demisto · jlevypaloalto · Aug 24, 2023 · Jul 13, 2023 · Jul 13, 2023 · Jul 13, 2023
diff --git a/Packs/Tenable_io/Integrations/Tenable_io/README.md b/Packs/Tenable_io/Integrations/Tenable_io/README.md
@@ -32,6 +32,11 @@ This integration was integrated and tested with January 2023 release of Tenable.
 | tenable-io-get-asset-details            | BASIC [16] user permissions.                                                   |
 | tenable-io-export-assets                | ADMINISTRATOR [64] user permissions.                                           |
 | tenable-io-export-vulnerabilities       | ADMINISTRATOR [64] user permissions.                                           |
+| tenable-io-list-scan-filters            | BASIC [16] user permissions                                                    |
+| tenable-io-get-scan-history             | SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions         |
+| tenable-io-export-scan                  | SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions         |
+
+
 
 
 ## Concurrency Limits
@@ -1355,3 +1360,238 @@ When inserting invalid arguments, an error message could be returned.
 >|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
 >| fake_uuid | 1.1.1.1 | 1.1.1.1 | Linux Kernel 3.13 on Ubuntu 14.04 (trusty) | general-purpose | fqdn | info | 00000 | Name |  |  | TCP | 22 | 2024-11-07T11:11:05.906Z | 2024-11-07T11:11:05.906Z | Description | N/A |
 >| fake_uuid | 1.3.2.1 | 1.3.2.1 | Nutanix | general-purpose | fqdn | info | 00000 | Name |  |  | TCP | 0 | 2024-11-07T11:11:05.906Z | 2024-11-07T11:11:05.906Z | Description | N/A |
+### tenable-io-list-scan-filters
+
+***
+Lists the filtering, sorting, and pagination capabilities available for scan records on endpoints/commands that support them.
+
+#### Base Command
+
+`tenable-io-list-scan-filters`
+
+#### Input
+
+---
+There are no inputs for this command.
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| TenableIO.ScanFilter.name | String | The name of the scan filter. | 
+| TenableIO.ScanFilter.readable_name | String | The readable name of the scan filter. | 
+| TenableIO.ScanFilter.control.type | String | The type of control associated with the scan filter. | 
+| TenableIO.ScanFilter.control.regex | String | The regular expression used by the scan filter. | 
+| TenableIO.ScanFilter.control.readable_regex | String | An example expression that the filter's regular expression would match. | 
+| TenableIO.ScanFilter.operators | String | The operators available for the scan filter. | 
+| TenableIO.ScanFilter.group_name | String | The group name associated with the scan filter. | 
+
+#### Command example
+```!tenable-io-list-scan-filters```
+#### Context Example
+```json
+{
+    "TenableIO": {
+        "ScanFilter": [
+            {
+                "control": {
+                    "readable_regex": "01234567-abcd-ef01-2345-6789abcdef01",
+                    "regex": "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*",
+                    "type": "entry"
+                },
+                "group_name": null,
+                "name": "host.id",
+                "operators": [
+                    "eq",
+                    "neq",
+                    "match",
+                    "nmatch"
+                ],
+                "readable_name": "Asset ID"
+            },
+            {
+                "control": {
+                    "maxlength": 18,
+                    "readable_regex": "NUMBER",
+                    "regex": "^[0-9]+(,[0-9]+)*",
+                    "type": "entry"
+                },
+                "group_name": null,
+                "name": "plugin.attributes.bid",
+                "operators": [
+                    "eq",
+                    "neq",
+                    "match",
+                    "nmatch"
+                ],
+                "readable_name": "Bugtraq ID"
+            }
+        ]
+    }
+}
+```
+
+#### Human Readable Output
+
+>### Tenable IO Scan Filters
+>|Filter name|Filter Readable name|Filter Control type|Filter regex|Readable regex|Filter operators|
+>|---|---|---|---|---|---|
+>| host.id | Asset ID | entry | [0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})* | 01234567-abcd-ef01-2345-6789abcdef01 | eq,<br/>neq,<br/>match,<br/>nmatch |
+>| plugin.attributes.bid | Bugtraq ID | entry | ^[0-9]+(,[0-9]+)* | NUMBER | eq,<br/>neq,<br/>match,<br/>nmatch |
+
+### tenable-io-get-scan-history
+
+***
+Lists the individual runs of the specified scan.
