Integrate with Quick Connect API

Welcome to the Fortra Vulnerability Manager™ (Fortra VM) API guide! Our robust Quick Connect API allows you to easily access your data within Fortra VM. Perform tasks such as requesting data to use for reporting or integration with other security solutions.

The following instructions will help you construct your own scripts to interact with Fortra VM vulnerability data, asset data, and the vulnerability dictionary through its REST API.

NOTE: Should you need any assistance in using Frontline API, please contact Fortra Technical Support or VM Pro-Analyst.

Authentication

Each request must be sent with the API Key to authenticate your account. Additionally, each key will be valid only with the specific Frontline region that the account is using.

Keep this key secure as it carries the same privileges as your Frontline VM password.

Do not share your secret API keys on unrestricted public areas, for example, client-side code or code repositories such as GitHub!

To generate a Fortra VM API Key:

Generate a Fortra VM API Key

  1. Log in to Fortra VM.

  2. In the site heater, select your name and choose My profile.

  3. On the API Tokens tab, select Create new token.

  4. In the Add New Token dialog, type the token name and select OK.

  5. Below your token name, selecting Click to show key displays your API Key.

  6. IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the trash can icon and resulting check-mark to confirm.

API URL

Once you have created your API key, you’ll next need to determine the appropriate regional URL your key is associated with. This defines the base URL for all of your requests with this key. This is done by sending a request to the router endpoint.

The base URL may periodically change, so it is a good idea to check the route upon each session initiation, that is, at the beginning of your script.

GET https://api.frontline.cloud/api/router/
$ curl  -X GET “https://api.frontline.cloud/api/router/”  -H
“Authorization: Token YOUR_API_TOKEN” 
                  
{
	   "vm" : {,
       "product" : “vm”,
       "url" : "https://vm.us.frontline.cloud/api/"
   },
   "was" : {
      "product" : "was",
      "url" : "https://was.us.frontline.cloud/api/"
   }
}

                

Basic API Usage

All Fortra VM API requests begin with the regional base URL that you determined from above.

The next segment of the URL path depends on the resource.

For example, if your regional base URL is https://vm.frontline.cloud/api/ then use https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/ to access Active View vulnerability data.

In addition to using the HTTPS protocol, all requests must include your secret API Key.

Data Format

The Fortra VM API returns data in JSON format.

Pagination

When making calls to the Fortra VM API, most of the time there will be a lot of results to return. For that reason, we paginate nearly all of the results to use resources efficiently.

The Fortra VM API implements pagination using the optional parameters count and page. Both are returned in the results as next and previous name / value pairs when applicable.

Optional Pagination Parameters
Parameter Description
count The integer number of records you wish to retrieve per request.

Recommended minimum value is 1000.

Recommended maximum value is 5000.

Do not confuse this with the count name / value pair returned in your results.

Default value: 25

page The integer page number to which you want to navigate. Only needed if you want to start on a different page other than 1.

Default value: 1

Results that are paginated will include the following three name / value pairs.

Paginated Results Name / Value Pairs
Name Value
count An integer value of the total number of records available. Do not confuse this with the count parameter.
next The full URL string for the next page of results, if applicable, otherwise set to null.
previous The full URL string for the previous page of results, if applicable, otherwise set to null.
                  GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=500 
                
                  
{
   "count" : 1768,
   "next" : "https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=500&page=2",
   "previous" : null,
   "results" : [
      ...
      ...
   ]
}

                

Using Optional Parameters

Fortra VM API offers a rich set of optional parameters that allow you to tailor your requests. This gives you the flexibility to filter your results for specific data sets, sort your results, or use pagination as described above.

Filtering

Filter parameters must be prefixed with a count using the format of _x_. Query strings from different parameter groups can all begin with 0 (zero).

For example:

&_0_iexact_host_os_type=server&_0_eq_host_rating_ddi=F

Parameters from the same parameter set must increment their count.

For example:

&_0_iin_host_os_type=server&_1_iin_host_os_type=device&_0_eq_host_rating_ddi=F

Sorting

Use the ordering parameter to sort your results. By default, the results are ordered ascending by the parameter value used. Prefix the parameter’s value with a minus sign to sort descending. For example, sort ascending by title, ordering=title and sort descending by title ordering=-title.

Python Example of Pulling Data

The Python script demonstrates how to pull vulnerabilities and their associated asset data from your account.


#!/env/python
import urllib2
import json

fvmUrl = "https://vm.frontline.cloud/"
apiToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

haveAllHosts = False
vulnData = []
requestStr = fvmUrl + "api/scanresults/active/vulnerabilities/?digest=0&count=100"

while not haveAllHosts:
		# include the API token in every request you make
		request = urllib2.Request( requestStr, headers = {'Authorization': 'Token ' + apiToken} )
										
		# request the data with GET
		opener = urllib2.build_opener()
		response = opener.open(request)
		currentData = json.loads( response.read() )
		vulnData.extend( currentData['results'] )
		print "Have " + str(len(vulnData)) + " results of " + str(currentData['count']) + " total"

		 # at the top level, the "next" variable, if present,
		 # gives you a complete URL where you can find the continuation
		 # of your request results.
		if( currentData['next'] != None ):
			requestStr = currentData['next']
			
		else:
			haveAllHosts = True

print json.dumps(vulnData, indent=4,sort_keys=True)

Active View Assets

Use this API path to get information about assets reconciled into Fortra VM’s Active View.

List All Assets

Returns a list of all assets.

Available Sort Parameters
Parameter Description
active_view_date_created Sort list by when assets were last found (scanned).
active_view_date_first_created Sort list by date assets were first found.
active_view_rating_ddi Sort list by asset rating.
active_view_status Sort list by asset status.
host_active_view_risk_score Sort list by asset risk score.
host_active_view_risk_weight Sort list by asset risk weight.
host_active_view_severity_ddi Sort list by asset severity.
hostname Sort list by asset hostname.
ip_address Sort list by the asset IP address.
is_compromised Sort list by whether an asset is compromised or not.
os Sort list by the asset operating system.
os_type Sort list asset OS type.
Optional Parameters
Parameter Description
includeAcceptableRisk

Use true or false. Default is true.

Set to true to list assets with vulnerabilities that have been set as an acceptable risk within Active View.

includeHidden

Use true or false. Default is true.

Set to true to list assets that have been hidden within Active View.

