Vulnerability Assessment API
Overview
The Vulnerability Assessment API allows users to view asset (Endpoint or Workload) vulnerabilities, increase security visibility, and undertake prioritized proactive security patching on critical systems. The API provides a summary of vulnerability information filtered at the organization level, by device, or by vulnerability CVE ID. With a list of vulnerabilities prioritized by severity, exploitability, and current activity, users can apply proactive and impactful vulnerability patches.
In July 2023 the Vulnerability Assessment capability was updated to also work with MacOS. The changes in the API is the new value MAC for os_type and a section for “MAC” in asset summaries.
Use Cases
- Filterable Vulnerability information
- Summaries or lists of Vulnerabilities that can be prioritized by severity, exploitability, and current activity.
- Vulnerability Device Actions
Requirements
- Workload Vulnerabilities
- Appliance and vSphere configured to communicate with the Carbon Black Cloud see Installation Guide for more information
- Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages
- Endpoint Vulnerabilities
- Carbon Black Cloud Endpoint - You must have purchased one of the Carbon Black Cloud Endpoint packages
- All API calls require an API key with appropriate permissions see Authentication
Guides and Resources
- Carbon Black Cloud User Guide - Harden - Managing Vulnerabilities
- Carbon Black Cloud Python SDK
- Carbon Black Cloud SDK Guide - Managing Vulnerabilities
- Carbon Black Postman Workspace
Authentication
Determine whether you use Carbon Black Cloud or VMware Cloud Services Platform to manage identity and authorization, or see the Carbon Black Cloud API Access Guide for complete instructions.Carbon Black Cloud Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with Role-Based Access Control; All APIs and Services authenticate via API Keys. To access the data in Carbon Black Cloud via API, you must set up a key with the correct permissions for the calls you want to make and pass it in the HTTP Headers.
Environment
Available on majority of environments; Use the Carbon Black Cloud Console URL, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- Info for an org: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/
- Info for a vCenter: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/
- Info for a device: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/
- Info for a CVE: {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/
Access Level
Before you create your API Key, you need to create a "Custom" Access Level including each category:
- Vulnerability > Vulnerability Assessment Data > vulnerabilityAssessment.data, allow permission to
READ, EXECUTE
API Key
When creating your API Key, use the Access Level Type of "Custom" and select the Access Level you created. Details on constructing and passing the API Key in your requests are available here.
Quick Start
Criteria
The Vulnerability search endpoints utilize a new pattern to combine multiple criteria’s using an operator and value. Below you can find the supported operators as well as the properties that can be filtered.
{
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
}
}| Field | Definition | Data Type | Values |
|---|---|---|---|
property |
Property to filter results on | Object | See Supported Criteria Properties below |
value |
Property value to add to search criteria | Varies depending on property and operator. Supports String, Integer, Double, or Array | N/A |
operator |
Logic operator to apply to property value | String | EQUALS, NOT_EQUALS, GREATER_THAN, LESS_THAN, IS_NULL, IS_NOT_NULL, IS_TRUE, IS_FALSE, IN, NOT_IN, LIKE |
Note: See API for supported properties, not all may be supported for every search endpoint.
| Field | Definition | Data Type | Values |
|---|---|---|---|
arch |
The product architecture | String | N/A |
category |
Vulnerability category | String | APP, OS |
created_at |
When the vulnerability was identified | Date-time formatted string | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
cve_id |
The CVE ID | String | N/A |
deployment_type |
Type of device | String | ["WORKLOAD", "ENDPOINT"] |
device_count |
Number of affected devices | Integer | N/A |
fixed_by |
The fix for the vulnerability | String | N/A |
last_sync_ts |
Last sync time | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
name |
Device name | String | Any string, e.g., "windows-2012-desktop" |
os_arch |
Operating system architecture | String | Any string, e.g., "x86_64" |
os_name |
Operating system name | String | Any string, e.g., "Red Hat Enterprise Linux Server" |
os_product_id |
Operating system product ID | String | N/A |
os_type |
Operating system type | String | ["WINDOWS", "SLES", "CENTOS", "UBUNTU", "RHEL", "SUSE", "AMAZON_LINUX", "ORACLE", "OTHER", "LINUX", "SDDC", "MAC"] |
os_version |
Operating system version | String | Any string, e.g., "7.2.0" |
product |
The product name | String | N/A |
release |
The product release | String | N/A |
risk_meter_score |
The risk meter score | Double | N/A |
severity |
Vulnerability severity level | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync | String | ["MANUAL", "SCHEDULED"] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
vendor |
The product creator | String | N/A |
version |
The product version | String | N/A |
vm_id |
Virtual Machine ID | String | Any string, e.g.,"vm-30" |
API Calls
Note: Many of the API calls below offer a separate path for specifying the vCenter. This allows you to filter down to a single center instead of across all workloads.Vulnerability
The Vulnerability API calls provide detailed Vulnerability information by organization, vCenter, device, or CVE.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
Get Vulnerability by CVE
Request
GET {cbc-hostname}/vulnerability/assessment/api/v1/vulnerabilities/{cve_id}
Path Schema
| Variable | Definition | Example |
|---|---|---|
cveId |
Filter down to a single CVE (Common Vulnerabilities and Exposures) | CVE-0001-001 |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Vulnerability details retrieved successfully | application/json | See example response below |
| 400 | Error occurred while getting the configuration | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/vulnerabilities/CVE-0001-001X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"cvss_access_complexity": "Low",
"cvss_access_vector": "Local access",
"cvss_authentication": "None required",
"cvss_availability_impact": "Partial",
"cvss_confidentiality_impact": "None",
"cvss_integrity_impact": "None",
"easily_exploitable": false,
"malware_exploitable": false,
"active_internet_breach": false,
"cvss_exploit_subscore": 3.9,
"cvss_impact_subscore": 2.9,
"cvss_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C",
"cvss_v3_exploit_subscore": 3.9,
"cvss_v3_impact_subscore": 2.9,
"cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"cvss_score": 3.9,
"cvss_v3_score": 3.9
}Search Vulnerabilities
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
Query Parameters
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. If not set to true, vuln_info will be null. | Boolean | true, false |
vulnerabilityVisibility |
Filter down to vulnerabilities of a specific visibility type. | String | DISMISSED, ACTIVE |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: cve_id, category, os, fixed_by, risk_meter_score, severity, os_type, os_name, os_version, vendor, deployment_type, device_type, product, version, arch, created_at, device_count |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Results |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_name": {
"value": "Red Hat Enterprise Linux",
"operator": "NOT_EQUALS"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_type": {
"value": ["CENTOS", "UBUNTU"],
"operator": "NOT_IN"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"os_product_id": "18_2517",
"category": "APP",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 R2 Standard",
"os_version": "6.3.9600",
"os_arch": "64-bit"
},
"product_info": {
"vendor": "Python Software Foundation",
"product": "Python 3.6.4 (64-bit)",
"version": "3.6.4150.0",
"release": null,
"arch": ""
},
"vuln_info": {
"cve_id": "CVE-2007-4559",
"cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
"risk_meter_score": 2.9,
"severity": "LOW",
"fixed_by": null,
"solution": null,
"created_at": "2007-08-28T01:17:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Search Specific Device Vulnerabilities
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/_search
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
vm_id |
Filter down to a single virtual machine | vm-1 |
Query Parameters
