Vulnerabilities
Vulnerabilities are defined as entries based on the possible risk of allowing traffic on a port/protocol combination, and a vulnerability instance is the existence of a vulnerability.
This Public Experimental API lists, creates, updates, and deletes vulnerabilities.
Note
The Illumio Core Vulnerability Maps license is required to import Qualys report data into the Illumio PCE. For information about obtaining the Illumio Core Vulnerability Maps license, contact Illumio Support. When you obtain your license, you also receive information about how to install it.
Delete the Vulnerability License
To delete the vulnerability license, use the following CURL command from your CLI environment:
export API_KEY=api_key_username:api_key_secret
curl -i -H "Content-Type: application/json" https://pce_fqdn:8443/api/v2/orgs/org_id/licenses/9df01357-93cf-4f33-b720-e47bba783c55 -X DELETE -u $API_KEY
Replace the variables, which are entered in blue bold.
Vulnerability API Methods
Functionality | HTTP | URI |
|---|---|---|
Get vulnerabilities |
|
|
Get an individual vulnerability |
|
|
Create an individual vulnerability |
|
|
Modify an individual vulnerability |
|
|
Delete an individual vulnerability |
|
|
Create or Update a Vulnerability
Parameters
Parameter | Description | Parameter Type | Data Type |
|---|---|---|---|
| The ID of the vulnerability. The of the | Path | String |
| The normalized score of the vulnerability in the range of 0 to 100 inclusive. CVSS Score can be used here with a 10x multiplier. | Body | Integer |
| The title/name of the vulnerability. | Body | String |
| The | Body | [String] |
| An arbitrary field to store details about the vulnerability class. | Body | String |
Curl Command to Create or Update Vulnerability
curl -i -X PUT https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities/qualys-xxxxxebe7e18 -H 'Content-Type: application/json' -u $KEY:$TOKEN -d '{"score": 50, "cve_ids": ["CVE-2012-xxxx", "CVE-2017-xxxx"], "description": "My vulnerability test."}'Example Request Body
{
"score": 50,
"cve_ids": ["CVE-2012-xxxx", "CVE-2017-xxxx"],
"description": "My vulnerability test."
}Response
On success, the system displays HTTP/1.1 204 No Content.
Delete a Vulnerability
To delete an individual vulnerability, specify its HREF, which can be obtained from the response from GET /vulnerabilities.
Request Parameter
Parameter | Description | Parameter Type | Data Type |
|---|---|---|---|
| The reference ID of the vulnerability. The last element of the returned by a call to | Path | String |
Curl Command to Delete Vulnerability
curl -i -X DELETE https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities/qualys-xxxxxebe7e18 -u $KEY:$TOKEN
Vulnerability Reports
This Public Experimental API creates, updates, and deletes vulnerability reports.
Note
An Illumio Core Vulnerability Maps license is required to import Qualys report data into the Illumio PCE. For information about obtaining the Illumio Core Vulnerability Maps license, contact Illumio Support. When you obtain your license, you also receive information about how to install it.
Vulnerability Reports API Methods
HTTP | Functionality | URI |
|---|---|---|
| Get a collection of vulnerability reports |
|
| Get an individual vulnerability report |
|
| Update an individual vulnerability report |
|
| Delete an individual vulnerability report |
|
Get a Collection of Vulnerability Reports
This method gets a collection of all vulnerability reports in your organization.
By default, the maximum number returned by a GET collection of vulnerability reports is 500. For more than 500 vulnerability reports, use an Asynchronous GET Collection.
Curl Command to Get Collection of Vulnerability Reports
In this example, the maximum number of vulnerability reports is set to 2. Not using this query parameter in this GET method would return all the vulnerability reports up to a maximum of 500.
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports -H 'Accept: application/json' -u $KEY:$TOKEN
Get a Vulnerability Report
Curl Command to Get Vulnerability Report
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports/qualys-report-123456 -H 'Accept: application/json' -u $KEY:$TOKEN
Request Parameter to Get or Update a Vulnerability Report
Parameter | Description | Type | Required |
|---|---|---|---|
| The resource(URI) representation of the vulnerability report | String | Yes |
| User generated the name of the vulnerability report. | String | Yes |
| A string representing the type of the report. | String | Yes |
| Boolean value specifies whether a report is authoritative or not. | String | No |
| The ips on which the scan was performed. Enforced 100K maxitem limit. | String | No |
| The timestamp (rfc3339 timestamp) at which this report was exported | String | No |
| The time (rfc3339 timestamp) at which this report was created | String | Yes |
| The time (rfc3339 timestamp) at which this report was last updated | String | Yes |
| Who created the vulnerability report | Object | Yes |
| Who updated the vulnerability report | Object | Yes |
Response Body
{
"href": "/orgs/2/vulnerability_reports/qualys-report-123456",
"report_type": "qualys",
"name": "my-report-2017-12-21-19-17-15",
"created_at": "2017-12-21T19:17:15.000Z",
"updated_at": "2017-12-21T19:17:15.000Z",
"num_vulnerabilities": 1776,
"created_by": null,
"updated_by": null
}Example Request Body
{
"name":"My vulnerability report",
"report_type": "qualys",
"authoritative": true
}Response
On success, the system displays HTTP/1.1 204 No Content.
Delete a Vulnerability Report
To delete an individual vulnerability report, specify the last element of its HREF, which can be obtained from the response from GET /vulnerabilities.
Curl Command to Delete Vulnerability Report
curl -i -X DELETE https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports/qualys-report-2017-12-21-19-17-15 -u $KEY:$TOKEN
Request Parameter
Parameter | Description | Parameter Type | Data Type |
|---|---|---|---|
| The ID of the vulnerability report (this is the last element in the vulnerability report HREF returned by a call to | Path | String |