Vulnerability Assessment API

Introduction

The Cloud Workload Vulnerability Assessment API allows users to view data center asset vulnerabilities, increase security visibility, and undertake prioritized proactive security patching on critical systems. The API provides a summary of vulnerability information filtered at the organization level, by device, or by vulnerability CVE ID. With a list of vulnerabilities prioritized by severity, exploitability, and current activity, users can apply proactive and impactful vulnerability patches.

Use Cases

  • Vulnerability information filtered by organization, device, or vulnerability
  • Summaries or Lists of vulnerabilities that can be prioritized by severity, exploitability, and current activity.

Requirements

  • Appliance and vSphere configured to communicate with the Carbon Black Cloud see Installation Guide for more information
  • Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages
  • All API calls require an API key with appropriate permissions see Authentication

Authentication

  • Access Level: Before you create your API Key, you need to create a “Custom” Access Level:

    • for the category Vulnerability > Vulnerability Assessment Data > “vulnerabilityAssessment.data”, allow permission to READ, and EXECUTE (or see each call below for individual requirements)
  • API Key: When you create your API Key, use the Access Level Type of “Custom”, then select the Access Level you created.

  • Environment: use the URL of your Carbon Black Cloud console (this is the Dashboard URL)

  • API Route: {cbc-hostname}/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary

API Calls

Organization Level

Get Vulnerability Summary

Get a Vulnerability Summary at the organization level.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/summary

Query Schema

Field Description Data Type Values
severity Severity level to filter on. String CRITICAL, IMPORTANT, MODERATE, LOW

Response

Code Description Content-Type Content
200 Successfully retrieved summary application/json Organization Vulnerability Summary
400 Error occurred while retrieving the summary N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/summary

Response

{
    "monitored_assets": 13,
    "severity_summary": {
        "ALL": {
            "vuln_assets_count": 13,
            "vuln_count": 7616,
            "total_vuln_count": 9856,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 9123,
                    "os_vuln_count": 4143,
                    "products_vuln_count": 2740
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 733,
                    "os_vuln_count": 717,
                    "products_vuln_count": 16
                }
            }
        },
        "MODERATE": {
            "vuln_assets_count": 13,
            "vuln_count": 391,
            "total_vuln_count": 505,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 449,
                    "os_vuln_count": 164,
                    "products_vuln_count": 171
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 56,
                    "os_vuln_count": 56,
                    "products_vuln_count": 0
                }
            }
        },
        "LOW": {
            "vuln_assets_count": 13,
            "vuln_count": 7160,
            "total_vuln_count": 9270,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 8605,
                    "os_vuln_count": 3946,
                    "products_vuln_count": 2549
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 665,
                    "os_vuln_count": 650,
                    "products_vuln_count": 15
                }
            }
        },
        "IMPORTANT": {
            "vuln_assets_count": 13,
            "vuln_count": 60,
            "total_vuln_count": 76,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 66,
                    "os_vuln_count": 30,
                    "products_vuln_count": 20
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 10,
                    "os_vuln_count": 9,
                    "products_vuln_count": 1
                }
            }
        },
        "CRITICAL": {
            "vuln_assets_count": 2,
            "vuln_count": 5,
            "total_vuln_count": 5,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 3,
                    "os_vuln_count": 3,
                    "products_vuln_count": 0
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 2,
                    "os_vuln_count": 2,
                    "products_vuln_count": 0
                }
            }
        }
    }
}

Get Vulnerability Summary for vCenter

Get a Vulnerability Summary at the organization level for a vCenter Server.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/summary

Query Schema

Field Description Data Type Values
severity Severity level to filter on. String CRITICAL, IMPORTANT, MODERATE, LOW

Response

Code Description Content-Type Content
200 Successfully retrieved summary application/json Organization Vulnerability Summary
400 Error occurred while retrieving the summary N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/summary