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. If not set to true, vuln_info will be null. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: cve_id, category, os, fixed_by, risk_meter_score, severity, os_type, os_name, os_version, vendor, deployment_type, device_type, product, version, arch, created_at, device_count |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved vulnerability list | application/json | Results |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/_search?dataForExport=falseX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_type": {
"value": "MANUAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"sync_status": {
"value": "IN_PROGRESS",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"os_product_id": "90_5363",
"category": "APP",
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"product_info": {
"vendor": "CentOS",
"product": "python",
"version": "2.7.5",
"release": "16.el7",
"arch": "x86_64"
},
"vuln_info": {
"cve_id": "CVE-2014-4650",
"cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"risk_meter_score": 4.9,
"severity": "MODERATE",
"fixed_by": "0:2.7.5-34.el7",
"solution": null,
"created_at": "2020-02-20T17:15:00Z",
"nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
"cvss_access_complexity": null,
"cvss_access_vector": null,
"cvss_authentication": null,
"cvss_availability_impact": null,
"cvss_confidentiality_impact": null,
"cvss_integrity_impact": null,
"easily_exploitable": null,
"malware_exploitable": null,
"active_internet_breach": null,
"cvss_exploit_subscore": null,
"cvss_impact_subscore": null,
"cvss_vector": null,
"cvss_v3_exploit_subscore": null,
"cvss_v3_impact_subscore": null,
"cvss_v3_vector": null,
"cvss_score": null,
"cvss_v3_score": null
},
"device_count": 1,
"affected_assets": null
}
]
}Export Vulnerabilities
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
Query Parameters
| Field | Definition | Data Type | Values |
|---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id in JSON format instead of CSV | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: cve_id, category, os, fixed_by, risk_meter_score, severity, os_type, os_name, os_version, vendor, deployment_type, device_type, product, version, arch, created_at, device_count |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv (or JSON if async = true) | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"name": {
"value": "windows_",
"operator": "LIKE"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"last_sync_ts": {
"value": "",
"operator": "IS_NOT_NULL"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"Export Specific Device Vulnerabilities
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/export
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Schema
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
device_id |
Filter down to a single device | 1234 |
vm_id |
Filter down to a single virtual machine | vm-1 |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability list for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: cve_id, category, os, fixed_by, risk_meter_score, severity, os_type, os_name, os_version, vendor, deployment_type, device_type, product, version, arch, created_at, device_count |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv (or JSON if async = true) | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": ["CRITICAL", "IMPORTANT"],
"operator": "IN"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "risk_meter_score",
"order": "DESC"
}
]
}"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"Vulnerability Summary
The Vulnerability Summary API calls provide Vulnerability counts and a Severity Summary by organization, vCenter, and device.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
Get Vulnerability Summary
Requests
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/summary
Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
Query Parameters
| Field | Description | Data Type | Values |
|---|---|---|---|
deploymentType |
Limits the results to one or more deployment types. Use comma separated list for multiple values | String | ENDPOINT, WORKLOAD |
severity |
Severity level to filter on | String | CRITICAL, IMPORTANT, MODERATE, LOW |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved summary | application/json | Vulnerability Summary |
| 400 | Error occurred while retrieving the summary | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/summary?deploymentType=ENDPOINT,WORKLOADX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
},
"MAC": {
"monitored_assets": 5,
"vuln_assets_count": 2,
"total_vuln_count": 7,
"os_vuln_count": 3,
"products_vuln_count": 1
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
},
"MAC": {
"monitored_assets": 5,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 1,
"products_vuln_count": 1
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
},
"MAC": {
"monitored_assets": 5,
"vuln_assets_count": 24,
"total_vuln_count": 14,
"os_vuln_count": 16,
"products_vuln_count": 1
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
},
"MAC": {
"monitored_assets": 5,
"vuln_assets_count": 2,
"total_vuln_count": 7,
"os_vuln_count": 3,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
},
"MAC": {
"monitored_assets": 5,
"vuln_assets_count": 1,
"total_vuln_count": 1,
"os_vuln_count": 1,
"products_vuln_count": 1
}
}
}
}
}
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/summaryX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"monitored_assets": 13,
"severity_summary": {
"ALL": {
"vuln_assets_count": 13,
"vuln_count": 7616,
"total_vuln_count": 9856,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 9123,
"os_vuln_count": 4143,
"products_vuln_count": 2740
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 733,
"os_vuln_count": 717,
"products_vuln_count": 16
}
}
},
"MODERATE": {
"vuln_assets_count": 13,
"vuln_count": 391,
"total_vuln_count": 505,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 449,
"os_vuln_count": 164,
"products_vuln_count": 171
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 56,
"os_vuln_count": 56,
"products_vuln_count": 0
}
}
},
"LOW": {
"vuln_assets_count": 13,
"vuln_count": 7160,
"total_vuln_count": 9270,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 8605,
"os_vuln_count": 3946,
"products_vuln_count": 2549
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 665,
"os_vuln_count": 650,
"products_vuln_count": 15
}
}
},
"IMPORTANT": {
"vuln_assets_count": 13,
"vuln_count": 60,
"total_vuln_count": 76,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 12,
"total_vuln_count": 66,
"os_vuln_count": 30,
"products_vuln_count": 20
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 10,
"os_vuln_count": 9,
"products_vuln_count": 1
}
}
},
"CRITICAL": {
"vuln_assets_count": 2,
"vuln_count": 5,
"total_vuln_count": 5,
"asset_summary": {
"LINUX": {
"monitored_assets": 12,
"vuln_assets_count": 1,
"total_vuln_count": 3,
"os_vuln_count": 3,
"products_vuln_count": 0
},
"WINDOWS": {
"monitored_assets": 1,
"vuln_assets_count": 1,
"total_vuln_count": 2,
"os_vuln_count": 2,
"products_vuln_count": 0
}
}
}
}
}Get Specific Device Vulnerability Summary
Requests
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/summary
GET {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/summary
Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
device_id |
Filter down to a single device | 1234 |
vm_id |
Filter down to a single virtual machine | vm-1 |
Query Parameters
| Field | Description | Data Type | Values |
|---|---|---|---|
category |
Category to match on | String | OS, APP |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Request | application/json | Device Vulnerability Summary |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/summary?category=OSX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/summary?category=OSX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"os_info": {
"os_type": "CENTOS",
"os_name": "CentOS Linux",
"os_version": "7.1.1503",
"os_arch": "x86_64"
},
"monitored": true,
"os_compatible": true,
"sensor_compatible": true,
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"last_sync_ts": "2020-10-30T16:17:16.078363Z",
"severity_counts": {
"critical": 0,
"important": 7,
"moderate": 45,
"low": 804
}
}Search Vulnerability Summary
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/_search
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/_search
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
Query Parameters
| Field | Description | Data Type | Values |
|---|---|---|---|
dataForExport |
Whether to send detailed data for export. If not set to true, vuln_info will be null. | Boolean | true, false |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved device list | application/json | Results |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"highest_risk_score": {
"value": 8,
"operator": "GREATER_THAN"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"device_id": 7330223,
"type": "WORKLOAD",
"vm_id": "vm-32",
"name": "shwetap-windows_2012-2",
"host_name": "localhost.localdomain",
"vm_name": "shwetap-windows_2012-2",
"os_info": {
"os_type": "WINDOWS",
"os_name": "Microsoft Windows Server 2012 Standard",
"os_version": "6.2.9200",
"os_arch": "64-bit"
},
"vuln_count": 733,
"severity": "CRITICAL",
"highest_risk_score": 10.0,
"last_sync_ts": "2020-10-30T16:00:52.897987Z",
"sync_type": "SCHEDULED",
"sync_status": "COMPLETED",
"cve_ids": null
}
]
}Export Vulnerability Summary
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/export
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/export
Request Body
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Variables
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
Query Parameters
| Field | Definition | Data Type | Values |
|---|---|---|---|
async |
Optional indicator to export asynchronously and return a job id in JSON format instead of CSV | Boolean | Default: false |
Note: The response will include a job_id which will be used with the Job Service API to fetch the export file.
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query to search vulnerability summary for | String | N/A |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: arch, category, created_at, deployment_type, device_count, fixed_by, os, os_name, os_type, os_version, product, risk_meter_score, severity, vendor, version, release |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: deployment_type, vm_id, name, os_type, os_name, os_version, os_arch, sync_type, sync_status, last_sync_ts |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request | application/csv (or JSON if async = true) | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_version": {
"value": "7.2.0",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"
Request
Request Headers
Request Body
Response
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"os_arch": {
"value": ["64-bit", "x86_64"],
"operator": "IN"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"Refresh Vulnerability Scan for Specific Device
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/device_actions
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/device_actions
Request Body
{
"action_type": "<string>"
}Path Schema
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
device_id |
Filter down to a single device | 1234 |
vm_id |
Filter down to a single virtual machine | vm-1 |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action_type |
Action to initiate | String | REFRESH |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully initiated device action | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/device_actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action_type": "REFRESH"
}{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/device_actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action_type": "REFRESH"
}{
"created_at": "2021-02-09T07:29:09.179588Z",
"device_id": 1234,
"lq_query_id": "wxyvyzqoxsvaop7t9jgnpycnxgvnnmdu",
"lq_query_status": "ACTIVE",
"org_key": "ABCD1234",
"schedule_type": "LINUX_OS_PRODUCT",
"updated_at": "2021-02-09T07:29:09.179589Z"
}Search Affected Devices for a Specific Vulnerability
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
READ |
Majority of environments |
Requests
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cve_id}/devices
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/{cve_id}/devices
Request Body
{
"os_product_id": "<string>",
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Path Schema
| Variable | Definition | Example |
|---|---|---|
org_key |
Filter down to a single organization | ABCD1234 |
vcenter_uuid |
Filter down to a single center instead of across all workloads | ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78 |
cveId |
Filter down to a single CVE (Common Vulnerabilities and Exposures) | CVE-0001-001 |
Body Schema
| Field | Definition | Data Type | Values | Required |
|---|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A | Yes |
query |
Query to search vulnerability list for | String | N/A | No |
rows |
For pagination, how many results to return per page | Integer | Max: 1000
Default: 20 |
No |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 | No |
criteria |
Criteria is an object that represents values that must be in the results | Object | Supported properties: deployment_type, name, last_sync_ts, os, os_arch, os_name, os_type, os_version, sync_type, sync_status, vm_id |
No |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. |
Array | order supports ASC or DESC
Supported fields: name ,deployment_type, device_type |
No |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved device list | application/json | See example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/devicesX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"type": "WORKLOAD",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/CVE-0001-001/devicesX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"os_product_id": "313_0",
"query": "Python",
"rows": 20,
"start": 0,
"criteria": {
"severity": {
"value": "CRITICAL",
"operator": "EQUALS"
}
},
"sort": [
{
"field": "name",
"order": "DESC"
}
]
}{
"num_found": 1,
"results": [
{
"device_id": 1,
"vm_id": "vm-1",
"name": "VM-1",
"host_name": "localhost.localdomain",
"vm_name": "VM-1"
}
]
}Hide/Dismiss Vulnerabilities
The Hide/Dismiss Vulnerabilities API allows you to dismiss vulnerabilities you no longer want to see. You can also use this API to unhide vulnerabilities in order to regain visibility or to update the dismissal reason.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | vulnerabilityAssessment.data |
EXECUTE |
Majority of environments |
Request
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cve_id}/actions
Request Body
{
"query": "<string>",
"rows": "<integer>",
"start": "<integer>",
"criteria": {
"property": {
"value": "<string>",
"operator": "<string>"
}
},
"action_type": "<string>",
"dismiss_reason": "<string>",
"notes": "<string>",
"rule_ids": "<array>"
}Path Schema
| Variable | Definition | Example |
|---|---|---|
orgKey |
Filter down to a single organization | ABCD1234 |
cveId |
Filter down to a single CVE (Common Vulnerabilities and Exposures) | CVE-0001-001 |
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action_type
REQUIRED |
Action to initiate | String | DISMISS, UNDISMISS, DISMISS_EDIT |
criteria
REQUIRED for DISMISS |
Criteria is an object that represents values that must be in the results. | Object | deployment_type,
os_product_id REQUIRED
for DISMISS |
dismiss_reason
REQUIRED |
Dismiss reason | String | FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER |
notes
REQUIRED if dismiss_reason is “OTHER” |
Notes related to dismissal | String | N/A |
rule_ids |
Filter down to specific vulnerability rules | Array[Integer] | N/A |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully initiated vulnerability action | application/json | See example responses below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 401 | Not authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Resource not found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Note: You can retrieve a list of vulnerabilities that have been dismissed with the following request:
POST {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search?vulnerabilityVisibility=DISMISSED
Examples
Dismiss Vulnerability - Dismiss the CVE for the devices having the specified OS products.
