Findings Management | AppSpider Documentation
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains list of findings |
Response example:
{
"type":"object",
"properties": {
"Findings": {
"type":"array",
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"VulnType": {
"type":["string", "null"],
"required": true
},
"VulnParam": {
"type":["string", "null"],
"required": true
},
"VulnUrl": {
"type":["string", "null"],
"required": true
},
"TargetId": {
"type":["string", "null"],
"required": true
},
"DiscoveredDate": {
"type":["string", "null"],
"required": true
},
"AttackScore": {
"type":["string", "null"],
"required": true
},
"Status": {
"type":"string",
"required": true
},
"Description": {
"type":["string", "null"],
"required": true
},
"Recommendation": {
"type":["string", "null"],
"required": true
},
"OriginalTraffic": {
"type":["string", "null"],
"required": true
},
"Capec": {
"type":["integer", "null"],
"required": true
},
"DissaAsc": {
"type":["integer", "null"],
"required": true
},
"Owasp07": {
"type":["integer", "null"],
"required": true
},
"Owasp10": {
"type":["integer", "null"],
"required": true
},
"Owasp13": {
"type":["integer", "null"],
"required": true
},
"Oval": {
"type":["integer", "null"],
"required": true
},
"CweId":{
"type":["integer", "null"],
"required": true
},
"ResourceId": {
"type":["string", "null"],
"required": true
},
"AttackType": {
"type":["string", "null"],
"required": true
},
"TargetHost": {
"type":["string", "null"],
"required": true
},
"LatestDetectedDate": {
"type":"string",
"required": true
},
"NormalizedPostParams": {
"type":["string", "null"],
"required": true
},
"HtmlEntityAttacked": {
"type":["string", "null"],
"required": true
},
"Method": {
"type":"string",
"required": true
},
"AttackVulnerabilities": {
"type":["array", "null"],
"required": true
},
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Value": {
"type":["string", "null"],
"required": true
},
"PostParams": {
"type":["string", "null"],
"required": true
},
"Url": {
"type":["string", "null"],
"required": true
},
"AttackMatchedString": {
"type":["string", "null"],
"required": true
},
"VulnerabilityId": {
"type":"string",
"required": true
},
"AttackTraffics": {
"type":["array", "null"],
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Request": {
"type":["string", "null"],
"required": true
},
"Response": {
"type":["string", "null"],
"required": true
},
"Benign": {
"type":["boolean", "null"],
"required": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"IsSuccess": {
"type": "boolean",
"required": true
},
"ErrorMessage": {
"type":["string", "null"],
"required": true
},
"Reason": {
"type":["string", "null"],
"required": true
}
},
"additionalProperties": false
}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan id
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanId | guid[] | Y | The scan id |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Id does not exist in client |
Response example:
{
"type":"object",
"properties": {
"Findings": {
"type":"array",
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"VulnType": {
"type":["string", "null"],
"required": true
},
"VulnParam": {
"type":["string", "null"],
"required": true
},
"VulnUrl": {
"type":["string", "null"],
"required": true
},
"TargetId": {
"type":["string", "null"],
"required": true
},
"DiscoveredDate": {
"type":["string", "null"],
"required": true
},
"AttackScore": {
"type":["string", "null"],
"required": true
},
"Status": {
"type":"string",
"required": true
},
"Description": {
"type":["string", "null"],
"required": true
},
"Recommendation": {
"type":["string", "null"],
"required": true
},
"OriginalTraffic": {
"type":["string", "null"],
"required": true
},
"Capec": {
"type":["integer", "null"],
"required": true
},
"DissaAsc": {
"type":["integer", "null"],
"required": true
},
"Owasp07": {
"type":["integer", "null"],
"required": true
},
"Owasp10": {
"type":["integer", "null"],
"required": true
},
"Owasp13": {
"type":["integer", "null"],
"required": true
},
"Oval": {
"type":["integer", "null"],
"required": true
},
"CweId":{
"type":["integer", "null"],
"required": true
},
"ResourceId": {
"type":["string", "null"],
"required": true
},
"AttackType": {
"type":["string", "null"],
"required": true
},
"TargetHost": {
"type":["string", "null"],
"required": true
},
"LatestDetectedDate": {
"type":"string",
"required": true
},
"NormalizedPostParams": {
"type":["string", "null"],
"required": true
},