Response

{
    "monitored_assets": 13,
    "severity_summary": {
        "ALL": {
            "vuln_assets_count": 13,
            "vuln_count": 7616,
            "total_vuln_count": 9856,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 9123,
                    "os_vuln_count": 4143,
                    "products_vuln_count": 2740
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 733,
                    "os_vuln_count": 717,
                    "products_vuln_count": 16
                }
            }
        },
        "MODERATE": {
            "vuln_assets_count": 13,
            "vuln_count": 391,
            "total_vuln_count": 505,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 449,
                    "os_vuln_count": 164,
                    "products_vuln_count": 171
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 56,
                    "os_vuln_count": 56,
                    "products_vuln_count": 0
                }
            }
        },
        "LOW": {
            "vuln_assets_count": 13,
            "vuln_count": 7160,
            "total_vuln_count": 9270,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 8605,
                    "os_vuln_count": 3946,
                    "products_vuln_count": 2549
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 665,
                    "os_vuln_count": 650,
                    "products_vuln_count": 15
                }
            }
        },
        "IMPORTANT": {
            "vuln_assets_count": 13,
            "vuln_count": 60,
            "total_vuln_count": 76,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 12,
                    "total_vuln_count": 66,
                    "os_vuln_count": 30,
                    "products_vuln_count": 20
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 10,
                    "os_vuln_count": 9,
                    "products_vuln_count": 1
                }
            }
        },
        "CRITICAL": {
            "vuln_assets_count": 2,
            "vuln_count": 5,
            "total_vuln_count": 5,
            "asset_summary": {
                "LINUX": {
                    "monitored_assets": 12,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 3,
                    "os_vuln_count": 3,
                    "products_vuln_count": 0
                },
                "WINDOWS": {
                    "monitored_assets": 1,
                    "vuln_assets_count": 1,
                    "total_vuln_count": 2,
                    "os_vuln_count": 2,
                    "products_vuln_count": 0
                }
            }
        }
    }
}

Get Asset View with Vulnerability Summary

Retrieve a device list with a Vulnerability Summary.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved device list application/json Paginated Device Summary
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/_search

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": 2,
    "results": [
        {
            "device_id": 7330223,
            "type": "WORKLOAD",
            "vm_id": "vm-32",
            "name": "shwetap-windows_2012-2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 Standard",
                "os_version": "6.2.9200",
                "os_arch": "64-bit"
            },
            "vuln_count": 733,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T16:00:52.897987Z",
            "sync_type": "SCHEDULED",
            "sync_status": "COMPLETED",
            "cve_ids": null
        },
        {
            "device_id": 7655988,
            "type": "WORKLOAD",
            "vm_id": "vm-34",
            "name": "cwp-bucket-1-windows_2012_r2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "vuln_count": 758,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T17:44:43.902389Z",
            "sync_type": "MANUAL",
            "sync_status": "COMPLETED",
            "cve_ids": null
        }
    ]
}

Get Asset View with Vulnerability Summary for vCenter

Retrieve a device list with a Vulnerability Summary for a vCenter Server.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vCenter device list application/json Paginated Device Summary
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/_search

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "highest_risk_score": {
        "value": 8,
        "operator": "GREATER_THAN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": 2,
    "results": [
        {
            "device_id": 7330223,
            "type": "WORKLOAD",
            "vm_id": "vm-32",
            "name": "shwetap-windows_2012-2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 Standard",
                "os_version": "6.2.9200",
                "os_arch": "64-bit"
            },
            "vuln_count": 733,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T16:00:52.897987Z",
            "sync_type": "SCHEDULED",
            "sync_status": "COMPLETED",
            "cve_ids": null
        },
        {
            "device_id": 7655988,
            "type": "WORKLOAD",
            "vm_id": "vm-34",
            "name": "cwp-bucket-1-windows_2012_r2",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "vuln_count": 758,
            "severity": "CRITICAL",
            "highest_risk_score": 10.0,
            "last_sync_ts": "2020-10-30T17:44:43.902389Z",
            "sync_type": "MANUAL",
            "sync_status": "COMPLETED",
            "cve_ids": null
        }
    ]
}

Export Asset View with Vulnerability Summary

Export a device list to a CSV file.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/summary/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/summary/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_version": {
        "value": "7.2.0",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"

Export Asset View with Vulnerability Summary for vCenter

Export a device list to a CSV file stream for a vCenter Server.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/summary/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/summary/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_arch": {
        "value": ["64-bit", "x86_64"],
        "operator": "IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Device Type","Name","OS Name","OS Version","OS Architecture","Severity","Highest Risk Score","Vulnerability Count","Last Sync Time","CVE Ids"
"WORKLOAD","windows_2012","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","CRITICAL","10.0","2","2020-10-27T16:01:22.840039Z","CVE-2020-1350,CVE-2020-1472"

