List Vulnerabilities

GET

vms

vulnerabilities

Authorizations

X-CONNECTION-ID

string

headerrequired

X-API-KEY

string

headerrequired

Query Parameters

sort

string | null

Sort by field

stateUpdatedSince

string | null

Datetime filter, only return vulnerabilites where the state was updated since this datetime. Example format: 2021-01-01T00:00:00+00:00

deviceId

string | null

Device ID Filter, comma separated

severity

string | null

Vulnerability severity filter, comma separated

port

string | null

Port number filter, comma separated

protocol

string | null

Protocol filter, comma separated

Response

200 - application/json

count

integer

required

Number of items return in the response

items

object[]

required

List of items returned in the response

items.id

string

required

Leen's UUID for the vulnerability

items.device

object

required

Device attached to the vulnerability, include device groups with includeDeviceGroups query parameter

items.device.id

string

required

items.device.status

enum<string>

required

Available options:

active,

offline,

quarantined

items.device.last_seen

string | null

required

items.device.first_seen

string | null

required

items.device.source_vendors

object[]

required

items.device.installed_software

string[] | null

required

items.device.ad_info

object | null

required

items.device.platform

enum<string> | null

Available options:

mac,

windows,

linux,

unknown

items.device.hostnames

string[] | null

items.device.os_version

string | null

items.device.os_major_version

string | null

items.device.os_minor_version

string | null

items.device.fqdns

string[] | null

items.device.ipv4s

string[] | null

items.device.ipv6s

string[] | null

items.device.mac_addresses

string[] | null

items.device.cloud_metadata

object | null

CloudMetadata, currently only AWS is supported

items.device.tags

object[] | null

items.device.identities

object[] | null

items.device.vendor_data

object | null

Vendor specific pass through data, values can vary based on vendor

items.name

string

required

Name of vulnerability, provided by the upstream vendor

items.description

string

required

Description of vulnerability, provided by the upstream vendor

items.scan_output

string | null

required

Scan output that was provided when detected on the device

items.cve

string[] | null

required

List of CVEs associated with the vulnerability

items.cvss_version

string | null

required

CVSS version

items.cvss_base_score

number | null

default: CVSS base score

items.cvss_vector

string | null

required

CVSS vector uses cvss3 when available, provided by the upstream vendor

items.cvss_temporal_score

number | null

required

CVSS temporal score

items.cvss_temporal_vector

string | null

required

CVSS temporal vector

items.cert_id

string | null

required

Corresponds to an identifier in the vulnerability database provided by the US Computer Emergency Readiness Team (US-CERT)

items.port

integer | null

required

Port number of the vulnerability that was detected

items.protocol

string | null

required

Protocol of the vulnerability that was detected, example: tcp

items.service

string | null

required

Service of the vulnerability that was detected, example: http

items.severity

enum<string>

default: none

Available options:

critical,

high,

medium,

low,

info,

none

items.first_seen

string | null

required

First detection date

items.last_seen

string | null

required

Last detection date

items.state

enum<string>

default: open

Available options:

open,

closed,

reopened,

ignored

items.state_updated_at

string | null

required

The last time the state was updated

items.patchable

boolean | null

required

A patch is available

items.solution

string | null

required

Solution for the vulnerability, provided by upstream vendor

items.category

enum<string> | null

required

Vulnerability category

Available options:

web,

network,

database,

application,

os,

other,

general,

attack_vector

items.vulnerability_url

string | null

URL to the vulnerability details, provided by the upstream vendor

items.vendor

enum<string>

required

Source vendor

Available options:

tenable,

qualys,

snyk,

insightvm,

crowdstrike_spotlight,

sentinelone_vms,

MS_DEFENDER_VMS

items.vendor_id

string | null

required

Vendor's ID of the vulnerability

items.vendor_severity

string | null

required

Passthrough value of severity

items.vendor_scan_id

string | null

required

Vendor's ID of the scan that detected the

items.vendor_data

object | null

Vendor specific pass through data, values can vary based on vendor

total

integer | null

Total number of items that can be returned

VMS Connectors Get Vulnerability by ID

API Documentation

AppSec

EDR

VMS

CSPM

Identity Provider (IDP)

Entities

Configuration

Provisioning

Connectors

OnRamp

Enrichments

Authorizations

Query Parameters

Response