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action_type": "DISMISS",
"dismiss_reason": "FALSE_POSITIVE",
"notes": "Pending SecOps consultation",
"rule_ids" : [
1
],
"criteria": {
"os_product_id":{
"operator":"EQUALS",
"value":"313_0"
}
}
}{
"rule_id": 1,
"dismiss_reason": "FALSE_POSITIVE",
"notes": "Pending SecOps consultation",
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-30T16:17:16.078363Z"
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \
-d '{
"action_type": "DISMISS",
"dismiss_reason": "FALSE_POSITIVE",
"notes": "Pending SecOps consultation",
"rule_ids" : [
1
],
"criteria": {
"os_product_id":{
"operator":"EQUALS",
"value":"313_0"
}
}
}'
{
"rule_id": 1,
"dismiss_reason": "FALSE_POSITIVE",
"notes": "Pending SecOps consultation",
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-30T16:17:16.078363Z"
}
Examples
Undismiss Vulnerability - Undismiss the CVE for the applicable devices corresponding to a prior Dismiss action.
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action_type": "UNDISMISS",
"rule_ids" : [
1
]
}{
"rule_id": 1,
"dismiss_reason": null,
"notes": null,
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-31T16:17:16.078363Z"
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \
-d '{
"action_type": "UNDISMISS"
}'
{
"rule_id": null,
"dismiss_reason": null,
"notes": null,
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-31T16:17:16.078363Z"
}Examples
Edit Dismiss Details - Edit the 'Dismiss Reason' and 'Notes' provided at the time of prior Dismiss action.
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action_type": "DISMISS_EDIT",
"dismiss_reason": "NON_CRITICAL_ASSET"
}{
"rule_id": 1,
"dismiss_reason": "NON_CRITICAL_ASSET",
"notes": "Pending SecOps consultation",
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-31T16:17:16.078363Z"
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/actions \
-X POST \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456' \
-H 'Content-Type: application/json' \
-d '{
"action_type": "DISMISS_EDIT",
"dismiss_reason": "NON_CRITICAL_ASSET"
}'
{
"rule_id": 1,
"dismiss_reason": "NON_CRITICAL_ASSET",
"notes": "Pending SecOps consultation",
"created_by": "admin1@vmw.com",
"updated_by": "admin2@vmw.com",
"created_at": "2020-10-30T16:17:16.078363Z",
"updated_at": "2022-10-31T16:17:16.078363Z"
}Fields
Vulnerability
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_product_id |
Operating system product ID | String | N/A |
category |
Vulnerability category | String | APP, OS |
os_info |
Information about the operating system associated with the vulnerability | Object | Operating System Info |
product_info |
Information about the vulnerable product | Object | Product Info |
vuln_info |
Information about the vulnerability | Object | Vulnerability Info |
device_count |
Number of affected devices | Integer | N/A |
affected_assets |
List of affected assets | List[String] | N/A |
dismissed |
Whether or not the vulnerability has been dismissed | Boolean | TRUE, FALSE |
dismiss_reason |
Dismiss reason | String | FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER |
notes |
Notes related to dismissal | String | N/A |
dismissed_on |
Date of initiated dismiss action | String | N/A |
dismissed_by |
User who initiated dismiss action | String | N/A |
Operating System Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_type |
Operating system type | String | ["WINDOWS", "SLES", "CENTOS", "UBUNTU", "RHEL", "SUSE", "AMAZON_LINUX", "ORACLE", "OTHER", "LINUX", "SDDC", "MAC"] |
os_name |
Operating system name | String | N/A |
os_version |
Operating system version | String | N/A |
os_arch |
Operating system architecture | String | N/A |
Product Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
vendor |
The product creator | String | N/A |
product |
The product name | String | N/A |
version |
The product version | String | N/A |
release |
The product release | String | N/A |