"HtmlEntityAttacked": {
"type":["string", "null"],
"required": true
},
"Method": {
"type":"string",
"required": true
},
"AttackVulnerabilities": {
"type":["array", "null"],
"required": true
},
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Value": {
"type":["string", "null"],
"required": true
},
"PostParams": {
"type":["string", "null"],
"required": true
},
"Url": {
"type":["string", "null"],
"required": true
},
"AttackMatchedString": {
"type":["string", "null"],
"required": true
},
"VulnerabilityId": {
"type":"string",
"required": true
},
"AttackTraffics": {
"type":["array", "null"],
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Request": {
"type":["string", "null"],
"required": true
},
"Response": {
"type":["string", "null"],
"required": true
},
"Benign": {
"type":["boolean", "null"],
"required": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"IsSuccess": {
"type": "boolean",
"required": true
},
"ErrorMessage": {
"type":["string", "null"],
"required": true
},
"Reason": {
"type":["string", "null"],
"required": true
}
},
"additionalProperties": false
}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan id with paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanId | guid[] | Y | The scan id |
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Id does not exist in client |
Response example:
{
"type":"object",
"properties": {
"Findings": {
"type":"array",
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"VulnType": {
"type":["string", "null"],
"required": true
},
"VulnParam": {
"type":["string", "null"],
"required": true
},
"VulnUrl": {
"type":["string", "null"],
"required": true
},
"TargetId": {
"type":["string", "null"],
"required": true
},
"DiscoveredDate": {
"type":["string", "null"],
"required": true
},
"AttackScore": {
"type":["string", "null"],
"required": true
},
"Status": {
"type":"string",
"required": true
},
"Description": {
"type":["string", "null"],
"required": true
},
"Recommendation": {
"type":["string", "null"],
"required": true
},
"OriginalTraffic": {
"type":["string", "null"],
"required": true
},
"Capec": {
"type":["integer", "null"],
"required": true
},
"DissaAsc": {
"type":["integer", "null"],
"required": true
},
"Owasp07": {
"type":["integer", "null"],
"required": true
},
"Owasp10": {
"type":["integer", "null"],
"required": true
},
"Owasp13": {
"type":["integer", "null"],
"required": true
},
"Oval": {
"type":["integer", "null"],
"required": true
},
"CweId":{
"type":["integer", "null"],
"required": true
},
"ResourceId": {
"type":["string", "null"],
"required": true
},
"AttackType": {
"type":["string", "null"],
"required": true
},
"TargetHost": {
"type":["string", "null"],
"required": true
},
"LatestDetectedDate": {
"type":"string",
"required": true
},
"NormalizedPostParams": {
"type":["string", "null"],
"required": true
},
"HtmlEntityAttacked": {
"type":["string", "null"],
"required": true
},
"Method": {
"type":"string",
"required": true
},
"AttackVulnerabilities": {
"type":["array", "null"],
"required": true
},
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Value": {
"type":["string", "null"],
"required": true
},
"PostParams": {
"type":["string", "null"],
"required": true
},
"Url": {
"type":["string", "null"],
"required": true
},
"AttackMatchedString": {
"type":["string", "null"],
"required": true
},
"VulnerabilityId": {
"type":"string",
"required": true
},
"AttackTraffics": {
"type":["array", "null"],
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Request": {
"type":["string", "null"],
"required": true
},
"Response": {
"type":["string", "null"],
"required": true
},
"Benign": {
"type":["boolean", "null"],
"required": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"IsSuccess": {
"type": "boolean",
"required": true
},
"ErrorMessage": {
"type":["string", "null"],
"required": true
},
"Reason": {
"type":["string", "null"],
"required": true
}
},
"additionalProperties": false
}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan config name
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanConfigName | string | Y | The scan config name |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Config Name does not exist in client |
Response example:
{
"type":"object",
"properties": {
"Findings": {
"type":"array",
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"VulnType": {
"type":["string", "null"],
"required": true
},
"VulnParam": {
"type":["string", "null"],
"required": true
},
"VulnUrl": {
"type":["string", "null"],
"required": true
},
"TargetId": {
"type":["string", "null"],
"required": true
},
"DiscoveredDate": {
"type":["string", "null"],
"required": true
},
"AttackScore": {
"type":["string", "null"],
"required": true
},
"Status": {
"type":"string",
"required": true
},
"Description": {
"type":["string", "null"],
"required": true
},
"Recommendation": {
"type":["string", "null"],
"required": true
},
"OriginalTraffic": {
"type":["string", "null"],
"required": true
},
"Capec": {
"type":["integer", "null"],
"required": true
},
"DissaAsc": {
"type":["integer", "null"],
"required": true
},
"Owasp07": {
"type":["integer", "null"],
"required": true
},
"Owasp10": {
"type":["integer", "null"],
"required": true
},
"Owasp13": {
"type":["integer", "null"],
"required": true
},
"Oval": {
"type":["integer", "null"],
"required": true
},
"CweId":{
"type":["integer", "null"],
"required": true
},
"ResourceId": {
"type":["string", "null"],
"required": true
},
"AttackType": {
"type":["string", "null"],
"required": true
},
"TargetHost": {
"type":["string", "null"],
"required": true
},
"LatestDetectedDate": {
"type":"string",
"required": true
},
"NormalizedPostParams": {
"type":["string", "null"],
"required": true
},
"HtmlEntityAttacked": {
"type":["string", "null"],
"required": true
},
"Method": {
"type":"string",
"required": true
},
"AttackVulnerabilities": {
"type":["array", "null"],
"required": true
},
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Value": {
"type":["string", "null"],
"required": true
},
"PostParams": {
"type":["string", "null"],
"required": true
},
"Url": {
"type":["string", "null"],
"required": true
},
"AttackMatchedString": {
"type":["string", "null"],
"required": true
},
"VulnerabilityId": {
"type":"string",
"required": true
},
"AttackTraffics": {
"type":["array", "null"],
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Request": {
"type":["string", "null"],
"required": true
},
"Response": {
"type":["string", "null"],
"required": true
},
"Benign": {
"type":["boolean", "null"],
"required": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"IsSuccess": {
"type": "boolean",
"required": true
},
"ErrorMessage": {
"type":["string", "null"],
"required": true
},
"Reason": {
"type":["string", "null"],
"required": true
}
},
"additionalProperties": false
}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan config name with paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanConfigName | string | Y | The scan config name |
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Config Name does not exist in client |
Response example:
{
"type":"object",
"properties": {
"Findings": {
"type":"array",
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"VulnType": {
"type":["string", "null"],
"required": true
},
"VulnParam": {
"type":["string", "null"],
"required": true
},
"VulnUrl": {
"type":["string", "null"],
"required": true
},
"TargetId": {
"type":["string", "null"],
"required": true
},
"DiscoveredDate": {
"type":["string", "null"],
"required": true
},
"AttackScore": {
"type":["string", "null"],
"required": true
},
"Status": {
"type":"string",
"required": true
},
"Description": {
"type":["string", "null"],
"required": true
},
"Recommendation": {
"type":["string", "null"],
"required": true
},
"OriginalTraffic": {
"type":["string", "null"],
"required": true
},
"Capec": {
"type":["integer", "null"],
"required": true
},
"DissaAsc": {
"type":["integer", "null"],
"required": true
},
"Owasp07": {
"type":["integer", "null"],
"required": true
},
"Owasp10": {
"type":["integer", "null"],
"required": true
},
"Owasp13": {
"type":["integer", "null"],
"required": true
},
"Oval": {
"type":["integer", "null"],
"required": true
},
"CweId":{
"type":["integer", "null"],
"required": true
},
"ResourceId": {
"type":["string", "null"],
"required": true
},
"AttackType": {
"type":["string", "null"],
"required": true
},
"TargetHost": {
"type":["string", "null"],
"required": true
},
"LatestDetectedDate": {
"type":"string",
"required": true
},
"NormalizedPostParams": {
"type":["string", "null"],
"required": true
},
"HtmlEntityAttacked": {
"type":["string", "null"],
"required": true
},
"Method": {
"type":"string",
"required": true
},
"AttackVulnerabilities": {
"type":["array", "null"],
"required": true
},
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Value": {
"type":["string", "null"],
"required": true
},
"PostParams": {
"type":["string", "null"],
"required": true
},
"Url": {
