Integrate with Quick Connect API
Welcome to the Fortra Vulnerability Management™ (Fortra VM) API guide! Our robust Quick Connect API allows you to easily access your data within Fortra VM. Perform tasks such as requesting data to use for reporting or integration with other security solutions.
The following instructions will help you construct your own scripts to interact with Fortra VM vulnerability data, asset data, and the vulnerability dictionary through its REST API.
Authentication
Each request must be sent with the API Key to authenticate your account. Additionally, each key will be valid only with the specific Frontline region that the account is using.
Keep this key secure as it carries the same privileges as your Frontline VM password.
Do not share your secret API keys on unrestricted public areas, for example, client-side code or code repositories such as GitHub!
To generate a Fortra VM API Key:
Generate a Fortra VM API Key
-
Log in to Fortra VM.
-
In the site header, select your name and choose My profile.
-
On the API Tokens tab, select Create new token.
-
In the Add New Token dialog, type the token name and select OK.
-
Below your token name, selecting Click to show key displays your API Key.
Once you have created your API key, you’ll next need to determine the appropriate regional URL your key is associated with. This defines the base URL for all of your requests with this key. This is done by sending a request to the router endpoint. The base URL may periodically change, so it is a good idea to check the route upon each session initiation, that is, at the beginning of your script.API URL
GET https://api.frontline.cloud/api/router/
$ curl -X GET "https://api.frontline.cloud/api/router/" -H "Authorization: Token YOUR_API_TOKEN"
{
"vm" : {,
"product" : "vm",
"url" : "https://vm.us.frontline.cloud/api/"
},
"was" : {
"product" : "was",
"url" : "https://was.us.frontline.cloud/api/"
}
}
Basic API Usage
All Fortra VM API requests begin with the regional base URL that you determined from above.
The next segment of the URL path depends on the resource.
For example, if your regional base URL is https://vm.frontline.cloud/api/
then use https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/
to access Active View vulnerability data.
In addition to using the HTTPS protocol, all requests must include your secret API Key.
Pagination
When making calls to the Fortra VM API, most of the time there will be a lot of results to return. For that reason, we paginate nearly all of the results to use resources efficiently.
The Fortra VM API implements pagination using the optional parameters count
and page
. Both are returned in the results as next
and previous
name / value pairs when applicable.
Parameter | Description |
---|---|
count | The integer number of records you wish to retrieve per request. Recommended minimum value is 1000. Recommended maximum value is 5000. Do not confuse this with the Default value: 25 |
page | The integer page number to which you want to navigate. Only needed if you want to start on a different page other than 1. Default value: 1 |
Results that are paginated will include the following three name / value pairs.
Name | Value |
---|---|
count | An integer value of the total number of records available. Do not confuse this with the count parameter. |
next | The full URL string for the next page of results, if applicable, otherwise set to null. |
previous | The full URL string for the previous page of results, if applicable, otherwise set to null. |
GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=500
{
"count" : 1768,
"next" : "https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=500&page=2",
"previous" : null,
"results" : [
...
...
]
}
Using Optional Parameters
Fortra VM API offers a rich set of optional parameters that allow you to tailor your requests. This gives you the flexibility to filter your results for specific data sets, sort your results, or use pagination as described above.
Filtering
Filter parameters must be prefixed with a count using the format of _x_
. Query strings from different parameter groups can all begin with 0
(zero).
For example:
&_0_iexact_host_os_type=server&_0_eq_host_rating_ddi=F
Parameters from the same parameter set must increment their count.
For example:
&_0_iin_host_os_type=server&_1_iin_host_os_type=device&_0_eq_host_rating_ddi=F
Sorting
Use the ordering
parameter to sort your results. By default, the results are ordered ascending by the parameter value used. Prefix the parameter’s value with a minus sign to sort descending. For example, sort ascending by title, ordering=title
and sort descending by title ordering=-title
.
#!/env/python
import urllib2
import json
fvmUrl = "https://vm.frontline.cloud/"
apiToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
haveAllHosts = False
vulnData = []
requestStr = fvmUrl + "api/scanresults/active/vulnerabilities/?digest=0&count=100"
while not haveAllHosts:
# include the API token in every request you make
request = urllib2.Request( requestStr, headers = {'Authorization': 'Token ' + apiToken} )
# request the data with GET
opener = urllib2.build_opener()
response = opener.open(request)
currentData = json.loads( response.read() )
vulnData.extend( currentData['results'] )
print "Have " + str(len(vulnData)) + " results of " + str(currentData['count']) + " total"
# at the top level, the "next" variable, if present,
# gives you a complete URL where you can find the continuation
# of your request results.
if( currentData['next'] != None ):
requestStr = currentData['next']
else:
haveAllHosts = True
print json.dumps(vulnData, indent=4,sort_keys=True)
List All Assets
Returns a list of all assets.
Parameter | Description |
---|---|
active_view_date_created | Sort list by when assets were last found (scanned). |
active_view_date_first_created | Sort list by date assets were first found. |
active_view_rating_ddi | Sort list by asset rating. |
active_view_status | Sort list by asset status. |
host_active_view_risk_score | Sort list by asset risk score. |
host_active_view_risk_weight | Sort list by asset risk weight. |
host_active_view_severity_ddi | Sort list by asset severity. |
hostname | Sort list by asset hostname. |
ip_address | Sort list by the asset IP address. |
is_compromised | Sort list by whether an asset is compromised or not. |
os | Sort list by the asset operating system. |
os_type | Sort list asset OS type. |
Parameter | Description |
---|---|
includeAcceptableRisk |
Use Set to |
includeHidden |
Use Set to |
GET https://vm.frontline.cloud/api/scanresults/active/hosts
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 68,
"next" : null,
"previous" : null,
"results" : [
{
"active_view_cvss_score" : 9.3,
"active_view_date_created" : "2017-11-16T05:30:29.061147Z",
"active_view_date_first_created" : "2016-02-12T02:17:10.465288Z",
"active_view_host_id" : 919750,
"active_view_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"active_view_risk_score" : 375,
"active_view_risk_weight" : 75,
"active_view_security_gpa" : 0,
"active_view_status" : "matched",
"active_view_system_security_gpa" : 0,
"active_view_version" : 145729,
"active_view_vulnerability_count" : 55,
"active_view_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
},
"weighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
}
},
"associated_webapps" : [],
"base_scan_id" : "73841_20171116T050000Z",
"date_finished" : null,
"date_started" : null,
"discovery_method" : "ping",
"dns_name" : "",
"has_notes" : true,
"hidden" : false,
"hide_from_now_on" : false,
"hostname" : "VM1WIN2008ADC",
"id" : 24503532,
"internal" : true,
"ip_address" : "172.20.97.11",
"is_compromised" : false,
"last_scanned_businessgroup" : {
"id" : 540,
"name" : "Enterprise Admins"
},
"mac_address" : "00:50:56:bc:58:d2",
"matched_status" : "matched",
"named_asset_name" : null,
"netbios_name" : "VM1WIN2008ADC",
"network_profile_id" : 126,
"network_profile_name" : "Internal Scanner Profile 2",
"notes_distribution" : {
"asset" : true,
"asset_only" : false,
"vuln_only" : false
},
"os" : "Windows Server 2008",
"os_family" : "windows",
"os_type" : "domain controller",
"partially_scanned" : false,
"pentest_status" : null,
"scan_block_id" : "158546_20171116T050000Z",
"scan_id" : "73841_20171116T050000Z",
"scan_version" : 295648,
"scan_version_active" : true,
"scan_version_cvss_score" : 9.3,
"scan_version_date_created" : "2017-11-16T05:30:29.061147Z",
"scan_version_host_id" : 24503532,
"scan_version_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"scan_version_host_severity_list" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"scan_version_risk_score" : 375,
"scan_version_risk_weight" : 75,
"scan_version_security_gpa" : 0,
"scan_version_system_security_gpa" : 0,
"scan_version_vulnerability_count" : 55,
"scan_version_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
},
"weighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
}
},
"scanner_version" : "2.2.70.1"
},
...
...
]
}
GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id>
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"active_view_cvss_score" : 9.3,
"active_view_date_created" : "2017-11-16T05:30:29.061147Z",
"active_view_date_first_created" : "2016-02-12T02:17:10.465288Z",
"active_view_host_id" : 919750,
"active_view_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"active_view_host_severity_list" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"active_view_risk_score" : 375,
"active_view_risk_weight" : 75,
"active_view_scanner_versions" : "2.2.47.2,2.2.51.0,...,2.2.70.1",
"active_view_security_gpa" : 0,
"active_view_services_list" : [
{
"port" : 53,
"protocol" : "dns",
"scan_vulnerability_count" : 0,
"transport" : "tcp",
"tunnel" : "none"
},
...
...
],
"active_view_status" : "matched",
"active_view_system_security_gpa" : 0,
"active_view_version" : 145729,
"active_view_vuln_tag_list" : [
{
"codename" : "administration",
"color" : null,
"id" : 2307,
"name" : "administration",
"tagged_by" : "system"
},
...
...
],
"active_view_vulnerability_count" : 55,
"active_view_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
},
"weighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
}
},
"associated_webapps" : [],
"base_scan_id" : "73841_20171116T050000Z",
"date_finished" : null,
"date_started" : null,
"discovery_method" : "ping",
"dns_name" : "",
"has_notes" : true,
"hidden" : false,
"hide_from_now_on" : false,
"host_tag_list" : [
{
"codename" : "administration",
"color" : null,
"id" : 2307,
"name" : "administration",
"tagged_by" : "system"
},
...
...
