Skip to main content

REST APIs for 24.2.20 and 24.2.10

Vulnerabilities API Reference

This topic contains properties and examples for vulnerability APIs.

Examples of Vulnerability APIs
Get a Collection of all Vulnerabilities

This example sets the maximum number of vulnerability reports to 2. Not using this query parameter in this GET method would return all the vulnerability reports up to a maximum of 500.

Parameter

Description

Data Type

org_id

Integer

max_results

The maximum number of vulnerabilities returned by a call to

GET /vulnerabilities.

(Optional. If not specified, all vulnerabilities are returned up to a maximum of 500.)

Integer

Curl Command to Get Collection of Vulnerabilities

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities -H 'Accept: application/json' -u $KEY:$TOKEN

Response Body

[ 
  {
    "href": "/orgs/2/vulnerabilities/qualys-xxxxxebe7e17",
    "name": "Host Scan Time", 
    "score": 37,
    "description": "{\"severity\":\"1\"}",
    "cve_ids": [],
    "created_at": "2017-12-21T19:15:48.000Z",
    "updated_at": "2017-12-21T19:17:26.000Z",
    "created_by": null,
    "updated_by": null
  },
...........................................................
]
Get an Individual Vulnerability

Parameters

Parameter

Description

Parameter Type

org_id

Organization

Integer

reference_id

The ID of the vulnerability to return by GET /vulnerabilities/{reference_id}.

String

Curl Command to Get an Individual Vulnerability

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities/qualys-xxxxxebe7e18 -H 'Accept: application/json' -u $KEY:$TOKEN

Response Body

{
  "href": "/orgs/2/vulnerabilities/qualys-xxxxxebe7e18",
  "name": "Host Scan Time",
  "score": 37,
  "description": "{\"severity\":\"1\"}",
  "cve_ids": [],
  "created_at": "2017-12-21T19:15:48.000Z",
  "updated_at": "2017-12-21T19:17:26.000Z",
  "created_by": null,
  "updated_by": null
}
Create or Update a Vulnerability
Parameters

Parameter

Description

Parameter Type

Data Type

reference_id

The ID of the vulnerability. The reference_id is the last element

of the href property returned by a call to GET /vulnerabilities.

Path

String

score

The normalized score of the vulnerability in the range of

0 to 100 inclusive. CVSS Score can be used here with a 10x multiplier.

Body

Integer

name

The title/name of the vulnerability.

Body

String

cve-ids

The cve_ids for the vulnerability.

Body

[String]

description

An arbitrary field to store details about the vulnerability class.

Body

String

Curl Command to Create or Update Vulnerability

curl -i -X PUT https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities/qualys-xxxxxebe7e18 -H 'Content-Type: application/json' -u $KEY:$TOKEN -d '{"score": 50, "cve_ids": ["CVE-2012-xxxx", "CVE-2017-xxxx"], "description": "My vulnerability test."}'

Example Request Body

{
  "score": 50, 
  "cve_ids": ["CVE-2012-xxxx", "CVE-2017-xxxx"], 
  "description": "My vulnerability test."
}

Response

On success, the system displays HTTP/1.1 204 No Content.

Request Parameter to delete a vulnerability

Parameter

Description

Parameter Type

Data Type

reference_id

The reference ID of the vulnerability.

The last element of the href property of a vulnerability

returned by a call to GET /vulnerabilities.

Path

String

Curl Command to Delete Vulnerability

curl -i -X DELETE https://pce.my-company.com:8443/api/v2/orgs/7/vulnerabilities/qualys-xxxxxebe7e18 -u $KEY:$TOKEN

Curl Command to Get Collection of Vulnerability Reports

In this example, the maximum number of vulnerability reports is set to 2. Not using this query parameter in this GET method would return all the vulnerability reports up to a maximum of 500.

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports -H 'Accept: application/json' -u $KEY:$TOKEN

Query Parameter to Get a Collection of Vulnerability Reports

Parameter

Description

Parameter Type

Data Type

max_results

The maximum number of vulnerability reports returned by a call to GET /vulnerability_reports.

Optional. If not specified, by default, all vulnerability reports are returned up to a maximum of 500.

Query

Integer

Response Body

[ 
  {
    "href": "/orgs/2/vulnerability_reports/qualys-report-12345",
    "report_type": "qualys",
    "name": "my-report-2017-12-21-19-15-47",
    "created_at": "2017-12-21T19:15:48.000Z",
    "updated_at": "2017-12-21T19:15:48.000Z",
    "num_vulnerabilities": 4887,
    "created_by": null,
    "updated_by": null
  },
  {
    "href": "/orgs/2/vulnerability_reports/qualys-report-12346",
    "report_type": "qualys",
    "name": "my-report-2017-12-21-19-17-15",
    "created_at": "2017-12-21T19:17:15.000Z",
    "updated_at": "2017-12-21T19:17:15.000Z",
    "num_vulnerabilities": 1776,
    "created_by": null,
    "updated_by": null
  }
]
Get a Vulnerability Report

Curl Command to Get Vulnerability Report

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports/qualys-report-123456 -H 'Accept: application/json' -u $KEY:$TOKEN

Request Parameter to Get an Individual Vulnerability Report

The following required path parameter restricts the results of the GET command to the specified vulnerability report.

Parameter

Description

Parameter Type

Data Type

reference_id

The ID of the vulnerability report (this is the last element

in the vulnerability report HREF returned by a call to GET /vulnerability_reports).

Path

String

Response Body

{
  "href": "/orgs/2/vulnerability_reports/qualys-report-123456",
  "report_type": "qualys",
  "name": "my-report-2017-12-21-19-17-15",
  "created_at": "2017-12-21T19:17:15.000Z",
  "updated_at": "2017-12-21T19:17:15.000Z",
  "num_vulnerabilities": 1776,
  "created_by": null,
  "updated_by": null
}
Create or Update a Vulnerability Report

Curl Command to Update a Vulnerability Report

curl -i -X PUT https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports/qualys-report-123456 -H 'Content-Type: application/json' -u $KEY:$TOKEN -d '{"name": "My vulnerability report", "report_type": "qualys"}'

Response Properties

Property

Description

Data Type

name

User generated the name of the vulnerability report.

Integer

report_type

A string representing the type of the report.

String

authoritative

Boolean value specifies whether a report is authoritative or not.

[String]

scanned_ips

The ips on which the scan was performed.

Enforced 100K maxitem limit.

String

detected_vulnerabilities

An array of parameters, of which ip_address, workload,

and vulnerability are required.

Enforced 100K maxitem limit.

ip_address: (Required) The IP address of the host where the vulnerability is found (string)

port: The port associated with the vulnerability (integer)

proto: The protocol that is associated with the vulnerability (integer)

workload: (Required) The URI of the workload associated

with this vulnerability (string)

vulnerability: (Required) The URI of the vulnerability

class associated with this vulnerability (string)

external_data_reference

(PUT only) This parameter supports third-party reference data

state

(PUT only) Enables deletion, addition, or updating of

vulnerabilities

exported_at

(PUT only) Saves the timestamp for the next delta pull.

Example Request Body

{
  "name":"My vulnerability report",
  "report_type": "qualys",
  "authoritative": true
}

Response

On success, the system displays HTTP/1.1 204 No Content.

Curl Command to Delete Vulnerability Report

curl -i -X DELETE https://pce.my-company.com:8443/api/v2/orgs/7/vulnerability_reports/qualys-report-2017-12-21-19-17-15 -u $KEY:$TOKEN

Request Parameter

Parameter

Description

Parameter Type

Data Type

reference_id

The ID of the vulnerability report (this is the last element in

the vulnerability report HREF returned by a call to GET /vulnerability_reports).

Path

String

See also: