Findings Management | AppSpider Documentation

/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities

Parameters No parameters

Response Messages

Response status codeReasonDescription
200Response contains list of findings

Response example:

{ "type":"object", "properties": { "Findings": { "type":"array", "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "VulnType": { "type":["string", "null"], "required": true }, "VulnParam": { "type":["string", "null"], "required": true }, "VulnUrl": { "type":["string", "null"], "required": true }, "TargetId": { "type":["string", "null"], "required": true }, "DiscoveredDate": { "type":["string", "null"], "required": true }, "AttackScore": { "type":["string", "null"], "required": true }, "Status": { "type":"string", "required": true }, "Description": { "type":["string", "null"], "required": true }, "Recommendation": { "type":["string", "null"], "required": true }, "OriginalTraffic": { "type":["string", "null"], "required": true }, "Capec": { "type":["integer", "null"], "required": true }, "DissaAsc": { "type":["integer", "null"], "required": true }, "Owasp07": { "type":["integer", "null"], "required": true }, "Owasp10": { "type":["integer", "null"], "required": true }, "Owasp13": { "type":["integer", "null"], "required": true }, "Oval": { "type":["integer", "null"], "required": true }, "CweId":{ "type":["integer", "null"], "required": true }, "ResourceId": { "type":["string", "null"], "required": true }, "AttackType": { "type":["string", "null"], "required": true }, "TargetHost": { "type":["string", "null"], "required": true }, "LatestDetectedDate": { "type":"string", "required": true }, "NormalizedPostParams": { "type":["string", "null"], "required": true }, "HtmlEntityAttacked": { "type":["string", "null"], "required": true }, "Method": { "type":"string", "required": true }, "AttackVulnerabilities": { "type":["array", "null"], "required": true }, "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Value": { "type":["string", "null"], "required": true }, "PostParams": { "type":["string", "null"], "required": true }, "Url": { "type":["string", "null"], "required": true }, "AttackMatchedString": { "type":["string", "null"], "required": true }, "VulnerabilityId": { "type":"string", "required": true }, "AttackTraffics": { "type":["array", "null"], "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Request": { "type":["string", "null"], "required": true }, "Response": { "type":["string", "null"], "required": true }, "Benign": { "type":["boolean", "null"], "required": true } }, "additionalProperties": false } } }, "additionalProperties": false } } }, "additionalProperties": false } }, "IsSuccess": { "type": "boolean", "required": true }, "ErrorMessage": { "type":["string", "null"], "required": true }, "Reason": { "type":["string", "null"], "required": true } }, "additionalProperties": false }

/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan id

Parameters

ParametersTypeRequiredDescription
scanIdguid[]YThe scan id

Response Messages

Response status codeReasonDescription
200Response contains the list of findings
400Scan Id does not exist in client

Response example:

{ "type":"object", "properties": { "Findings": { "type":"array", "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "VulnType": { "type":["string", "null"], "required": true }, "VulnParam": { "type":["string", "null"], "required": true }, "VulnUrl": { "type":["string", "null"], "required": true }, "TargetId": { "type":["string", "null"], "required": true }, "DiscoveredDate": { "type":["string", "null"], "required": true }, "AttackScore": { "type":["string", "null"], "required": true }, "Status": { "type":"string", "required": true }, "Description": { "type":["string", "null"], "required": true }, "Recommendation": { "type":["string", "null"], "required": true }, "OriginalTraffic": { "type":["string", "null"], "required": true }, "Capec": { "type":["integer", "null"], "required": true }, "DissaAsc": { "type":["integer", "null"], "required": true }, "Owasp07": { "type":["integer", "null"], "required": true }, "Owasp10": { "type":["integer", "null"], "required": true }, "Owasp13": { "type":["integer", "null"], "required": true }, "Oval": { "type":["integer", "null"], "required": true }, "CweId":{ "type":["integer", "null"], "required": true }, "ResourceId": { "type":["string", "null"], "required": true }, "AttackType": { "type":["string", "null"], "required": true }, "TargetHost": { "type":["string", "null"], "required": true }, "LatestDetectedDate": { "type":"string", "required": true }, "NormalizedPostParams": { "type":["string", "null"], "required": true }, "HtmlEntityAttacked": { "type":["string", "null"], "required": true }, "Method": { "type":"string", "required": true }, "AttackVulnerabilities": { "type":["array", "null"], "required": true }, "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Value": { "type":["string", "null"], "required": true }, "PostParams": { "type":["string", "null"], "required": true }, "Url": { "type":["string", "null"], "required": true }, "AttackMatchedString": { "type":["string", "null"], "required": true }, "VulnerabilityId": { "type":"string", "required": true }, "AttackTraffics": { "type":["array", "null"], "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Request": { "type":["string", "null"], "required": true }, "Response": { "type":["string", "null"], "required": true }, "Benign": { "type":["boolean", "null"], "required": true } }, "additionalProperties": false } } }, "additionalProperties": false } } }, "additionalProperties": false } }, "IsSuccess": { "type": "boolean", "required": true }, "ErrorMessage": { "type":["string", "null"], "required": true }, "Reason": { "type":["string", "null"], "required": true } }, "additionalProperties": false }

