The Vulnerability Assessment API allows users to view asset (Endpoint or Workload) vulnerabilities, increase security visibility, and undertake prioritized proactive security patching on critical systems. The API provides a summary of vulnerability information filtered at the organization level, by device, or by vulnerability CVE ID. With a list of vulnerabilities prioritized by severity, exploitability, and current activity, users can apply proactive and impactful vulnerability patches.
Access Level: Before you create your API Key, you need to create a “Custom” Access Level:
READ
, and EXECUTE
(or see each call below for individual requirements)API Key: When you create your API Key, use the Access Level Type of “Custom”, then select the Access Level you created.
Environment: use the URL of your Carbon Black Cloud console (this is the Dashboard URL)
API Route: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary
Get a Vulnerability Summary at the organization level.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
deploymentType |
Limits the results to one or more deployment types. Use comma separated list for multiple values | String | ENDPOINT , WORKLOAD |
severity |
Severity level to filter on. | String | CRITICAL , IMPORTANT , MODERATE , LOW |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved summary | application/json | Organization Vulnerability Summary |
400 | Error occurred while retrieving the summary | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/summary?deploymentType=ENDPOINT,WORKLOAD
Response
{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
}
}
}
}
}
Get a Vulnerability Summary at the organization level for a vCenter Server.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/summary
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
deploymentType |
Limits the results to a specific deployment type | String | ENDPOINT , WORKLOAD |
severity |
Severity level to filter on. | String | CRITICAL , IMPORTANT , MODERATE , LOW |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved summary | application/json | Organization Vulnerability Summary |
400 | Error occurred while retrieving the summary | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/summary
Response
{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
}
}
}
}
}
Retrieve a device list with a Vulnerability Summary.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved device list | application/json | Paginated Device Summary |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 2,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
},
{
"device_id": 7655988,
"type": "WORKLOAD",
"vm_id": "vm-34",
"name": "cwp-bucket-1-windows_2012_r2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"vuln_count": 758,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T17:44:43.902389Z",
"sync_type": "MANUAL",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}
Retrieve a device list with a Vulnerability Summary for a vCenter Server.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved vCenter device list | application/json | Paginated Device Summary |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"highest_risk_score": {
"value": 8,
"operator": "GREATER_THAN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 2,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
},
{
"device_id": 7655988,
"type": "WORKLOAD",
"vm_id": "vm-34",
"name": "cwp-bucket-1-windows_2012_r2",
"host_name": "localhost.localdomain",
"vm_name": "cwp-bucket-1-windows_2012_r2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"vuln_count": 758,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T17:44:43.902389Z",
"sync_type": "MANUAL",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}
Export a device list to a CSV file.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/export?async=false
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema:
Field | Definition | Data Type | Values |
---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id instead | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_version": {
"value": "7.2.0",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"
Export a device list to a CSV file stream for a vCenter Server.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_arch": {
"value": ["64-bit", "x86_64"],
"operator": "IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"
Get a Vulnerability List filtered and sorted for a specific operating system and application.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability summary for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_name": {
"value": "Red Hat Enterprise Linux",
"operator": "NOT_EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": ,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "328_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2019 Datacenter",
"os_version": "10.0.17763",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Get a Vulnerability List filtered and sorted for a specific operating system and application in a vCenter Server.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_type": {
"value": ["CENTOS", "UBUNTU"],
"operator": "NOT_IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 2,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "328_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2019 Datacenter",
"os_version": "10.0.17763",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Get a Vulnerability List in CSV format.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/export?async=false
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema:
Field | Definition | Data Type | Values |
---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id instead | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"name": {
"value": "windows_",
"operator": "LIKE"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"
Get a Vulnerability List for a vCenter Server in CSV format.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"last_sync_ts": {
"value": "",
"operator": "IS_NOT_NULL"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"
Get an Operating System or Application Vulnerability Summary for a specific device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/summary
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
category |
Category to match on. | String | OS , APP |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful Request | application/json | Device Vulnerability Summary |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/summary?category=OS
Response
{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}
Get an Operating System or Application Vulnerability Summary for a specific vCenter device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/summary
