Findings Management
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities
Description Retrieves the list of vulnerabilities
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains list of findings |
Response example:
JSON schema:
1{2"type":"object",3"properties": {4"Findings": {5"type":"array",6"items": {7"type":"object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"VulnType": {14"type":["string", "null"],15"required": true16},17"VulnParam": {18"type":["string", "null"],19"required": true20},21"VulnUrl": {22"type":["string", "null"],23"required": true24},25"TargetId": {26"type":["string", "null"],27"required": true28},29"DiscoveredDate": {30"type":["string", "null"],31"required": true32},33"AttackScore": {34"type":["string", "null"],35"required": true36},37"Status": {38"type":"string",39"required": true40},41"Description": {42"type":["string", "null"],43"required": true44},45"Recommendation": {46"type":["string", "null"],47"required": true48},49"OriginalTraffic": {50"type":["string", "null"],51"required": true52},53"Capec": {54"type":["integer", "null"],55"required": true56},57"DissaAsc": {58"type":["integer", "null"],59"required": true60},61"Owasp07": {62"type":["integer", "null"],63"required": true64},65"Owasp10": {66"type":["integer", "null"],67"required": true68},69"Owasp13": {70"type":["integer", "null"],71"required": true72},73"Oval": {74"type":["integer", "null"],75"required": true76},77"CweId":{78"type":["integer", "null"],79"required": true80},81"ResourceId": {82"type":["string", "null"],83"required": true84},85"AttackType": {86"type":["string", "null"],87"required": true88},89"TargetHost": {90"type":["string", "null"],91"required": true92},93"LatestDetectedDate": {94"type":"string",95"required": true96},97"NormalizedPostParams": {98"type":["string", "null"],99"required": true100},101"HtmlEntityAttacked": {102"type":["string", "null"],103"required": true104},105"Method": {106"type":"string",107"required": true108},109"AttackVulnerabilities": {110"type":["array", "null"],111"required": true112},113"items": {114"type":"object",115"properties": {116"Id": {117"type":"string",118"required": true119},120"Value": {121"type":["string", "null"],122"required": true123},124"PostParams": {125"type":["string", "null"],126"required": true127},128"Url": {129"type":["string", "null"],130"required": true131},132"AttackMatchedString": {133"type":["string", "null"],134"required": true135},136"VulnerabilityId": {137"type":"string",138"required": true139},140"AttackTraffics": {141"type":["array", "null"],142"items": {143"type":"object",144"properties": {145"Id": {146"type":"string",147"required": true148},149"Request": {150"type":["string", "null"],151"required": true152},153"Response": {154"type":["string", "null"],155"required": true156},157"Benign": {158"type":["boolean", "null"],159"required": true160}161},162"additionalProperties": false163}164}165},166"additionalProperties": false167}168}169},170"additionalProperties": false171}172},173"IsSuccess": {174"type": "boolean",175"required": true176},177"ErrorMessage": {178"type":["string", "null"],179"required": true180},181"Reason": {182"type":["string", "null"],183"required": true184}185},186"additionalProperties": false187}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities
Description Retrieves the list of vulnerabilities for the client by the scan id
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanId | guid[] | Y | The scan id |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Id does not exist in client |
Response example:
json
1{2"type":"object",3"properties": {4"Findings": {5"type":"array",6"items": {7"type":"object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"VulnType": {14"type":["string", "null"],15"required": true16},17"VulnParam": {18"type":["string", "null"],19"required": true20},21"VulnUrl": {22"type":["string", "null"],23"required": true24},25"TargetId": {26"type":["string", "null"],27"required": true28},29"DiscoveredDate": {30"type":["string", "null"],31"required": true32},33"AttackScore": {34"type":["string", "null"],35"required": true36},37"Status": {38"type":"string",39"required": true40},41"Description": {42"type":["string", "null"],43"required": true44},45"Recommendation": {46"type":["string", "null"],47"required": true48},49"OriginalTraffic": {50"type":["string", "null"],51"required": true52},53"Capec": {54"type":["integer", "null"],55"required": true56},57"DissaAsc": {58"type":["integer", "null"],59"required": true60},61"Owasp07": {62"type":["integer", "null"],63"required": true64},65"Owasp10": {66"type":["integer", "null"],67"required": true68},69"Owasp13": {70"type":["integer", "null"],71"required": true72},73"Oval": {74"type":["integer", "null"],75"required": true76},77"CweId":{78"type":["integer", "null"],79"required": true80},81"ResourceId": {82"type":["string", "null"],83"required": true84},85"AttackType": {86"type":["string", "null"],87"required": true88},89"TargetHost": {90"type":["string", "null"],91"required": true92},93"LatestDetectedDate": {94"type