Vulnerability Assessment API

Introduction

The Vulnerability Assessment API allows users to view asset (Endpoint or Workload) vulnerabilities, increase security visibility, and undertake prioritized proactive security patching on critical systems. The API provides a summary of vulnerability information filtered at the organization level, by device, or by vulnerability CVE ID. With a list of vulnerabilities prioritized by severity, exploitability, and current activity, users can apply proactive and impactful vulnerability patches.

Use Cases

  • Filterable Vulnerability information
  • Summaries or lists of Vulnerabilities that can be prioritized by severity, exploitability, and current activity.
  • Vulnerability Device Actions

Requirements

  • Workload Vulnerabilities
    • Appliance and vSphere configured to communicate with the Carbon Black Cloud see Installation Guide for more information
    • Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages
    • Note: Vulnerability Assessment is not available in GovCloud.
  • Endpoint Vulnerabilities
    • Carbon Black Cloud Endpoint - You must have purchased one of the Carbon Black Cloud Endpoint packages
  • All API calls require an API key with appropriate permissions see Authentication

Authentication

Determine whether you use Carbon Black Cloud or VMware Cloud Services Platform to manage identity and authorization, or see the Carbon Black Cloud API Access Guide for complete instructions.


Carbon Black Cloud Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with Role-Based Access Control; All APIs and Services authenticate via API Keys. To access the data in Carbon Black Cloud via API, you must set up a key with the correct permissions for the calls you want to make and pass it in the HTTP Headers.

Environment
Available on majority of environments; Use the Carbon Black Cloud Console URL, as described here.

API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
  • Info for an org: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/
  • Info for a vCenter: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/
  • Info for a device: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/
  • Info for a CVE: {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/

Access Level
Before you create your API Key, you need to create a "Custom" Access Level including each category:
  • Vulnerability > Vulnerability Assessment Data > vulnerabilityAssessment.data, allow permission to READ, EXECUTE

API Key
When creating your API Key, use the Access Level Type of "Custom" and select the Access Level you created. Details on constructing and passing the API Key in your requests are available here.


Cloud Services Platform Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with OAuth Access Control; API access is controlled using OAuth apps or User API Tokens. This is currently limited to the UK Point of Presence and AWS GovCloud (US).

Environment
Available on Prod UK and AWS GovCloud (US). Full list of environments is available here; Use the Carbon Black Cloud Console URL from Cloud Services Platform, as described here.

API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
  • Info for an org: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/
  • Info for a vCenter: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/
  • Info for a device: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/
  • Info for a CVE: {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/

Access Level
Before you create your OAuth App, you need to create a custom Role with the following permissions under IDENTITY & ACCESS MANAGEMENT > Roles > VMware Carbon Black Cloud:
  • _API.Vulnerability:vulnerabilityAssessment.Data, allow permission to READ, EXECUTE

API Authentication
The Cloud Services Platform supports several authentication options, Access Token, API Token, and for backward compatibility, X-Auth-Token. To learn about the differences or how to use the authentication methods see the Authentication Guide.

Quick Start

Criteria

The Vulnerability search endpoints utilize a new pattern to combine multiple criteria’s using an operator and value. Below you can find the supported operators as well as the properties that can be filtered.

{
  "criteria": {
    "property": {
      "value": "<string>",
      "operator": "<string>"
    }
  }
}
Field Definition Data Type Values
property Property to filter results on Object See Supported Criteria Properties below
value Property value to add to search criteria Varies depending on property and operator. Supports String, Integer, Double, or Array N/A
operator Logic operator to apply to property value String EQUALS, NOT_EQUALS, GREATER_THAN, LESS_THAN, IS_NULL, IS_NOT_NULL, IS_TRUE, IS_FALSE, IN, NOT_IN, LIKE

Note: See API for supported properties, not all may be supported for every search endpoint.

Field Definition Data Type Values
arch The product architecture String N/A
category Vulnerability category String APP, OS
created_at When the vulnerability was identified Date-time formatted string Any datetime, e.g.,"2020-01-02T03:04:05Z"
cve_id The CVE ID String N/A
deployment_type Type of device String ["WORKLOAD", "ENDPOINT"]
device_count Number of affected devices Integer N/A
fixed_by The fix for the vulnerability String N/A
last_sync_ts Last sync time Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
name Device name String Any string, e.g., "windows-2012-desktop"
os_arch Operating system architecture String Any string, e.g., "x86_64"
os_name Operating system name String Any string, e.g., "Red Hat Enterprise Linux Server"
os_product_id Operating system product ID String N/A
os_type Operating system type String ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"]
os_version Operating system version String Any string, e.g., "7.2.0"
product The product name String N/A
release The product release String N/A
risk_meter_score The risk meter score Double N/A
severity Vulnerability severity level String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
sync_type Whether a manual sync was triggered for the device, or if it was a scheduled sync String ["MANUAL", "SCHEDULED"]
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
vendor The product creator String N/A
version The product version String N/A
vm_id Virtual Machine ID String Any string, e.g.,"vm-30"

API Calls

Note: Many of the API calls below offer a separate path for specifying the vCenter. This allows you to filter down to a single center instead of across all workloads.

Vulnerability

The Vulnerability API calls provide detailed Vulnerability information by organization, vCenter, device, or CVE.

RBAC Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud vulnerabilityAssessment.data READ Majority of environments
VMware Cloud Services Platform _API.Vulnerability:vulnerabilityAssessment.Data:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Get Vulnerability by CVE

Request

GET {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/{cveId}

Path Schema

Variable Definition Example
cveId Filter down to a single CVE (Common Vulnerabilities and Exposures) CVE-0001-001

Response

Code Description Content-Type Content
200 Vulnerability details retrieved successfully application/json See example response below
400 Error occurred while getting the configuration N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/vulnerabilities/CVE-0001-001
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Response Body
{
  "cvss_access_complexity": "Low",
  "cvss_access_vector": "Local access",
  "cvss_authentication": "None required",
  "cvss_availability_impact": "Partial",
  "cvss_confidentiality_impact": "None",
  "cvss_integrity_impact": "None",
  "easily_exploitable": false,
  "malware_exploitable": false,
  "active_internet_breach": false,
  "cvss_exploit_subscore": 3.9,
  "cvss_impact_subscore": 2.9,
  "cvss_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C",
  "cvss_v3_exploit_subscore": 3.9,
  "cvss_v3_impact_subscore": 2.9,
  "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
  "cvss_score": 3.9,
  "cvss_v3_score": 3.9
}
To download or review the Carbon Black Cloud Postman collection, click here.

Search Vulnerabilities

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78

Query Parameters

Field Description Data Type Values
dataForExport Whether to send detailed data for export. If not set to true, vuln_info will be null. Boolean true, false
vulnerabilityVisibility Filter down to vulnerabilities of a specific visibility type. String DISMISSED, ACTIVE, ALL

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Results
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/_search
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_name": {
        "value": "Red Hat Enterprise Linux",
        "operator": "NOT_EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "os_product_id": "18_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/_search
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_type": {
        "value": ["CENTOS", "UBUNTU"],
        "operator": "NOT_IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "os_product_id": "18_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.

Search Specific Device Vulnerabilities

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78
vm_id Filter down to a single virtual machine vm-1

Query Parameters

Field Description Data Type Values
dataForExport Whether to send detailed data for export. If not set to true, vuln_info will be null. Boolean true, false

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Results
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/_search?dataForExport=false
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "sync_type": {
        "value": "MANUAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "os_product_id": "90_5363",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/_search
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "sync_status": {
        "value": "IN_PROGRESS",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "os_product_id": "90_5363",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.

Export Vulnerabilities

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78

Query Parameters

Field Definition Data Type Values
async Optional indicator to export asynchronously and return a job id in JSON format instead of CSV Boolean Default: false

Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv (or JSON if async = true) See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "name": {
        "value": "windows_",
        "operator": "LIKE"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "last_sync_ts": {
        "value": "",
        "operator": "IS_NOT_NULL"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"
To download or review the Carbon Black Cloud Postman collection, click here.

Export Specific Device Vulnerabilities

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Schema

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78
device_id Filter down to a single device 1234
vm_id Filter down to a single virtual machine vm-1

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv (or JSON if async = true) See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": ["CRITICAL", "IMPORTANT"],
        "operator": "IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"
To download or review the Carbon Black Cloud Postman collection, click here.

Vulnerability Summary

The Vulnerability Summary API calls provide Vulnerability counts and a Severity Summary by organization, vCenter, and device.

RBAC Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud vulnerabilityAssessment.data READ Majority of environments
VMware Cloud Services Platform _API.Vulnerability:vulnerabilityAssessment.Data:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Get Vulnerability Summary

Requests

GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/summary

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78

Query Parameters

Field Description Data Type Values
deploymentType Limits the results to one or more deployment types. Use comma separated list for multiple values String ENDPOINT, WORKLOAD
severity Severity level to filter on String CRITICAL, IMPORTANT, MODERATE, LOW

Response

Code Description Content-Type Content
200 Successfully retrieved summary application/json Vulnerability Summary
400 Error occurred while retrieving the summary N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/summary?deploymentType=ENDPOINT,WORKLOAD
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Response Body
{
    "monitored_assets": 13,
    "severity_summary": {
        "ALL": {
            "vuln_assets_count": 13,
            "vuln_count": 7616,
            "total_vuln_count": 9856,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 9123,
                    "os_vuln_count": 4143,
                    "products_vuln_count": 2740
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 733,
                    "os_vuln_count": 717,
                    "products_vuln_count": 16
                }
            }
        },
        "MODERATE": {
            "vuln_assets_count": 13,
            "vuln_count": 391,
            "total_vuln_count": 505,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 449,
                    "os_vuln_count": 164,
                    "products_vuln_count": 171
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 56,
                    "os_vuln_count": 56,
                    "products_vuln_count": 0
                }
            }
        },
        "LOW": {
            "vuln_assets_count": 13,
            "vuln_count": 7160,
            "total_vuln_count": 9270,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 8605,
                    "os_vuln_count": 3946,
                    "products_vuln_count": 2549
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 665,
                    "os_vuln_count": 650,
                    "products_vuln_count": 15
                }
            }
        },
        "IMPORTANT": {
            "vuln_assets_count": 13,
            "vuln_count": 60,
            "total_vuln_count": 76,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 66,
                    "os_vuln_count": 30,
                    "products_vuln_count": 20
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 10,
                    "os_vuln_count": 9,
                    "products_vuln_count": 1
                }
            }
        },
        "CRITICAL": {
            "vuln_assets_count": 2,
            "vuln_count": 5,
            "total_vuln_count": 5,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 3,
                    "os_vuln_count": 3,
                    "products_vuln_count": 0
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 2,
                    "os_vuln_count": 2,
                    "products_vuln_count": 0
                }
            }
        }
    }
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/summary
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Response Body
{
    "monitored_assets": 13,
    "severity_summary": {
        "ALL": {
            "vuln_assets_count": 13,
            "vuln_count": 7616,
            "total_vuln_count": 9856,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 9123,
                    "os_vuln_count": 4143,
                    "products_vuln_count": 2740
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 733,
                    "os_vuln_count": 717,
                    "products_vuln_count": 16
                }
            }
        },
        "MODERATE": {
            "vuln_assets_count": 13,
            "vuln_count": 391,
            "total_vuln_count": 505,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 449,
                    "os_vuln_count": 164,
                    "products_vuln_count": 171
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 56,
                    "os_vuln_count": 56,
                    "products_vuln_count": 0
                }
            }
        },
        "LOW": {
            "vuln_assets_count": 13,
            "vuln_count": 7160,
            "total_vuln_count": 9270,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 8605,
                    "os_vuln_count": 3946,
                    "products_vuln_count": 2549
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 665,
                    "os_vuln_count": 650,
                    "products_vuln_count": 15
                }
            }
        },
        "IMPORTANT": {
            "vuln_assets_count": 13,
            "vuln_count": 60,
            "total_vuln_count": 76,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 66,
                    "os_vuln_count": 30,
                    "products_vuln_count": 20
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 10,
                    "os_vuln_count": 9,
                    "products_vuln_count": 1
                }
            }
        },
        "CRITICAL": {
            "vuln_assets_count": 2,
            "vuln_count": 5,
            "total_vuln_count": 5,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 3,
                    "os_vuln_count": 3,
                    "products_vuln_count": 0
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 2,
                    "os_vuln_count": 2,
                    "products_vuln_count": 0
                }
            }
        }
    }
}
To download or review the Carbon Black Cloud Postman collection, click here.

Get Specific Device Vulnerability Summary

Requests

GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/summary
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/summary

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78
device_id Filter down to a single device 1234
vm_id Filter down to a single virtual machine vm-1

Query Parameters

Field Description Data Type Values
category Category to match on String OS, APP

Response

Code Description Content-Type Content
200 Successful Request application/json Device Vulnerability Summary
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/summary?category=OS
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Response Body
{
    "os_info": {
        "os_type": "CENTOS",
        "os_name": "CentOS Linux",
        "os_version": "7.1.1503",
        "os_arch": "x86_64"
    },
    "monitored": true,
    "os_compatible": true,
    "sensor_compatible": true,
    "sync_type": "SCHEDULED",
    "sync_status": "COMPLETED",
    "last_sync_ts": "2020-10-30T16:17:16.078363Z",
    "severity_counts": {
        "critical": 0,
        "important": 7,
        "moderate": 45,
        "low": 804
    }
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/summary?category=OS
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Response Body
{
    "os_info": {
        "os_type": "CENTOS",
        "os_name": "CentOS Linux",
        "os_version": "7.1.1503",
        "os_arch": "x86_64"
    },
    "monitored": true,
    "os_compatible": true,
    "sensor_compatible": true,
    "sync_type": "SCHEDULED",
    "sync_status": "COMPLETED",
    "last_sync_ts": "2020-10-30T16:17:16.078363Z",
    "severity_counts": {
        "critical": 0,
        "important": 7,
        "moderate": 45,
        "low": 804
    }
}
To download or review the Carbon Black Cloud Postman collection, click here.

Search Vulnerability Summary

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/_search

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78

Query Parameters

Field Description Data Type Values
dataForExport Whether to send detailed data for export. If not set to true, vuln_info will be null. Boolean true, false

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved device list application/json Results
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/_search
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "device_id": 7330223,
            "type": "WORKLOAD",
            "vm_id": "vm-32",
            "name": "shwetap-windows_2012-2",
            "host_name": "localhost.localdomain",
            "vm_name": "shwetap-windows_2012-2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 Standard",
                "os_version": "6.2.9200",
                "os_arch": "64-bit"
            },
            "vuln_count": 733,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T16:00:52.897987Z",
            "sync_type": "SCHEDULED",
            "sync_status": "COMPLETED",
            "cve_ids": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/_search
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "highest_risk_score": {
        "value": 8,
        "operator": "GREATER_THAN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
    "num_found": 1,
    "results": [
        {
            "device_id": 7330223,
            "type": "WORKLOAD",
            "vm_id": "vm-32",
            "name": "shwetap-windows_2012-2",
            "host_name": "localhost.localdomain",
            "vm_name": "shwetap-windows_2012-2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 Standard",
                "os_version": "6.2.9200",
                "os_arch": "64-bit"
            },
            "vuln_count": 733,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T16:00:52.897987Z",
            "sync_type": "SCHEDULED",
            "sync_status": "COMPLETED",
            "cve_ids": null
        }
    ]
}
To download or review the Carbon Black Cloud Postman collection, click here.

Export Vulnerability Summary

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/export

Request Body

{
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Variables

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78

Query Parameters

Field Definition Data Type Values
async Optional indicator to export asynchronously and return a job id in JSON format instead of CSV Boolean Default: false

Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for String N/A
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
start For pagination, where to start retrieving results from Integer Default: 0
criteria Criteria is an object that represents values that must be in the results Object Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv (or JSON if async = true) See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_version": {
        "value": "7.2.0",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/export
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_arch": {
        "value": ["64-bit", "x86_64"],
        "operator": "IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"
To download or review the Carbon Black Cloud Postman collection, click here.

Refresh Vulnerability Scan for Specific Device

RBAC Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud vulnerabilityAssessment.data READ Majority of environments
VMware Cloud Services Platform _API.Vulnerability:vulnerabilityAssessment.Data:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/device_actions
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/device_actions

Request Body

{
    "action_type": "<string>"
}

Path Schema

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78
device_id Filter down to a single device 1234
vm_id Filter down to a single virtual machine vm-1

Body Schema

Field Definition Data Type Values
action_type Action to initiate String REFRESH

Response

Code Description Content-Type Content
200 Successfully initiated device action application/json See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/device_actions
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "action_type": "REFRESH"
}
Response Body
{
   "created_at": "2021-02-09T07:29:09.179588Z",
   "device_id": 1234,
   "lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
   "lq_query_status": "ACTIVE",
   "org_key": "ABCD1234",
   "schedule_type": "LINUX_OS_PRODUCT",
   "updated_at": "2021-02-09T07:29:09.179589Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/device_actions
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "action_type": "REFRESH"
}
Response Body
{
   "created_at": "2021-02-09T07:29:09.179588Z",
   "device_id": 1234,
   "lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
   "lq_query_status": "ACTIVE",
   "org_key": "ABCD1234",
   "schedule_type": "LINUX_OS_PRODUCT",
   "updated_at": "2021-02-09T07:29:09.179589Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.

Search Affected Devices for a Specific Vulnerability

RBAC Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud vulnerabilityAssessment.data READ Majority of environments
VMware Cloud Services Platform _API.Vulnerability:vulnerabilityAssessment.Data:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Requests

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cveId}/devices
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/{cveId}/devices

Request Body

{
    "os_product_id": "<string>",
    "query": "<string>",
    "rows": <integer>,
    "start": <integer>,
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Path Schema

Variable Definition Example
org_key Filter down to a single organization ABCD1234
vcenter_uuid Filter down to a single center instead of across all workloads ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78
cveId Filter down to a single CVE (Common Vulnerabilities and Exposures) CVE-0001-001

Body Schema

Field Definition Data Type Values Required
os_product_id Operating system product ID String N/A Yes
query Query to search vulnerability list for String N/A No
rows For pagination, how many results to return per page Integer Max: 1000
Default: 20
No
start For pagination, where to start retrieving results from Integer Default: 0 No
criteria Criteria is an object that represents values that must be in the results Object Supported properties: deployment_type, name, last_sync_ts, os, os_arch, os_name, os_type, os_version, sync_type, sync_status, vm_id No
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts
No

Response

Code Description Content-Type Content
200 Successfully retrieved device list application/json See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Examples

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/devices
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "os_product_id": "313_0",
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
  "num_found": 1,
  "results": [
    {
      "device_id": 1,
      "vm_id": "vm-1",
      "name": "VM-1",
      "type": "WORKLOAD",
      "host_name": "localhost.localdomain",
      "vm_name": "VM-1"
    }
  ]
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/CVE-0001-001/devices
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "os_product_id": "313_0",
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}
Response Body
{
  "num_found": 1,
  "results": [
    {
      "device_id": 1,
      "vm_id": "vm-1",
      "name": "VM-1",
      "host_name": "localhost.localdomain",
      "vm_name": "VM-1"
    }
  ]
}
To download or review the Carbon Black Cloud Postman collection, click here.

Hide/Dismiss Vulnerabilities

The Hide/Dismiss Vulnerabilities API allows you to dismiss vulnerabilities you no longer want to see. You can also use this API to unhide vulnerabilities in order to regain visibility or to update the dismissal reason.

RBAC Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud vulnerabilityAssessment.data EXECUTE Majority of environments
VMware Cloud Services Platform _API.Vulnerability:vulnerabilityAssessment.Data:execute N/A - included in permission name Prod UK and AWS GovCloud (US)

Request

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{orgKey}/vulnerabilities/{cveId}/actions

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "action_type": "<string>",
    "dismiss_reason": "<string>",
    "notes": "<string>",
    "rule_ids": "<array>"
}

Note: The property os_product_id in the criteria object is required for DISMISS.

Path Schema

Variable Definition Example
orgKey Filter down to a single organization ABCD1234
cveId Filter down to a single CVE (Common Vulnerabilities and Exposures) CVE-0001-001

Body Schema

Field Definition Data Type Values
action_type
REQUIRED
Action to initiate String DISMISS, UNDISMISS, DISMISS_EDIT
criteria
REQUIRED for DISMISS
Criteria is an object that represents values that must be in the results. Object
{
  "os_product_id":{
    "operator":"EQUALS",
    "value":"313_0"
}  
Supported fields:
deployment_type,
os_product_id REQUIRED for DISMISS
dismiss_reason
REQUIRED
Dismiss reason String FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER
notes
REQUIRED if dismiss_reason is “OTHER”
Notes related to dismissal String N/A
rule_ids Filter down to specific vulnerability rules Array[Integer] N/A

Response

Code Description Content-Type Content
200 Successfully initiated vulnerability action application/json See example responses below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Note: You can retrieve a list of vulnerabilities that have been dismissed with the following request:

POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search?vulnerabilityVisibility=DISMISSED


Examples

Dismiss Vulnerability - Dismiss the CVE for the devices having the specified OS products.

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "action_type": "DISMISS",
    "dismiss_reason": "FALSE_POSITIVE",
    "notes": "Pending SecOps consultation",
    "rule_ids" : [
    1
    ],
    "criteria": {
        "os_product_id":{
            "operator":"EQUALS",
            "value":"313_0"
        }
    }
}
Response Body
{
    "rule_id": 1,
    "dismiss_reason": "FALSE_POSITIVE",
    "notes": "Pending SecOps consultation",
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-30T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \ -d '{ "action_type": "DISMISS", "dismiss_reason": "FALSE_POSITIVE", "notes": "Pending SecOps consultation", "rule_ids" : [ 1 ], "criteria": { "os_product_id":{ "operator":"EQUALS", "value":"313_0" } } }'
Response Body
{
    "rule_id": 1,
    "dismiss_reason": "FALSE_POSITIVE",
    "notes": "Pending SecOps consultation",
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-30T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.


Examples

Undismiss Vulnerability - Undismiss the CVE for the applicable devices corresponding to a prior Dismiss action.

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "action_type": "UNDISMISS",
    "rule_ids" : [
    1
    ]
}
Response Body
{
    "rule_id": 1,
    "dismiss_reason": null,
    "notes": null,
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-31T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \ -d '{ "action_type": "UNDISMISS" }'
Response Body
{
    "rule_id": null,
    "dismiss_reason": null,
    "notes": null,
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-31T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.


Examples

Edit Dismiss Details - Edit the 'Dismiss Reason' and 'Notes' provided at the time of prior Dismiss action.

Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions
Request Headers
X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"
Request Body
{
    "action_type": "DISMISS_EDIT",
    "dismiss_reason": "NON_CRITICAL_ASSET"
}
Response Body
{
    "rule_id": 1,
    "dismiss_reason": "NON_CRITICAL_ASSET",
    "notes": "Pending SecOps consultation",
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-31T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.
Request
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \ -d '{ "action_type": "DISMISS_EDIT", "dismiss_reason": "NON_CRITICAL_ASSET" }'
Response Body
{
    "rule_id": 1,
    "dismiss_reason": "NON_CRITICAL_ASSET",
    "notes": "Pending SecOps consultation",
    "created_by": "admin1@vmw.com",
    "updated_by": "admin2@vmw.com",
    "created_at": "2020-10-30T16:17:16.078363Z",
    "updated_at": "2022-10-31T16:17:16.078363Z"
}
To download or review the Carbon Black Cloud Postman collection, click here.

Fields

Vulnerability

Field Definition Data Type Values
os_product_id Operating system product ID String N/A
category Vulnerability category String APP, OS
os_info Information about the operating system associated with the vulnerability Object Operating System Info
product_info Information about the vulnerable product Object Product Info
vuln_info Information about the vulnerability Object Vulnerability Info
device_count Number of affected devices Integer N/A
affected_assets List of affected assets List[String] N/A
dismissed Whether or not the vulnerability has been dismissed Boolean TRUE, FALSE
dismiss_reason Dismiss reason String FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER
notes Notes related to dismissal String N/A
dismissed_on Date of initiated dismiss action String N/A
dismissed_by User who initiated dismiss action String N/A

Operating System Info

Field Definition Data Type Values
os_type Operating system type String ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"]
os_name Operating system name String N/A
os_version Operating system version String N/A
os_arch Operating system architecture String N/A

Product Info

Field Definition Data Type Values
vendor The product creator String N/A
product The product name String N/A
version The product version String N/A
release The product release String N/A
arch The product architecture String N/A

Vulnerability Info

Field Definition Data Type Values
cve_id The CVE ID String N/A
cve_description The CVE description String N/A
risk_meter_score The risk meter score Double N/A
severity The vulnerability severity String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
fixed_by The fix for the vulnerability String N/A
solution The solution for the vulnerability String N/A
created_at When the vulnerability was identified Date-time formatted string Any datetime, e.g.,"2020-01-02T03:04:05Z"
nvd_link National Vulnerability Database URL String N/A
cvss_access_complexity Complexity of the attack required to exploit the vulnerability String ["High", "Medium", "Low"]
cvss_access_vector How the vulnerability is exploited String ["Local", "Adjacent Network", "Network"]
cvss_authentication Number of times an attack must authenticate to a target to exploit the vulnerability String ["Multiple", "Single", "None"]
cvss_availability_impact Impact to availability of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
cvss_confidentiality_impact Impact to confidentiality of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
cvss_integrity_impact Impact to integrity of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
easily_exploitable Whether the vulnerability is easily exploitable Boolean true, false
malware_exploitable Availability of an exploit module in a weaponized exploit kit such as Metasploit or Angler Boolean true, false
active_internet_breach Presence of a near-real-time exploitation Boolean true, false
cvss_exploit_subscore How vulnerable a vulnerability is to attack Double N/A
cvss_impact_subscore How significantly an asset will be affected if the vulnerability is exploited Double N/A
cvss_vector CVSS Base Vector string, the compressed textual representation of the CVSS score String Base Vector String
cvss_v3_exploit_subscore How vulnerable a vulnerability is to attack, based on CVSS v3 calculation Double N/A
cvss_v3_impact_subscore How significantly an asset will be affected if the vulnerability is exploited, based on CVSS v3 calculation Double N/A
cvss_v3_vector CVSS Vector string, the compressed textual representation of the CVSS v3 score String Vector String
cvss_score CVSS Vulnerability score Double N/A
cvss_v3_score CVSS v3 Vulnerability score Double N/A

Vulnerability Summary

Field Definition Data Type Values
device_id ID of the device Integer N/A
type Device type String WORKLOAD, ENDPOINT
vm_id ID of the virtual machine String N/A
name Name of the device String N/A
os_info Information about the device operating system Object Operating System Info
severity Highest severity associated with the device String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
highest_risk_score Highest risk score associated with the device Double N/A
last_sync_ts Last sync time Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
sync_type Whether a manual sync was triggered for the device, or if it was a scheduled sync String ["MANUAL", "SCHEDULED"]
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
dismissed Whether or not the vulnerability has been dismissed Boolean TRUE, FALSE
dismiss_reason Dismiss reason String FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER
notes Notes related to dismissal String N/A
dismissed_on Date of initiated dismiss action String N/A
dismissed_by User who initiated dismiss action String N/A

Operating System Info

Field Definition Data Type Values
os_type Operating system type String ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"]
os_name Operating system name String N/A
os_version Operating system version String N/A
os_arch Operating system architecture String N/A

Device Vulnerability Summary

Field Definition Data Type Values
os_info Information on the device’s operating system Object Operating System Info
monitored Whether the device is being monitored for vulnerabilities Boolean true, false
os_compatible Whether the operating system is compatible with vulnerability monitoring Boolean true, false
sensor_compatible Whether the sensor is compatible with vulnerability monitoring Boolean true, false
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
last_sync_ts Last sync time Date-time formatted string Any datetime, e.g.,"2020-01-02T03:04:05Z"
severity_counts Number of each type of severity Object Severity Counts

Severity Counts

Field Definition Data Type Values
critical Number of critical severities Integer N/A
important Number of important severities Integer N/A
moderate Number of moderate severities Integer N/A
low Number of low severities Integer N/A

Severity Summary

Field Definition Data Type Values
ALL Combined information for all vulnerabilities Object Severity Level Summary
CRITICAL Information on critical vulnerabilities Object Severity Level Summary
MODERATE Information on moderate vulnerabilities Object Severity Level Summary
LOW Information on low vulnerabilities Object Severity Level Summary

Severity Level Summary

Field Definition Data Type Values
vuln_assets_count Number of assets associated with this vulnerability level Integer N/A
vuln_count Number of vulnerabilities at this level Integer N/A
total_vuln_count Integer N/A
asset_summary Summary of assets by operating system Object Asset Summary

Asset Summary

Field Definition Data Type Values
LINUX Information on vulnerabilities for Linux systems Object Asset Level Summary
WINDOWS Information on vulnerabilities for Windows systems Object Asset Level Summary

Asset Level Summary

Field Definition Data Type Values
monitored_assets Number of assets being monitored for vulnerabilities Integer N/A
vuln_assets_count Number of assets with vulnerabilities Integer N/A
total_vuln_count Number of vulnerabilities for this asset type Integer N/A
os_vuln_count Number of vulnerabilities for this asset operating system Integer N/A
products_vuln_count Number of vulnerabilities for applications on this asset type Integer N/A

Affected Assets

Field Definition Data Type Values
device_id ID of the device Integer N/A
type Device type String WORKLOAD, ENDPOINT
vm_id ID of the virtual machine String N/A
name Name of the device String N/A
host_name Hostname of the device String N/A
vm_name Name of the virtual machine String N/A
policy_name Name of the policy String N/A

Dismissed Vulnerability Rule

Field Definition Data Type Values
rule_id ID of the affected rule Integer N/A
dismiss_reason Dismiss reason String FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER
notes Notes related to dismissal String N/A
created_by User who created the rule String N/A
updated_by User who last updated the rule String N/A
created_at Date-time the rule was created String N/A
updated_at Date-time the rule was last updated String N/A
Last modified on January 17, 2023