arch |
The product architecture | String | N/A |
Vulnerability Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
cve_id |
The CVE ID | String | N/A |
cve_description |
The CVE description | String | N/A |
risk_meter_score |
The risk meter score | Double | N/A |
severity |
The vulnerability severity | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
fixed_by |
The fix for the vulnerability | String | N/A |
solution |
The solution for the vulnerability | String | N/A |
created_at |
When the vulnerability was identified | Date-time formatted string | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
nvd_link |
National Vulnerability Database URL | String | N/A |
cvss_access_complexity |
Complexity of the attack required to exploit the vulnerability | String | ["High", "Medium", "Low"] |
cvss_access_vector |
How the vulnerability is exploited | String | ["Local", "Adjacent Network", "Network"] |
cvss_authentication |
Number of times an attack must authenticate to a target to exploit the vulnerability | String | ["Multiple", "Single", "None"] |
cvss_availability_impact |
Impact to availability of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
cvss_confidentiality_impact |
Impact to confidentiality of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
cvss_integrity_impact |
Impact to integrity of successful exploit of the vulnerability | String | ["Complete", "Partial", "None"] |
easily_exploitable |
Whether the vulnerability is easily exploitable | Boolean | true, false |
malware_exploitable |
Availability of an exploit module in a weaponized exploit kit such as Metasploit or Angler | Boolean | true, false |
active_internet_breach |
Presence of a near-real-time exploitation | Boolean | true, false |
cvss_exploit_subscore |
How vulnerable a vulnerability is to attack | Double | N/A |
cvss_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited | Double | N/A |
cvss_vector |
CVSS Base Vector string, the compressed textual representation of the CVSS score | String | Base Vector String |
cvss_v3_exploit_subscore |
How vulnerable a vulnerability is to attack, based on CVSS v3 calculation | Double | N/A |
cvss_v3_impact_subscore |
How significantly an asset will be affected if the vulnerability is exploited, based on CVSS v3 calculation | Double | N/A |
cvss_v3_vector |
CVSS Vector string, the compressed textual representation of the CVSS v3 score | String | Vector String |
cvss_score |
CVSS Vulnerability score | Double | N/A |
cvss_v3_score |
CVSS v3 Vulnerability score | Double | N/A |
Vulnerability Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
ID of the device | Integer | N/A |
type |
Device type | String | WORKLOAD, ENDPOINT |
vm_id |
ID of the virtual machine | String | N/A |
name |
Name of the device | String | N/A |
os_info |
Information about the device operating system | Object | Operating System Info |
severity |
Highest severity associated with the device | String | ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"] |
highest_risk_score |
Highest risk score associated with the device | Double | N/A |
last_sync_ts |
Last sync time | Date-time formatted string. | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
sync_type |
Whether a manual sync was triggered for the device, or if it was a scheduled sync | String | ["MANUAL", "SCHEDULED"] |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
dismissed |
Whether or not the vulnerability has been dismissed | Boolean | TRUE, FALSE |
dismiss_reason |
Dismiss reason | String | FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER |
notes |
Notes related to dismissal | String | N/A |
dismissed_on |
Date of initiated dismiss action | String | N/A |
dismissed_by |
User who initiated dismiss action | String | N/A |
Operating System Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_type |
Operating system type | String | ["WINDOWS", "SLES", "CENTOS", "UBUNTU", "RHEL", "SUSE", "AMAZON_LINUX", "ORACLE", "OTHER", "LINUX", "SDDC", "MAC"] |
os_name |
Operating system name | String | N/A |
os_version |
Operating system version | String | N/A |
os_arch |
Operating system architecture | String | N/A |
Device Vulnerability Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_info |
Information on the device’s operating system | Object | Operating System Info |
monitored |
Whether the device is being monitored for vulnerabilities | Boolean | true, false |
os_compatible |
Whether the operating system is compatible with vulnerability monitoring | Boolean | true, false |
sensor_compatible |
Whether the sensor is compatible with vulnerability monitoring | Boolean | true, false |
sync_status |
Device sync status | String | ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"] |
last_sync_ts |
Last sync time | Date-time formatted string | Any datetime, e.g.,"2020-01-02T03:04:05Z" |
severity_counts |
Number of each type of severity | Object | Severity Counts |
Severity Counts
| Field | Definition | Data Type | Values |
|---|---|---|---|
critical |
Number of critical severities | Integer | N/A |
important |
Number of important severities | Integer | N/A |
moderate |
Number of moderate severities | Integer | N/A |
low |
Number of low severities | Integer | N/A |
Severity Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
ALL |
Combined information for all vulnerabilities | Object | Severity Level Summary |
CRITICAL |
Information on critical vulnerabilities | Object | Severity Level Summary |
MODERATE |
Information on moderate vulnerabilities | Object | Severity Level Summary |
LOW |
Information on low vulnerabilities | Object | Severity Level Summary |
Severity Level Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
vuln_assets_count |
Number of assets associated with this vulnerability level | Integer | N/A |
vuln_count |
Number of vulnerabilities at this level | Integer | N/A |
total_vuln_count |
Integer | N/A | |
asset_summary |
Summary of assets by operating system | Object | Asset Summary |
Asset Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
LINUX |
Information on vulnerabilities for Linux systems | Object | Asset Level Summary |
WINDOWS |
Information on vulnerabilities for Windows systems | Object | Asset Level Summary |
MAC |
Information on vulnerabilities for Mac systems | Object | Asset Level Summary |
Asset Level Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
monitored_assets |
Number of assets being monitored for vulnerabilities | Integer | N/A |
vuln_assets_count |
Number of assets with vulnerabilities | Integer | N/A |
total_vuln_count |
Number of vulnerabilities for this asset type | Integer | N/A |
os_vuln_count |
Number of vulnerabilities for this asset operating system | Integer | N/A |
products_vuln_count |
Number of vulnerabilities for applications on this asset type | Integer | N/A |
Affected Assets
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
ID of the device | Integer | N/A |
type |
Device type | String | WORKLOAD, ENDPOINT |
vm_id |
ID of the virtual machine | String | N/A |
name |
Name of the device | String | N/A |
host_name |
Hostname of the device | String | N/A |
vm_name |
Name of the virtual machine | String | N/A |
policy_name |
Name of the policy | String | N/A |
Dismissed Vulnerability Rule
| Field | Definition | Data Type | Values | |
|---|---|---|---|---|
rule_id |
ID of the affected rule | Integer | N/A | |
dismiss_reason |
Dismiss reason | String | FALSE_POSITIVE, RESOLUTION_DEFERRED, NON_ISSUE, NON_CRITICAL_ASSET, UNDER_RESOLUTION, OTHER |
|
notes |
Notes related to dismissal | String | N/A | |
created_by |
User who created the rule | String | N/A | |
updated_by |
User who last updated the rule | String | N/A | |
created_at |
Date-time the rule was created | String | N/A | |
updated_at |
Date-time the rule was last updated | String | N/A |
Last modified on July 11, 2023