],
"hostname" : "VM1WIN2008ADC",
"id" : 24503532,
"internal" : true,
"ip_address" : "172.20.97.11",
"is_compromised" : false,
"last_scanned_businessgroup" : {
"id" : 540,
"name" : "Enterprise Admins"
},
"mac_address" : "00:50:56:bc:58:d2",
"matched_status" : "matched",
"named_asset_name" : null,
"netbios_name" : "VM1WIN2008ADC",
"network_profile_id" : 126,
"network_profile_name" : "Internal Scanner Profile 2",
"notes_distribution" : {
"asset" : false,
"asset_only" : false,
"vuln_only" : false
},
"os" : "Windows Server 2008",
"os_family" : "windows",
"os_type" : "domain controller",
"parent_ip_address" : "172.20.97.11",
"partially_scanned" : false,
"pentest_status" : null,
"rna" : {
"name" : null,
"proxy_port" : null
},
"scan_block_id" : "158546_20171116T050000Z",
"scan_id" : "73841_20171116T050000Z",
"scan_version" : 295648,
"scan_version_active" : true,
"scan_version_cvss_score" : 9.3,
"scan_version_date_created" : "2017-11-16T05:30:29.061147Z",
"scan_version_host_id" : 24503532,
"scan_version_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"scan_version_host_severity_list" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"scan_version_risk_score" : 375,
"scan_version_risk_weight" : 75,
"scan_version_scanner_versions" : "2.2.70.1",
"scan_version_security_gpa" : 0,
"scan_version_services_list" : [
{
"port" : 53,
"protocol" : "dns",
"scan_vulnerability_count" : 0,
"transport" : "tcp",
"tunnel" : "none"
},
...
...
],
"scan_version_system_security_gpa" : 0,
"scan_version_vulnerability_count" : 55,
"scan_version_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
},
"weighted" : {
"ddi" : {
"counts" : {
"critical" : 1,
"high" : 0,
"info" : 50,
"low" : 0,
"medium" : 2,
"none" : 0,
"trivial" : 2
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 2,
"low" : 45,
"medium" : 8
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 10,
"pass" : 45
},
"overall_security_gpa" : 0
}
}
},
"scanner_version" : "2.2.70.1",
"tag_list" : [
{
"codename" : "administration",
"color" : null,
"id" : 2307,
"name" : "administration",
"tagged_by" : "system"
},
...
...
],
"vuln_tag_list" : [
{
"codename" : "administration",
"color" : null,
"id" : 2307,
"name" : "administration",
"tagged_by" : "system"
},
...
...
]
}
GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id>/vulnerabilities
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/vulnerabilities' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 55,
"next" : "https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/vulnerabilities/?page=2",
"previous" : null,
"results" : [
{
"acceptable_risk" : true,
"active_view_date_created" : "2017-11-16T05:30:29.061147Z",
"active_view_date_first_created" : "2017-04-20T04:06:42.056220Z",
"active_view_host_id" : 919750,
"active_view_status" : "recurred",
"active_view_version" : 145729,
"cvss_score" : "9.3",
"data" : "This asset is missing the MS17-010 patch.\n\nVulnerable Response:\n ff 53 4d 42 25 05 02 00 c0 88 01 44 00 10 00 00 .SMB%......D....\n 00 00 00 00 00 00 00 00 05 80 06 00 00 08 6d 42 ..............mB\n 00 00 00 ...\n",
"date_finished" : null,
"date_started" : null,
"detect_type" : "remote",
"false_positive" : false,
"has_notes" : true,
"hidden" : false,
"hide_from_now_on" : false,
"host_hidden" : false,
"host_id" : 24503532,
"hostname" : "VM1WIN2008ADC",
"id" : 957098082,
"id_ddi" : 122051,
"ip_address" : "172.20.97.11",
"manually_added" : false,
"manually_added_fix_status_name" : null,
"matched_status" : "recurred",
"port" : 445,
"protocol" : "smb",
"scan_block_id" : "158546_20171116T050000Z",
"scan_id" : "73841_20171116T050000Z",
"scanner_version" : "2.2.70.1",
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"tag_list" : [
{
"codename" : "moderate to fix",
"color" : null,
"id" : 2304,
"name" : "moderate to fix",
"tagged_by" : "system"
},
...
...
],
"title" : "MS17-010: SMB Remote Code Execution Vulnerability (Network Check)",
"transport" : "tcp",
"tunnel" : "none",
"vuln_class" : "explicit"
},
...
...
]
}
GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id>/notes
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/notes' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
[
{
"account_user_account_id" : 115,
"account_user_email" : "barney.rubble@flintstone.com",
"account_user_id" : 7703,
"account_user_name" : "Barney Rubble",
"date_created" : "2018-04-05T18:31:41.021941Z",
"date_modified" : "2018-04-05T18:31:41.021986Z",
"host_id" : 24503532,
"id" : 1232597,
"id_ddi" : null,
"note_group_id" : 1232597,
"note_original_author" : {
"account_user_email" : "barney.rubble@flintstone.com",
"account_user_fullname" : "Barney Rubble",
"account_user_id" : 7703
},
"note_type" : "client",
"note_type_name" : "Client",
"order_number" : 0,
"scan_id" : "73841_20171116T050000Z",
"scan_name" : "Daily Assessment",
"scan_vulnerability_id" : null,
"target" : {
"data" : {
"hostname" : "VM1WIN2008ADC",
"ip_address" : "172.20.97.11"
},
"type" : "asset"
},
"ticket_metadata" : null,
"title" : null,
"value" : "For Win Team in Chicago to remediate.",
"version" : 1
}
]
List All Vulnerabilities
Returns a list of all vulnerabilities.
Parameter | Description |
---|---|
scan_vulnerability_count | Sort list by the total number of vulnerability instances per vulnerability. |
severity_ddi | Sort list by vulnerability severity. |
title | Sort list by vulnerability title. |
Parameter | Description |
---|---|
digest |
Use Set to |
includeAcceptableRisk |
Use Set to |
includeFixed |
Use Set to |
includeHidden |
Use Set to |
GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?digest=true
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/notes' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 135,
"next" : "https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=3&digest=true&ordering=-severity_ddi&page=2",
"previous" : null,
"results" : [
{
"hidden" : false,
"id_ddi" : 122051,
"matched_change" : {
"change" : -1,
"current" : 22,
"diff" : 22,
"fixed" : 0,
"new" : 1,
"recurred" : 21
},
"scan_vulnerability_count" : 22,
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"title" : "MS17-010: SMB Remote Code Execution Vulnerability (Network Check)",
"vuln_class" : "explicit"
},
{
"hidden" : false,
"id_ddi" : 113790,
"matched_change" : {
"change" : 0,
"current" : 8,
"diff" : 8,
"fixed" : 0,
"new" : 0,
"recurred" : 8
},
"scan_vulnerability_count" : 8,
"severities" : {
"ddi" : "critical",
"nvd" : "medium",
"pci" : "fail"
},
"title" : "SSL Connection: Server Vulnerable to Heartbleed Attack",
"vuln_class" : "explicit"
},
{
"hidden" : false,
"id_ddi" : 104433,
"matched_change" : {
"change" : 0,
"current" : 1,
"diff" : 1,
"fixed" : 0,
"new" : 0,
"recurred" : 1
},
"scan_vulnerability_count" : 1,
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"title" : "HTTP Easily Guessable Credentials",
"vuln_class" : "explicit"
}
]
}
GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?_0_eq_vuln_id_ddi=<id_ddi>
$ curl 'https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?_0_eq_vuln_id_ddi=104433' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 1,
"next" : null,
"previous" : null,
"results" : [
{
"acceptable_risk" : null,
"active_view_date_created" : "2018-03-27T21:00:03.678341Z",
"active_view_date_first_created" : "2018-03-12T22:53:12.586355Z",
"active_view_host_id" : 30617403,
"active_view_status" : "recurred",
"active_view_version" : 179970,
"cvss_score" : "10.0",
"data" : "Authentication Successful In Forms:\n172.20.71.98:81:\n\t/admin/index.php?page=login : /admin/index.php?page=login:\n\t\tadmin:admin\n\t/users/login.php : /users/login.php:\n\t\tadmin:admin\n\t\tguest:guest",
"date_finished" : null,
"date_started" : null,
"detect_type" : "remote",
"false_positive" : false,
"has_notes" : true,
"hidden" : false,
"hide_from_now_on" : false,
"host_hidden" : false,
"host_id" : 31414753,
"hostname" : "172.20.71.98",
"id" : 1246848690,
"id_ddi" : 104433,
"ip_address" : "172.20.71.98",
"manually_added" : false,
"manually_added_fix_status_name" : null,
"matched_status" : "recurred",
"port" : 81,
"protocol" : "http",
"scan_block_id" : "197914",
"scan_id" : "102586",
"scanner_version" : "3.0.2.1",
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"tag_list" : [
{
"codename" : "moderate to fix",
"color" : null,
"id" : 2304,
"name" : "moderate to fix",
"tagged_by" : "system"
},
{
"codename" : "web",
"color" : null,
"id" : 2303,
"name" : "web",
"tagged_by" : "system"
}
],
"title" : "HTTP Easily Guessable Credentials",
"transport" : "tcp",
"tunnel" : "none",
"vuln_class" : "explicit"
}
]
}
GET https://vm.frontline.cloud/api/scanresults/active/hosts/<host_id>/vulnerabilities/<id>/notes
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/31414753/vulnerabilities/1235054/notes' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
[
{
"account_user_account_id" : 1,
"account_user_email" : "barney.rubble@flintstone.com",
"account_user_id" : 260,
"account_user_name" : "Barney Rubble",
"date_created" : "2018-04-09T21:21:13.237611Z",
"date_modified" : "2018-04-09T21:21:13.237650Z",
"host_id" : 31414753,
"id" : 1235054,
"id_ddi" : 104433,
"note_group_id" : 1235054,
"note_original_author" : {
"account_user_email" : "barney.rubble@flintstone.com",
"account_user_fullname" : "Barney Rubble",
"account_user_id" : 260
},
"note_type" : "analyst",
"note_type_name" : "Analyst",
"order_number" : 0,
"scan_id" : "102586",
"scan_name" : "Scan Mar 27, 2018 3:38PM Don Test",
"scan_vulnerability_id" : 1246848690,
"target" : {
"data" : {
"title" : "HTTP Easily Guessable Credentials"
},
"type" : "vulnerability"
},
"ticket_metadata" : null,
"title" : null,
"value" : "Pass on to Network Team Alpha to address.",
"version" : 1
}
]
List All Active Scans
Returns a list of all active scans.
