the Plugin Output for each detected vuln on a system, is stored on the [DETECTION] records, specifically in the 'PROOF' field.
Each [VULNERABLE ITEM], will have 1 or more [DETECTION] record, for every instance of the same Tenable plugin found on the target asset here (e.g. same TEN-xxx plugin / vuln found on the same host, and on a different {port, service, reg key, etc})...
Reference:
Additional info on the Tenable data mappings are documented here:
- https://docs.servicenow.com/bundle/washingtondc-security-management/page/product/secops-integration-...
Unfortunately, at the moment, the plugin-output is not documented appropriately, will submit feedback to get that corrected - but the rest of the mappings are a great resource to keep handy.
