Import vulnerability data

Use the following request methods to import vulnerability data into ASMS, or delete data previously imported.

Import specific vulnerability data

The importVulnerabilityKb method enables you to import specific vulnerability data, as opposed to all data from a specific host.

Note: You must use this API before using the hosts API.

Resource name: /ms-vulnerabilities/v1/api/import/kbs

Request method: POST

Request body:

Element Description
deleteOldImportedData

Boolean.

Determine whether to first delete older imported data.
vulnerabilityKbs

An array of vulnerability KBs.

Each object includes:

kbId. String. The string ID of a specific KB. You will use the same ID in the hosts API.

summary. String. The summary of a KB.

description. String. A string that describes the vulnerability.

cvssScore. Floating integer: The vulnerability's CVSS score.

cves. A list of vulnerability CVEs. Each CVE includes:

  • name. String. The name of an individual vulnerability CVE.

Response parameters:

Element Description
status

Describes the response status, including the following elements:

data. Object. If the operation failed, this object includes a validation message and index integer.

error. String. The error that occurs, if relevant.

msg. String. The message displayed

status. String. The status returned.

success. Boolean. Determines whether the API was successful.

type. String.

Note: Vulnerabilities with a CVSS score of 0 are not supported and fail the validation.

Import specific vulnerability data request example

{
 "deleteOldImportedData": false,
 "vulnerabilityKbs": [
  {     
   "cvssScore": 7.5,
   "description": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and 
    uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing 
    an X client to be treated as trusted.",
   "kbId": "openssh-x11-cookie-auth-bypass",
   "summary": "OpenSSH X11 Cookie Local Authentication Bypass Vulnerability",
   "cves": [
    "CVE-9990"
    ]
   }
  ]
}

Import specific vulnerability data response example

{
"status": null
"type": null
"msg": "Vulnerability KBs saved successfully"
"success": true
"error": null,
"data": {},
"files": null
}
 
Errors:  a failure status with the reasons or the application labels new representation
403 (forbidden) - user doesn't have admin permission to use the micro service API.
400 (bad request) - Input validation failures.

Import vulnerabilities from hosts

The importVulnerabilityHosts method allows you to import vulnerability data from specified scanners, defined in the API as host servers.

Note: Before using this API, you must call the kbs API.

Resource name: /ms-vulnerabilities/v1/api/import/hosts

Request method: POST

Request body:

A list of vulnerability hosts, as detailed by the following elements.

Element Description
ip

String. The IP address of the host.

Mandatory.
kbId

String. The string ID of a specific KB. This must be a KB that was already imported using the kbs API, and have the same ID.

Mandatory.
date

Number. The UNIX date and time stamp in milliseconds that the KB was identified on the host.

Optional. Default is the current date and time.

Response parameters:

Element Description
status

Describes the response status, including the following elements:

data. Object. If the operation failed, this object includes a validation message and index integer.

error. String. The error that occurs, if relevant.

msg. String. The message displayed

status. String. The status returned.

success. Boolean. Determines whether the API was successful.

type. String.

Note: Vulnerabilities with a CVSS score of 0 are not supported and fail the validation.

Import vulnerability data from hosts request example:

[
 {
  "ip": "10.30.31.25",
  "kbId": "openssh-x11-cookie-auth-bypass",
  "date": 1560170116543
 }
]

Import vulnerability data from hosts response example

Response:
{
"status": null
"type": null
"msg": "Vulnerability Hosts saved successfully"
"success": true
"error": null,
"data": {},
"files": null
}
 
Errors:  a failure status with the reasons or the application labels new representation
403 (forbidden) - user doesn't have admin permission to use the micro service API.
400 (bad request) - Input validation failures.

Delete imported vulnerability data

The deleteImportedVulnerabilityData method enables you to delete vulnerability data imported from files.

Resource name: /ms-vulnerabilities/v1/api/import/delete

Request method: DELETE

Request query parameters: None.

Response parameters:

Element Description
status

Describes the response status, including the following elements:

data. String

error. String. The error that occurs, if relevant.

msg. String. The message displayed

status. String. The status returned.

success. Boolean. Determines whether the API was successful.

type. String.

Delete imported vulnerability data response example

{
	"data": {},
	"error": "string",
	"msg": "string",
	"status": "string",
	"success": true,
	"type": "string"
}