Parameter | Description |
---|---|
asset_count | Sort list by the total number of assets scanned. |
businessgroup_name | Sort list by business group. |
date_finished | Sort list by the date the scan finished. |
date_started | Sort list by the date the scan started. |
name | Sort list by scan name. |
scan_locations | Sort the list by external / internal scan location. |
status | Sort list by scan status. |
workflow | Sort list by the scan work-flow. |
Parameter | Description |
---|---|
0_in_scan_workflow | Set to one or more of the following: PCI Assessment, PCI Assessment Follow-up, Penetration Test, Penetration Test Follow-up, Threat Scan, Vulnerability Assessment, Web Application Assessment.
NOTE: All must be applied in order to retrieve results that match the FVM Scan Activity page. |
status |
Set to one or more of the following: launching, paused, pausing, blackout, queued, resuming, running, loading, canceling, canceled, completed, errored, pt_in_progress, pt_review, pt_complete, waa_workflow. NOTE: All must be applied in order to retrieve results that match the FVM Scan Activity page.
|
GET 'https://vm.frontline.cloud/api/scans’
$ curl 'https://vm.frontline.cloud/api/scans/?_0_in_scan_workflow=Penetration+Test%7CVulnerability+Assessment%7CWeb+Application+Assessment%7CThreat+Scan%7CPCI+Assessment+Follow-up%7CPCI+Assessment%7CPenetration+Test+Follow-up&count=2&ordering=-scan_locations,name,-date_finished&page=1&status=launching%7Cpaused%7Cpausing%7Cblackout%7Cqueued%7Cresuming%7Crunning%7Cloading%7Ccanceling%7Ccanceled%7Ccompleted%7Cerrored%7Cpt_in_progress%7Cpt_review%7Cpt_complete%7Cwaa_workflow' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 2996,
"next" : "https://vm.frontline.cloud/api/account/115/scans/?_0_in_scan_workflow=Penetration+Test%7CVulnerability+Assessment%7CWeb+Application+Assessment%7CThreat+Scan%7CPCI+Assessment+Follow-up%7CPCI+Assessment%7CPenetration+Test+Follow-up&count=25&ordering=-date_finished%2Cname&page=2&status=launching%7Cpaused%7Cpausing%7Cblackout%7Cqueued%7Cresuming%7Crunning%7Cloading%7Ccanceling%7Ccanceled%7Ccompleted%7Cerrored%7Cpt_in_progress%7Cpt_review%7Cpt_complete%7Cwaa_workflow",
"previous" : null,
"results" : [
{
"account" : {
"id" : 115,
"name" : "Demo Account"
},
"account_id" : 115,
"account_user" : "Administrator",
"account_user_id" : 34,
"build_reports" : false,
"businessgroups" : [
{
"id" : 540,
"name" : "Enterprise Admins"
}
],
"date_finished" : "2019-08-21T18:35:35.384192Z",
"date_modified" : "2019-08-21T18:35:35.582269Z",
"date_started" : "2019-08-21T18:01:24.682271Z",
"deleting" : false,
"description" : "",
"exclude_from_active_view" : false,
"force_target_detection" : false,,
"has_results" : false,
"host_count" : 51,
"id" : "97910_20190821T180000Z",
"name" : "Updated Weekly",
"next_event" : null,
"scan_locations" : "internal",
"scan_policy" : "Default",
"status" : "completed",
"status_message" : null,
"status_name" : "Completed",
"workflow" : "va_workflow"
},
...
]
}
GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/'
$ curl -X GET https://vm.frontline.cloud/api/scanresults/scans/97910_20190821T180000Z/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"active_view_version_id" : 348238,
"base_scan_id" : "97910_20190821T180000Z",
"businessgroups" : [
{
"id" : 540,
"name" : "Enterprise Admins"
},
]
"date_created" : "2019-08-21T18:01:24.682248Z",
"date_finished" : "2019-08-21T18:35:35.384192Z",
"date_modified" : "2019-08-21T18:35:35.582269Z",
"date_started" : "2019-08-21T18:01:24.682271Z",
"description" : "",
"exclude_from_active_view" : false,
"host_count" : 51,
"host_labels" : [],
"hosts_new_count" : 0,
"id" : "97910_20190821T180000Z",
"label_counts" : {},
"labels" : [],
"most_at_risk_hosts" : [
{
"active_view_cvss_score" : 10,
"active_view_date_created" : "2019-08-21T18:35:20.456496Z
"active_view_date_first_created" : "2015-10-02T17:18:30.216899Z",
"active_view_host_id" : 1978,
"active_view_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"active_view_risk_score" : 370,
"active_view_risk_weight" : 74,
"active_view_security_gpa" : 0,
"active_view_status" : "matched",
"active_view_system_security_gpa" : 0,},
"active_view_version" : 348238,
"active_view_security_gpa" : 0,
"active_view_vulnerability_count" : 57,
"active_view_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 5,
"high" : 0,
"info" : 0,
"low" : 17,
"medium" : 22,
"none" : 0,
"trivial" : 35
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 1,
"low" : 26,
"medium" : 30
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 1,
"pass" : 56
},
"overall_security_gpa" : 0,
}
},
"weighted" : {
...
}
},
"assessed_cis_auth" : false,
"assessed_db_auth" : false,
"assessed_os_auth" : false,
"assessed_threatscan_auth" : false,
"assessed_unauth" : true,
"associated_webapps" : [],
"auth_status" : {
"details" : {},
"extended_details" : {},
"cis" : null,
"db" : {
"mssql" : null,
"mysql" : null,
"oracle" : null,
"postgresql" : null,
}
"os" : {
"linux" : null,
"vmware" : null,
"windows" : null
}
"threatscan" : null
}
"overall" : "N/A"
}
"aws_instance_id" : null,
"base_scan_id" : "97910_20190821T180000Z",
"date_finished" : null,
"date_started" : null,
"discovery_method" : "ping",
"dns_name" : "",
"dns_smartname" : "BUFF-HEARTBLEED",
"has_antivirus" : null,
"has_crimewareable" : null,
"has_disabled_antivirus" : null,
"has_exploitable" : true,
"has_malware" : null,
"has_notes" : false,
"has_outdated_antivirus" : null,
"hidden" : false,
"hide_from_now_on" : false,
"hostname" : "BUFF-HEARTBLEED",
"id" : 60688848,
"internal" : true,
"ip_address" : "192.168.69.140",
"is_compromised" : false,
"is_retired" : false,
"last_scanned_businessgroup" : {
"id" : 540,
"name" : "Enterprise Admins"
"mac_address" : "00:50:56:8d:bf:ba",
"matched_status" : "matched",
"named_asset_name" : null,
"netbios_name" : "BUFF-HEARTBLEED",
"netbios_smartname" : "BUFF-HEARTBLEED","
"network_profile_id" : 3488,
"network_profile_name" : "Internal Scanner Profile 4",
"notes_distribution" : {"id" : 540,
"asset" : false,
"asset_only" : false,
"vuln_only" : false
},
"os" : "Ubuntu Linux",
"os_family" : "unix",
"os_type" : "server",
"partially_scanned" : false,
"pentest_status" : null,{
"scan_block_id" : "385187_20190821T180000Z",
"scan_id" : "97910_20190821T180000Z",
"scan_version" : 704088,
"scan_version_active" : true,
"scan_version_cvss_score" : 10,
"scan_version_date_created" : "2019-08-21T18:35:20.456496Z",
"scan_version_host_id" : 60688848,
"scan_version_host_rating_list" : {
"ddi" : "F",
"nvd" : "High",
"pci" : "Fail"
},
"scan_version_risk_score" : 370,
"scan_version_risk_weight" : 74,
"scan_version_security_gpa" : 0,
"scan_version_system_security_gpa" : 0,
"scan_version_vulnerability_count" : 149,
"scan_version_vulnerability_severity_counts" : {
"unweighted" : {
"ddi" : {
"counts" : {
"critical" : 5,
"high" : 0,
"info" : 92,
"low" : 17,
"medium" : 0,
"none" : 0,
"trivial" : 35,
},
"overall_security_gpa" : 0
},
"nvd" : {
"counts" : {
"high" : 1,
"low" : 118,
"medium" : 30
},
"overall_security_gpa" : 0
},
"pci" : {
"counts" : {
"fail" : 1,
"pass" : 148
},
"overall_security_gpa" : 0
}
"weighted" : {
...
}
},
"scanner_version" : "3.0.36.1"
},
...
},
"most_common_malware" : [],
"most_common_vulnerabilities" : [
{
"hidden" : false,
"id_ddi" : 104120,
"matched_change" : {
"change" : 0,
"current" : 8,
"diff" : 8,
"fixed" : 0,
"new" : 0,
"recurred" : 8
},
"scan_vulnerability_count" : 8,
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
},
"title" : "Easily Guessable SSH Credentials",
"vuln_class" : "explicit"
},
...
},
"most_vulnerabilities_on_a_host" : 149,
"name" : "Updated Weekly",
"notifications" : [],
"os_counts" : {
"CentOS" : 2,
"Debian Linux" : 2,
...