                  GET https://vm.frontline.cloud/api/scanresults/active/hosts 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
   "count" : 68,
   "next" : null,
   "previous" : null,
   "results" : [
      {
         "active_view_cvss_score" : 9.3,
         "active_view_date_created" : "2017-11-16T05:30:29.061147Z",
         "active_view_date_first_created" : "2016-02-12T02:17:10.465288Z",
         "active_view_host_id" : 919750,
         "active_view_host_rating_list" : {
            "ddi" : "F",
            "nvd" : "High",
            "pci" : "Fail"
         },
         "active_view_risk_score" : 375,
         "active_view_risk_weight" : 75,
         "active_view_security_gpa" : 0,
         "active_view_status" : "matched",
         "active_view_system_security_gpa" : 0,
         "active_view_version" : 145729,
         "active_view_vulnerability_count" : 55,
         "active_view_vulnerability_severity_counts" : {
            "unweighted" : {
               "ddi" : {
                  "counts" : {
                     "critical" : 1,
                     "high" : 0,
                     "info" : 50,
                     "low" : 0,
                     "medium" : 2,
                     "none" : 0,
                     "trivial" : 2
                  },
                  "overall_security_gpa" : 0
               },
               "nvd" : {
                  "counts" : {
                     "high" : 2,
                     "low" : 45,
                     "medium" : 8
                  },
                  "overall_security_gpa" : 0
               },
               "pci" : {
                  "counts" : {
                     "fail" : 10,
                     "pass" : 45
                  },
                  "overall_security_gpa" : 0
               }
            },
            "weighted" : {
               "ddi" : {
                  "counts" : {
                     "critical" : 1,
                     "high" : 0,
                     "info" : 50,
                     "low" : 0,
                     "medium" : 2,
                     "none" : 0,
                     "trivial" : 2
                  },
                  "overall_security_gpa" : 0
               },
               "nvd" : {
                  "counts" : {
                     "high" : 2,
                     "low" : 45,
                     "medium" : 8
                  },
                  "overall_security_gpa" : 0
               },
               "pci" : {
                  "counts" : {
                     "fail" : 10,
                     "pass" : 45
                  },
                  "overall_security_gpa" : 0
               }
            }
         },
         "associated_webapps" : [],
         "base_scan_id" : "73841_20171116T050000Z",
         "date_finished" : null,
         "date_started" : null,
         "discovery_method" : "ping",
         "dns_name" : "",
         "has_notes" : true,
         "hidden" : false,
         "hide_from_now_on" : false,
         "hostname" : "VM1WIN2008ADC",
         "id" : 24503532,
         "internal" : true,
         "ip_address" : "172.20.97.11",
         "is_compromised" : false,
         "last_scanned_businessgroup" : {
            "id" : 540,
            "name" : "Enterprise Admins"
         },
         "mac_address" : "00:50:56:bc:58:d2",
         "matched_status" : "matched",
         "named_asset_name" : null,
         "netbios_name" : "VM1WIN2008ADC",
         "network_profile_id" : 126,
         "network_profile_name" : "Internal Scanner Profile 2",
         "notes_distribution" : {
            "asset" : true,
            "asset_only" : false,
            "vuln_only" : false
         },
         "os" : "Windows Server 2008",
         "os_family" : "windows",
         "os_type" : "domain controller",
         "partially_scanned" : false,
         "pentest_status" : null,
         "scan_block_id" : "158546_20171116T050000Z",
         "scan_id" : "73841_20171116T050000Z",
         "scan_version" : 295648,
         "scan_version_active" : true,
         "scan_version_cvss_score" : 9.3,
         "scan_version_date_created" : "2017-11-16T05:30:29.061147Z",
         "scan_version_host_id" : 24503532,
         "scan_version_host_rating_list" : {
            "ddi" : "F",
            "nvd" : "High",
            "pci" : "Fail"
         },
         "scan_version_host_severity_list" : {
            "ddi" : "critical",
            "nvd" : "high",
            "pci" : "fail"
         },
         "scan_version_risk_score" : 375,
         "scan_version_risk_weight" : 75,
         "scan_version_security_gpa" : 0,
         "scan_version_system_security_gpa" : 0,
         "scan_version_vulnerability_count" : 55,
         "scan_version_vulnerability_severity_counts" : {
            "unweighted" : {
               "ddi" : {
                  "counts" : {
                     "critical" : 1,
                     "high" : 0,
                     "info" : 50,
                     "low" : 0,
                     "medium" : 2,
                     "none" : 0,
                     "trivial" : 2
                  },
                  "overall_security_gpa" : 0
               },
               "nvd" : {
                  "counts" : {
                     "high" : 2,
                     "low" : 45,
                     "medium" : 8
                  },
                  "overall_security_gpa" : 0
               },
               "pci" : {
                  "counts" : {
                     "fail" : 10,
                     "pass" : 45
                  },
                  "overall_security_gpa" : 0
               }
            },
            "weighted" : {
               "ddi" : {
                  "counts" : {
                     "critical" : 1,
                     "high" : 0,
                     "info" : 50,
                     "low" : 0,
                     "medium" : 2,
                     "none" : 0,
                     "trivial" : 2
                  },
                  "overall_security_gpa" : 0
               },
               "nvd" : {
                  "counts" : {
                     "high" : 2,
                     "low" : 45,
                     "medium" : 8
                  },
                  "overall_security_gpa" : 0
               },
               "pci" : {
                  "counts" : {
                     "fail" : 10,
                     "pass" : 45
                  },
                  "overall_security_gpa" : 0
               }
            }
         },
         "scanner_version" : "2.2.70.1"
      },
      ...
      ...
   ]
}

                

Get A Single Asset’s Details

Returns a single asset for the given <id>.

                  GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id> 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
   "active_view_cvss_score" : 9.3,
   "active_view_date_created" : "2017-11-16T05:30:29.061147Z",
   "active_view_date_first_created" : "2016-02-12T02:17:10.465288Z",
   "active_view_host_id" : 919750,
   "active_view_host_rating_list" : {
      "ddi" : "F",
      "nvd" : "High",
      "pci" : "Fail"
   },
   "active_view_host_severity_list" : {
      "ddi" : "critical",
      "nvd" : "high",
      "pci" : "fail"
   },
   "active_view_risk_score" : 375,
   "active_view_risk_weight" : 75,
   "active_view_scanner_versions" : "2.2.47.2,2.2.51.0,...,2.2.70.1",
   "active_view_security_gpa" : 0,
   "active_view_services_list" : [
      {
         "port" : 53,
         "protocol" : "dns",
         "scan_vulnerability_count" : 0,
         "transport" : "tcp",
         "tunnel" : "none"
      },
      ...
      ...
   ],
   "active_view_status" : "matched",
   "active_view_system_security_gpa" : 0,
   "active_view_version" : 145729,
   "active_view_vuln_tag_list" : [
      {
         "codename" : "administration",
         "color" : null,
         "id" : 2307,
         "name" : "administration",
         "tagged_by" : "system"
      },
      ...
      ...
   ],
   "active_view_vulnerability_count" : 55,
   "active_view_vulnerability_severity_counts" : {
      "unweighted" : {
         "ddi" : {
            "counts" : {
               "critical" : 1,
               "high" : 0,
               "info" : 50,
               "low" : 0,
               "medium" : 2,
               "none" : 0,
               "trivial" : 2
            },
            "overall_security_gpa" : 0
         },
         "nvd" : {
            "counts" : {
               "high" : 2,
               "low" : 45,
               "medium" : 8
            },
            "overall_security_gpa" : 0
         },
         "pci" : {
            "counts" : {
               "fail" : 10,
               "pass" : 45
            },
            "overall_security_gpa" : 0
         }
      },
      "weighted" : {
         "ddi" : {
            "counts" : {
               "critical" : 1,
               "high" : 0,
               "info" : 50,
               "low" : 0,
               "medium" : 2,
               "none" : 0,
               "trivial" : 2
            },
            "overall_security_gpa" : 0
         },
         "nvd" : {
            "counts" : {
               "high" : 2,
               "low" : 45,
               "medium" : 8
            },
            "overall_security_gpa" : 0
         },
         "pci" : {
            "counts" : {
               "fail" : 10,
               "pass" : 45
            },
            "overall_security_gpa" : 0
         }
      }
   },
   "associated_webapps" : [],
   "base_scan_id" : "73841_20171116T050000Z",
   "date_finished" : null,
   "date_started" : null,
   "discovery_method" : "ping",
   "dns_name" : "",
   "has_notes" : true,
   "hidden" : false,
   "hide_from_now_on" : false,
   "host_tag_list" : [
      {
         "codename" : "administration",
         "color" : null,
         "id" : 2307,
         "name" : "administration",
         "tagged_by" : "system"
      },
      ...
      ...
   ],
   "hostname" : "VM1WIN2008ADC",
   "id" : 24503532,
   "internal" : true,
   "ip_address" : "172.20.97.11",
   "is_compromised" : false,
   "last_scanned_businessgroup" : {
      "id" : 540,
      "name" : "Enterprise Admins"
   },
   "mac_address" : "00:50:56:bc:58:d2",
   "matched_status" : "matched",
   "named_asset_name" : null,
   "netbios_name" : "VM1WIN2008ADC",
   "network_profile_id" : 126,
   "network_profile_name" : "Internal Scanner Profile 2",
   "notes_distribution" : {
      "asset" : false,
      "asset_only" : false,
      "vuln_only" : false
   },
   "os" : "Windows Server 2008",
   "os_family" : "windows",
   "os_type" : "domain controller",
   "parent_ip_address" : "172.20.97.11",
   "partially_scanned" : false,
   "pentest_status" : null,
   "rna" : {
      "name" : null,
      "proxy_port" : null
   },
   "scan_block_id" : "158546_20171116T050000Z",
   "scan_id" : "73841_20171116T050000Z",
   "scan_version" : 295648,
   "scan_version_active" : true,
   "scan_version_cvss_score" : 9.3,
   "scan_version_date_created" : "2017-11-16T05:30:29.061147Z",
   "scan_version_host_id" : 24503532,
   "scan_version_host_rating_list" : {
      "ddi" : "F",
      "nvd" : "High",
      "pci" : "Fail"
   },
   "scan_version_host_severity_list" : {
      "ddi" : "critical",
      "nvd" : "high",
      "pci" : "fail"
   },
   "scan_version_risk_score" : 375,
   "scan_version_risk_weight" : 75,
   "scan_version_scanner_versions" : "2.2.70.1",
   "scan_version_security_gpa" : 0,
   "scan_version_services_list" : [
      {
         "port" : 53,
         "protocol" : "dns",
         "scan_vulnerability_count" : 0,
         "transport" : "tcp",
         "tunnel" : "none"
      },
      ...
      ...
   ],
   "scan_version_system_security_gpa" : 0,
   "scan_version_vulnerability_count" : 55,
   "scan_version_vulnerability_severity_counts" : {
      "unweighted" : {
         "ddi" : {
            "counts" : {
               "critical" : 1,
               "high" : 0,
               "info" : 50,
               "low" : 0,
               "medium" : 2,
               "none" : 0,
               "trivial" : 2
            },
            "overall_security_gpa" : 0
         },
         "nvd" : {
            "counts" : {
               "high" : 2,
               "low" : 45,
               "medium" : 8
            },
            "overall_security_gpa" : 0
         },
         "pci" : {
            "counts" : {
               "fail" : 10,
               "pass" : 45
            },
            "overall_security_gpa" : 0
         }
      },
      "weighted" : {
         "ddi" : {
            "counts" : {
               "critical" : 1,
               "high" : 0,
               "info" : 50,
               "low" : 0,
               "medium" : 2,
               "none" : 0,
               "trivial" : 2
            },
            "overall_security_gpa" : 0
         },
         "nvd" : {
            "counts" : {
               "high" : 2,
               "low" : 45,
               "medium" : 8
            },
            "overall_security_gpa" : 0
         },
         "pci" : {
            "counts" : {
               "fail" : 10,
               "pass" : 45
            },
            "overall_security_gpa" : 0
         }
      }
   },
   "scanner_version" : "2.2.70.1",
   "tag_list" : [
      {
         "codename" : "administration",
         "color" : null,
         "id" : 2307,
         "name" : "administration",
         "tagged_by" : "system"
      },
      ...
      ...
   ],
   "vuln_tag_list" : [
      {
         "codename" : "administration",
         "color" : null,
         "id" : 2307,
         "name" : "administration",
         "tagged_by" : "system"
      },
      ...
      ...
   ]
}