/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan id with paging

Parameters

ParametersTypeRequiredDescription
scanIdguid[]YThe scan id
pageintYThe page of results to return (page starts at 0)
pageSizeintYThe number of results to return per page

Response Messages

Response status codeReasonDescription
200Response contains the list of findings
400Scan Id does not exist in client

Response example:

{ "type":"object", "properties": { "Findings": { "type":"array", "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "VulnType": { "type":["string", "null"], "required": true }, "VulnParam": { "type":["string", "null"], "required": true }, "VulnUrl": { "type":["string", "null"], "required": true }, "TargetId": { "type":["string", "null"], "required": true }, "DiscoveredDate": { "type":["string", "null"], "required": true }, "AttackScore": { "type":["string", "null"], "required": true }, "Status": { "type":"string", "required": true }, "Description": { "type":["string", "null"], "required": true }, "Recommendation": { "type":["string", "null"], "required": true }, "OriginalTraffic": { "type":["string", "null"], "required": true }, "Capec": { "type":["integer", "null"], "required": true }, "DissaAsc": { "type":["integer", "null"], "required": true }, "Owasp07": { "type":["integer", "null"], "required": true }, "Owasp10": { "type":["integer", "null"], "required": true }, "Owasp13": { "type":["integer", "null"], "required": true }, "Oval": { "type":["integer", "null"], "required": true }, "CweId":{ "type":["integer", "null"], "required": true }, "ResourceId": { "type":["string", "null"], "required": true }, "AttackType": { "type":["string", "null"], "required": true }, "TargetHost": { "type":["string", "null"], "required": true }, "LatestDetectedDate": { "type":"string", "required": true }, "NormalizedPostParams": { "type":["string", "null"], "required": true }, "HtmlEntityAttacked": { "type":["string", "null"], "required": true }, "Method": { "type":"string", "required": true }, "AttackVulnerabilities": { "type":["array", "null"], "required": true }, "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Value": { "type":["string", "null"], "required": true }, "PostParams": { "type":["string", "null"], "required": true }, "Url": { "type":["string", "null"], "required": true }, "AttackMatchedString": { "type":["string", "null"], "required": true }, "VulnerabilityId": { "type":"string", "required": true }, "AttackTraffics": { "type":["array", "null"], "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Request": { "type":["string", "null"], "required": true }, "Response": { "type":["string", "null"], "required": true }, "Benign": { "type":["boolean", "null"], "required": true } }, "additionalProperties": false } } }, "additionalProperties": false } } }, "additionalProperties": false } }, "IsSuccess": { "type": "boolean", "required": true }, "ErrorMessage": { "type":["string", "null"], "required": true }, "Reason": { "type":["string", "null"], "required": true } }, "additionalProperties": false }

/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan config name

Parameters

ParametersTypeRequiredDescription
scanConfigNamestringYThe scan config name

Response Messages

Response status codeReasonDescription
200Response contains the list of findings
400Scan Config Name does not exist in client

Response example:

{ "type":"object", "properties": { "Findings": { "type":"array", "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "VulnType": { "type":["string", "null"], "required": true }, "VulnParam": { "type":["string", "null"], "required": true }, "VulnUrl": { "type":["string", "null"], "required": true }, "TargetId": { "type":["string", "null"], "required": true }, "DiscoveredDate": { "type":["string", "null"], "required": true }, "AttackScore": { "type":["string", "null"], "required": true }, "Status": { "type":"string", "required": true }, "Description": { "type":["string", "null"], "required": true }, "Recommendation": { "type":["string", "null"], "required": true }, "OriginalTraffic": { "type":["string", "null"], "required": true }, "Capec": { "type":["integer", "null"], "required": true }, "DissaAsc": { "type":["integer", "null"], "required": true }, "Owasp07": { "type":["integer", "null"], "required": true }, "Owasp10": { "type":["integer", "null"], "required": true }, "Owasp13": { "type":["integer", "null"], "required": true }, "Oval": { "type":["integer", "null"], "required": true }, "CweId":{ "type":["integer", "null"], "required": true }, "ResourceId": { "type":["string", "null"], "required": true }, "AttackType": { "type":["string", "null"], "required": true }, "TargetHost": { "type":["string", "null"], "required": true }, "LatestDetectedDate": { "type":"string", "required": true }, "NormalizedPostParams": { "type":["string", "null"], "required": true }, "HtmlEntityAttacked": { "type":["string", "null"], "required": true }, "Method": { "type":"string", "required": true }, "AttackVulnerabilities": { "type":["array", "null"], "required": true }, "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Value": { "type":["string", "null"], "required": true }, "PostParams": { "type":["string", "null"], "required": true }, "Url": { "type":["string", "null"], "required": true }, "AttackMatchedString": { "type":["string", "null"], "required": true }, "VulnerabilityId": { "type":"string", "required": true }, "AttackTraffics": { "type":["array", "null"], "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Request": { "type":["string", "null"], "required": true }, "Response": { "type":["string", "null"], "required": true }, "Benign": { "type":["boolean", "null"], "required": true } }, "additionalProperties": false } } }, "additionalProperties": false } } }, "additionalProperties": false } }, "IsSuccess": { "type": "boolean", "required": true }, "ErrorMessage": { "type":["string", "null"], "required": true }, "Reason": { "type":["string", "null"], "required": true } }, "additionalProperties": false }

/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities Description Retrieves the list of vulnerabilities for the client by the scan config name with paging

Parameters

ParametersTypeRequiredDescription
scanConfigNamestringYThe scan config name
pageintYThe page of results to return (page starts at 0)
pageSizeintYThe number of results to return per page

Response Messages

Response status codeReasonDescription
200Response contains the list of findings
400Scan Config Name does not exist in client

Response example:

{ "type":"object", "properties": { "Findings": { "type":"array", "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "VulnType": { "type":["string", "null"], "required": true }, "VulnParam": { "type":["string", "null"], "required": true }, "VulnUrl": { "type":["string", "null"], "required": true }, "TargetId": { "type":["string", "null"], "required": true }, "DiscoveredDate": { "type":["string", "null"], "required": true }, "AttackScore": { "type":["string", "null"], "required": true }, "Status": { "type":"string", "required": true }, "Description": { "type":["string", "null"], "required": true }, "Recommendation": { "type":["string", "null"], "required": true }, "OriginalTraffic": { "type":["string", "null"], "required": true }, "Capec": { "type":["integer", "null"], "required": true }, "DissaAsc": { "type":["integer", "null"], "required": true }, "Owasp07": { "type":["integer", "null"], "required": true }, "Owasp10": { "type":["integer", "null"], "required": true }, "Owasp13": { "type":["integer", "null"], "required": true }, "Oval": { "type":["integer", "null"], "required": true }, "CweId":{ "type":["integer", "null"], "required": true }, "ResourceId": { "type":["string", "null"], "required": true }, "AttackType": { "type":["string", "null"], "required": true }, "TargetHost": { "type":["string", "null"], "required": true }, "LatestDetectedDate": { "type":"string", "required": true }, "NormalizedPostParams": { "type":["string", "null"], "required": true }, "HtmlEntityAttacked": { "type":["string", "null"], "required": true }, "Method": { "type":"string", "required": true }, "AttackVulnerabilities": { "type":["array", "null"], "required": true }, "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Value": { "type":["string", "null"], "required": true }, "PostParams": { "type":["string", "null"], "required": true }, "Url": { "type":["string", "null"], "required": true }, "AttackMatchedString": { "type":["string", "null"], "required": true }, "VulnerabilityId": { "type":"string", "required": true }, "AttackTraffics": { "type":["array", "null"], "items": { "type":"object", "properties": { "Id": { "type":"string", "required": true }, "Request": { "type":["string", "null"], "required": true }, "Response": { "type":["string", "null"], "required": true }, "Benign": { "type":["boolean", "null"], "required": true } }, "additionalProperties": false } } }, "additionalProperties": false } } }, "additionalProperties": false } }, "IsSuccess": { "type": "boolean", "required": true }, "ErrorMessage": { "type":["string", "null"], "required": true }, "Reason": { "type":["string", "null"], "required": true } }, "additionalProperties": false }

/AppSpiderEnterprise/rest/v1/Finding/GetStatuses Description Retrieves the list of possible statuses for a vulnerability

Parameters No parameters

Response Messages

Response status codeReasonDescription
200Response contains the list of vulnerability status types

Response example:

Returned list of Statuses for a vulnerability (case-sensitive) ⦁ “Verified” ⦁ “Fixed” ⦁ “Ignored” ⦁ “Unreviewed” The remaining Statuses will only appear if the “customStatusesEnabled” flag is set to “true” in NTOE.config ⦁ “FalsePositive” ⦁ “CompensatingControls” ⦁ “AcceptableUse” ⦁ “AcceptableRisk” ⦁ “Duplicate” ⦁ “Other” ⦁ “Unknown” /AppSpiderEnterprise/rest/v1/Finding/GetSeverities Description Retrieves the list of possible severities for a vulnerability

Parameters No parameters

Response Messages

Response status codeReasonDescription
200Response contains the list of vulnerability severity types

Response example:

Returned list of Severities for a vulnerability (case-sensitive) ⦁ “0-Safe” ⦁ “1-Info” ⦁ “2-Low” ⦁ “3-Med” ⦁ “4-High” /AppSpiderEnterprise/rest/v1/Finding/UpdateStatus Description Updates a vulnerability’s status

Request Parameters

ParametersTypeRequiredDescription
vulnerabilityIdguid[]YThe vulnerability id

Request Body

ParametersTypeRequiredDescription
StatusstringYThe status name
TimestampDateTimeNThe UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00
If the TimeStamp is not passed in, the Status will be updated with current UTC time.
If the ChangeDate of the Vulnerability is later than the TimeStamp than this request will be ignored.

Request example:

{ "type": "object", "properties": { "Status": { "type": "string", "required": true }, "Timestamp": { "type": "string"", "required": true } }, }

Response Messages

Response status codeReasonDescription
200Status set for Vulnerability Id
400Invalid Vulnerability Status
400Invalid DateTime
400NotFoundVulnerability Id does not exist

Response example:

{ "type": "object", "properties": { "IsSuccess": { "type": "boolean"", "required": true }, "ErrorMessage": { "type":["string", "null"]", "required": true }, "Reason": { "type": ["string", "null"]", "required": true } }, }

/AppSpiderEnterprise/rest/v1/Finding/UpdateSeverity Description Updates a vulnerability’s severity

Request Parameters

ParametersTypeRequiredDescription
vulnerabilityIdguid[]YThe vulnerability id

Request Body

ParametersTypeRequiredDescription
SeveritystringYThe Severity name
TimestampDateTimeNThe UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00
If the TimeStamp is not passed in, the Severity will be updated with current UTC time.
If the ChangeDate of the Vulnerability is later than the TimeStamp than this request will be ignored.

Request example:

{ "type": "object", "properties": { "Severity": { "type": "string", "required": true }, "Timestamp": { "type": "string", "required": true } }, }

Response Messages

Response status codeReasonDescription
200Severity set for Vulnerability Id
400Invalid Vulnerability Severity
400Invalid DateTime
400NotFoundVulnerability Id does not exist

Response example:

{ "type": "object", "properties": { "IsSuccess": { "type": "boolean"", "required": true }, "ErrorMessage": { "type":["string", "null"]", "required": true }, "Reason": { "type": ["string", "null"]", "required": true } }, }

/AppSpiderEnterprise/rest/v1/Finding/GetAttackName Description Retrieves the attack name for a vulnerability

Request Parameters

ParametersTypeRequiredDescription
vulnerabilityIdguid[]YThe vulnerability id

Response Messages

Response status codeReasonDescription
200Response contains the attack name
400NotFoundVulnerability Id does not exist

Response example:

{ "type": "object", "properties": { "AttackId": { "type":["string", "null"]", "required": true }, "IsSuccess": { "type": "boolean"", "required": true }, "ErrorMessage": { "type":["string", "null"]", "required": true }, "Reason": { "type": ["string", "null"]", "required": true } }, }