Skip to main content
GET
/
vms
/
vulnerabilities
/
{vuln_id}
Get Vulnerability by ID
curl --request GET \
  --url https://api.leen.dev/v1/vms/vulnerabilities/{vuln_id} \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-CONNECTION-ID: <api-key>'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "device": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "status": "active",
    "platform": "mac",
    "hostnames": [
      "<string>"
    ],
    "os_version": "<string>",
    "os_major_version": "<string>",
    "os_minor_version": "<string>",
    "fqdns": [
      "<string>"
    ],
    "ipv4s": [
      "<string>"
    ],
    "ipv6s": [
      "<string>"
    ],
    "mac_addresses": [
      "<string>"
    ],
    "last_seen": "2023-11-07T05:31:56Z",
    "first_seen": "2023-11-07T05:31:56Z",
    "source_vendors": [
      {
        "vendor": "<string>",
        "vendor_id": "<string>",
        "agent_info": {
          "agent_version": "<string>",
          "signature_version": "<string>",
          "policies": [
            {}
          ]
        }
      }
    ],
    "installed_software": [
      "<string>"
    ],
    "ad_info": {
      "org_unit": "<string>",
      "site_name": "<string>",
      "domain": "<string>",
      "device_id": "<string>"
    },
    "cloud_metadata": {
      "cloud_provider": "aws",
      "account_id": "<string>",
      "region": "<string>",
      "availability_zone": "<string>",
      "instance_id": "<string>",
      "instance_type": "<string>",
      "image_id": "<string>",
      "kernel_id": "<string>",
      "vpc_id": "<string>",
      "subnet_id": "<string>"
    },
    "tags": [
      {
        "key": "<string>",
        "value": "<string>",
        "source": "aws"
      }
    ],
    "identities": [
      {
        "username": "<string>",
        "user_sid": "<string>"
      }
    ],
    "vendor_data": {}
  },
  "resource": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "tags": [
      {
        "key": "<string>",
        "value": "<string>",
        "source": "wiz_vms"
      }
    ],
    "type": "BRANCH",
    "state": "ACTIVE",
    "groups": [
      {
        "name": "<string>",
        "uid": "<string>"
      }
    ],
    "data": {
      "hostnames": [
        "<string>"
      ],
      "image": "<string>"
    },
    "cloud_metadata": {
      "account_id": "<string>",
      "account_name": "<string>",
      "cloud_provider": "<string>",
      "image_id": "<string>",
      "instance_id": "<string>",
      "instance_type": "<string>",
      "region": "<string>",
      "subnet_id": "<string>",
      "vpc_id": "<string>"
    },
    "url": "<string>",
    "vendor": "<string>",
    "first_seen": "2023-11-07T05:31:56Z",
    "last_seen": "2023-11-07T05:31:56Z",
    "vendor_attributes": {
      "id": "<string>",
      "data": {
        "vendor": "qualys",
        "asset_id": "<string>",
        "host_id": "<string>",
        "tracking_method": "<string>"
      }
    }
  },
  "name": "<string>",
  "description": "<string>",
  "scan_output": "<string>",
  "cve": [
    "<string>"
  ],
  "cvss_version": "<string>",
  "cvss_base_score": 123,
  "cvss_vector": "<string>",
  "cvss_temporal_score": 123,
  "cvss_temporal_vector": "<string>",
  "cert_id": "<string>",
  "port": 123,
  "protocol": "<string>",
  "service": "<string>",
  "severity": "critical",
  "first_seen": "2023-11-07T05:31:56Z",
  "last_seen": "2023-11-07T05:31:56Z",
  "state": "open",
  "updated_at": "2023-11-07T05:31:56Z",
  "state_updated_at": "2023-11-07T05:31:56Z",
  "patchable": true,
  "solution": "<string>",
  "category": "web",
  "vulnerability_url": "<string>",
  "vendor": "tenable",
  "vendor_id": "<string>",
  "vendor_severity": "<string>",
  "vendor_scan_id": "<string>",
  "vendor_data": {}
}

Authorizations

X-CONNECTION-ID
string
header
required
X-API-KEY
string
header
required

Path Parameters

vuln_id
string<uuid>
required

Query Parameters

use_pool
boolean
default:true

Response

Successful Response

id
string<uuid>
required

Leen's UUID for the vulnerability

name
string
required

Name of vulnerability, provided by the upstream vendor

description
string
required

Description of vulnerability, provided by the upstream vendor

scan_output
string | null
required

Scan output that was provided when detected on the device

cve
string[] | null
required

List of CVEs associated with the vulnerability

cvss_version
string | null
required

CVSS version

cvss_vector
string | null
required

CVSS vector uses cvss3 when available, provided by the upstream vendor

cvss_temporal_score
number | null
required

CVSS temporal score

cvss_temporal_vector
string | null
required

CVSS temporal vector

cert_id
string | null
required

Corresponds to an identifier in the vulnerability database provided by the US Computer Emergency Readiness Team (US-CERT)

port
integer | null
required

Port number of the vulnerability that was detected

protocol
string | null
required

Protocol of the vulnerability that was detected, example: tcp

service
string | null
required

Service of the vulnerability that was detected, example: http

first_seen
string<date-time> | null
required

First detection date

last_seen
string<date-time> | null
required

Last detection date

updated_at
string<date-time> | null
required

The last time the vulnerability was updated

state_updated_at
string<date-time> | null
required

The last time the state was updated

patchable
boolean | null
required

A patch is available

solution
string | null
required

Solution for the vulnerability, provided by upstream vendor

category
enum<string> | null
required

Vulnerability category

Available options:
web,
network,
database,
application,
os,
other,
general,
attack_vector
vendor
enum<string>
required

Source vendor

Available options:
tenable,
qualys,
snyk,
insightvm,
crowdstrike_spotlight,
sentinelone_vms,
MS_DEFENDER_VMS,
WIZ_VMS,
AWS_INSPECTOR2
vendor_id
string | null
required

Vendor's ID of the vulnerability

vendor_severity
string | null
required

Passthrough value of severity

vendor_scan_id
string | null
required

Vendor's ID of the scan that detected the

device
object | null

Device attached to the vulnerability, include device groups with includeDeviceGroups query parameter

  • Device
  • DeviceWithGroups
resource
object | null

Resource attached to the vulnerability Response model for returning resource details via an API endpoint.

cvss_base_score
number | null
default:CVSS base score
severity
enum<string>
default:none
Available options:
critical,
high,
medium,
low,
info,
none
state
enum<string>
default:open
Available options:
open,
closed,
reopened,
ignored,
deleted
vulnerability_url
string | null

URL to the vulnerability details, provided by the upstream vendor

vendor_data
object | null

Vendor specific pass through data, values can vary based on vendor

I