+
+#### Base Command
+
+`tenable-io-get-scan-history`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| scanId | The ID of the scan of which to get the runs. | Required | 
+| sortFields | A comma-separated list of fields by which to sort, in the order defined by "sortOrder". Possible values are: start_date, end_date, status. | Optional | 
+| sortOrder | A comma-separated list of direction(s) in which to sort the fields defined by "sortFields".<br/>If multiple directions are chosen, they will be sequentially matched with "sortFields".<br/>If only one direction is chosen it will be used to sort all values in "sortFields".<br/>For example:<br/>  If sortFields is "start_date,status" and sortOrder is "asc,desc",<br/>  then start_date is sorted in ascending order and status in descending order.<br/>  If sortFields is "start_date,status" and sortOrder is simply "asc",<br/>  then both start_date and status are sorted in ascending order.<br/>. Possible values are: asc, desc. Default is asc. | Optional | 
+| excludeRollover | Whether to exclude rollover scans from the scan history. Possible values are: true, false. Default is false. | Optional | 
+| page | The page number of scan records to retrieve (used for pagination) starting from 1. The page size is defined by the "pageSize" argument. | Optional | 
+| pageSize | The number of scan records per page to retrieve (used for pagination). The page number is defined by the "page" argument. | Optional | 
+| limit | The maximum number of records to retrieve. If "pageSize" is defined, this argument is ignored. Default is 50. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| TenableIO.ScanHistory.time_end | Number | The end time of the scan. | 
+| TenableIO.ScanHistory.scan_uuid | String | The UUID (Universally Unique Identifier) of the scan. | 
+| TenableIO.ScanHistory.id | Number | The ID of the scan history. | 
+| TenableIO.ScanHistory.is_archived | Boolean | Indicates whether the scan is archived or not. | 
+| TenableIO.ScanHistory.time_start | Number | The start time of the scan. | 
+| TenableIO.ScanHistory.visibility | String | The visibility of the scan. | 
+| TenableIO.ScanHistory.targets.custom | Boolean | Indicates whether custom targets were used in the scan. | 
+| TenableIO.ScanHistory.targets.default | Boolean | Indicates whether the default targets were used in the scan. | 
+| TenableIO.ScanHistory.status | String | The status of the scan. | 
+
+#### Command example
+```!tenable-io-get-scan-history scanId=16 excludeRollover=true sortFields=end_date,status sortOrder=desc page=2 pageSize=4```
+#### Context Example
+```json
+{
+    "TenableIO": {
+        "ScanHistory": [
+            {
+                "id": 17235445,
+                "is_archived": true,
+                "reindexing": null,
+                "scan_uuid": "69a55b8e-0d52-427a-81e0-7dfe4dc6eda6",
+                "status": "completed",
+                "targets": {
+                    "custom": null,
+                    "default": false
+                },
+                "time_end": 1677425182,
+                "time_start": 1677424566,
+                "visibility": "public"
+            },
+            {
+                "id": 17235342,
+                "is_archived": true,
+                "reindexing": null,
+                "scan_uuid": "2c592d52-df56-42e0-9f18-d892bdeb1e18",
+                "status": "completed",
+                "targets": {
+                    "custom": null,
+                    "default": false
+                },
+                "time_end": 1677424556,
+                "time_start": 1677423906,
+                "visibility": "public"
+            },
+            {
+                "id": 17235033,
+                "is_archived": true,
+                "reindexing": null,
+                "scan_uuid": "44586b4f-1051-415c-b375-db86f6bd8c13",
+                "status": "completed",
+                "targets": {
+                    "custom": null,
+                    "default": false
+                },
+                "time_end": 1677423865,
+                "time_start": 1677423247,
+                "visibility": "public"
+            },
+            {
+                "id": 17234969,
+                "is_archived": true,
+                "reindexing": null,
+                "scan_uuid": "06c12bf7-436f-489d-bb04-aae511ea9f5c",
+                "status": "completed",
+                "targets": {
+                    "custom": null,
+                    "default": false
+                },
+                "time_end": 1677423205,
+                "time_start": 1677422585,
+                "visibility": "public"
+            }
+        ]
+    }
+}
+```
+
+#### Human Readable Output
+
+>### Tenable IO Scan History
+>|History id|History uuid|Status|Is archived|Targets default|Visibility|Time start|Time end|
+>|---|---|---|---|---|---|---|---|
+>| 17235445 | 69a55b8e-0d52-427a-81e0-7dfe4dc6eda6 | completed | true | false | public | 1677424566 | 1677425182 |
+>| 17235342 | 2c592d52-df56-42e0-9f18-d892bdeb1e18 | completed | true | false | public | 1677423906 | 1677424556 |
+>| 17235033 | 44586b4f-1051-415c-b375-db86f6bd8c13 | completed | true | false | public | 1677423247 | 1677423865 |
+>| 17234969 | 06c12bf7-436f-489d-bb04-aae511ea9f5c | completed | true | false | public | 1677422585 | 1677423205 |
+
+### tenable-io-export-scan
+
+***
+Export and download a scan report.