                

Get A Single Asset’s Vulnerabilities

Returns a list of vulnerabilities detected for a given asset <id>.

                  GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id>/vulnerabilities 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/vulnerabilities' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
   "count" : 55,
   "next" : "https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/vulnerabilities/?page=2",
   "previous" : null,
   "results" : [
      {
         "acceptable_risk" : true,
         "active_view_date_created" : "2017-11-16T05:30:29.061147Z",
         "active_view_date_first_created" : "2017-04-20T04:06:42.056220Z",
         "active_view_host_id" : 919750,
         "active_view_status" : "recurred",
         "active_view_version" : 145729,
         "cvss_score" : "9.3",
         "data" : "This asset is missing the MS17-010 patch.\n\nVulnerable Response:\n ff 53 4d 42 25 05 02 00 c0 88 01 44 00 10 00 00   .SMB%......D....\n 00 00 00 00 00 00 00 00 05 80 06 00 00 08 6d 42   ..............mB\n 00 00 00                                          ...\n",
         "date_finished" : null,
         "date_started" : null,
         "detect_type" : "remote",
         "false_positive" : false,
         "has_notes" : true,
         "hidden" : false,
         "hide_from_now_on" : false,
         "host_hidden" : false,
         "host_id" : 24503532,
         "hostname" : "VM1WIN2008ADC",
         "id" : 957098082,
         "id_ddi" : 122051,
         "ip_address" : "172.20.97.11",
         "manually_added" : false,
         "manually_added_fix_status_name" : null,
         "matched_status" : "recurred",
         "port" : 445,
         "protocol" : "smb",
         "scan_block_id" : "158546_20171116T050000Z",
         "scan_id" : "73841_20171116T050000Z",
         "scanner_version" : "2.2.70.1",
         "severities" : {
            "ddi" : "critical",
            "nvd" : "high",
            "pci" : "fail"
         },
         "tag_list" : [
            {
               "codename" : "moderate to fix",
               "color" : null,
               "id" : 2304,
               "name" : "moderate to fix",
               "tagged_by" : "system"
            },
            ...
            ...  
         ],
         "title" : "MS17-010: SMB Remote Code Execution Vulnerability (Network Check)",
         "transport" : "tcp",
         "tunnel" : "none",
         "vuln_class" : "explicit"
      },
      ...
      ...
   ]
}

                

Get A Single Asset’s Notes

Returns the notes created for a given asset <id>.

                  GET https://vm.frontline.cloud/api/scanresults/active/hosts/<id>/notes 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/notes' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
[
   {
      "account_user_account_id" : 115,
      "account_user_email" : "barney.rubble@flintstone.com",
      "account_user_id" : 7703,
      "account_user_name" : "Barney Rubble",
      "date_created" : "2018-04-05T18:31:41.021941Z",
      "date_modified" : "2018-04-05T18:31:41.021986Z",
      "host_id" : 24503532,
      "id" : 1232597,
      "id_ddi" : null,
      "note_group_id" : 1232597,
      "note_original_author" : {
         "account_user_email" : "barney.rubble@flintstone.com",
         "account_user_fullname" : "Barney Rubble",
         "account_user_id" : 7703
      },
      "note_type" : "client",
      "note_type_name" : "Client",
      "order_number" : 0,
      "scan_id" : "73841_20171116T050000Z",
      "scan_name" : "Daily Assessment",
      "scan_vulnerability_id" : null,
      "target" : {
         "data" : {
            "hostname" : "VM1WIN2008ADC",
            "ip_address" : "172.20.97.11"
         },
         "type" : "asset"
      },
      "ticket_metadata" : null,
      "title" : null,
      "value" : "For Win Team in Chicago to remediate.",
      "version" : 1
   }
]

                

Active View Vulnerabilities

Use this API path to get information about vulnerabilities reconciled into Fortra VM’s Active View.

List All Vulnerabilities

Returns a list of all vulnerabilities.

Available sort parameters
Parameter Description
scan_vulnerability_count Sort list by the total number of vulnerability instances per vulnerability.
severity_ddi Sort list by vulnerability severity.
title Sort list by vulnerability title.
Optional Parameters
Parameter Description
digest

Use true or false. Default is false.

Set to true to list vulnerabilities in a condensed format, grouping vulnerabilities by id_ddi instead of showing each instance.

includeAcceptableRisk

Use true or false. Default is false.

Set to true to list vulnerabilities that have been set as an acceptable risk within Active View.

includeFixed

Use true or false. Default is false.

Set to true to list vulnerabilities that have been fixed.

includeHidden

Use true or false. Default is false.

Set to true to list vulnerabilities that have been hidden within Active View.

                  GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?digest=true 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/24503532/notes' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "count" : 135,
   "next" : "https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?count=3&digest=true&ordering=-severity_ddi&page=2",
   "previous" : null,
   "results" : [
      {
         "hidden" : false,
         "id_ddi" : 122051,
         "matched_change" : {
            "change" : -1,
            "current" : 22,
            "diff" : 22,
            "fixed" : 0,
            "new" : 1,
            "recurred" : 21
         },
         "scan_vulnerability_count" : 22,
         "severities" : {
            "ddi" : "critical",
            "nvd" : "high",
            "pci" : "fail"
         },
         "title" : "MS17-010: SMB Remote Code Execution Vulnerability (Network Check)",
         "vuln_class" : "explicit"
      },
      {
         "hidden" : false,
         "id_ddi" : 113790,
         "matched_change" : {
            "change" : 0,
            "current" : 8,
            "diff" : 8,
            "fixed" : 0,
            "new" : 0,
            "recurred" : 8
         },
         "scan_vulnerability_count" : 8,
         "severities" : {
            "ddi" : "critical",
            "nvd" : "medium",
            "pci" : "fail"
         },
         "title" : "SSL Connection: Server Vulnerable to Heartbleed Attack",
         "vuln_class" : "explicit"
      },
      {
         "hidden" : false,
         "id_ddi" : 104433,
         "matched_change" : {
            "change" : 0,
            "current" : 1,
            "diff" : 1,
            "fixed" : 0,
            "new" : 0,
            "recurred" : 1
         },
         "scan_vulnerability_count" : 1,
         "severities" : {
            "ddi" : "critical",
            "nvd" : "high",
            "pci" : "fail"
         },
         "title" : "HTTP Easily Guessable Credentials",
         "vuln_class" : "explicit"
      }
   ]
}

                

Get A Specific Vulnerability’s Details

Returns the vulnerability details for a single vulnerability using the vulnerability’s <id_ddi>.