},
"os_type_counts" : {
"client" : 8,
}
"pentest_date_completed" : null,
"pentest_date_started" : null,
"pentest_rating_list" : {
"ddi" : "D",
"nvd" : "High",
"pci" : "Not Compliant",
},
"previous_scan" : {
"businessgroups" : [
{
"id" : 540,
"name" : "Enterprise Admins"
}
],
"date_created" : "2019-08-14T18:02:38.093733Z",
"date_finished" : "2019-08-14T18:33:38.425841Z",
"date_modified" : "2019-08-14T18:33:38.619703Z",
"date_started" : "2019-08-14T18:02:38.093769Z",
"description" : "",
"host_count" : 51,
"id" : "97910_20190814T180000Z",
"name" : "Updated Weekly",
"pentest_date_completed" : null,
"pentest_date_started" : null,
"pentest_rating_list" : {
"ddi" : "D",
"nvd" : "High",
"pci" : "Not Compliant"
},
"scan_id" : "97910_20190814T180000Z",
"scan_policy" : {
"id" : 8,
"name" : "Default"
},
"scan_template" : {
"id" : 97910,
"name" : "Updated Weekly"
},
"security_gpa" : 0.95,
"status" : "completed",
"status_details" : [
[
"completed",
"Internal Scanner Profile 4",
"Successfully completed scan""
]
],
"status_message" : null,
"status_name" : "Completed",
"vulnerability_count" : 334,
"workflow" : {
"codename" : "va_workflow",
"id" : 2,
"name" : "Vulnerability Assessment"
},
}
"recent_recurring_scans" : [
{
"businessgroups" : [
{
"id" : 540,[
"name" : "Enterprise Admins"[
}
]
"date_created" : "2019-08-14T18:02:38.093733Z",
"date_finished" : "2019-08-14T18:33:38.425841Z",
date_modified" : "2019-08-14T18:33:38.619703Z",
"date_started" : "2019-08-14T18:02:38.093769Z",
"description" : "",
"id" : "97910_20190814T180000Z",
"name" : "Updated Weekly",
"pentest_date_completed" : null,
"pentest_date_started" : null,
"pentest_rating_list" : {
"ddi" : "D",
"nvd" : "High",
"pci" : "Not Compliant"
},
"scan_id" : "97910_20190814T180000Z",
"scan_policy" : {
"id" : 8,
"name" : "Default"
},
"scan_template" : {
"id" : 97910,
"name" : "Updated Weekly"
},
"status" : "completed",
"status_details" : [
[
"completed",
"Internal Scanner Profile 4",
"Successfully completed scan"
]
],
"status_message" : null,
"status_name" : "Completed",
"workflow" : {
"codename" : "va_workflow",
"id" : 2,
"name" : "Vulnerability Assessment"
}
},
...
},
"scan_id" : "97910_20190821T180000Z",
"scan_policy" : {
"id" : 8,
"name" : "Default"
},
"scan_rating_list" : {
"ddi" : "D",
..."nvd" : "High",
"pci" : "Not Compliant"
},
"scan_template" : {
"id" : 97910,
"name" : "Updated Weekly"
},
"security_gpa" : 0.95,
"security_gpa_external" : 0,
"security_gpa_internal" : 0.95,
"security_gpa_letter_external" : "F",
"security_gpa_letter_internal" : "D",
"status" : "completed",
"status_details" : [
[
"completed",
"Internal Scanner Profile 4",
"Successfully completed scan"
]
],
"status_message" : null,
"status_name" : "Completed",
"vuln_labels" : [],
"vulnerability_count" : 335,
"vulnerability_severity_counts" : {,
"unweighted" :
"ddi" : {
"counts" : {
"critical" : 26,
"high" : 12"
"info" : 1227,
"low" : 103,
"medium" : 22,
"none" : 0,
"trivial" : 172
}
"distinct_counts" : {
"critical" : 8,
"high" : 8,
"info" : 83,
"low" : 25,
"medium" : 6,
"none" : 0,
"trivial" : 23
},
"distinct_total" : 153,
"overall_rating" : "",
"overall_security_gpa" : 0,
"overall_severity" : "",
"rating_sort_order" : 0,
"severity_score" : 0,
"severity_sort_order" : 0,
"total" : 1562
},
"nvd" : {
...
},
"pci" : {
...
}
}
"weighted" : {
...
}
},
"workflow" : {
"codename" : "va_workflow",
"id" : 2,
"name" : "Vulnerability Assessment"
}
}
Parameter | Description |
---|---|
active_view_date_created |
Sort list by when assets were last found (scanned). |
active_view_date_first_created | Sort list by date assets were first found. |
active_view_rating_ddi | Sort list by asset rating. |
hidden | Sort list by if asset is hidden. |
host_scan_version_risk_score | Sort list by asset risk score. |
host_scan_version_risk_weight | Sort list by asset risk weight. |
host_scan_version_severity_ddi | Sort list by asset severity. |
hostname | Sort list by asset hostname. |
ip_address | Sort list by the asset IP address. |
is_compromised | Sort list by whether an asset is compromised or not. |
os | Sort list by the asset operating system. |
os_type | Sort list by asset operating system type. |
host_partially_scanned | Sort list by if asset is only partially scanned |
GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/hosts/'
$ curl -X GET https://vm.frontline.cloud/api/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=50&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi,-scan_vulnerability_count,title&page=1' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 51,
"next" :
"https://vm.frontline.cloud/api/account/115/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=2&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi%2C-scan_vulnerability_count%2Ctitle&page=2",
"previous" : null,
"results" : [
{
"cvss_score" : "7.5",
"hidden" : false,
"id_ddi" : 104120,
"matched_change" : {
"change" : 0,
"change" : 0,
"diff" : 8,
"fixed" : 0,
"new" : 0,
"recurred" : 8
}
"scan_vulnerability_count" : 8,
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
}
"title" : "Easily Guessable SSH Credentials",
"vuln_class" : "explicit"
},
...
]
}
Parameter | Description |
---|---|
scan_vulnerability_count |
Sort list by the total number of vulnerability instances per vulnerability. |
severity_ddi | Sort list by vulnerability severity. |
title | Sort list by vulnerability title. |
GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/hosts/'
$ curl -X GET https://vm.frontline.cloud/api/scanresults/ scans/97910_20190821T180000Z/hosts/?count=50&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-rating_ddi,hostname&page=1' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 182,
"next"
"https://vm.frontline.cloud/api/account/115/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=2&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi%2C-scan_vulnerability_count%2Ctitle&page=2",
"previous" : null,
"results" : [
{
"cvss_score" : "7.5",
"hidden" : false,
"id_ddi" : 104120,
"matched_change" : {
"change" : 0,
"change" : 0,
"diff" : 8,
"fixed" : 0,
"new" : 0,
"recurred" : 8
"cis" : null,
}
"scan_vulnerability_count" : 8,
"severities" : {
"ddi" : "critical",
"nvd" : "high",
"pci" : "fail"
}
"title" : "Easily Guessable SSH Credentials",
"vuln_class" : "explicit"
},
"info" : 14,
"low" : 0,
"medium" : 0,
"none" : 0,
"trivial" : 0
},
"overall_security_gpa" : 0
},
"nvd" : {
...
},
"pci" : {
...
"weighted" : {
"ddi" : {
...
},
"nvd" : {
...
},
pci" : {
...
}
}
},
"scanner_version" : "3.0.36.1"
},
...
]
}
Scheduled Scans
Use this API path to get information about scans that are scheduled.
List all Scheduled Scans
Returns a list of all scheduled scans.
Parameter | Description |
---|---|
active |
Sort list by scan enabled / disabled. |
businessgroup_name | Sort list by business group. |
name | Sort the list by scan name. |
next_start_date | Sort the list by the next start date. |
Required parameters
Parameter | Description |
---|---|
_0_has_next_event |
Set to
NOTE: Must be set to true and used in conjunction with expandScans=parameter in order to retrieve results that match the Scheduled Scans page.
|
expandScans |
Set to NOTE: Must be set to false in order to retrieve results that match the Scheduled Scans page.
|
GET 'https://vm.frontline.cloud/api/scans/'
$ curl -X GET 'https://vm.frontline.cloud/api/scans/?_0_has_next_event=true&expandScans=false&ordering=next_start_date,name&page=1&count=25' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 2,
"next" : null,
"previous" : null,
"results" : [
{
"account" : {
"id" : 115,
}
"account_id" : 115,
"account_user" : "Administrator",
"account_user_id" : 34,
"active" : true,
"build_reports" : false,
"businessgroups" : [
{
"id" : 540,
"name" : "Enterprise Admins"
}
]
"description" : "",
"exclude_from_active_view" : false,
"force_target_detection" : false,
"id" : "97910",
"name" : "Updated Weekly","description" : "",
"next_event" : {
"id" : "98030_20190828T180000Z",
"start_date" : "2019-08-28T18:00:00Z",
"status" : "scheduled",
"timezone" : "America/Chicago"
}
"recurring" : true,
"scan_policy" : "Default",
"status" : null,
"visible" : true
},
...
]
}
GET 'https://vm.frontline.cloud/api/scans/<id>/'
$ curl -X GET 'https://vm.frontline.cloud/api/scans/97910/' -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"account" : {
"id" : 115,
"name" : "Demo Account"
},
"account_id" : 115,
"active" : true,
"adhoc_named_asset_targets" : [],
"adhoc_targets" : [
{
"account_id" : 115,
"asset_group_id" : 254008,
"filter_rule" : null,
"id" : 1201601,
"inclusion" : "full",
"ip_address_range" : {
"cidr_block" : null,
"dhcp" : false,
"fragile" : false,
"high_ip_address" : "192.168.69.254",]
"high_ip_number" : 3232253438,
"id" : 1175262,
"internal" : true,
"ipv6" : false,
"low_ip_address" : "192.168.69.1",
"low_ip_number" : 3232253185
},
"network_profile_id" : 3488,,
"network_profile_name" : "Internal Scanner Profile 4",
"port_range" : null,
"rule_action" : "include",
"rule_scope" : "scan",
"use_default_weight" : true,
"weight" : null
},
]
"asset_filter" : {},
"asset_groups" : [],
"build_reports" : false,
"businessgroups" :,
{
"id" : 540,
"name" : "Enterprise Admins"
}
],
"description" : "",
"exclude_from_active_view" : false,
"force_target_detection" : false,
"id" : "97910",
"name" : "Updated Weekly",
"notify" : false,
"recipients" : [],
"scan_policy" : "Default",
"scan_speed" : "normal",
"schedule" : {
"end_date" : null,
"id" : 98030,
"occurrences" : 78,
"recurrence_rules" : [
"FREQ=WEEKLY;INTERVAL=1;BYDAY=We"
],
"recurring" : true,
"start_date" : "2018-02-28T19:00:00Z",
"timezone" : "America/Chicago"
},
"workflow" : "va_workflow"
}
Create a Scan
To create a scan, the following name-value pairs, members, objects, or arrays, must be submitted as a JSON object.