+Scan results older than 35 days are supported in Nessus and CSV formats only.
+Scans that are actively running cannot be exported (run "tenable-io-list-scans" to view scan statuses)
+
+
+#### Base Command
+
+`tenable-io-export-scan`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| scanId | The identifier for the scan to export. Run the "tenable-io-list-scans" command to get all available scans. | Required | 
+| historyId | The unique identifier of the historical data to export. Run the "tenable-io-get-scan-history" command to get history IDs. | Optional | 
+| historyUuid | The UUID of the historical data to export. Run the "tenable-io-get-scan-history" command to get history UUIDs. | Optional | 
+| format | The file format to export the scan in. Scans can be export in the HTML and PDF formats for up to 35 days.<br/> For scans that are older than 35 days, only the Nessus and CSV formats are supported.<br/> The "chapters" argument must be defined if the chosen format is HTML or PDF.<br/> Possible values are: Nessus, HTML, PDF, CSV. Default is CSV. | Optional | 
+| chapters | A comma-separated list of chapters to include in the export. This argument is required if the file format is PDF or HTML. Possible values are: vuln_hosts_summary, vuln_by_host, compliance_exec, remediations, vuln_by_plugin, compliance. | Optional | 
+| filter | A comma-separated list of filters, in the format of "name quality value" to apply to the exported scan report.<br/>Example: "port.protocol eq tcp, plugin_id eq 1234567"<br/>Note: when used literally, commas and spaces should be escaped. (i.e. "\\\\," for comma and "\\\\s" for space)<br/>Run "tenable-io-list-scan-filters" to get all available filters, ("Filter name" (name), "Filter operators" (quality) and "Readable regex" (value) in response).<br/>For more information: https://developer.tenable.com/docs/scan-export-filters-tio | Optional | 
+| filterSearchType | For multiple filters, specifies whether to use the AND or the OR logical operator. Possible values are: AND, OR. Default is AND. | Optional | 
+| assetId | The ID of the asset scanned. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| InfoFile.Size | number | The size of the file in bytes. | 
+| InfoFile.Name | string | The name of the file. | 
+| InfoFile.EntryID | string | The War Room entry ID of the file. | 
+| InfoFile.Info | string | The format and encoding of the file. | 
+| InfoFile.Type | string | The type of the file. | 
+| InfoFile.Extension | unknown | The file extension of the file. | 
+
+#### Command example
+```!tenable-io-export-scan scanId=16 format=HTML chapters="compliance_exec,remediations,vuln_by_plugin" historyId=19540157 historyUuid=f7eaad37-23bd-4aac-a979-baab0e9a465b filterSearchType=OR filter="port.protocol eq tcp, plugin_id eq 1234567" assetId=10```
+#### Human Readable Output
+
+>Preparing scan report:
+
+>Returned file: scan_16_SSE-144f3dc6-cb2d-42fc-b6cc-dd20b807735f-html.html [Download](https://www.paloaltonetworks.com/cortex)