Get Vulnerability List for Specific OS and Application

Get a Vulnerability List filtered and sorted for a specific operating system and application.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Query Schema

Field Description Data Type Values
dataForExport Whether to send detailed data for export. Boolean true, false

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability summary for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Paginated Device Vulnerability List
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/_search

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_name": {
        "value": "Red Hat Enterprise Linux",
        "operator": "NOT_EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": ,
    "results": [
        {
            "os_product_id": "18_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        },
        {
            "os_product_id": "328_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2019 Datacenter",
                "os_version": "10.0.17763",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}

Get Vulnerability List for Specific OS and Application in vCenter

Get a Vulnerability List filtered and sorted for a specific operating system and application in a vCenter Server.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Query Schema

Field Description Data Type Values
dataForExport Whether to send detailed data for export. Boolean true, false

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Paginated Device Vulnerability List
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/_search

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "os_type": {
        "value": ["CENTOS", "UBUNTU"],
        "operator": "NOT_IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": 2,
    "results": [
        {
            "os_product_id": "18_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2012 R2 Standard",
                "os_version": "6.3.9600",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        },
        {
            "os_product_id": "328_2517",
            "category": "APP",
            "os_info": {
                "os_type": "WINDOWS",
                "os_name": "Microsoft Windows Server 2019 Datacenter",
                "os_version": "10.0.17763",
                "os_arch": "64-bit"
            },
            "product_info": {
                "vendor": "Python Software Foundation",
                "product": "Python 3.6.4 (64-bit)",
                "version": "3.6.4150.0",
                "release": null,
                "arch": ""
            },
            "vuln_info": {
                "cve_id": "CVE-2007-4559",
                "cve_description": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",
                "risk_meter_score": 2.9,
                "severity": "LOW",
                "fixed_by": null,
                "solution": null,
                "created_at": "2007-08-28T01:17:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}

Get a Vulnerability List in CSV Format

Get a Vulnerability List in CSV format.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/vulnerabilities/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "name": {
        "value": "windows_",
        "operator": "LIKE"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"

Get a Vulnerability List for a vCenter Server in CSV Format

Get a Vulnerability List for a vCenter Server in CSV format.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vulnerabilities/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "last_sync_ts": {
        "value": "",
        "operator": "IS_NOT_NULL"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score","Affected Assets Count","Affected Assets"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0","1","windows_2012"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0","1","windows_2012"

Device Level

Get Specific Device Vulnerability Summary

Get an Operating System or Application Vulnerability Summary for a specific device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/summary

Query Schema

Field Description Data Type Values
category Category to match on. String OS, APP

Response

Code Description Content-Type Content
200 Successful Request application/json Device Vulnerability Summary
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/summary?category=OS

Response

{
    "os_info": {
        "os_type": "CENTOS",
        "os_name": "CentOS Linux",
        "os_version": "7.1.1503",
        "os_arch": "x86_64"
    },
    "monitored": true,
    "os_compatible": true,
    "sensor_compatible": true,
    "sync_type": "SCHEDULED",
    "sync_status": "COMPLETED",
    "last_sync_ts": "2020-10-30T16:17:16.078363Z",
    "severity_counts": {
        "critical": 0,
        "important": 7,
        "moderate": 45,
        "low": 804
    }
}

Get Specific vCenter Device Vulnerability Summary

Get an Operating System or Application Vulnerability Summary for a specific vCenter device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

GET <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/summary

Query Schema

Field Description Data Type Values
category Category to match on. String OS, APP

Response

Code Description Content-Type Content
200 Successful Request application/json Device Vulnerability Summary
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-prod05.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/summary?category=OS

Response

{
    "os_info": {
        "os_type": "CENTOS",
        "os_name": "CentOS Linux",
        "os_version": "7.1.1503",
        "os_arch": "x86_64"
    },
    "monitored": true,
    "os_compatible": true,
    "sensor_compatible": true,
    "sync_type": "SCHEDULED",
    "sync_status": "COMPLETED",
    "last_sync_ts": "2020-10-30T16:17:16.078363Z",
    "severity_counts": {
        "critical": 0,
        "important": 7,
        "moderate": 45,
        "low": 804
    }
}

Get Specific Device Vulnerability List

Get an Operating System or Application Vulnerability List for a specific device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Query Schema

Field Description Data Type Values
dataForExport Whether to send detailed data for export. Boolean true, false

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Paginated Device Vulnerability List
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/_search?dataForExport=false

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "sync_type": {
        "value": "MANUAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": 2,
    "results": [
        {
            "os_product_id": "90_5363",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        },
        {
            "os_product_id": "90_5372",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python-libs",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}

Get Specific vCenter Device Vulnerability List

Get an Operating System or Application Vulnerability List for a specific vCenter device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Query Schema

Field Description Data Type Values
dataForExport Whether to send detailed data for export. Boolean true, false

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/_search

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successfully retrieved vulnerability list application/json Paginated Device Vulnerability List
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/_search

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "sync_status": {
        "value": "IN_PROGRESS",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
    "num_found": 2,
    "results": [
        {
            "os_product_id": "90_5363",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        },
        {
            "os_product_id": "90_5372",
            "category": "APP",
            "os_info": {
                "os_type": "CENTOS",
                "os_name": "CentOS Linux",
                "os_version": "7.1.1503",
                "os_arch": "x86_64"
            },
            "product_info": {
                "vendor": "CentOS",
                "product": "python-libs",
                "version": "2.7.5",
                "release": "16.el7",
                "arch": "x86_64"
            },
            "vuln_info": {
                "cve_id": "CVE-2014-4650",
                "cve_description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
                "risk_meter_score": 4.9,
                "severity": "MODERATE",
                "fixed_by": "0:2.7.5-34.el7",
                "solution": null,
                "created_at": "2020-02-20T17:15:00Z",
                "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-4650",
                "cvss_access_complexity": null,
                "cvss_access_vector": null,
                "cvss_authentication": null,
                "cvss_availability_impact": null,
                "cvss_confidentiality_impact": null,
                "cvss_integrity_impact": null,
                "easily_exploitable": null,
                "malware_exploitable": null,
                "active_internet_breach": null,
                "cvss_exploit_subscore": null,
                "cvss_impact_subscore": null,
                "cvss_vector": null,
                "cvss_v3_exploit_subscore": null,
                "cvss_v3_impact_subscore": null,
                "cvss_v3_vector": null,
                "cvss_score": null,
                "cvss_v3_score": null
            },
            "device_count": 1,
            "affected_assets": null
        }
    ]
}

Get a Vulnerability List for Specific Device in CSV Format

Get a Vulnerability List for a specific device in CSV format.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/vulnerabilities/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": ["CRITICAL", "IMPORTANT"],
        "operator": "IN"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"

Get a Vulnerability List for Specific vCenter Device in CSV Format

Get a Vulnerability List for a specific vCenter device in CSV format.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/vulnerabilities/export

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
200 Successful request application/csv See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/vulnerabilities/export

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

"Category","Severity","OS Name","OS Version","OS Arch","Vendor","Product","Version","Release","Arch","CVE Id","Risk Score","Fixed By","CVE Created On","Cvss Access Complexity","Cvss Access Vector","Cvss Authentication","Cvss Availability Impact","Cvss Confidentiality Impact","Cvss Integrity Impact","Easily Exploitable","Malware Exploitable","Active Internet Breach","Cvss Exploit Subscore","Cvss Impact Subscore","Cvss Vector","Cvss V3 Exploit Subscore","Cvss V3 Impact Subscore","Cvss V3 Vector","Cvss Score","Cvss V3 Score"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1350","9.5","KB4580382","2020-07-14T23:15:00Z","Low","Network","None required","Complete","Complete","Complete","true","true","true","10.0","10.0","AV:N/AC:L/Au:N/C:C/I:C/A:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","10.0","10.0"
"OS","CRITICAL","Microsoft Windows Server 2012 Standard","6.2.9200","64-bit","","","","","","CVE-2020-1472","10.0","KB4580382","2020-08-17T19:15:00Z","Medium","Network","None required","Complete","Complete","Complete","true","true","true","8.6","10.0","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C","3.9","6.0","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","9.3","10.0"

Perform Action on a Device

Perform an action on a specific device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data EXECUTE

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/devices/{device_id}/device_actions

Request Body

{
    "action_type": "<string>"
}

Body Schema

Field Definition Data Type Values
action_type Action to initiate. String REFRESH

Response

Code Description Content-Type Content
201 Successfully initiated device action application/json N/A
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/devices/1234/device_actions

Request Body

{
    "action_type": "REFRESH"
}

Response

No Content

Perform Action on a vCenter Device

Perform an action on a specific vCenter device.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data EXECUTE

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/devices/{vm_id}/device_actions

Request Body

{
    "action_type": "<string>"
}

Body Schema

Field Definition Data Type Values
action_type Action to initiate. Allowed values: REFRESH String N/A

Response

Code Description Content-Type Content
201 Successfully initiated device action application/json N/A
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/devices/vm-1/device_actions

Request Body

{
    "action_type": "REFRESH"
}

Response

No Content

Vulnerability Level

Get Affected Assets for Specific Vulnerability

Get a list of assets affected by a specific vulnerability CVE ID.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vulnerabilities/{cveId}/devices

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
201 Successfully retrieved device list application/json See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vulnerabilities/CVE-0001-001/devices

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
  "num_found": 1,
  "results": [
    {
      "device_id": 1,
      "vm_id": "vm-1",
      "name": "VM-1"
    }
  ]
}

Get Affected Assets for Specific Vulnerability in vCenter

Get a list of vCenter assets affected by a specific vulnerability CVE ID.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

POST <cbc-hostname>/vulnerability/assessment/api/v1/orgs/{org_key}/vcenters/{vcenter_uuid}/vulnerabilities/{cveId}/devices

Request Body

{
    "query": "<string>",
    "rows": "<integer>",
    "start": "<integer>",
    "criteria": {
      "property": {
        "value": "<string>",
        "operator": "<string>"
      }
    },
    "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    }
    ]
}

Body Schema

Field Definition Data Type Values
query Query to search vulnerability list for. String N/A
rows For pagination, how many results to return per page. Integer Max: 200
Default: 20
start For pagination, where to start retrieving results from. Integer Default: 0
criteria Criteria is an object that represents values that must be in the results. Object Criteria Schema
sort Sort is a collection of sort parameters that specify a field and order to sort the results. Only one sort can be specified at this time. Array
[{
  "field": "highest_risk_score",
  "order": "ASC"
}]
order supports ASC or DESC

Supported fields: device_type, vm_id, name, os_type, os_name, os_version, os_arch, vuln_count, severity, highest_risk_score, sync_type, sync_status, last_sync_ts

Response

Code Description Content-Type Content
201 Successfully retrieved device list application/json See example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
404 Resource not found N/A N/A
500 Internal Server Error N/A N/A

Example

Request

POST https://defense.conferdeploy.net/vulnerability/assessment/api/v1/orgs/ABCD1234/vcenters/ABCDEF12-GHIJKL34-MNOPQR56-STUVWX78/vulnerabilities/CVE-0001-001/devices

Request Body

{
    "query": "Python",
    "rows": 20,
    "start": 0,
    "criteria": {
      "severity": {
        "value": "CRITICAL",
        "operator": "EQUALS"
      }
    },
    "sort": [
    {
      "field": "highest_risk_score",
      "order": "DESC"
    }
    ]
}

Response

{
  "num_found": 1,
  "results": [
    {
      "device_id": 1,
      "vm_id": "vm-1",
      "name": "VM-1"
    }
  ]
}

Get Vulnerability Details

Get vulnerability details for a specific CVE ID.

RBAC Permissions Required

Permission (.notation name) Operation(s)
vulnerabilityAssessment.data READ

Request

GET <cbc-hostname>/vulnerabilities/{cveId}

Response

Code Description Content-Type Content
200 Vulnerability details retrieved successfully application/json See example response below
400 Error occurred while getting the configuration N/A N/A
401 Not authenticated N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-prod05.conferdeploy.net/vulnerabilities/CVE-0001-001

Response

{
  "cvss_access_complexity": "Low",
  "cvss_access_vector": "Local access",
  "cvss_authentication": "None required",
  "cvss_availability_impact": "Partial",
  "cvss_confidentiality_impact": "None",
  "cvss_integrity_impact": "None",
  "easily_exploitable": false,
  "malware_exploitable": false,
  "active_internet_breach": false,
  "cvss_exploit_subscore": 3.9,
  "cvss_impact_subscore": 2.9,
  "cvss_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C",
  "cvss_v3_exploit_subscore": 3.9,
  "cvss_v3_impact_subscore": 2.9,
  "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
  "cvss_score": 3.9,
  "cvss_v3_score": 3.9
}

Schemas

Device Vulnerability Summary

Field Definition Data Type Values
os_info Information on the device’s operating system Object Operating System Info
monitored Whether the device is being monitored for vulnerabilities Boolean true, false
os_compatible Whether the operating system is compatible with vulnerability monitoring Boolean true, false
sensor_compatible Whether the sensor is compatible with vulnerability monitoring Boolean true, false
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
last_sync_ts Last sync time. Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
severity_counts Number of each type of severity Object Severity Counts

Device Vulnerability Summary Operating System Info

Field Definition Data Type Values
os_name Operating system name String N/A
os_version Operating system version String N/A
os_arch Operating system architecture String N/A

Severity Counts

Field Definition Data Type Values
critical Number of critical severities Integer N/A
important Number of important severities Integer N/A
moderate Number of moderate severities Integer N/A
low Number of low severities Integer N/A

Organization Vulnerability Summary

Field Definition Data Type Values
monitored_assets Number of assets being monitored Integer N/A
severity_summary Information about vulnerabilities at each severity level Object Severity Summary

Severity Summary

Field Definition Data Type Values
ALL Combined information for all vulnerabilities Object Severity Level Summary
CRITICAL Information on critical vulnerabilities Object Severity Level Summary
MODERATE Information on moderate vulnerabilities Object Severity Level Summary
LOW Information on low vulnerabilities Object Severity Level Summary

Severity Level Summary

Field Definition Data Type Values
vuln_assets_count Number of assets associated with this vulnerability level Integer N/A
vuln_count Number of vulnerabilities at this level Integer N/A
total_vuln_count Integer N/A
asset_summary Summary of assets by operating system Object Asset Summary

Asset Summary

Field Definition Data Type Values
LINUX Information on vulnerabilities for Linux systems Object Asset Level Summary
WINDOWS Information on vulnerabilities for Windows systems Object Asset Level Summary

Asset Level Summary

Field Definition Data Type Values
monitored_assets Number of assets being monitored for vulnerabilities Integer N/A
vuln_assets_count Number of assets with vulnerabilities Integer N/A
total_vuln_count Number of vulnerabilities for this asset type Integer N/A
os_vuln_count Number of vulnerabilities for this asset operating system Integer N/A
products_vuln_count Number of vulnerabilities for applications on this asset type Integer N/A

Paginated Device Summary

Field Definition Data Type Values
num_found Number of matching devices Integer N/A
results List of matching devices Array Device Summary

Device Summary

Field Definition Data Type Values
device_id ID of the device Integer N/A
type Device type String WORKLOAD, ENDPOINT
vm_id ID of the virtual machine String N/A
name Name of the device String N/A
os_info Information about the device operating system Object Device Summary Operating System Info
severity Highest severity associated with the device String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
highest_risk_score Highest risk score associated with the device Double N/A
last_sync_ts Last sync time. Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
sync_type Whether a manual sync was triggered for the device, or if it was a scheduled sync. String ["MANUAL", "SCHEDULED"]
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
cve_ids List of CVE ID’s associated with the device List[String] N/A

Device Summary Operating System Info

Field Definition Data Type Values
os_type Operating system type. String ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"]
os_name Operating system name. String N/A
os_version Operating system version. String N/A
os_arch Operating system architecture. String N/A

Paginated Device Vulnerability List

Field Definition Data Type Values
num_found Number of matching vulnerabilities Integer N/A
results List of matching vulnerabilities Array Device Vulnerability List

Device Vulnerability List

Field Definition Data Type Values
os_product_id Operating system product ID String N/A
category Vulnerability category String APP, OS
os_info Information about the operating system associated with the vulnerability Object Device Summary Operating System Info
product_info Information about the vulnerable product Object Product Info
vuln_info Information about the vulnerability Object Vulnerability Info
device_count Number of affected devices Integer N/A
affected_assets List of affected assets List[String] N/A

Product Info

Field Definition Data Type Values
vendor The product creator String N/A
product The product name String N/A
version The product version String N/A
release The product release String N/A
arch The product architecture String N/A

Vulnerability Info

Field Definition Data Type Values
cve_id The CVE ID String N/A
cve_description The CVE description String N/A
risk_meter_score The risk meter scoere Double N/A
severity The vulnerability severity String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
fixed_by The fix for the vulnerability String N/A
solution The solution for the vulnerability String N/A
created_at When the vulnerability was identified Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
nvd_link National Vulnerability Database URL String N/A
cvss_access_complexity Complexity of the attack required to exploit the vulnerability String ["High", "Medium", "Low"]
cvss_access_vector How the vulnerability is exploited String ["Local", "Adjacent Network", "Network"]
cvss_authentication Number of times an attack must authenticate to a target to exploit the vulnerability String ["Multiple", "Single", "None"]
cvss_availability_impact Impact to availability of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
cvss_confidentiality_impact Impact to confidentiality of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
cvss_integrity_impact Impact to integrity of successful exploit of the vulnerability String ["Complete", "Partial", "None"]
easily_exploitable Whether the vulnerability is easily exploitable Boolean true, false
malware_exploitable Availability of an exploit module in a weaponized exploit kit such as Metasploit or Angler Boolean true, false
active_internet_breach Presence of a near-real-time exploitation Boolean true, false
cvss_exploit_subscore How vulnerable a vulnerability is to attack Double N/A
cvss_impact_subscore How significantly an asset will be affected if the vulnerability is exploited Double N/A
cvss_vector CVSS Base Vector string, the compressed textual representation of the CVSS score String Base Vector String
cvss_v3_exploit_subscore How vulnerable a vulnerability is to attack, based on CVSS v3 calculation Double N/A
cvss_v3_impact_subscore How significantly an asset will be affected if the vulnerability is exploited, based on CVSS v3 calculation Double N/A
cvss_v3_vector CVSS Vector string, the compressed textual representation of the CVSS v3 score String Vector String
cvss_score CVSS Vulnerability score Double N/A
cvss_v3_score CVSS v3 Vulnerability score Double N/A

Criteria

{
  "criteria": {
    "property": {
      "value": "<string>",
      "operator": "<string>"
    }
  }
}
Field Definition Data Type Values
property Property to filter results on. Object Properties
value Property value to add to search criteria. Varies depending on property and operator. Supports String, Integer, Double, or Array. N/A
operator Logic operator to apply to property value. String EQUALS, NOT_EQUALS, GREATER_THAN, LESS_THAN, IS_NULL, IS_NOT_NULL, IS_TRUE, IS_FALSE, IN, NOT_IN, LIKE

Properties

Field Definition Data Type Values
device_type Type of device. String ["WORKLOAD", "ENDPOINT"]
highest_risk_score Highest risk score. Double Any number, e.g., 9.5
last_sync_ts Last sync time. Date-time formatted string. Any datetime, e.g.,"2020-01-02T03:04:05Z"
name Device name. String Any string, e.g., "windows-2012-desktop"
os_arch Operating system architecture. String Any string, e.g., "x86_64"
os_name Operating system name. String Any string, e.g., "Red Hat Enterprise Linux Server"
os_type Operating system type. String ["CENTOS", "RHEL", "SLES", "UBUNTU", "WINDOWS"]
os_version Operating system version. String Any string, e.g., "7.2.0"
severity Vulnerability severity level. String ["CRITICAL", "IMPORTANT", "MODERATE", "LOW"]
sync_type Whether a manual sync was triggered for the device, or if it was a scheduled sync. String ["MANUAL", "SCHEDULED"]
sync_status Device sync status String ["NOT_STARTED", "MATCHED", "ERROR", "NOT_MATCHED", "NOT_SUPPORTED", "CANCELLED", "IN_PROGRESS", "ACTIVE", "COMPLETED"]
vm_id Virtual Machine ID. String Any string, e.g.,"vm-30"
vuln_count Number of vulnerabilities. Integer Any integer, e.g.,900
Last modified on October 27, 2020