As in Fortra VM, there are four methods, or any combination thereof, by which you can create a scan.
They are by: Asset Groups,Ad Hoc IPs Ports, Ad Hoc Dynamic Asset, and / or Ad Hoc Hostnames.
In addition to those four methods, there are other scan options that you can configure as well. The below tables will further explain these, as well as provide "barebone" JSON examples.
POST https://vm.frontline.cloud/api/scans
$ curl 'https://vm.frontline.cloud/api/scans/' -H 'Authorization: Token YOUR_API_TOKEN' \ -X POST -H 'Content-Type: application/json;charset=utf-8' \ --data '{"adhoc_named_asset_targets":[],"adhoc_targets":[],"asset_filter":{},"asset_groups":[218621],"build_reports":false,"businessgroups":[{"id":540}],"description":"","exclude_from_active_view":false,"internal":false,"name":"Test Asset Group Servers Scan","notify":false,"recipients":[],"scan_policy":"Default","scan_speed":"normal","schedule":{"end_date":null,"id":null,"recurrence_rules":[],"recurring":false,"start_date":"2019-09-17T17:15:00.000Z","timezone":"America/Chicago"},"workflow":"va_workflow"} ' \
{
"id": "207614",
"account": {
"id": 115,
},
"account_user": "Barney Rubble",
"account_user_id": 7703,
"businessgroups": [
}
"id": 540,
"name": "Enterprise Admins"
}
}
"name": "Test Asset Group Servers Scan",
"description": "",
"scan_policy": "Default",
"scan_speed": "normal",
"schedule": {
"id": 211430,
"start_date": "2019-09-17T17:15:00Z",
"end_date": "2019-09-17T17:15:00Z",
"recurring": false,
"recurrence_rules": [],
"timezone": "America/Chicago",
"occurrences": 0
}
"workflow": "va_workflow",
"adhoc_targets": [],
"adhoc_named_asset_targets": [],
"active": true,
"exclude_from_active_view": false,
"force_target_detection": false,
"build_reports": false,
"asset_groups": [
218621
],
"asset_filter": {
},
"recipients": [],
"notify": false,
"account_id": 115
}
Parameter | Description |
---|---|
asset_groups |
An array of comma-separated asset group IDs. If not used, set to an empty array: []. See the System section of this guide to learn how to retrieve a list of asset groups. |
{
"asset_groups" : [
113146,
113154
],
"schedule" : {
"start_date" : "2019-09-25T14:35:35.000Z",
"timezone" : "America/Chicago"}
}
}
Scan by Ad Hoc IPs Ports
To scan by Ad Hoc IPs Ports, an array named adhoc_targets containing one or more objects, each containing the below required name-value pairs must be included. If not used, set to an empty array: [].
Name | Description |
---|---|
autoadd |
Set to |
inclusion |
A |
ip_address_range (required) |
An object containing the following name-value pairs: |
cidr_block |
A member of ip_address_range, a |
low_ip_address (required, unless using cidr_block) |
A member of ip_address_range, a string value containing a valid IPv4 address. |
low_ip_number |
A member of ip_address_range, a |
high_ip_address |
A member of ip_address_range, a string value containing a valid IPv4 address. |
high_ip_number |
A member of ip_address_range, a |
network_profile_id (required) |
A See the System section for details on retrieving the scanner profiles. |
port_range |
An object containing the following name-value pairs: low_number, high_number. NOTE: For single-port rules, only the low_number is required.
|
rule_action (required) |
A |
{
"adhoc_targets" : [
{
"autoadd" : true,
"ip_address_range" : {
"low_ip_address" : "192.168.1.1"
},
"rule_action" : "include"
},
{
"autoadd" : true,
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 8080
}
],
"schedule" : {
"start_date" : "2019-09-25T15:40:56.000Z",
"timezone" : "America/Chicago"
}
Scan by Ad Hoc Dynamic Assets
To scan by Ad Hoc Dynamic Assets, an object containing name-value pairs that have asset and / or vulnerability filters is required.
See the Active View Asset Filters and Active View Vulnerability Filters sections of this guide for the many options available.
If not used, set to an empty JSON object: {}.
Name | Description |
---|---|
asset_filter |
Example: "asset_filter":{ "_0_contains_host_os":
|
{
"asset_filter" : {
"_0_contains_host_os" : "Windows",
"_1_iexact_host_os_type" : "server"
},
"schedule" : {
"start_date" : "2019-09-25T16:35:01.000Z",
"timezone" : "America/Chicago"
}
}
Name | Description |
---|---|
inclusion | A string value. Set to full . |
named_asset | An object containing the following name-value pairs: code, codename, name . |
code (required) | A member of named_asset, a number value set to 0 . |
codename (required) | A member of named_asset, a string value set to DNS . |
name (required) | A member of named_asset, a string value containing the hostname of the asset to scan. |
network_profile_id (required) | A number value that is the scanner profile <id> to be used for this scan. |
port_range |
An object containing the following name-value pairs: NOTE: For single-port rules, only the low_number is required
|
|
A string value that will cause the IP range and / or ports to be included or excluded from this scan. Must be one of the following: include, exclude . |
Now that we have covered the scanning four methods, the following table will cover the remaining name-value pairs that will complete the JSON object.
Name | Description |
---|---|
build_reports |
Set to Default is |
businessgroups (conditionally required, see Note |
An array containing a single JSON object that has the name-value pair of the business group "id" and its number value. NOTE: This is required only if you are using Business Groups, otherwise, set to an empty array: [].
See the System section of this guide to learn how to retrieve a list of business groups. |
exclude_from_active_view) |
Set to Default is |
name |
A Default is similar to the following format: Scan Wed Sep 25 2019 14:20:57 GMT+0000 (UTC). |
notify |
Set to Default is |
recipients |
An NOTE: If notify is set to false, then recipients should be set to an empty array: [].
|
scan_policy |
A See the Scan Policies section of this guide to learn how to retrieve a list of other scan policies. Default is |
scan_speed |
A string value that selects the scan speed. Value must be one of the following: NOTE: Faster scan speeds require more processing resources and should be used with caution.
Default is |
schedule (required) | An object consisting of the following name-value pairs: start_date , and timezone . |
start_date (required) |
A member of schedule, a Format is YYYY-MM-DDThh:mm:ss.sssZ. |
timezone (required) | A member of schedule, a string value that represents your timezone location. |
workflow |
A Value must be one of the following: For vulnerability assessment, Default is |
{
"adhoc_named_asset_targets" : [
{
"inclusion" : "full",
"named_asset" : {
"code" : 0,
"codename" : "DNS",
"name" : "wD4587oiewjw29eml.local"
},
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 80
},
"rule_action" : "include"
},
{
"inclusion" : "full",
"named_asset" : {
"code" : 0,
"codename" : "DNS",
"name" : "wD4587oiewjw30eml.local"
},
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 443 },
"rule_action" : "include"
},
]
"schedule" : {
"start_date" : "2019-09-25T17:11:38.000Z",
"timezone" : "America/Chicago"
}
}
{
"adhoc_named_asset_targets" : [
"adhoc_targets" : [
{
"ip_address_range" : {
"cidr_block" : null,
"dhcp" : false,
"fragile" : false,
"high_ip_address" : "192.168.1.1",
"high_ip_number" : 3232235777,
"ipv6" : false,
"low_ip_address" : "192.168.1.1",
},
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 80
},
"rule_action" : "include"
},
{
"ip_address_range" : {
"cidr_block" : null,
"dhcp" : false,
"fragile" : false,
"high_ip_address" : "192.168.1.21",
"high_ip_number" : 3232235797,
"ipv6" : false,
"low_ip_address" : "192.168.1.21",
},
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 443
},
"network_profile_id" : 8386,
"port_range" : {
"low_number" : 443
},
"rule_action" : "include"
},
]
"asset_filter" : {
"_0_contains_host_os" : "Windows",
"_1_iexact_host_os_type" : "server"
},
"asset_groups" : [],
"build_reports" : false,
"exclude_from_active_view" : false,
"internal" : false,
"name" : "Test Scan 2019-09-25T10:02:28",
"notify" : true,
"recipients" : [
"rubbleb@flint.stone",
"flintstonef@flint.stone"
],
"scan_policy" : "Default",
"scan_speed" : "normal",
"schedule" : {
"start_date" : "2019-09-25T19:56:45.000Z",
"timezone" : "America/Chicago"
}
"workflow" : "va_workflow"
}
GET 'https://vm.frontline.cloud/api/scans/policies/'
$ curl 'https://vm.frontline.cloud/api/scans/policies/?count=25&ordering=name&page=1' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
[
"default_for_workflow" : null,
"description" : "Configures the scanner to perform basic application discovery. This policy should be used to achieve a greater understanding of the target network while still not running a full blown vulnerability scan. It's similar to a simple service discovery scan but performs additional application fingerprinting to identify specific applications such as Jetty, WebLogic, CuteFTP, and IIS. While you have not yet run a vulnerability scan to look for weakness which may be present in these applications, you do know what your environment looks like and can act accordingly. This is a reconnaissance only scan policy and does not include checks for rated vulnerabilities.",
"id" : 12,
"name" : "Application Discovery",
"system" : true
}
...
}
Parameter | Description |
---|---|
account_user | Sort the list by report creator. |
businessgroup | Sort the list by business group. |
date_created | Sort the list by the date created. |
report_file | Sort the list by the file type. |
report_type | Sort the list by the report type. |
report_status | Sort the list by the report status. |
template_name |
Sort the list by the template. |
title | Sort list by the vulnerability title. |
GET https://vm.frontline.cloud/api/reports/
$ curl 'https://vm.frontline.cloud/api/reports/?count=25&ordering=-date_created&page=1' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count": 224,
"next":
"https://vm.us.frontline.cloud/api/account/115/reports/?count=25&ordering=-date_created&page=2",
"previous": null,
"results": [
{
"id": 169436,
"title": "Active View - Vulnerabilities CSV Export",
"date_created": "2019-09-27T19:21:12.866415Z",
"window_datetime": "2019-09-27T13:25:56.754042Z",
"report_source": "active",
"report_status": "complete",
"scan_id": null,
"active_view_version_id": 360934,
"businessgroups": [
{
"name": "Enterprise Admins",
"id": 540
}
},
"account": "Demo Account",
"account_id": 115,
"account_user": "Barney Rubble",
"account_user_id": 259,
"template": "csv_export_vulnerabilities",
"template_name": "Vulnerabilities CSV Export",
"report_file": "reports/19456b1f4de6f6057220d0d955a35b06",
"report_file_size": 155662,
"report_type": "active_view",
"file_type": "zip",
"report_filter": null,
"include_hidden": false,
"include_acceptable_risk": false,
"include_fixed": false,
"rating_type": "ddi",
"include_info_vulns": false,
"show_settings_appendix": false,
"show_filters_appendix": false,
"show_ratings_appendix": false,
"show_vulndict_appendix": false,
"show_toc": false,
"show_services": false,
"show_sitemap": false,
"show_purpose": false,
"show_notes": false,
"limit_hosts": true,
"dynamic_host_rating": false,
"exclude_sla_vulns": false,
"report_filename": "/reports/None"
},
...
}
}
Retrieve A Specific Report
Returns the report for a specific report <report_file> in the report history.
/api/
segment that is normally appended to the base URL is not used when retrieving a report. Also notice that the report <title>
and <file_type>
were used to determine the report name used in the –o curl
option and that the –L curl
option was used to follow the redirect.
GET https://vm.frontline.cloud/reports/<report_file>
$ curl 'https://vm.frontline.cloud/api/reports/19456b1f4de6f6057220d0d955a35b06' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET -o 'Active View - Vulnerabilities CSV Export.zip' \ -X GET
Get A List Of All Known Vulnerabilities
Returns a list of all known vulnerabilities in the vulnerability dictionary.
Parameter | Description |
---|---|
id_ddi | Sort the list by FVM ID. |
is_new | Sort the list by if the vulnerability check is new. |
severity_ddi | Sort the list by vulnerability severity. |
title | Sort the list by vulnerability title. |
Parameter | Description |
---|---|
include_details | Use true or false .Default is false .Set to |
include_references | Use true or false . Default is false .Set to |
GET https://vm.frontline.cloud/api/vulndictionary
$ curl 'https://vm.frontline.cloud/api/vulndictionary' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 24597,
"next" : "https://vm.frontline.cloud/api/vulndictionary/?count=2&page=2",
"previous" : null,
"results" : [
{
"date_created" : "2015-04-29T15:49:53.710789Z",
"id" : 1627,
"id_ddi" : 103653,
"is_new" : false,
"is_recent" : false,
"namespace" : "ddi",
"products" : [
"VM"
],
"severity_list" : {
"ddi" : "Medium",
"nvd" : "High",
"pci" : "Fail"
},
"summary" : {
"cves" : [
"CVE-2008-1620"
],
"cvss_score" : 7.5,
"cvss_vector" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"date_disclosed" : "2008-03-31T00:00:00Z",
"date_discovered" : "2008-03-31T00:00:00Z",
"owasp_category" : "",
"tag_list" : [
"easy to fix",
"file transfer"
],
"title" : "2X ThinClientServer 2XTFTPd Service Directory Traversal"
}
},
...
...
]
}
GET https://vm.frontline.cloud/api/vulndictionary/<id_ddi>
$ curl 'https://vm.frontline.cloud/api/vulndictionary/104433' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"date_created" : "2015-04-29T15:49:53.730998Z",
"details" : {
"solution_details" : {
"detail_type" : "solution_details",
"name" : "Solution Details",
"revision" : 0,
"sort_order" : 5,
"value" : "It is advised that the password of the account(s) listed in the data section be changed to something secure and complex.",
"vulnerability_id" : 2196
},
"vulnerability_details" : {
"detail_type" : "vulnerability_details",
"name" : "Vulnerability Details",
"revision" : 0,
"sort_order" : 0,
"value" : "The web application on the this host has accounts configured with default or weak passwords. Attackers can easily leverage this condition to gain complete access to the web application.",
"vulnerability_id" : 2196
}
},
"id" : 2196,
"id_ddi" : 104433,
"is_new" : false,
"is_recent" : false,
"namespace" : "ddi",
"products" : [
"VM",
"WAS"
],
"references" : [],
"severity_list" : {
"ddi" : "Critical",
"nvd" : "High",
"pci" : "Fail"
},
"summary" : {
"cves" : [],
"cvss_score" : 10,
"cvss_vector" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"date_disclosed" : "2011-05-14T00:00:00Z",
"date_discovered" : "2011-05-14T00:00:00Z",
"owasp_category" : "",
"tag_list" : [
"moderate to fix"
],
"title" : "HTTP Easily Guessable Credentials"
}
}
System
Use these API paths to get information about various system info related to your account.
Get A List Of All Asset Groups
Returns a list of all system and user created asset groups.
Parameter | Description |
---|---|
name | Sort the list by asset group name. |
is_dynamic | Sort the list by asset group type. |
rule_count | Sort the list by asset group rule count. |
weight | Sort list by asset group risk weight. |
GET https://vm.frontline.cloud/api/assetgroups/
$ curl 'https://vm.frontline.cloud/api/assetgroups/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
[
{
"businessgroups" : [
{
"id" : 540,
"name" : "Enterprise Admins"
}
]
"description" : null,
"group_id" : 64407,
"id" : 257996,
"is_dynamic" : false,
"is_enabled_for_scanning" : true,
"name" : "10.10.10.x-Test",
"network_profile_names" : [
"Internal Scanner Profile 2",
"Not In Use 2"
]
"rule_count" : 3,
"system" : false,
"tip" : true,
"use_as_tag" : true,
"use_default_weight" : true,
"weight" : null
},
...
}
Get A List Of All Business Groups
Returns a list of all system and user created business groups.
Parameter | Description |
---|---|
name | Sort the list by business group name. |
primary_contact | Sort the list by business group primary contact. |
user_count | Sort the list by business group rule count. |
GET https://vm.frontline.cloud/api/businessgroups/
$ curl 'https://vm.frontline.cloud/api/businessgroups/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
[
{
"all_account_users" : true,
"all_enterprise" : true,
"all_rules" : true,
"all_scanners" : true,
"assetgroups" : [
1234
...
]
"description" : "Enterprise Admins Group",
"group_members" : [],
"id" : 540,
"name" : "Enterprise Admins",
"primary_contact" : 222,
"readonly" : false,
"rules" : [],
"scanners" : [
9999,
...
]
"system" : true,
"user_count" : 0
},
...
}
GET https://vm.frontline.cloud/api/networkprofiles/
$ curl 'https://vm.frontline.cloud/api/networkprofiles/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
[
{
"description" : null,
"id" : 3846,
"internal" : true,
"name" : "Wanderloop",
"rule_count" : 3,
"scanner_ids" : [
3987
]
"scanner_names" : [
"Wanderloop-VMInt-0118"
],
"sync_blackout_window" : true,
"use_default_weight" : true,
"visible" : true,
"weight" : 0
},
]
GET https://vm.frontline.cloud/api/networkprofiles/<id>
$ curl 'https://vm.frontline.cloud/api/networkprofiles /3846/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"blackout_window" : {
"Friday" : [
false,
...
],
"Monday" : [
...
],
"Saturday" : [
...
],
...
"id" : 3846
},
"description" : null,
"id" : 3846,
"internal" : true,
"name" : "Wanderloop",
"rule_count" : 3,
"rules" : [
{
"account_id" : 115,
"account_name" : "Demo Account",
"asset_group_id" : null,
"filter_rule" : null,
"id" : 1225810,
"inclusion" : "none",
"ip_address_range" : {],
"cidr_block" : null,
"dhcp" : false,
"fragile" : false,
"high_ip_address" : "10.255.255.255",
"high_ip_number" : 184549375,
"id" : 1198498,
"internal" : true,
"ipv6" : false,
"low_ip_address" : "10.0.0.0",
"low_ip_number" : 167772160
},
"named_asset" : null,
"network_profile_id" : 3846,
"network_profile_name" : "Wanderloop",
"port_range" : null,
"rule_action" : "include",
"rule_scope" : "scanner",
"scanner" : "N/A",
"use_default_weight" : true,
"weight" : null
},
...
]
"scanner_ids" : [
3987
]
"scanner_names" : [
"Wanderloop-VMInt-0118"
],
"sync_blackout_window" : true,
"use_default_weight" : true,
"visible" : true,
"weight" : 0
}
GET https://vm.frontline.cloud/api/networkprofiles/<id>
$ curl 'https://vm.frontline.cloud/api/networkprofiles /3846/' \ -H 'Authorization: Token YOUR_API_TOKEN' \ -X GET
{
"count" : 3,
"next" : null,
"previous" : null,
"results" : [
{
"account_id" : 115,
"account_name" : "Demo Account",
"asset_group_id" : null,
"filter_rule" : null,
"id" : 1225810,
"inclusion" : "none",
"ip_address_range" : {,
"cidr_block" : null,
"dhcp" : false,
"fragile" : false,
"high_ip_address" : "10.255.255.255",
"high_ip_number" : 184549375,
"id" : 1198498,
"internal" : true,
"ipv6" : false,
"low_ip_address" : "10.0.0.0",
"low_ip_number" : 167772160
},
"named_asset" : null,
"network_profile_id" : 3846,
"network_profile_name" : "Wanderloop",
"port_range" : null,
"rule_action" : "include",
"rule_scope" : "scanner",
"use_default_weight" : true,
"weight" : null
},
...