"type":["string", "null"],
"required": true
},
"AttackMatchedString": {
"type":["string", "null"],
"required": true
},
"VulnerabilityId": {
"type":"string",
"required": true
},
"AttackTraffics": {
"type":["array", "null"],
"items": {
"type":"object",
"properties": {
"Id": {
"type":"string",
"required": true
},
"Request": {
"type":["string", "null"],
"required": true
},
"Response": {
"type":["string", "null"],
"required": true
},
"Benign": {
"type":["boolean", "null"],
"required": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"IsSuccess": {
"type": "boolean",
"required": true
},
"ErrorMessage": {
"type":["string", "null"],
"required": true
},
"Reason": {
"type":["string", "null"],
"required": true
}
},
"additionalProperties": false
}
/AppSpiderEnterprise/rest/v1/Finding/GetStatuses Description Retrieves the list of possible statuses for a vulnerability
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of vulnerability status types |
Response example:
Returned list of Statuses for a vulnerability (case-sensitive) ⦁ “Verified” ⦁ “Fixed” ⦁ “Ignored” ⦁ “Unreviewed” The remaining Statuses will only appear if the “customStatusesEnabled” flag is set to “true” in NTOE.config ⦁ “FalsePositive” ⦁ “CompensatingControls” ⦁ “AcceptableUse” ⦁ “AcceptableRisk” ⦁ “Duplicate” ⦁ “Other” ⦁ “Unknown” /AppSpiderEnterprise/rest/v1/Finding/GetSeverities Description Retrieves the list of possible severities for a vulnerability
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of vulnerability severity types |
Response example:
Returned list of Severities for a vulnerability (case-sensitive) ⦁ “0-Safe” ⦁ “1-Info” ⦁ “2-Low” ⦁ “3-Med” ⦁ “4-High” /AppSpiderEnterprise/rest/v1/Finding/UpdateStatus Description Updates a vulnerability’s status
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Request Body
Parameters | Type | Required | Description |
---|---|---|---|
Status | string | Y | The status name |
Timestamp | DateTime | N | The UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00 If the TimeStamp is not passed in, the Status will be updated with current UTC time. If the ChangeDate of the Vulnerability is later than the TimeStamp than this request will be ignored. |
Request example:
{
"type": "object",
"properties": {
"Status": {
"type": "string",
"required": true
},
"Timestamp": {
"type": "string"",
"required": true
}
},
}
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Status set for Vulnerability Id | |
400 | Invalid Vulnerability Status | |
400 | Invalid DateTime | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
{
"type": "object",
"properties": {
"IsSuccess": {
"type": "boolean"",
"required": true
},
"ErrorMessage": {
"type":["string", "null"]",
"required": true
},
"Reason": {
"type": ["string", "null"]",
"required": true
}
},
}
/AppSpiderEnterprise/rest/v1/Finding/UpdateSeverity Description Updates a vulnerability’s severity
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Request Body
Parameters | Type | Required | Description |
---|---|---|---|
Severity | string | Y | The Severity name |
Timestamp | DateTime | N | The UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00 If the TimeStamp is not passed in, the Severity will be updated with current UTC time. If the ChangeDate of the Vulnerability is later than the TimeStamp than this request will be ignored. |
Request example:
{
"type": "object",
"properties": {
"Severity": {
"type": "string",
"required": true
},
"Timestamp": {
"type": "string",
"required": true
}
},
}
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Severity set for Vulnerability Id | |
400 | Invalid Vulnerability Severity | |
400 | Invalid DateTime | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
{
"type": "object",
"properties": {
"IsSuccess": {
"type": "boolean"",
"required": true
},
"ErrorMessage": {
"type":["string", "null"]",
"required": true
},
"Reason": {
"type": ["string", "null"]",
"required": true
}
},
}
/AppSpiderEnterprise/rest/v1/Finding/GetAttackName Description Retrieves the attack name for a vulnerability
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the attack name | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
{
"type": "object",
"properties": {
"AttackId": {
"type":["string", "null"]",
"required": true
},
"IsSuccess": {
"type": "boolean"",
"required": true
},
"ErrorMessage": {
"type":["string", "null"]",
"required": true
},
"Reason": {
"type": ["string", "null"]",
"required": true
}
},
}