":"string",95"required": true96},97"NormalizedPostParams": {98"type":["string", "null"],99"required": true100},101"HtmlEntityAttacked": {102"type":["string", "null"],103"required": true104},105"Method": {106"type":"string",107"required": true108},109"AttackVulnerabilities": {110"type":["array", "null"],111"required": true112},113"items": {114"type":"object",115"properties": {116"Id": {117"type":"string",118"required": true119},120"Value": {121"type":["string", "null"],122"required": true123},124"PostParams": {125"type":["string", "null"],126"required": true127},128"Url": {129"type":["string", "null"],130"required": true131},132"AttackMatchedString": {133"type":["string", "null"],134"required": true135},136"VulnerabilityId": {137"type":"string",138"required": true139},140"AttackTraffics": {141"type":["array", "null"],142"items": {143"type":"object",144"properties": {145"Id": {146"type":"string",147"required": true148},149"Request": {150"type":["string", "null"],151"required": true152},153"Response": {154"type":["string", "null"],155"required": true156},157"Benign": {158"type":["boolean", "null"],159"required": true160}161},162"additionalProperties": false163}164}165},166"additionalProperties": false167}168}169},170"additionalProperties": false171}172},173"IsSuccess": {174"type": "boolean",175"required": true176},177"ErrorMessage": {178"type":["string", "null"],179"required": true180},181"Reason": {182"type":["string", "null"],183"required": true184}185},186"additionalProperties": false187}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities
Description Retrieves the list of vulnerabilities for the client by the scan id with paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanId | guid[] | Y | The scan id |
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Id does not exist in client |
Response example:
json
1{2"type":"object",3"properties": {4"Findings": {5"type":"array",6"items": {7"type":"object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"VulnType": {14"type":["string", "null"],15"required": true16},17"VulnParam": {18"type":["string", "null"],19"required": true20},21"VulnUrl": {22"type":["string", "null"],23"required": true24},25"TargetId": {26"type":["string", "null"],27"required": true28},29"DiscoveredDate": {30"type":["string", "null"],31"required": true32},33"AttackScore": {34"type":["string", "null"],35"required": true36},37"Status": {38"type":"string",39"required": true40},41"Description": {42"type":["string", "null"],43"required": true44},45"Recommendation": {46"type":["string", "null"],47"required": true48},49"OriginalTraffic": {50"type":["string", "null"],51"required": true52},53"Capec": {54"type":["integer", "null"],55"required": true56},57"DissaAsc": {58"type":["integer", "null"],59"required": true60},61"Owasp07": {62"type":["integer", "null"],63"required": true64},65"Owasp10": {66"type":["integer", "null"],67"required": true68},69"Owasp13": {70"type":["integer", "null"],71"required": true72},73"Oval": {74"type":["integer", "null"],75"required": true76},77"CweId":{78"type":["integer", "null"],79"required": true80},81"ResourceId": {82"type":["string", "null"],83"required": true84},85"AttackType": {86"type":["string", "null"],87"required": true88},89"TargetHost": {90"type":["string", "null"],91"required": true92},93"LatestDetectedDate": {94"type":"string",95"required": true96},97"NormalizedPostParams": {98"type":["string", "null"],99"required": true100},101"HtmlEntityAttacked": {102"type":["string", "null"],103"required": true104},105"Method": {106"type":"string",107"required": true108},109"AttackVulnerabilities": {110"type":["array", "null"],111"required": true112},113"items": {114"type":"object",115"properties": {116"Id": {117"type":"string",118"required": true119},120"Value": {121"type":["string", "null"],122"required": true123},124"PostParams": {125"type":["string", "null"],126"required": true127},128"Url": {129"type":["string", "null"],130"required": true131},132"AttackMatchedString": {133"type":["string", "null"],134"required": true135},136"VulnerabilityId": {137"type":"string",138"required": true139},140"AttackTraffics": {141"type":["array", "null"],142"items": {143"type":"object",144"properties": {145"Id": {146"type":"string",147"required": true148},149"Request": {150"type":["string", "null"],151"required": true152},153"Response": {154"type":["string", "null"],155"required": true156},157"Benign": {158"type":["boolean", "null"],159"required": true160}161},162"additionalProperties": false163}164}165},166"additionalProperties": false167}168}169},170"additionalProperties": false171}172},173"IsSuccess": {174"type": "boolean",175"required": true176},177"ErrorMessage": {178"type":["string", "null"],179"required": true180},181"Reason": {182"type":["string", "null"],183"required": true184}185},186"additionalProperties": false187}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities
Description Retrieves the list of vulnerabilities for the client by the scan config name