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
category |
Category to match on. | String | OS , APP |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful Request | application/json | Device Vulnerability Summary |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/summary?category=OS
Response
{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}
Get an Operating System or Application Vulnerability List for a specific device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/_search?dataForExport=false
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_type": {
"value": "MANUAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 2,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "90_5372",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python-libs",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Get an Operating System or Application Vulnerability List for a specific vCenter device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Query Schema
Field | Description | Data Type | Values |
---|---|---|---|
dataForExport |
Whether to send detailed data for export. | Boolean | true , false |
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved vulnerability list | application/json | Paginated Device Vulnerability List |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/_search
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_status": {
"value": "IN_PROGRESS",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 2,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
},
{
"os_product_id": "90_5372",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python-libs",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Get a Vulnerability List for a specific device in CSV format.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": ["CRITICAL", "IMPORTANT"],
"operator": "IN"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"
Get a Vulnerability List for a specific vCenter device in CSV format.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
query |
Query to search vulnerability list for. | String | N/A |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: arch , category , created_at , deployment_type , device_count , fixed_by , os , os_name , os_type , os_version , product , risk_meter_score , severity , vendor , version , release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successful request | application/csv | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/export
Request Body
{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"
Perform an action on a specific device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
EXECUTE |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.execute |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/device_actions
Request Body
{
"action_type": "<string>"
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
action_type |
Action to initiate. | String | REFRESH |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully initiated device action | application/json | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/device_actions
Request Body
{
"action_type": "REFRESH"
}
Response
{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}
Perform an action on a specific vCenter device.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
EXECUTE |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.execute |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/device_actions
Request Body
{
"action_type": "<string>"
}
Body Schema
Field | Definition | Data Type | Values |
---|---|---|---|
action_type |
Action to initiate. Allowed values: REFRESH |
String | N/A |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully initiated device action | application/json | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/device_actions
Request Body
{
"action_type": "REFRESH"
}
Response
{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}
Get a list of assets affected by a specific vulnerability CVE ID.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cveId}/devices
Request Body
{
"os_product_id": "<string>",
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values | Required |
---|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A | Yes |
query |
Query to search vulnerability list for. | String | N/A | No |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
No |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 | No |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: deployment_type , name , last_sync_ts , os , os_arch , os_name , os_type , os_version , sync_type , sync_status , vm_id |
No |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
No |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved device list | application/json | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/devices
Request Body
{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"type": "WORKLOAD",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}
Get a list of vCenter assets affected by a specific vulnerability CVE ID.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/{cveId}/devices
Request Body
{
"os_product_id": "<string>",
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
Field | Definition | Data Type | Values | Required |
---|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A | Yes |
query |
Query to search vulnerability list for. | String | N/A | No |
rows |
For pagination, how many results to return per page. | Integer | Max: 200
Default: 20 |
No |
start |
For pagination, where to start retrieving results from. | Integer | Default: 0 | No |
criteria |
Criteria is an object that represents values that must be in the results. | Object | Criteria Schema
Supported properties: deployment_type , name , last_sync_ts , os , os_arch , os_name , os_type , os_version , sync_type , sync_status , vm_id |
No |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array |
order supports ASC or DESC
Supported fields: deployment_type , vm_id , name , os_type , os_name , os_version , os_arch , vuln_count , severity , highest_risk_score , sync_type , sync_status , last_sync_ts |
No |
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Successfully retrieved device list | application/json | See example response below |
400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
404 | Resource not found | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/CVE-0001-001/devices
Request Body
{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "highest_risk_score",
"order": "DESC"
}
]
}
Response
{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}
Get vulnerability details for a specific CVE ID.