]
}
Usage
When using filter parameters, each parameter must be prefixed with a count using the format of _x_operand_filter
. Query strings from different parameter groups can all begin with 0
(zero).
For example, you are searching for servers with an asset rating of F:
&_0_iexact_host_os_type=server&_0_eq_host_rating_ddi=F
Filters from the same filter group must increment their count.
For example, you are searching for servers or devices:
&_0_iin_host_os_type=server&_1_iin_host_os_type=device
Additionally, when using more than one filter, the filters intersect (AND) the results. For example, you are searching for assets that are servers AND have an asset rating of D or worse:
&_0_iexact_host_os_type=server&_0_lte_host_rating_ddi=D
You can, however, use our special union (OR) operands within the same group to union (OR) the results. For example, you are searching for assets that are a server OR device AND have an asset rating of A:
&_0_iin_host_os_type=server&_1_iin_host_os_type=device&_0_eq_host_rating_ddi=A
Be mindful when using OR operands as they cannot be mixed with AND operands from the same group. This will result in an empty set. For example, look at the following query:
&_0_lte_vuln_severity_ddi=High&_1_iin_vuln_severity_ddi=Low
The above intent was to retrieve vulnerabilities with a severity worse than or equal to High AND with a severity equal to Low (OR). Again, this will result in an empty set!
To properly retrieve Critical, High, and Low vulnerabilities, use the following instead:
&_0_iin_vuln_severity_ddi=Critical&_1_iin_vuln_severity_ddi=High&_2_iin_vuln_severity_ddi=Low
Operands
All of our filter parameters use operands to specify the target data. The below list defines the purpose of each operand.
Parameter |
Description |
---|---|
eq, iexact |
Returns data exactly matching the given value. Used to created ‘AND’ type result sets. |
noteq, notiexact |
Returns data that does not exactly matching the given value. Used to created ‘AND’ type result sets. |
in, iin |
Returns data exactly matching the given value. Used to created ‘OR’ type result sets. |
notin, notiin |
Returns data that does not exactly match the given value. Used to create ‘OR’ type result sets. |
contains |
Returns data that matches the partial given value. Used to created ‘AND’ type result sets. |
notcontains |
Returns data that does not match the partial value given. Used to created ‘AND’ type result sets. |
inicontains |
Returns data partially matching the given value. Used to create ‘OR’ type result sets. |
notincontains |
Returns data partially that does not match the partial given value. Used to create ‘OR’ type result sets. |
lt |
Returns data that is less than the integer / decimal value or before the DateTime value. |
lte |
Returns data that is less than or equal to the integer / decimal value or before or equal to the DateTime value. |
gt |
Returns data that is greater than the integer / decimal value or after the DateTime value. |
gte |
Returns data that is greater than or equal to the integer / decimal value or after or equal to the DateTime value. |
Active View Asset Filters
The following table contains the various parameters that can be used to filter your results within Active View assets.
Parameter |
Description |
---|---|
host_active_view_status |
Filter the Active View results by Status in Active View. Type: String. Must be one of the following: new, matched Operands: iexact, notiexact, iin, notiin |
host_assessed_db_auth |
Filter the Active View results by Assessed DB auth. Type: Boolean. Operands: eq, noteq |
host_assessed_os_auth |
Filter the Active View results by Assessed OS auth. Type: Boolean. Operands: eq, noteq |
host_assessed_threatscan_auth |
Filter the Active View results by Assessed threat scan. Type: Boolean. Operands: eq, noteq |
host_assessed_unauth |
Filter the Active View results by Assessed unauth. Type: Boolean. Operands: eq, noteq |
host_belongs_to_asset_group |
Filter the Active View results by Belongs to asset group. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains. |
host_date_created |
Filter the Active View results by Asset scanned on. Type: Date. Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
host_date_first_created |
Filter the Active View results by Asset first scanned on. Type: Date. Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
host_discovered_in_last |
Filter the Active View results by Asset discovered in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
host_discovery_method |
Filter the Active View results by Discovery Method. Type: String. Must be one of the following: unknown, syn, ping, forced, broadcast, arp, dns, syn-ack, ipsec, snmp, ntp, nbname, udp Operands: iexact, notiexact, iin, notiin |
host_dns_name |
Filter the Active View results by DNS name. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin. |
host_duplicate_hostname |
Filter the Active View results by Same hostnames. Type: Boolean. Operands: eq, noteq Used to build "Or Does Not Contain" queries. |
host_duplicate_ip |
Filter the Active View results by Same IPs. Type: Boolean. Operands: eq, noteq |
host_has_antivirus |
Filter the Active View results by Has anti-virus. Type: Boolean. Operands: eq, noteq |
host_has_host_notes |
Filter the Active View results by Has asset notes. Type: Boolean. Operands: eq, noteq |
host_has_malware |
Filter the Active View results by Has malware. Type: Boolean. Operands: eq, noteq |
host_has_notes |
Filter the Active View results by Has notes. Type: Boolean. Operands: eq, noteq |
host_has_outdated_antivirus |
Filter the Active View results by Has outdated anti-virus. Type: Boolean. Operands: eq, noteq |
host_has_vuln_notes |
Filter the Active View results by Has vulnerability notes. Type: Boolean. Operands: eq, noteq |
host_hidden |
Filter the Active View results by Hidden. Type: Boolean. Operands: eq, noteq |
host_hostname |
Filter the Active View results by Hostname. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_id |
Filter the Active View results by Asset ID. Type: Integer. Operands: eq, in, noteq, notin, lt, lte, gt, gte |
host_internal |
Filter the Active View results by Detected with scanner type. Type: String. Must be one of the following: internal, external Operands: iexact, notiexact, iin, notiin |
host_ip_address |
Filter the Active View results by IP address. Type: Ip. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte |
host_ip_address_list_ranges |
Filter the Active View results by IP address lists. Type: Stringexact. Operands: eq |
host_is_compromised |
Filter the Active View results by Compromised during Pentest. Type: Boolean. Operands: eq, noteq |
host_labels |
Filter the Active View results by Label. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
host_last_scanned_with_policy |
Filter the Active View results by Last scanned using scan policy. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
host_last_scanned_with_template |
Filter the Active View results by Last scanned with scan name. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_mac_address |
Filter the Active View results by MAC address. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_named_asset_name |
Filter the Active View results by DNS named asset. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_netbios_name |
Filter the Active View results by NetBIOS name. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_network_profile |
Filter the Active View results by Detected in scanner profile. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
host_new |
Filter the Active View results by Asset is new. Type: Boolean. Operands: eq, noteq |
host_notes_author |
Filter the Active View results by Note Author. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_notes_content |
Filter the Active View results by Note Content. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_only_scanned_with_policy |
Filter the Active View results by Scanned only using scan policy. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
host_os |
Filter the Active View results by OS. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_os_type |
Filter the Active View results by Type. Type: String. Must be one of the following: client, server, ip phone, domain controller, device, firewall, printer, unknown Operands: iexact, notiexact, iin, notiin |
host_partially_scanned |
Filter the Active View results by Partially scanned. Type: Boolean. Operands: eq, noteq |
host_rating_ddi |
Filter the Active View results by Rating. Type: Rating. Must be one of the following: A, B, C, D, F Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
host_risk_weight |
Filter the Active View results by Risk weight. Type: Integer. Operands: eq, in, noteq, notin, lt, lte, gt, gte |
host_scan_id |
Filter the Active View results by Associated scan id. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_scanned_in_last |
Filter the Active View results by Asset scanned in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
host_scanned_with_policy |
Filter the Active View results by Scanned using scan policy. Type: String. Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
host_scanned_with_template |
Filter the Active View results by Scanned with scan name. Type: String. Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
host_using_named_asset_name |
Filter the Active View results by Asset scanned by hostname. Type: Boolean. Operands: eq, noteq |
Active View Vulnerabilities Filters
The following table contains the various parameters that can be used to filter your results within Active View vulnerabilities.