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanConfigName | string | Y | The scan config name |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Config Name does not exist in client |
Response example:
json
1{2"type":"object",3"properties": {4"Findings": {5"type":"array",6"items": {7"type":"object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"VulnType": {14"type":["string", "null"],15"required": true16},17"VulnParam": {18"type":["string", "null"],19"required": true20},21"VulnUrl": {22"type":["string", "null"],23"required": true24},25"TargetId": {26"type":["string", "null"],27"required": true28},29"DiscoveredDate": {30"type":["string", "null"],31"required": true32},33"AttackScore": {34"type":["string", "null"],35"required": true36},37"Status": {38"type":"string",39"required": true40},41"Description": {42"type":["string", "null"],43"required": true44},45"Recommendation": {46"type":["string", "null"],47"required": true48},49"OriginalTraffic": {50"type":["string", "null"],51"required": true52},53"Capec": {54"type":["integer", "null"],55"required": true56},57"DissaAsc": {58"type":["integer", "null"],59"required": true60},61"Owasp07": {62"type":["integer", "null"],63"required": true64},65"Owasp10": {66"type":["integer", "null"],67"required": true68},69"Owasp13": {70"type":["integer", "null"],71"required": true72},73"Oval": {74"type":["integer", "null"],75"required": true76},77"CweId":{78"type":["integer", "null"],79"required": true80},81"ResourceId": {82"type":["string", "null"],83"required": true84},85"AttackType": {86"type":["string", "null"],87"required": true88},89"TargetHost": {90"type":["string", "null"],91"required": true92},93"LatestDetectedDate": {94"type":"string",95"required": true96},97"NormalizedPostParams": {98"type":["string", "null"],99"required": true100},101"HtmlEntityAttacked": {102"type":["string", "null"],103"required": true104},105"Method": {106"type":"string",107"required": true108},109"AttackVulnerabilities": {110"type":["array", "null"],111"required": true112},113"items": {114"type":"object",115"properties": {116"Id": {117"type":"string",118"required": true119},120"Value": {121"type":["string", "null"],122"required": true123},124"PostParams": {125"type":["string", "null"],126"required": true127},128"Url": {129"type":["string", "null"],130"required": true131},132"AttackMatchedString": {133"type":["string", "null"],134"required": true135},136"VulnerabilityId": {137"type":"string",138"required": true139},140"AttackTraffics": {141"type":["array", "null"],142"items": {143"type":"object",144"properties": {145"Id": {146"type":"string",147"required": true148},149"Request": {150"type":["string", "null"],151"required": true152},153"Response": {154"type":["string", "null"],155"required": true156},157"Benign": {158"type":["boolean", "null"],159"required": true160}161},162"additionalProperties": false163}164}165},166"additionalProperties": false167}168}169},170"additionalProperties": false171}172},173"IsSuccess": {174"type": "boolean",175"required": true176},177"ErrorMessage": {178"type":["string", "null"],179"required": true180},181"Reason": {182"type":["string", "null"],183"required": true184}185},186"additionalProperties": false187}
/AppSpiderEnterprise/rest/v1/Finding/GetVulnerabilities
Description Retrieves the list of vulnerabilities for the client by the scan config name with paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
scanConfigName | string | Y | The scan config name |
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of findings | |
400 | Scan Config Name does not exist in client |
Response example:
json
1{2"type":"object",3"properties": {4"Findings": {5"type":"array",6"items": {7"type":"object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"VulnType": {14"type":["string", "null"],15"required": true16},17"VulnParam": {18"type":["string", "null"],19"required": true20},21"VulnUrl": {22"type":["string", "null"],23"required": true24},25"TargetId": {26"type":["string", "null"],27"required": true28},29"DiscoveredDate": {30"type":["string", "null"],31"required": true32},33"AttackScore": {34"type":["string", "null"],35"required": true36},37"Status": {38"type":"string",39"required": true40},41"Description": {42"type":["string", "null"],43"required": true44},45"Recommendation": {46"type":["string", "null"],47"required": true48},49"OriginalTraffic": {50"type":["string", "null"],51"required": true52},53"Capec": {54"type":["integer", "null"],55"required": true56},57"DissaAsc": {58"type":["integer", "null"],59"required": true60},61"Owasp07": {62"type":["integer", "null"],63"required": true64},65"Owasp10": {66"type":["integer", "null"],67"required": true68},69"Owasp13": {70"type":["integer", "null"],71"required": true72},73"Oval": {74"type":["integer", "null"],75"required": true76},77"CweId":{78"type":["integer", "null"],79"required": true80},81"ResourceId": {82"type":["string", "null"],83"required": true84},85"AttackType": {86"type":["string", "null"],87"required": true88},89"TargetHost": {90"type":["string", "null"],91"required": true92},93"LatestDetectedDate": {94"type":"string",95"required": true96},97"NormalizedPostParams": {98"type":["string", "null"],99"required": true100},101"HtmlEntityAttacked": {102"type":["string", "null"],103"required": true104},105"Method": {106"type":"string",107"required": true108},109"AttackVulnerabilities": {110"type":["array", "null"],111"required": true112},113"items": {114"type":"object",115"properties": {116"Id": {117"type":"string",118"required": true119},120"Value": {121"type":["string", "null"],122"required": true123},124"PostParams": {125"type":["string", "null"],126"required": true127},128"Url": {129"type":["string", "null"],130"required": true131},132"AttackMatchedString": {133"type":["string", "null"],134"required": true135},136"VulnerabilityId": {137"type":"string",138"required": true139},140"AttackTraffics": {141"type":["array", "null"],142"items": {143"type":"object",144"properties": {145"Id": {146"type":"string",147"required": true148},149"Request": {150"type":["string", "null"],151"required": true152},153"Response": {154"type":["string", "null"],155"required": true156},157"Benign": {158"type":["boolean", "null"],159"required": true160}161},162"additionalProperties": false163}164}165},166"additionalProperties": false167}168}169},170"additionalProperties": false171}172},173"IsSuccess": {174"type": "boolean",175"required": true176},177"ErrorMessage": {178"type":["string", "null"],179"required": true180},181"Reason": {182"type":["string", "null"],183"required": true184}185},186"additionalProperties": false187}
/AppSpiderEnterprise/rest/v1/Finding/GetStatuses
Description Retrieves the list of possible statuses for a vulnerability
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of vulnerability status types |
Response example:
Returned list of Statuses for a vulnerability (case-sensitive) ⦁ "Verified" ⦁ "Fixed" ⦁ "Ignored" ⦁ "Unreviewed" The remaining Statuses will only appear if the "customStatusesEnabled" flag is set to "true" in NTOE.config ⦁ "FalsePositive" ⦁ "CompensatingControls" ⦁ "AcceptableUse" ⦁ "AcceptableRisk" ⦁ "Duplicate" ⦁ "Other" ⦁ "Unknown"
/AppSpiderEnterprise/rest/v1/Finding/GetSeverities
Description Retrieves the list of possible severities for a vulnerability
Parameters No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of vulnerability severity types |
Response example:
Returned list of Severities for a vulnerability (case-sensitive) ⦁ "0-Safe" ⦁ "1-Info" ⦁ "2-Low" ⦁ "3-Med" ⦁ "4-High"
/AppSpiderEnterprise/rest/v1/Finding/UpdateStatus
Description Updates a vulnerability's status
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Request Body
Parameters | Type | Required | Description |
---|---|---|---|
Status | string | Y | The status name |
Timestamp | DateTime | N | The UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00 |
Request example:
json
1{2"type": "object",3"properties": {4"Status": {5"type": "string",6"required": true7},8"Timestamp": {9"type": "string"",10"required": true11}12},13}
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Status set for Vulnerability Id | |
400 | Invalid Vulnerability Status | |
400 | Invalid DateTime | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
json
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean"",6"required": true7},8"ErrorMessage": {9"type":["string", "null"]",10"required": true11},12"Reason": {13"type": ["string", "null"]",14"required": true15}16},17}
/AppSpiderEnterprise/rest/v1/Finding/UpdateSeverity
Description Updates a vulnerability's severity
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Request Body
Parameters | Type | Required | Description |
---|---|---|---|
Severity | string | Y | The Severity name |
Timestamp | DateTime | N | The UTC Timestamp in ISO 8601 format i.e. 2019-05-23T12:05:00 |
Request example:
json
1{2"type": "object",3"properties": {4"Severity": {5"type": "string",6"required": true7},8"Timestamp": {9"type": "string",10"required": true11}12},13}
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Severity set for Vulnerability Id | |
400 | Invalid Vulnerability Severity | |
400 | Invalid DateTime | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
json
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean"",6"required": true7},8"ErrorMessage": {9"type":["string", "null"]",10"required": true11},12"Reason": {13"type": ["string", "null"]",14"required": true15}16},17}
/AppSpiderEnterprise/rest/v1/Finding/GetAttackName
Description Retrieves the attack name for a vulnerability
Request Parameters
Parameters | Type | Required | Description |
---|---|---|---|
vulnerabilityId | guid[] | Y | The vulnerability id |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the attack name | |
400 | NotFound | Vulnerability Id does not exist |
Response example:
json
1{2"type": "object",3"properties": {4"AttackId": {5"type":["string", "null"]",6"required": true7},8"IsSuccess": {9"type": "boolean"",10"required": true11},12"ErrorMessage": {13"type":["string", "null"]",14"required": true15},16"Reason": {17"type": ["string", "null"]",18"required": true19}20},21}