RBAC Permissions Required
Identity Manager | Permission (.notation name) | Operation(s) | Environment |
---|---|---|---|
Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
VMware Cloud Services Platform | _API.Vulnerability:vulnerabilityAssessment.Data.read |
N/A - included in permission name | Prod UK |
Request
GET <cbc-hostname>/vulnerability/assessment/api/v1/vulnerabilities/{cveId}
Response
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Vulnerability details retrieved successfully | application/json | See example response below |
400 | Error occurred while getting the configuration | N/A | N/A |
401 | Not authenticated | N/A | N/A |
403 | Forbidden | N/A | N/A |
500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/vulnerabilities/CVE-0001-001
Response
{
"cvss_access_complexity": "Low",
"cvss_access_vector": "Local access",
"cvss_authentication": "None required",
"cvss_availability_impact": "Partial",
"cvss_confidentiality_impact": "None",
"cvss_integrity_impact": "None",
"easily_exploitable": false,
"malware_exploitable": false,
"active_internet_breach": false,
"cvss_exploit_subscore": 3.9,
"cvss_impact_subscore": 2.9,
"cvss_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C",
"cvss_v3_exploit_subscore": 3.9,
"cvss_v3_impact_subscore": 2.9,
"cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"cvss_score": 3.9,
"cvss_v3_score": 3.9
}
Field | Definition | Data Type | Values |
---|---|---|---|
os_info |
Information on the device’s operating system | Object | Operating System Info |
monitored |
Whether the device is being monitored for vulnerabilities | Boolean | true , false |
os_compatible |
Whether the operating system is compatible with vulnerability monitoring | Boolean | true , false |
sensor_compatible |
Whether the sensor is compatible with vulnerability monitoring | Boolean | true , false |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED" ] |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
severity_counts |
Number of each type of severity | Object | Severity Counts |
Field | Definition | Data Type | Values |
---|---|---|---|
os_name |
Operating system name | String | N/A |
os_version |
Operating system version | String | N/A |
os_arch |
Operating system architecture | String | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
critical |
Number of critical severities | Integer | N/A |
important |
Number of important severities | Integer | N/A |
moderate |
Number of moderate severities | Integer | N/A |
low |
Number of low severities | Integer | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
monitored_assets |
Number of assets being monitored | Integer | N/A |
severity_summary |
Information about vulnerabilities at each severity level | Object | Severity Summary |
Field | Definition | Data Type | Values |
---|---|---|---|
ALL |
Combined information for all vulnerabilities | Object | Severity Level Summary |
CRITICAL |
Information on critical vulnerabilities | Object | Severity Level Summary |
MODERATE |
Information on moderate vulnerabilities | Object | Severity Level Summary |
LOW |
Information on low vulnerabilities | Object | Severity Level Summary |
Field | Definition | Data Type | Values |
---|---|---|---|
vuln_assets_count |
Number of assets associated with this vulnerability level | Integer | N/A |
vuln_count |
Number of vulnerabilities at this level | Integer | N/A |
total_vuln_count |
Integer | N/A | |
asset_summary |
Summary of assets by operating system | Object | Asset Summary |
Field | Definition | Data Type | Values |
---|---|---|---|
LINUX |
Information on vulnerabilities for Linux systems | Object | Asset Level Summary |
WINDOWS |
Information on vulnerabilities for Windows systems | Object | Asset Level Summary |
Field | Definition | Data Type | Values |
---|---|---|---|
monitored_assets |
Number of assets being monitored for vulnerabilities | Integer | N/A |
vuln_assets_count |
Number of assets with vulnerabilities | Integer | N/A |
total_vuln_count |
Number of vulnerabilities for this asset type | Integer | N/A |
os_vuln_count |
Number of vulnerabilities for this asset operating system | Integer | N/A |
products_vuln_count |
Number of vulnerabilities for applications on this asset type | Integer | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
num_found |
Number of matching devices | Integer | N/A |
results |
List of matching devices | Array | Device Summary |
Field | Definition | Data Type | Values |
---|---|---|---|
device_id |
ID of the device | Integer | N/A |
type |
Device type | String | WORKLOAD , ENDPOINT |
vm_id |
ID of the virtual machine | String | N/A |
name |
Name of the device | String | N/A |
os_info |
Information about the device operating system | Object | Device Summary Operating System Info |
severity |
Highest severity associated with the device | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW" ] |
highest_risk_score |
Highest risk score associated with the device | Double | N/A |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync. | String | ["MANUAL", "SCHEDULED" ] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED" ] |
cve_ids |
List of CVE ID’s associated with the device | List[String] | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
os_type |
Operating system type. | String | ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS" ] |
os_name |
Operating system name. | String | N/A |
os_version |
Operating system version. | String | N/A |
os_arch |
Operating system architecture. | String | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
num_found |
Number of matching vulnerabilities | Integer | N/A |
results |
List of matching vulnerabilities | Array | Device Vulnerability List |
Field | Definition | Data Type | Values |
---|---|---|---|
os_product_id |
Operating system product ID | String | N/A |
category |
Vulnerability category | String | APP , OS |
os_info |
Information about the operating system associated with the vulnerability | Object | Device Summary Operating System Info |
product_info |
Information about the vulnerable product | Object | Product Info |
vuln_info |
Information about the vulnerability | Object | Vulnerability Info |
device_count |
Number of affected devices | Integer | N/A |
affected_assets |
List of affected assets | List[String] | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
vendor |
The product creator | String | N/A |
product |
The product name | String | N/A |
version |
The product version | String | N/A |
release |
The product release | String | N/A |
arch |
The product architecture | String | N/A |
Field | Definition | Data Type | Values |
---|---|---|---|
cve_id |
The CVE ID | String | N/A |
cve_description |
The CVE description | String | N/A |
risk_meter_score |
The risk meter scoere | Double | N/A |
severity |
The vulnerability severity | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW" ] |
fixed_by |
The fix for the vulnerability | String | N/A |
solution |
The solution for the vulnerability | String | N/A |
created_at |
When the vulnerability was identified | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
nvd_link |
National Vulnerability Database URL | String | N/A |
cvss_access_complexity |
Complexity of the attack required to exploit the vulnerability | String | ["High", "Medium", "Low" ] |
cvss_access_vector |
How the vulnerability is exploited | String | ["Local", "Adjacent Network", "Network" ] |
cvss_authentication |
Number of times an attack must authenticate to a target to exploit the vulnerability | String | ["Multiple", "Single", "None" ] |
cvss_availability_impact |
Impact to availability of successful exploit of the vulnerability | String | ["Complete", "Partial", "None" ] |
cvss_confidentiality_impact |
Impact to confidentiality of successful exploit of the vulnerability | String | ["Complete", "Partial", "None" ] |
cvss_integrity_impact |
Impact to integrity of successful exploit of the vulnerability | String | ["Complete", "Partial", "None" ] |
easily_exploitable |
Whether the vulnerability is easily exploitable | Boolean | true , false |
malware_exploitable |
Availability of an exploit module in a weaponized exploit kit such as Metasploit or Angler | Boolean | true , false |
active_internet_breach |
Presence of a near-real-time exploitation | Boolean | true , false |
cvss_exploit_subscore |
How vulnerable a vulnerability is to attack | Double | N/A |
cvss_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited | Double | N/A |
cvss_vector |
CVSS Base Vector string, the compressed textual representation of the CVSS score | String | Base Vector String |
cvss_v3_exploit_subscore |
How vulnerable a vulnerability is to attack, based on CVSS v3 calculation | Double | N/A |
cvss_v3_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited, based on CVSS v3 calculation | Double | N/A |
cvss_v3_vector |
CVSS Vector string, the compressed textual representation of the CVSS v3 score | String | Vector String |
cvss_score |
CVSS Vulnerability score | Double | N/A |
cvss_v3_score |
CVSS v3 Vulnerability score | Double | N/A |
{
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
}
}
Field | Definition | Data Type | Values |
---|---|---|---|
property |
Property to filter results on. | Object | Properties |
value |
Property value to add to search criteria. | Varies depending on property and operator. Supports String, Integer, Double, or Array. | N/A |
operator |
Logic operator to apply to property value. | String | EQUALS , NOT_EQUALS , GREATER_THAN , LESS_THAN , IS_NULL , IS_NOT_NULL , IS_TRUE , IS_FALSE , IN , NOT_IN , LIKE |
Note: See API for supported properties, not all may be supported
Field | Definition | Data Type | Values |
---|---|---|---|
arch |
The product architecture | String | N/A |
category |
Vulnerability category | String | APP , OS |
created_at |
When the vulnerability was identified | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
cve_id |
The CVE ID | String | N/A |
deployment_type |
Type of device. | String | ["WORKLOAD", "ENDPOINT" ] |
device_count |
Number of affected devices | Integer | N/A |
fixed_by |
The fix for the vulnerability | String | N/A |
last_sync_ts |
Last sync time. | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
name |
Device name. | String | Any string, e.g., "windows-2012-desktop" |
os_arch |
Operating system architecture. | String | Any string, e.g., "x86_64" |
os_name |
Operating system name. | String | Any string, e.g., "Red Hat Enterprise Linux Server" |
os_type |
Operating system type. | String | ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS" ] |
os_version |
Operating system version. | String | Any string, e.g., "7.2.0" |
product |
The product name | String | N/A |
release |
The product release | String | N/A |
risk_meter_score |
The risk meter scoere | Double | N/A |
severity |
Vulnerability severity level. | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW" ] |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync. | String | ["MANUAL", "SCHEDULED" ] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED" ] |
vendor |
The product creator | String | N/A |
version |
The product version | String | N/A |
vm_id |
Virtual Machine ID. | String | Any string, e.g.,"vm-30" |