Parameter | Description |
---|---|
vuln_acceptable_risk |
Filter the results by Acceptable risk. Type: Boolean Operands: eq, noteq |
vuln_active_view_date_first_created |
Filter the results by Date first found. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_active_view_status |
Filter the results by Status in Active View. Type: String. Must be one of the following: new, recurred, fixed Operands: iexact, notiexact, iin, notiin |
vuln_cvc_added_in_last |
Filter the results by CVC added to scanner in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
vuln_cvss_score |
Filter the results by CVSS score. Type: Decimal Operands: eq, noteq, lt, lte, gt, gte |
vuln_cvss_vector |
Filter the results by CVSS vector. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_cvss_vector_a |
Filter the results by CVSS availability. Type: String. Must be one of the following: complete, partial, none Operands: iexact, notiexact, iin, notiin |
vuln_cvss_vector_ac |
Filter the results by CVSS access complexity. Type: String. Must be one of the following: high, medium, low Operands: iexact, notiexact, iin, notiin |
vuln_cvss_vector_au |
Filter the results by CVSS authentication. Type: String. Must be one of the following: none, single, multiple Operands: iexact, notiexact, iin, notiin |
vuln_cvss_vector_av |
Filter the results by CVSS access vector. Type: String. Must be one of the following: local, adjacent, network Operands: iexact, notiexact, iin, notiin |
vuln_cvss_vector_c |
Filter the results by CVSS confidentiality. Type: String. Must be one of the following: complete, partial, none Operands: iexact, notiexact, iin, notiin |
vuln_cvss_vector_i |
Filter the results by CVSS integrity. Type: String. Must be one of the following: complete, partial, none Operands: iexact, notiexact, iin, notiin |
vuln_data |
Filter the results by Data. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_date_created |
Filter the results by Date found. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_date_cvc_added_to_scanner |
Filter the results by Date CVC added to scanner. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_date_fixed |
Filter the results by Date fixed. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_detect_type |
Filter the results by Detect method. Type: String. Must be one of the following: auth, unauth Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
vuln_dictionary_labels |
Filter the results by Vuln dictionary label. Type: String. Must be one of the following: xss, web, easy to fix, file transfer, database, rce, sqli, difficult to fix, voip, dos, mail, bof, moderate to fix Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
vuln_false_positive |
Filter the results by False positive. Type: Boolean Operands: eq, noteq |
vuln_first_found_in_last |
Filter the results by First found in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
vuln_fixed_in_last |
Filter the results by Fixed in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
vuln_found_in_last |
Filter the results by Found in last. Type: String. Must be one of the following: day, week, month, three months, six months, year Operands: eq, noteq |
vuln_has_notes |
Filter the results by Has notes. Type: Boolean Operands: eq, noteq |
vuln_hidden |
Filter the results by Hidden. Type: Boolean Operands: eq, noteq |
vuln_hide_from_now_on |
Filter the results by Continuously hidden. Type: Boolean Operands: eq, noteq |
vuln_id |
Filter the results by Instance ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
vuln_id_ddi |
Filter the results by FVM ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
vuln_internal |
Filter the results by Detected with scanner type. Type: String. Must be one of the following: internal, external Operands: iexact, notiexact, iin, notiin |
vuln_id |
Filter the results by Instance ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
vuln_is_crimewareable |
Filter the results by Used by threat actors. Type: String. Must be one of the following: True, False, Unknown Operands: eq, noteq, in, notin |
vuln_is_exploitable |
Filter the results by Exploitable. Type: String. Must be one of the following: True, False, Unknown Operands: eq, noteq, in, notin |
vuln_labels |
Filter the results by Label. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
vuln_manually_added_fix_status_name |
Filter the results by Manually added fix status. Type: String. Must be one of the following: unattempted, attempted, confirmed, failed Operands: eq, noteq, in, notin |
vuln_manually_added_fixed_by_email |
Filter the results by Manually Added fixed by (email). Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_manually_added_fixed_by_name |
Filter the results by Manually Added fixed by name. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_network_profile |
Filter the results by Detected in scanner profile. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
vuln_notes_author |
Filter the results by Note Author. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_notes_content |
Filter the results by Note Content. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_port |
Filter the results by Port. Type: Port Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_protocol |
Filter the results by Protocol. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_severity_ddi |
Filter the results by Severity (FVM). Type: Rating. Must be one of the following: Critical, High, Medium, Low, Trivial, Info Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vuln_sla_enabled |
Filter the results by SLA filter enabled. Type: Boolean Operands: eq, noteq |
vuln_title |
Filter the results by Title. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vuln_transport |
Filter the results by Service transport. Type: String. Must be one of the following: tcp, udp, icmp Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
vuln_tunnel |
Filter the results by Tunnel. Type: String. Must be one of the following: ssl, none Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
vuln_vuln_class |
Filter the results by Detect class. Type: String. Must be one of the following: explicit, potential, recon, malware, compliance Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
Scan Activity Filters
The following table contains the various parameters that can be used to filter your scan results.
Parameter | Description |
---|---|
asset_group |
Filter the results by Scanned asset groups. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
businessgroup_name |
Filter the results by Business Group. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
created_by_user |
Filter the results by Created by user. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
date_finished |
Filter the results by Date finished. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
date_started |
Filter the results by Date started. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
ip_address |
Filter the results by Scanned IPs. Type: Ip Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte |
name |
Filter the results by Name. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
scan_exclude_from_active_view |
Filter the results by Included in Active View. Type: Boolean Operands: eq, noteq |
scan_host_id |
Filter the results by Asset ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
scan_locations |
Filter the results by Scan Location. Type: String. Must be one of the following: both, external, internal Operands: eq, noteq |
scan_policy |
Filter the results by Using scan policy. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
scan_schedule_recurring |
Filter the results by Using recurring schedule. Type: Boolean Operands: eq, noteq |
scan_status |
Filter the results by Status. Type: String. Must be one of the following: Scheduled, Launching, Running, Resuming, Pausing, Paused, Blackout, Queued, Loading, PT in progress, PT review, PT complete, Completed, Canceling, Canceled, Errored Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
scan_vulnerability_id |
Filter the results by Vulnerability ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
scan_workflow |
Filter the results by Using workflow. Type: String. Must be one of the following: Penetration Test, Vulnerability Assessment Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
Scheduled Scan Filters
The following table contains the various parameters that can be used to filter your scan results.
Parameter | Description |
---|---|
asset_group |
Filter the results by Scanned asset groups. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
businessgroup_name |
Filter the results by Business Groups. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
description |
Filter the results by Description. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
ip_address |
Filter the results by Scanned IPs. Type: Ip Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte |
name |
Filter the results by Name. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
scan_policy |
Filter the results by Using scan policy. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
scan_schedule_recurring |
Filter the results by Using recurring schedule. Type: Boolean Operands: eq, noteq |
Report Filters
The following table contains the various parameters that can be used to filter your report results.
Parameter | Description |
---|---|
report_account_user |
Filter the results by Created by. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
report_businessgroup_name |
Filter the results by Business Group. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
report_date_created |
Filter the results by Date created. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
report_report_status |
Filter the results by Status. Type: String. Must be one of the following: generating, complete Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
report_scan_created_by_user |
Filter the results by Scan created by. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
report_title |
Filter the results by Title. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
Vuln Dictionary Filters
The following table contains the various parameters that can be used to filter your vuln dictionary results.
Parameter | Description |
---|---|
products |
Filter the results by Product. Type: String. Must be one of the following: VM, WAS Operands: eq, noteq |
scanner_version |
Filter the results by Scanner Version. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vulnerability_auth_only |
Filter the results by Auth only. Type: Boolean Operands: eq, noteq |
vulnerability_cvss_score |
Filter the results by CVSS Score. Type: Decimal Operands: eq, noteq, lt, lte, gt, gte |
vulnerability_cvss_vector |
Filter the results by CVSS Vector. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_a |
Filter the results by CVSS availability. Type: String. Must be one of the following: local, adjacent, network Operands: iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_ac |
Filter the results by CVSS access complexity. Type: String. Must be one of the following: high, medium, low Operands: iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_au |
Filter the results by CVSS authentication. Type: String. Must be one of the following: none, single, multiple Operands: iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_av |
Filter the results by CVSS access vector. Type: String. Must be one of the following: local, adjacent, network Operands: iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_c |
Filter the results by CVSS confidentiality. Type: String. Must be one of the following: local, adjacent, network Operands: iexact, notiexact, iin, notiin |
vulnerability_cvss_vector_i |
Filter the results by CVSS integrity. Type: String. Must be one of the following: local, adjacent, network Operands: iexact, notiexact, iin, notiin |
vulnerability_date_created |
Filter the results by Date added to FVM. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vulnerability_date_disclosed |
Filter the results by Date disclosed. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vulnerability_date_discovered |
Filter the results by Date discovered. Type: Date Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vulnerability_detail |
Filter the results by Vulnerability details. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vulnerability_has_known_detect_types |
Filter the results by Has detect types. Type: String. Must be one of the following: remote, auth Operands: eq, noteq |
vulnerability_has_known_vuln_classes |
Filter the results by Has vuln classes. Type: String. Must be one of the following: explicit, recon, potential, compliance, malware Operands: eq, noteq |
vulnerability_id_ddi |
Filter the results by FVM ID. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
vulnerability_is_new |
Filter the results by Is new. Type: Boolean Operands: eq, noteq |
vulnerability_reference |
Filter the results by Reference. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
vulnerability_severity_ddi |
Filter the results by Severity (FVM). Type: Rating. Must be one of the following: Critical, High, Medium, Low, Trivial, Info Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
vulnerability_title |
Filter the results by Title. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
Asset Group Filters
The following table contains the various parameters that can be used to filter your asset group results.
Parameter | Description |
---|---|
assetgroup_name |
Filter the results by Name. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
assetgroup_system |
Filter the results by System Asset Group. Type: Boolean Operands: eq, noteq |
assetgroup_weight |
Filter the results by Risk weight. Type: Integer Operands: eq, in, noteq, notin, lt, lte, gt, gte |
businessgroup_name |
Filter the results by Business Group. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
networkprofile_name |
Filter the results by Associated scanner profile. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
rule_inclusion |
Filter the results by Has rules of inclusion type. Type: String. Must be one of the following: full, partial, none, n/a Operands: iexact, notiexact, iin, notiin |
rule_network_internal |
Filter the results by Has non-routable IPs. Type: Boolean Operands: eq, noteq |
rule_network_ip_address |
Filter the results by Has IP addresses. Type: Ip Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte |
rule_port_number |
Filter the results by Has ports. Type: Port Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
rule_rule_action |
Filter the results by Has rule type. Type: String. Must be one of the following: Include, Exclude Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
Business Group Filters
The following table contains the various parameters that can be used to filter your business group results.
Parameter | Description |
---|---|
businessgroup_account_users |
Filter the results by Member. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
businessgroup_description |
Filter the results by Description. Type: String Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin |
businessgroup_name |
Filter the results by Name. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
businessgroup_primary_contact |
Filter the results by Primary contact. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
businessgroup_scanners |
Filter the results by Associated scanner. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
Scanner Profile Filters
The following table contains the various parameters that can be used to filter your scanner profile results.
Parameter | Description |
---|---|
networkprofile_internal |
Filter the results by Is internal. Type: Boolean Operands: eq, noteq |
networkprofile_name |
Filter the results by Name. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |
rule_network_internal |
Filter the results by Has non-routable IPs. Type: Boolean Operands: eq, noteq |
rule_network_ip_address |
Filter the results by Has IP addresses. Type: Ip Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte |
rule_port_number |
Filter the results by Has ports. Type: Port Operands: eq, iin, noteq, notiin, lt, lte, gt, gte |
rule_rule_action |
Filter the results by Has rule type. Type: String. Must be one of the following: Include, Exclude Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains |
scanner_name |
Filter the results by Associated scanner. Type: String Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains |