Vulnerability Assessment API
Introduction
The Vulnerability Assessment API allows users to view asset (Endpoint or Workload) vulnerabilities, increase security visibility, and undertake prioritized proactive security patching on critical systems. The API provides a summary of vulnerability information filtered at the organization level, by device, or by vulnerability CVE ID. With a list of vulnerabilities prioritized by severity, exploitability, and current activity, users can apply proactive and impactful vulnerability patches.
Use Cases
- Vulnerability information filtered by organization, device, or vulnerability
- Summaries or Lists of vulnerabilities that can be prioritized by severity, exploitability, and current activity.
Requirements
- Workload Vulnerabilities
- Appliance and vSphere configured to communicate with the Carbon Black Cloud see Installation Guide for more information
- Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages
- Note: Vulnerability Assessment is not available in GovCloud.
- Endpoint Vulnerabilities
- Carbon Black Cloud Endpoint - You must have purchased one of the Carbon Black Cloud Endpoint packages
- All API calls require an API key with appropriate permissions see Authentication
Authentication
Determine whether you use Carbon Black Cloud or VMware Cloud Services Platform to manage identity and authorization, or see the Carbon Black Cloud API Access Guide for complete instructions.Carbon Black Cloud Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with Role-Based Access Control; All APIs and Services authenticate via API Keys. To access the data in Carbon Black Cloud via API, you must set up a key with the correct permissions for the calls you want to make and pass it in the HTTP Headers.
Environment
Available on majority of environments; Use the Carbon Black Cloud Console URL, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- Info for an org: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/
- Info for a vCenter: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/
- Info for a device: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/
- Info for a CVE: {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/
Access Level
Before you create your API Key, you need to create a "Custom" Access Level including each category:
- Vulnerability > Vulnerability Assessment Data > vulnerabilityAssessment.data, allow permission to
READ, EXECUTE
API Key
When creating your API Key, use the Access Level Type of "Custom" and select the Access Level you created. Details on constructing and passing the API Key in your requests are available here.
Cloud Services Platform Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with OAuth Access Control; API access is controlled using OAuth apps or User API Tokens. This is currently limited to the UK Point of Presence and AWS GovCloud (US).
Environment
Available on
Prod UK and AWS GovCloud (US). Full list of environments is available here; Use the Carbon Black Cloud Console URL from Cloud Services Platform, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- Info for an org: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/
- Info for a vCenter: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/
- Info for a device: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/
- Info for a CVE: {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/
Access Level
Before you create your OAuth App, you need to create a custom Role with the following permissions under IDENTITY & ACCESS MANAGEMENT > Roles > VMware Carbon Black Cloud:
- _API.Vulnerability:vulnerabilityAssessment.Data, allow permission to
READ, EXECUTE
API Authentication
The Cloud Services Platform supports several authentication options, Access Token, API Token, and for backward compatibility, X-Auth-Token. To learn about the differences or how to use the authentication methods see the Authentication Guide.
API Calls
Organization Level
Get Vulnerability Summary
Get a Vulnerability Summary at the organization level.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary
Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
deploymentType |
Limits the results to one or more deployment types. Use comma separated list for multiple values | String | ENDPOINT, WORKLOAD |
severity |
Severity level to filter on. | String | CRITICAL, IMPORTANT, MODERATE, LOW |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved summary | application/json | Organization Vulnerability Summary |
| 400 | Error occurred while retrieving the summary | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/summary?deploymentType=ENDPOINT,WORKLOAD
Response
{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
}
}
}
}
}Get Vulnerability Summary for vCenter
Get a Vulnerability Summary at the organization level for a vCenter Server.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/summary
Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
deploymentType |
Limits the results to a specific deployment type | String | ENDPOINT, WORKLOAD |
severity |
Severity level to filter on. | String | CRITICAL, IMPORTANT, MODERATE, LOW |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved summary | application/json | Organization Vulnerability Summary |
| 400 | Error occurred while retrieving the summary | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/summary
Response
{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
}
}
}
}
}Get Asset View with Vulnerability Summary
Retrieve a device list with a Vulnerability Summary.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved device list | application/json | Paginated Device Summary |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 2,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
},
{
"device_id": 7655988,
"type": "WORKLOAD",
"vm_id": "vm-34",
"name": "cwp-bucket-1-windows_2012_r2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"vuln_count": 758,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T17:44:43.902389Z",
"sync_type": "MANUAL",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}Get Asset View with Vulnerability Summary for vCenter
Retrieve a device list with a Vulnerability Summary for a vCenter Server.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vCenter device list | application/json | Paginated Device Summary |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"highest_risk_score": {
"value": 8,
"operator": "GREATER_THAN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 2,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
},
{
"device_id": 7655988,
"type": "WORKLOAD",
"vm_id": "vm-34",
"name": "cwp-bucket-1-windows_2012_r2",
"host_name": "localhost.localdomain",
"vm_name": "cwp-bucket-1-windows_2012_r2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"vuln_count": 758,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T17:44:43.902389Z",
"sync_type": "MANUAL",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}Export Asset View with Vulnerability Summary
Export a device list to a CSV file.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/export?async=false
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema:
| Field | Definition | Data Type | Values |
|---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id instead | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_version": {
"value": "7.2.0",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"Export Asset View with Vulnerability Summary for vCenter
Export a device list to a CSV file stream for a vCenter Server.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_arch": {
"value": ["64-bit", "x86_64"],
"operator": "IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"Get Vulnerability List for Specific OS and Application
Get a Vulnerability List filtered and sorted for a specific operating system and application.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_name": {
"value": "Red Hat Enterprise Linux",
"operator": "NOT_EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": ,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "328_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2019 Datacenter",
"os_version": "10.0.17763",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Get Vulnerability List for Specific OS and Application in vCenter
Get a Vulnerability List filtered and sorted for a specific operating system and application in a vCenter Server.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_type": {
"value": ["CENTOS", "UBUNTU"],
"operator": "NOT_IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 2,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "328_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2019 Datacenter",
"os_version": "10.0.17763",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Get a Vulnerability List in CSV Format
Get a Vulnerability List in CSV format.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/export?async=false
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema:
| Field | Definition | Data Type | Values |
|---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id instead | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"name": {
"value": "windows_",
"operator": "LIKE"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"Get a Vulnerability List for a vCenter Server in CSV Format
Get a Vulnerability List for a vCenter Server in CSV format.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"last_sync_ts": {
"value": "",
"operator": "IS_NOT_NULL"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"Device Level
Get Specific Device Vulnerability Summary
Get an Operating System or Application Vulnerability Summary for a specific device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/summary
Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
category |
Category to match on. | String | OS, APP |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Request | application/json | Device Vulnerability Summary |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/summary?category=OS
Response
{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}Get Specific vCenter Device Vulnerability Summary
Get an Operating System or Application Vulnerability Summary for a specific vCenter device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/summary
Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
category |
Category to match on. | String | OS, APP |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Request | application/json | Device Vulnerability Summary |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/summary?category=OS
Response
{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}Get Specific Device Vulnerability List
Get an Operating System or Application Vulnerability List for a specific device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/_search?dataForExport=false
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_type": {
"value": "MANUAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 2,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "90_5372",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python-libs",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Get Specific vCenter Device Vulnerability List
Get an Operating System or Application Vulnerability List for a specific vCenter device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Query Schema
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_status": {
"value": "IN_PROGRESS",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 2,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "90_5372",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python-libs",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Get a Vulnerability List for Specific Device in CSV Format
Get a Vulnerability List for a specific device in CSV format.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": ["CRITICAL", "IMPORTANT"],
"operator": "IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"Get a Vulnerability List for Specific vCenter Device in CSV Format
Get a Vulnerability List for a specific vCenter device in CSV format.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"Perform Action on a Device
Perform an action on a specific device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:execute |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/device_actions
Request Body
{
"action_type": "<string>"
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action_type |
Action to initiate. | String | REFRESH |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully initiated device action | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/device_actions
Request Body
{
"action_type": "REFRESH"
}Response
{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}Perform Action on a vCenter Device
Perform an action on a specific vCenter device.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:execute |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/device_actions
Request Body
{
"action_type": "<string>"
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action_type |
Action to initiate. Allowed values: REFRESH |
String | N/A |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully initiated device action | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/device_actions
Request Body
{
"action_type": "REFRESH"
}Response
{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}Vulnerability Level
Get Affected Assets for Specific Vulnerability
Get a list of assets affected by a specific vulnerability CVE ID.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cveId}/devices
Request Body
{
"os_product_id": "<string>",
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values | Required |
|---|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A | Yes |
query |
Query to search vulnerability list for. | String | N/A | No |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
No |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 | No |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: deployment_type, name, last_sync_ts, os, os_arch, os_name, os_type, os_version, sync_type, sync_status, vm_id |
No |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
No |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved device list | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/devices
Request Body
{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"type": "WORKLOAD",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}Get Affected Assets for Specific Vulnerability in vCenter
Get a list of vCenter assets affected by a specific vulnerability CVE ID.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/{cveId}/devices
Request Body
{
"os_product_id": "<string>",
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values | Required |
|---|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A | Yes |
query |
Query to search vulnerability list for. | String | N/A | No |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
No |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 | No |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: deployment_type, name, last_sync_ts, os, os_arch, os_name, os_type, os_version, sync_type, sync_status, vm_id |
No |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts |
No |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved device list | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/CVE-0001-001/devices
Request Body
{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}Response
{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}Get Vulnerability Details
Get vulnerability details for a specific CVE ID.
RBAC Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/{cveId}
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Vulnerability details retrieved successfully | application/json | See example response below |
| 400 | Error occurred while getting the configuration | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/vulnerabilities/CVE-0001-001
Response
{
"cvss_access_complexity": "Low",
"cvss_access_vector": "Local access",
"cvss_authentication": "None required",
"cvss_availability_impact": "Partial",
"cvss_confidentiality_impact": "None",
"cvss_integrity_impact": "None",
"easily_exploitable": false,
"malware_exploitable": false,
"active_internet_breach": false,
"cvss_exploit_subscore": 3.9,
"cvss_impact_subscore": 2.9,
"cvss_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C",
"cvss_v3_exploit_subscore": 3.9,
"cvss_v3_impact_subscore": 2.9,
"cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"cvss_score": 3.9,
"cvss_v3_score": 3.9
}Fields
Device Vulnerability Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_info |
Information on the device’s operating system | Object | Operating System Info |
monitored |
Whether the device is being monitored for vulnerabilities | Boolean | true, false |
os_compatible |
Whether the operating system is compatible with vulnerability monitoring | Boolean | true, false |
sensor_compatible |
Whether the sensor is compatible with vulnerability monitoring | Boolean | true, false |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
severity_counts |
Number of each type of severity | Object | Severity Counts |
Device Vulnerability Summary Operating System Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_name |
Operating system name | String | N/A |
os_version |
Operating system version | String | N/A |
os_arch |
Operating system architecture | String | N/A |
Severity Counts
| Field | Definition | Data Type | Values |
|---|---|---|---|
critical |
Number of critical severities | Integer | N/A |
important |
Number of important severities | Integer | N/A |
moderate |
Number of moderate severities | Integer | N/A |
low |
Number of low severities | Integer | N/A |
Organization Vulnerability Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
monitored_assets |
Number of assets being monitored | Integer | N/A |
severity_summary |
Information about vulnerabilities at each severity level | Object | Severity Summary |
Severity Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
ALL |
Combined information for all vulnerabilities | Object | Severity Level Summary |
CRITICAL |
Information on critical vulnerabilities | Object | Severity Level Summary |
MODERATE |
Information on moderate vulnerabilities | Object | Severity Level Summary |
LOW |
Information on low vulnerabilities | Object | Severity Level Summary |
Severity Level Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
vuln_assets_count |
Number of assets associated with this vulnerability level | Integer | N/A |
vuln_count |
Number of vulnerabilities at this level | Integer | N/A |
total_vuln_count |
Integer | N/A | |
asset_summary |
Summary of assets by operating system | Object | Asset Summary |
Asset Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
LINUX |
Information on vulnerabilities for Linux systems | Object | Asset Level Summary |
WINDOWS |
Information on vulnerabilities for Windows systems | Object | Asset Level Summary |
Asset Level Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
monitored_assets |
Number of assets being monitored for vulnerabilities | Integer | N/A |
vuln_assets_count |
Number of assets with vulnerabilities | Integer | N/A |
total_vuln_count |
Number of vulnerabilities for this asset type | Integer | N/A |
os_vuln_count |
Number of vulnerabilities for this asset operating system | Integer | N/A |
products_vuln_count |
Number of vulnerabilities for applications on this asset type | Integer | N/A |
Paginated Device Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
num_found |
Number of matching devices | Integer | N/A |
results |
List of matching devices | Array | Device Summary |
Device Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
ID of the device | Integer | N/A |
type |
Device type | String | WORKLOAD, ENDPOINT |
vm_id |
ID of the virtual machine | String | N/A |
name |
Name of the device | String | N/A |
os_info |
Information about the device operating system | Object | Device Summary Operating System Info |
severity |
Highest severity associated with the device | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
highest_risk_score |
Highest risk score associated with the device | Double | N/A |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync. | String | ["MANUAL", "SCHEDULED"] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
cve_ids |
List of CVE ID’s associated with the device | List[String] | N/A |
Device Summary Operating System Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_type |
Operating system type. | String | ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"] |
os_name |
Operating system name. | String | N/A |
os_version |
Operating system version. | String | N/A |
os_arch |
Operating system architecture. | String | N/A |
Paginated Device Vulnerability List
| Field | Definition | Data Type | Values |
|---|---|---|---|
num_found |
Number of matching vulnerabilities | Integer | N/A |
results |
List of matching vulnerabilities | Array | Device Vulnerability List |
Device Vulnerability List
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A |
category |
Vulnerability category | String | APP, OS |
os_info |
Information about the operating system associated with the vulnerability | Object | Device Summary Operating System Info |
product_info |
Information about the vulnerable product | Object | Product Info |
vuln_info |
Information about the vulnerability | Object | Vulnerability Info |
device_count |
Number of affected devices | Integer | N/A |
affected_assets |
List of affected assets | List[String] | N/A |
Product Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
vendor |
The product creator | String | N/A |
product |
The product name | String | N/A |
version |
The product version | String | N/A |
release |
The product release | String | N/A |
arch |
The product architecture | String | N/A |
Vulnerability Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
cve_id |
The CVE ID | String | N/A |
cve_description |
The CVE description | String | N/A |
risk_meter_score |
The risk meter scoere | Double | N/A |
severity |
The vulnerability severity | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
fixed_by |
The fix for the vulnerability | String | N/A |
solution |
The solution for the vulnerability | String | N/A |
created_at |
When the vulnerability was identified | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
nvd_link |
National Vulnerability Database URL | String | N/A |
cvss_access_complexity |
Complexity of the attack required to exploit the vulnerability | String | ["High", "Medium", "Low"] |
cvss_access_vector |
How the vulnerability is exploited | String | ["Local", "Adjacent Network", "Network"] |
cvss_authentication |
Number of times an attack must authenticate to a target to exploit the vulnerability | String | ["Multiple", "Single", "None"] |
cvss_availability_impact |
Impact to availability of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
cvss_confidentiality_impact |
Impact to confidentiality of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
cvss_integrity_impact |
Impact to integrity of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
easily_exploitable |
Whether the vulnerability is easily exploitable | Boolean | true, false |
malware_exploitable |
Availability of an exploit module in a weaponized exploit kit such as Metasploit or Angler | Boolean | true, false |
active_internet_breach |
Presence of a near-real-time exploitation | Boolean | true, false |
cvss_exploit_subscore |
How vulnerable a vulnerability is to attack | Double | N/A |
cvss_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited | Double | N/A |
cvss_vector |
CVSS Base Vector string, the compressed textual representation of the CVSS score | String | Base Vector String |
cvss_v3_exploit_subscore |
How vulnerable a vulnerability is to attack, based on CVSS v3 calculation | Double | N/A |
cvss_v3_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited, based on CVSS v3 calculation | Double | N/A |
cvss_v3_vector |
CVSS Vector string, the compressed textual representation of the CVSS v3 score | String | Vector String |
cvss_score |
CVSS Vulnerability score | Double | N/A |
cvss_v3_score |
CVSS v3 Vulnerability score | Double | N/A |
Criteria
{
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
}
}| Field | Definition | Data Type | Values |
|---|---|---|---|
property |
Property to filter results on. | Object | Properties |
value |
Property value to add to search criteria. | Varies depending on property and operator. Supports String, Integer, Double, or Array. | N/A |
operator |
Logic operator to apply to property value. | String | EQUALS, NOT_EQUALS, GREATER_THAN, LESS_THAN, IS_NULL, IS_NOT_NULL, IS_TRUE, IS_FALSE, IN, NOT_IN, LIKE |
Properties
Note: See API for supported properties, not all may be supported
| Field | Definition | Data Type | Values |
|---|---|---|---|
arch |
The product architecture | String | N/A |
category |
Vulnerability category | String | APP, OS |
created_at |
When the vulnerability was identified | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
cve_id |
The CVE ID | String | N/A |
deployment_type |
Type of device. | String | ["WORKLOAD", "ENDPOINT"] |
device_count |
Number of affected devices | Integer | N/A |
fixed_by |
The fix for the vulnerability | String | N/A |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
name |
Device name. | String | Any string, e.g., "windows-2012-desktop" |
os_arch |
Operating system architecture. | String | Any string, e.g., "x86_64" |
os_name |
Operating system name. | String | Any string, e.g., "Red Hat Enterprise Linux Server" |
os_type |
Operating system type. | String | ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"] |
os_version |
Operating system version. | String | Any string, e.g., "7.2.0" |
product |
The product name | String | N/A |
release |
The product release | String | N/A |
risk_meter_score |
The risk meter scoere | Double | N/A |
severity |
Vulnerability severity level. | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync. | String | ["MANUAL", "SCHEDULED"] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
vendor |
The product creator | String | N/A |
version |
The product version | String | N/A |
vm_id |
Virtual Machine ID. | String | Any string, e.g.,"vm-30" |