                  GET https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?_0_eq_vuln_id_ddi=<id_ddi> 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/vulnerabilities/?_0_eq_vuln_id_ddi=104433' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "count" : 1,
   "next" : null,
   "previous" : null,
   "results" : [
      {
         "acceptable_risk" : null,
         "active_view_date_created" : "2018-03-27T21:00:03.678341Z",
         "active_view_date_first_created" : "2018-03-12T22:53:12.586355Z",
         "active_view_host_id" : 30617403,
         "active_view_status" : "recurred",
         "active_view_version" : 179970,
         "cvss_score" : "10.0",
         "data" : "Authentication Successful In Forms:\n172.20.71.98:81:\n\t/admin/index.php?page=login : /admin/index.php?page=login:\n\t\tadmin:admin\n\t/users/login.php : /users/login.php:\n\t\tadmin:admin\n\t\tguest:guest",
         "date_finished" : null,
         "date_started" : null,
         "detect_type" : "remote",
         "false_positive" : false,
         "has_notes" : true,
         "hidden" : false,
         "hide_from_now_on" : false,
         "host_hidden" : false,
         "host_id" : 31414753,
         "hostname" : "172.20.71.98",
         "id" : 1246848690,
         "id_ddi" : 104433,
         "ip_address" : "172.20.71.98",
         "manually_added" : false,
         "manually_added_fix_status_name" : null,
         "matched_status" : "recurred",
         "port" : 81,
         "protocol" : "http",
         "scan_block_id" : "197914",
         "scan_id" : "102586",
         "scanner_version" : "3.0.2.1",
         "severities" : {
            "ddi" : "critical",
            "nvd" : "high",
            "pci" : "fail"
         },
         "tag_list" : [
            {
               "codename" : "moderate to fix",
               "color" : null,
               "id" : 2304,
               "name" : "moderate to fix",
               "tagged_by" : "system"
            },
            {
               "codename" : "web",
               "color" : null,
               "id" : 2303,
               "name" : "web",
               "tagged_by" : "system"
            }
         ],
         "title" : "HTTP Easily Guessable Credentials",
         "transport" : "tcp",
         "tunnel" : "none",
         "vuln_class" : "explicit"
      }
   ]
} 
                

Get A Specific Vulnerability’s Notes

Returns the notes assigned to a vulnerability given the <host_id> and vulnerability <id>.

                  GET https://vm.frontline.cloud/api/scanresults/active/hosts/<host_id>/vulnerabilities/<id>/notes 
                
$ curl 'https://vm.frontline.cloud/api/scanresults/active/hosts/31414753/vulnerabilities/1235054/notes' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  [
   {
      "account_user_account_id" : 1,
      "account_user_email" : "barney.rubble@flintstone.com",
      "account_user_id" : 260,
      "account_user_name" : "Barney Rubble",
      "date_created" : "2018-04-09T21:21:13.237611Z",
      "date_modified" : "2018-04-09T21:21:13.237650Z",
      "host_id" : 31414753,
      "id" : 1235054,
      "id_ddi" : 104433,
      "note_group_id" : 1235054,
      "note_original_author" : {
         "account_user_email" : "barney.rubble@flintstone.com",
         "account_user_fullname" : "Barney Rubble",
         "account_user_id" : 260
      },
      "note_type" : "analyst",
      "note_type_name" : "Analyst",
      "order_number" : 0,
      "scan_id" : "102586",
      "scan_name" : "Scan Mar 27, 2018 3:38PM Don Test",
      "scan_vulnerability_id" : 1246848690,
      "target" : {
         "data" : {
            "title" : "HTTP Easily Guessable Credentials"
         },
         "type" : "vulnerability"
      },
      "ticket_metadata" : null,
      "title" : null,
      "value" : "Pass on to Network Team Alpha to address.",
      "version" : 1
   }
]

                

Scan Activity

Use this API path to get information about current scan activity.

List All Active Scans

Returns a list of all active scans.

Available sort parameters
Parameter Description
asset_count Sort list by the total number of assets scanned.
businessgroup_name Sort list by business group.
date_finished Sort list by the date the scan finished.
date_started Sort list by the date the scan started.
name Sort list by scan name.
scan_locations Sort the list by external / internal scan location.
status Sort list by scan status.
workflow Sort list by the scan work-flow.
Required Parameters
Parameter Description
0_in_scan_workflow Set to one or more of the following: PCI Assessment, PCI Assessment Follow-up, Penetration Test, Penetration Test Follow-up, Threat Scan, Vulnerability Assessment, Web Application Assessment.
NOTE: All must be applied in order to retrieve results that match the FVM Scan Activity page.
status

Set to one or more of the following: launching, paused, pausing, blackout, queued, resuming, running, loading, canceling, canceled, completed, errored, pt_in_progress, pt_review, pt_complete, waa_workflow.

NOTE: All must be applied in order to retrieve results that match the FVM Scan Activity page.
                  GET 'https://vm.frontline.cloud/api/scans’ 
                
$ curl 'https://vm.frontline.cloud/api/scans/?_0_in_scan_workflow=Penetration+Test%7CVulnerability+Assessment%7CWeb+Application+Assessment%7CThreat+Scan%7CPCI+Assessment+Follow-up%7CPCI+Assessment%7CPenetration+Test+Follow-up&count=2&ordering=-scan_locations,name,-date_finished&page=1&status=launching%7Cpaused%7Cpausing%7Cblackout%7Cqueued%7Cresuming%7Crunning%7Cloading%7Ccanceling%7Ccanceled%7Ccompleted%7Cerrored%7Cpt_in_progress%7Cpt_review%7Cpt_complete%7Cwaa_workflow' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "count" : 2996,
   "next" : "https://vm.frontline.cloud/api/account/115/scans/?_0_in_scan_workflow=Penetration+Test%7CVulnerability+Assessment%7CWeb+Application+Assessment%7CThreat+Scan%7CPCI+Assessment+Follow-up%7CPCI+Assessment%7CPenetration+Test+Follow-up&count=25&ordering=-date_finished%2Cname&page=2&status=launching%7Cpaused%7Cpausing%7Cblackout%7Cqueued%7Cresuming%7Crunning%7Cloading%7Ccanceling%7Ccanceled%7Ccompleted%7Cerrored%7Cpt_in_progress%7Cpt_review%7Cpt_complete%7Cwaa_workflow",
   "previous" : null,
   "results" : [
      {
         "account" : {
         "id" : 115,
         "name" : "Demo Account"
        },
        "account_id" : 115,
        "account_user" : "Administrator",
        "account_user_id" : 34,
        "build_reports" : false,
        "businessgroups" : [
           {
             "id" : 540,
             "name" : "Enterprise Admins"
           }
        ],
        "date_finished" : "2019-08-21T18:35:35.384192Z",
        "date_modified" : "2019-08-21T18:35:35.582269Z",
        "date_started" : "2019-08-21T18:01:24.682271Z",
        "deleting" : false,
       "description" : "",
       "exclude_from_active_view" : false,
        "force_target_detection" : false,,
        "has_results" : false,
        "host_count" : 51,
        "id" : "97910_20190821T180000Z",
        "name" : "Updated Weekly",
        "next_event" : null,
        "scan_locations" : "internal",
        "scan_policy" : "Default",
        "status" : "completed",
        "status_message" : null,
        "status_name" : "Completed",
        "workflow" : "va_workflow"
      },
      ...
   ]
}

                

Get A Specific Scan In Scan Activity

Returns the details for a specific scan <id> in the scan activity.

                  GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/' 
                
$ curl -X GET https://vm.frontline.cloud/api/scanresults/scans/97910_20190821T180000Z/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
   "active_view_version_id" : 348238,
   "base_scan_id" : "97910_20190821T180000Z",
   "businessgroups" : [
      {
         "id" : 540,
         "name" : "Enterprise Admins"
      },
   ]
   "date_created" : "2019-08-21T18:01:24.682248Z",
   "date_finished" : "2019-08-21T18:35:35.384192Z",
   "date_modified" : "2019-08-21T18:35:35.582269Z",
   "date_started" : "2019-08-21T18:01:24.682271Z",
   "description" : "",
   "exclude_from_active_view" : false,
   "host_count" : 51,
   "host_labels" : [],
   "hosts_new_count" : 0,
   "id" : "97910_20190821T180000Z",
   "label_counts" : {},
   "labels" : [],
   "most_at_risk_hosts" : [
      {
         "active_view_cvss_score" : 10,
         "active_view_date_created" : "2019-08-21T18:35:20.456496Z
         "active_view_date_first_created" : "2015-10-02T17:18:30.216899Z",
         "active_view_host_id" : 1978,
         "active_view_host_rating_list" : {
             "ddi" : "F",
             "nvd" : "High",
             "pci" : "Fail"
         },
         "active_view_risk_score" : 370,
         "active_view_risk_weight" : 74,
         "active_view_security_gpa" : 0,
         "active_view_status" : "matched",
         "active_view_system_security_gpa" : 0,},
         "active_view_version" : 348238,
         "active_view_security_gpa" : 0,
         "active_view_vulnerability_count" : 57,
         "active_view_vulnerability_severity_counts" : {
             "unweighted" : {
                "ddi" : {
                   "counts" : {
                      "critical" : 5,
                      "high" : 0,
                      "info" : 0,
                      "low" : 17,
                      "medium" : 22,
                      "none" : 0,
                      "trivial" : 35
                   },
                   "overall_security_gpa" : 0
                },
                "nvd" : {
                   "counts" : {
                      "high" : 1,
                      "low" : 26,
                      "medium" : 30
                   },
                   "overall_security_gpa" : 0
                },
                "pci" : {
                   "counts" : {
                     "fail" : 1,
                     "pass" : 56
                  },
                  "overall_security_gpa" : 0,
              }
           },
            "weighted" : {
           ...
           }
        },
        "assessed_cis_auth" : false,
        "assessed_db_auth" : false,
        "assessed_os_auth" : false,
        "assessed_threatscan_auth" : false,
        "assessed_unauth" : true,
        "associated_webapps" : [],
        "auth_status" : {
           "details" : {},
           "extended_details" : {},
              "cis" : null,
              "db" : {
                 "mssql" : null,
                 "mysql" : null,
                 "oracle" : null,
                 "postgresql" : null,
              }
              "os" : {
                 "linux" : null,
                 "vmware" : null,
                 "windows" : null
              } 
                 "threatscan" : null
              }
               "overall" : "N/A"
           }
           "aws_instance_id" : null,
           "base_scan_id" : "97910_20190821T180000Z",
           "date_finished" : null,
           "date_started" : null,
           "discovery_method" : "ping",
           "dns_name" : "",
           "dns_smartname" : "BUFF-HEARTBLEED",
           "has_antivirus" : null,
           "has_crimewareable" : null,
           "has_disabled_antivirus" : null,
           "has_exploitable" : true,
           "has_malware" : null,
           "has_notes" : false,
           "has_outdated_antivirus" : null,
           "hidden" : false,
           "hide_from_now_on" : false,
           "hostname" : "BUFF-HEARTBLEED",
           "id" : 60688848,
           "internal" : true,
           "ip_address" : "192.168.69.140",
           "is_compromised" : false,
           "is_retired" : false,
           "last_scanned_businessgroup" : {
             "id" : 540,
             "name" : "Enterprise Admins"
          "mac_address" : "00:50:56:8d:bf:ba",
          "matched_status" : "matched",
          "named_asset_name" : null,
          "netbios_name" : "BUFF-HEARTBLEED",
          "netbios_smartname" : "BUFF-HEARTBLEED","
          "network_profile_id" : 3488,
          "network_profile_name" : "Internal Scanner Profile 4",
          "notes_distribution" : {"id" : 540,
             "asset" : false,
             "asset_only" : false,
             "vuln_only" : false
          },
          "os" : "Ubuntu Linux",
          "os_family" : "unix",
          "os_type" : "server",
          "partially_scanned" : false,
          "pentest_status" : null,{
          "scan_block_id" : "385187_20190821T180000Z",
          "scan_id" : "97910_20190821T180000Z",
          "scan_version" : 704088,
          "scan_version_active" : true,
          "scan_version_cvss_score" : 10,
          "scan_version_date_created" : "2019-08-21T18:35:20.456496Z",
          "scan_version_host_id" : 60688848,
          "scan_version_host_rating_list" : {
             "ddi" : "F",
             "nvd" : "High",
             "pci" : "Fail"
          },
          "scan_version_risk_score" : 370,
          "scan_version_risk_weight" : 74,
          "scan_version_security_gpa" : 0,
          "scan_version_system_security_gpa" : 0,
          "scan_version_vulnerability_count" : 149,
          "scan_version_vulnerability_severity_counts" : {
             "unweighted" : {
             "ddi" : {
                "counts" : {
                   "critical" : 5,
                   "high" : 0,
                   "info" : 92,
                   "low" : 17,
                   "medium" : 0,
                   "none" : 0,
                   "trivial" : 35,
              },
               "overall_security_gpa" : 0
           },
           "nvd" : {
               "counts" : {
                  "high" : 1,
                  "low" : 118,
                  "medium" : 30
            },
            "overall_security_gpa" : 0
         },
         "pci" : {
           "counts" : {
              "fail" : 1,
              "pass" : 148
           },
           "overall_security_gpa" : 0
         }
         "weighted" : {
         ...
           }
         },
         "scanner_version" : "3.0.36.1"
        },
        ...
   },
   "most_common_malware" : [],
   "most_common_vulnerabilities" : [
     {
          "hidden" : false,
          "id_ddi" : 104120,
          "matched_change" : {
             "change" : 0,
             "current" : 8,
             "diff" : 8,  
            "fixed" : 0,
             "new" : 0,
             "recurred" : 8
          },
           "scan_vulnerability_count" : 8,
           "severities" : {
              "ddi" : "critical",
             "nvd" : "high",
              "pci" : "fail"
          },
           "title" : "Easily Guessable SSH Credentials",
           "vuln_class" : "explicit"
       },
       ...
   },
   "most_vulnerabilities_on_a_host" : 149,
   "name" : "Updated Weekly",
   "notifications" : [],
   "os_counts" : {
      "CentOS" : 2,
       "Debian Linux" : 2,
       ...
   },
   "os_type_counts" : {
      "client" : 8,
   }
   "pentest_date_completed" : null,
   "pentest_date_started" : null,
   "pentest_rating_list" : {
      "ddi" : "D",
      "nvd" : "High",
      "pci" : "Not Compliant",
   },
   "previous_scan" : {
       "businessgroups" : [
          {
            "id" : 540,
            "name" : "Enterprise Admins"
         }
      ],
      "date_created" : "2019-08-14T18:02:38.093733Z",
      "date_finished" : "2019-08-14T18:33:38.425841Z",
      "date_modified" : "2019-08-14T18:33:38.619703Z",
      "date_started" : "2019-08-14T18:02:38.093769Z",
      "description" : "",
      "host_count" : 51,
      "id" : "97910_20190814T180000Z",
      "name" : "Updated Weekly",
      "pentest_date_completed" : null,
      "pentest_date_started" : null,
      "pentest_rating_list" : {
         "ddi" : "D",
         "nvd" : "High",
         "pci" : "Not Compliant"
      },
      "scan_id" : "97910_20190814T180000Z",
      "scan_policy" : {
         "id" : 8,
         "name" : "Default"
      },
      "scan_template" : {
         "id" : 97910,
         "name" : "Updated Weekly"
      },
      "security_gpa" : 0.95,
      "status" : "completed",
     "status_details" : [
         [
            "completed",
            "Internal Scanner Profile 4",
           "Successfully completed scan""
       ]
      ],
      "status_message" : null,
      "status_name" : "Completed",
      "vulnerability_count" : 334,
      "workflow" : {
         "codename" : "va_workflow",
         "id" : 2,
         "name" : "Vulnerability Assessment"
      },
   }
   "recent_recurring_scans" : [ 
      {
         "businessgroups" : [
            {
                "id" : 540,[
                "name" : "Enterprise Admins"[
            }
         ]
         "date_created" : "2019-08-14T18:02:38.093733Z",
         "date_finished" : "2019-08-14T18:33:38.425841Z",
         date_modified" : "2019-08-14T18:33:38.619703Z",
         "date_started" : "2019-08-14T18:02:38.093769Z",
         "description" : "",
         "id" : "97910_20190814T180000Z",
         "name" : "Updated Weekly",
         "pentest_date_completed" : null,
         "pentest_date_started" : null,
         "pentest_rating_list" : {
             "ddi" : "D",
             "nvd" : "High",
             "pci" : "Not Compliant"
         },
         "scan_id" : "97910_20190814T180000Z",
         "scan_policy" : {
            "id" : 8,
            "name" : "Default"
          },
         "scan_template" : {
            "id" : 97910,
            "name" : "Updated Weekly"
         },
         "status" : "completed",
         "status_details" : [
            [
            "completed",
            "Internal Scanner Profile 4",
            "Successfully completed scan"
         ]
       ],
       "status_message" : null,
       "status_name" : "Completed",
       "workflow" : {
          "codename" : "va_workflow",
         "id" : 2,
          "name" : "Vulnerability Assessment"
       }
     },
     ...
   },
   "scan_id" : "97910_20190821T180000Z",
   "scan_policy" : {
     "id" : 8,
     "name" : "Default"
   },
   "scan_rating_list" : {
      "ddi" : "D",
   ..."nvd" : "High",
      "pci" : "Not Compliant"
   },
   "scan_template" : {
      "id" : 97910,
      "name" : "Updated Weekly"
   },
   "security_gpa" : 0.95,
   "security_gpa_external" : 0,
   "security_gpa_internal" : 0.95,
   "security_gpa_letter_external" : "F",
   "security_gpa_letter_internal" : "D",
   "status" : "completed",
   "status_details" : [
      [
        "completed",
        "Internal Scanner Profile 4",
        "Successfully completed scan"
      ]
   ],
   "status_message" : null,
   "status_name" : "Completed",
   "vuln_labels" : [],
   "vulnerability_count" : 335,
   "vulnerability_severity_counts" : {,
      "unweighted" :
         "ddi" : {
            "counts" : {
               "critical" : 26,
               "high" : 12"
               "info" : 1227,
               "low" : 103,
               "medium" : 22,
               "none" : 0,
               "trivial" : 172
           }
           "distinct_counts" : {
              "critical" : 8,
              "high" : 8,
              "info" : 83,
              "low" : 25,
              "medium" : 6,
              "none" : 0,
              "trivial" : 23
           },
           "distinct_total" : 153,
           "overall_rating" : "",
           "overall_security_gpa" : 0,
           "overall_severity" : "",
           "rating_sort_order" : 0,
           "severity_score" : 0,
           "severity_sort_order" : 0,
           "total" : 1562
         },
        "nvd" : {
           ...
         },
         "pci" : {
           ...
         }
      }
      "weighted" : {
          ...
        }
   },
   "workflow" : {
      "codename" : "va_workflow",
      "id" : 2,
      "name" : "Vulnerability Assessment"
   }
}
                

Get A Specific Scan’s Assets In Scan Activity

Returns the details for a specific scan’s <id> asset details in the scan activity.

Available Sort Parameters
Parameter Description
active_view_date_created

Sort list by when assets were last found (scanned).

active_view_date_first_created Sort list by date assets were first found.
active_view_rating_ddi Sort list by asset rating.
hidden Sort list by if asset is hidden.
host_scan_version_risk_score Sort list by asset risk score.
host_scan_version_risk_weight Sort list by asset risk weight.
host_scan_version_severity_ddi Sort list by asset severity.
hostname Sort list by asset hostname.
ip_address Sort list by the asset IP address.
is_compromised Sort list by whether an asset is compromised or not.
os Sort list by the asset operating system.
os_type Sort list by asset operating system type.
host_partially_scanned Sort list by if asset is only partially scanned
                  GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/hosts/' 
                
$ curl -X GET https://vm.frontline.cloud/api/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=50&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi,-scan_vulnerability_count,title&page=1' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
    "count" : 51,
    "next" :
"https://vm.frontline.cloud/api/account/115/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=2&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi%2C-scan_vulnerability_count%2Ctitle&page=2",
   "previous" : null,
   "results" : [
       {
           "cvss_score" : "7.5",
           "hidden" : false,
           "id_ddi" : 104120,
           "matched_change" : {
              "change" : 0,
              "change" : 0,
              "diff" : 8,
              "fixed" : 0,
              "new" : 0,
              "recurred" : 8
           }
           "scan_vulnerability_count" : 8,
           "severities" : {
              "ddi" : "critical",
              "nvd" : "high",
              "pci" : "fail"
           }
           "title" : "Easily Guessable SSH Credentials",
           "vuln_class" : "explicit"
      },
      ...
   ]
}
                

Get A Specific Scan’s Vulnerabilities In Scan Activity

Returns the details for a specific scan’s <id> vulnerabilities details in the scan activity.

Available Sort Parameters
Parameter Description
scan_vulnerability_count

Sort list by the total number of vulnerability instances per vulnerability.

severity_ddi Sort list by vulnerability severity.
title Sort list by vulnerability title.
                  GET 'https://vm.frontline.cloud/api/scanresults/scans/<id>/hosts/' 
                
$ curl -X GET https://vm.frontline.cloud/api/scanresults/ scans/97910_20190821T180000Z/hosts/?count=50&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-rating_ddi,hostname&page=1' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
    "count" : 182,
    "next" 
"https://vm.frontline.cloud/api/account/115/scanresults/scans/97910_20190821T180000Z/vulnerabilities/?count=2&digest=true&includeAcceptableRisk=false&includeFixed=false&includeHidden=false&ordering=-severity_ddi%2C-scan_vulnerability_count%2Ctitle&page=2",
   "previous" : null,
   "results" : [
       {
           "cvss_score" : "7.5",
           "hidden" : false,
           "id_ddi" : 104120,
           "matched_change" : {
              "change" : 0,
              "change" : 0,
              "diff" : 8,
              "fixed" : 0,
              "new" : 0,
              "recurred" : 8
               "cis" : null,
           }
           "scan_vulnerability_count" : 8,
           "severities" : {
              "ddi" : "critical",
              "nvd" : "high",
              "pci" : "fail"
           }
           "title" : "Easily Guessable SSH Credentials",
           "vuln_class" : "explicit"
      },
                     "info" : 14,
                     "low" : 0,
                     "medium" : 0,
                     "none" : 0,
                     "trivial" : 0
                  },
                  "overall_security_gpa" : 0
               },
               "nvd" : {
               ...
               },
               "pci" : {
               ...
            "weighted" : {
                "ddi" : {
                   ...
                },
                "nvd" : {
                   ...
                },
                pci" : {
                   ...
                }
            }
          },
          "scanner_version" : "3.0.36.1"
       },
       ...
  ]
}
                

Scheduled Scans

Use this API path to get information about scans that are scheduled.

List all Scheduled Scans

Returns a list of all scheduled scans.

Available Sort Parameters
Parameter Description
active

Sort list by scan enabled / disabled.

businessgroup_name Sort list by business group.
name Sort the list by scan name.
next_start_date Sort the list by the next start date.

Required parameters

Required Parameters
Parameter Description
_0_has_next_event

Set to true or false.If default is false.

NOTE: Must be set to true and used in conjunction with expandScans=parameter in order to retrieve results that match the Scheduled Scans page.

expandScans

Set to true or false.If default is false.

NOTE: Must be set to false in order to retrieve results that match the Scheduled Scans page.
                  GET 'https://vm.frontline.cloud/api/scans/'
                
$ curl -X GET 'https://vm.frontline.cloud/api/scans/?_0_has_next_event=true&expandScans=false&ordering=next_start_date,name&page=1&count=25' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
    "count" : 2,
    "next" : null,
   "previous" : null,
   "results" : [
      {
        "account" : {
           "id" : 115,
        }
        "account_id" : 115,
        "account_user" : "Administrator",
        "account_user_id" : 34,
        "active" : true,
        "build_reports" : false,
        "businessgroups" : [
           {
               "id" : 540,
               "name" : "Enterprise Admins"
           }
        ]
        "description" : "",
        "exclude_from_active_view" : false,
        "force_target_detection" : false,
        "id" : "97910",
        "name" : "Updated Weekly","description" : "",
        "next_event" : {
           "id" : "98030_20190828T180000Z",
           "start_date" : "2019-08-28T18:00:00Z",
           "status" : "scheduled",
           "timezone" : "America/Chicago"
        }
        "recurring" : true,
        "scan_policy" : "Default",
        "status" : null,
        "visible" : true
      },
      ...
   ]
}
                

Get A Specific Scheduled Scan

Returns the details for a specific scan <id> in the scheduled scans.

                  GET 'https://vm.frontline.cloud/api/scans/<id>/'
                
$ curl -X GET 'https://vm.frontline.cloud/api/scans/97910/'
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  
{
   "account" : {
      "id" : 115,
      "name" : "Demo Account"
   },
   "account_id" : 115,
    "active" : true,
   "adhoc_named_asset_targets" : [],
   "adhoc_targets" : [
      {
        "account_id" : 115,
        "asset_group_id" : 254008,
        "filter_rule" : null,
        "id" : 1201601,
        "inclusion" : "full",
        "ip_address_range" : {
           "cidr_block" : null,
           "dhcp" : false,
           "fragile" : false,
           "high_ip_address" : "192.168.69.254",]
           "high_ip_number" : 3232253438,
           "id" : 1175262,
           "internal" : true,
           "ipv6" : false,
           "low_ip_address" : "192.168.69.1",
           "low_ip_number" : 3232253185
        },
        "network_profile_id" : 3488,,
        "network_profile_name" : "Internal Scanner Profile 4",
        "port_range" : null,
        "rule_action" : "include",
        "rule_scope" : "scan",
        "use_default_weight" : true,
        "weight" : null
     },
   ]
   "asset_filter" : {},
   "asset_groups" : [],
   "build_reports" : false,
   "businessgroups" :,
      {
         "id" : 540,
         "name" : "Enterprise Admins"
     }
   ],
   "description" : "",
   "exclude_from_active_view" : false,
   "force_target_detection" : false,
   "id" : "97910",
   "name" : "Updated Weekly",
   "notify" : false,
   "recipients" : [],
   "scan_policy" : "Default",
   "scan_speed" : "normal",
   "schedule" : {
      "end_date" : null,
      "id" : 98030,
      "occurrences" : 78,
      "recurrence_rules" : [
         "FREQ=WEEKLY;INTERVAL=1;BYDAY=We"
      ],
      "recurring" : true,
      "start_date" : "2018-02-28T19:00:00Z",
      "timezone" : "America/Chicago"
   },
   "workflow" : "va_workflow"
}
                

General Scans

Use this API path to automate the creation of scans.

Create a Scan

NOTE: Creating scans within Fortra VM is intuitive and easy, and is the recommended method of scheduling scans. That being said, the below information will assist you in creating scans via our API.

To create a scan, the following name-value pairs, members, objects, or arrays, must be submitted as a JSON object.

As in Fortra VM, there are four methods, or any combination thereof, by which you can create a scan.

They are by: Asset Groups,Ad Hoc IPs Ports, Ad Hoc Dynamic Asset, and / or Ad Hoc Hostnames.

In addition to those four methods, there are other scan options that you can configure as well. The below tables will further explain these, as well as provide “barebone” JSON examples.

                  POST https://vm.frontline.cloud/api/scans
                
                                    $ curl 'https://vm.frontline.cloud/api/scans/'
-H 'Authorization: Token YOUR_API_TOKEN' \
-X POST
-H 'Content-Type: application/json;charset=utf-8' \
--data '{"adhoc_named_asset_targets":[],"adhoc_targets":[],"asset_filter":{},"asset_groups":[218621],"build_reports":false,"businessgroups":[{"id":540}],"description":"","exclude_from_active_view":false,"internal":false,"name":"Test Asset Group Servers Scan","notify":false,"recipients":[],"scan_policy":"Default","scan_speed":"normal","schedule":{"end_date":null,"id":null,"recurrence_rules":[],"recurring":false,"start_date":"2019-09-17T17:15:00.000Z","timezone":"America/Chicago"},"workflow":"va_workflow"} ' \
                                    {
	"id": "207614",
	"account": {
		"id": 115,
	},
	"account_user": "Barney Rubble",
	"account_user_id": 7703,
	"businessgroups": [
		}
			"id": 540,
			"name": "Enterprise Admins"
		}
	}
	"name": "Test Asset Group Servers Scan",
	"description": "",
	"scan_policy": "Default",
	"scan_speed": "normal",
	"schedule": {
		"id": 211430,
		"start_date": "2019-09-17T17:15:00Z",
		"end_date": "2019-09-17T17:15:00Z",
		"recurring": false,
		"recurrence_rules": [],
		"timezone": "America/Chicago",
		"occurrences": 0
	}
	"workflow": "va_workflow",
	"adhoc_targets": [],
	"adhoc_named_asset_targets": [],
	"active": true,
	"exclude_from_active_view": false,
	"force_target_detection": false,
	"build_reports": false,
	"asset_groups": [
		218621
	],
	"asset_filter": {
	},
	"recipients": [],
	"notify": false,
	"account_id": 115
}

                

Scan by Asset Group

See the System section of this guide to learn how to retrieve a list of asset group <id>s.

NOTE: Be sure to use the <id>, not the <group_id>.
Parameters
Parameter Description
asset_groups

An array of comma-separated asset group IDs. If not used, set to an empty array: [].

See the System section of this guide to learn how to retrieve a list of asset groups.

                                    {
   "asset_groups" : [
      113146,
      113154
   ],
   "schedule" : {
      "start_date" : "2019-09-25T14:35:35.000Z",
      "timezone" : "America/Chicago"}
   }
}

                

Scan by Ad Hoc IPs Ports

To scan by Ad Hoc IPs Ports, an array named adhoc_targets containing one or more objects, each containing the below required name-value pairs must be included. If not used, set to an empty array: [].

NOTE: An ad hoc target scan must contain one or more ip_address_range objects. Additionally a port_range object requires at least one IP rule.
 
Name Description
autoadd

Set to true to auto-add IPs to the scanner profile in case they are not in the scanner profile already, otherwise, set to false.

inclusion

A string value. Set to full.

ip_address_range (required)

An object containing the following name-value pairs:
cidr_block, dhcp,
high_ip_address, ipv6,
low_ip_address, low_ip_number.

cidr_block

A member of ip_address_range, a string value containing a valid CIDR address

low_ip_address (required, unless using cidr_block)

A member of ip_address_range, a string value containing a valid IPv4 address.

low_ip_number

A member of ip_address_range, a number value containing the decimal equivalent of the low_ip_address.

high_ip_address

A member of ip_address_range, a string value containing a valid IPv4 address.

high_ip_number

A member of ip_address_range, a number value containing the decimal equivalent of the high_ip_address.

network_profile_id (required)

A number value that is the scanner profile <id> to be used for this scan.

See the System section for details on retrieving the scanner profiles.

port_range

An object containing the following name-value pairs: low_number, high_number.

NOTE: For single-port rules, only the low_number is required.
rule_action (required)

A string value that will cause the IP range and / or ports to be included or excluded from this scan. Must be one of the following: include, exclude.

                                    {
   "adhoc_targets" : [
      {
         "autoadd" : true,
         "ip_address_range" : {
            "low_ip_address" : "192.168.1.1"
         },
         "rule_action" : "include"
      },
      {
         "autoadd" : true,
         "network_profile_id" : 8386,
         "port_range" : {
            "low_number" : 8080
       }
   ],
   "schedule" : {
      "start_date" : "2019-09-25T15:40:56.000Z",
     "timezone" : "America/Chicago"
   }

                

Scan by Ad Hoc Dynamic Assets

To scan by Ad Hoc Dynamic Assets, an object containing name-value pairs that have asset and / or vulnerability filters is required.

See the Active View Asset Filters and Active View Vulnerability Filters sections of this guide for the many options available.

If not used, set to an empty JSON object: {}.

Parameters
Name Description
asset_filter

Example:

"asset_filter":{ "_0_contains_host_os":
"_0_contains_host_os":
"Windows”:{
",
"_1_iexact_host_os_type":
"server"
}

                                    {
   "asset_filter" : {
      "_0_contains_host_os" : "Windows",
      "_1_iexact_host_os_type" : "server"
   },
   "schedule" : {
      "start_date" : "2019-09-25T16:35:01.000Z",
      "timezone" : "America/Chicago"
   }
}
                

Scan by Ad Hoc Hostnames

To scan by Ad Hoc Hostnames, an array named adhoc_targets containing one or more objects, each containing the below required name-value pairs must be included. If not used, set to an empty array: [].

Parameters
Name Description
inclusion A string value. Set to full.
named_asset An object containing the following name-value pairs: code, codename, name.
code (required) A member of named_asset, a number value set to 0.
codename (required) A member of named_asset, a string value set to DNS.
name (required) A member of named_asset, a string value containing the hostname of the asset to scan.
network_profile_id (required) A number value that is the scanner profile <id> to be used for this scan.
port_range

An object containing the following name-value pairs: high_number, low_number.

NOTE: For single-port rules, only the low_number is required
rule_action (required) A string value that will cause the IP range and / or ports to be included or excluded from this scan. Must be one of the following: include, exclude.

Now that we have covered the scanning four methods, the following table will cover the remaining name-value pairs that will complete the JSON object.

Parameters
Name Description
build_reports

Set to true if you want an Executive Summary and a Vulnerability Details report automatically generated upon scan completion, otherwise, set to false.

Default is false.

businessgroups (conditionally required, see Note

An array containing a single JSON object that has the name-value pair of the business group “id” and its number value.

NOTE: This is required only if you are using Business Groups, otherwise, set to an empty array: [].

See the System section of this guide to learn how to retrieve a list of business groups.

exclude_from_active_view)

Set to true to exclude the scan results from reconciling into Active View, otherwise, set to false.

Default is false.

name

A string value that specifies the name of the scan. Limited to 100 characters.

Default is similar to the following format: Scan Wed Sep 25 2019 14:20:57 GMT+0000 (UTC).

notify

Set to true if you want to add recipients who do not receive automatic scan notifications, otherwise, set to false.

Default is false.

recipients

An array of values consisting of the users’ email address with Frontline VM.

NOTE: If notify is set to false, then recipients should be set to an empty array: [].
scan_policy

A string value that is the name of the scan policy to be used for this scan, normally Default.

See the Scan Policies section of this guide to learn how to retrieve a list of other scan policies.

Default is Default.

scan_speed

A string value that selects the scan speed.

Value must be one of the following: slow, normal, quick, fast, very fast.

NOTE: Faster scan speeds require more processing resources and should be used with caution.

Default is normal.

schedule (required) An object consisting of the following name-value pairs: start_date, and timezone.
start_date (required)

A member of schedule, a string value that is the ISO 8601 date-time value of when the scan is to start.

Format is YYYY-MM-DDThh:mm:ss.sssZ.

timezone (required) A member of schedule, a string value that represents your timezone location.
workflow

A string value that sets the type of work-flow for this scan.

Value must be one of the following: For vulnerability assessment, va_workflow. For threat scan, ats_workflow.

Default is va_workflow.

                                    {
   "adhoc_named_asset_targets" : [
      {
          "inclusion" : "full",
          "named_asset" : {
             "code" : 0,
              "codename" : "DNS",
              "name" : "wD4587oiewjw29eml.local"
          },
          "network_profile_id" : 8386,
          "port_range" : {
              "low_number" : 80
          },
          "rule_action" : "include"
      },
      {
          "inclusion" : "full",
          "named_asset" : {
             "code" : 0,
              "codename" : "DNS",
              "name" : "wD4587oiewjw30eml.local"
          },
          "network_profile_id" : 8386,
          "port_range" : {
              "low_number" : 443          },
          "rule_action" : "include"
      },
   ]
   "schedule" : {
      "start_date" : "2019-09-25T17:11:38.000Z",
      "timezone" : "America/Chicago"
   }
}
                
                                    {
   "adhoc_named_asset_targets" : [
   "adhoc_targets" : [
      {
          "ip_address_range" : {
             "cidr_block" : null,
             "dhcp" : false,
             "fragile" : false,
             "high_ip_address" : "192.168.1.1",
             "high_ip_number" : 3232235777,
             "ipv6" : false,
             "low_ip_address" : "192.168.1.1",
          },
          "network_profile_id" : 8386,
          "port_range" : {
              "low_number" : 80
          },
          "rule_action" : "include"
      },
      {
          "ip_address_range" : {
             "cidr_block" : null,
             "dhcp" : false,
             "fragile" : false,
             "high_ip_address" : "192.168.1.21",
             "high_ip_number" : 3232235797,
             "ipv6" : false,
             "low_ip_address" : "192.168.1.21",
          },
          "network_profile_id" : 8386,
          "port_range" : {
              "low_number" : 443
          },
          "network_profile_id" : 8386,
          "port_range" : {
              "low_number" : 443
          },
          "rule_action" : "include"
      },
   ]
   "asset_filter" : {
      "_0_contains_host_os" : "Windows",
      "_1_iexact_host_os_type" : "server"
   },
   "asset_groups" : [],
   "build_reports" : false,
   "exclude_from_active_view" : false,
   "internal" : false,
   "name" : "Test Scan 2019-09-25T10:02:28",
   "notify" : true,
   "recipients" : [
      "rubbleb@flint.stone",
      "flintstonef@flint.stone"
  ],
   "scan_policy" : "Default",
   "scan_speed" : "normal",
   "schedule" : {
      "start_date" : "2019-09-25T19:56:45.000Z",
      "timezone" : "America/Chicago"
   }
   "workflow" : "va_workflow"
}
                

Scan Policies

Get A List Of All Policies

Use this API path to get information about scan policies.

Returns a list of all returns a list of scan policies

                                GET 'https://vm.frontline.cloud/api/scans/policies/' 
                
$ curl 'https://vm.frontline.cloud/api/scans/policies/ ?count=25&ordering=name&page=1' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                                    {
   [
      "default_for_workflow" : null,
      "description" : "Configures the scanner to perform basic application discovery. This policy should be used to achieve a greater understanding of the target network while still not running a full blown vulnerability scan.  It's similar to a simple service discovery scan but performs additional application fingerprinting to identify specific applications such as Jetty, WebLogic, CuteFTP, and IIS. While you have not yet run a vulnerability scan to look for weakness which may be present in these applications, you do know what your environment looks like and can act accordingly. This is a reconnaissance only scan policy and does not include checks for rated vulnerabilities.",
      "id" : 12,
      "name" : "Application Discovery",
      "system" : true
   }
   ...
}
                

Reports

Use this API path to get information about report history.

Get A List Of All Reports

Returns a list of all reports.

Available Sort Parameters
Parameter Description
account_user Sort the list by report creator.
businessgroup Sort the list by business group.
date_created Sort the list by the date created.
report_file Sort the list by the file type.
report_type Sort the list by the report type.
report_status Sort the list by the report status.
template_name

Sort the list by the template.

title Sort list by the vulnerability title.
                  GET https://vm.frontline.cloud/api/reports/
                
$ curl 'https://vm.frontline.cloud/api/reports /?count=25&ordering=-date_created&page=1' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                                    {
	"count": 224,
	"next":
"https://vm.us.frontline.cloud/api/account/115/reports/?count=25&ordering=-date_created&page=2",	
	"previous": null,
	"results": [
		{
			"id": 169436,
			"title": "Active View - Vulnerabilities CSV Export",
			"date_created": "2019-09-27T19:21:12.866415Z",
			"window_datetime": "2019-09-27T13:25:56.754042Z",
			"report_source": "active",
			"report_status": "complete",
			"scan_id": null,
			"active_view_version_id": 360934,
			"businessgroups": [
				{
					"name": "Enterprise Admins",
					"id": 540
				}
			},
			"account": "Demo Account",
			"account_id": 115,
			"account_user": "Barney Rubble",
			"account_user_id": 259,
			"template": "csv_export_vulnerabilities",
			"template_name": "Vulnerabilities CSV Export",
			"report_file": "reports/19456b1f4de6f6057220d0d955a35b06",
			"report_file_size": 155662,
			"report_type": "active_view",
			"file_type": "zip",
			"report_filter": null,
			"include_hidden": false,
			"include_acceptable_risk": false,
			"include_fixed": false,
			"rating_type": "ddi",
			"include_info_vulns": false,
			"show_settings_appendix": false,
			"show_filters_appendix": false,
			"show_ratings_appendix": false,
			"show_vulndict_appendix": false,
			"show_toc": false,
			"show_services": false,
			"show_sitemap": false,
			"show_purpose": false,
			"show_notes": false,
			"limit_hosts": true,
			"dynamic_host_rating": false,
			"exclude_sla_vulns": false,
			"report_filename": "/reports/None"
		},
		...
	}
}
                

Retrieve A Specific Report

Returns the report for a specific report <report_file> in the report history.

NOTE: Notice carefully that the /api/ segment that is normally appended to the base URL is not used when retrieving a report. Also notice that the report <title> and <file_type> were used to determine the report name used in the –o curl option and that the –L curl option was used to follow the redirect.
                                    GET https://vm.frontline.cloud/reports/<report_file>
                
                                    $ curl 'https://vm.frontline.cloud/api/reports/19456b1f4de6f6057220d0d955a35b06' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
-o 'Active View - Vulnerabilities CSV Export.zip' \
-X GET

Vulnerability Dictionary

Use this API path to get information about known vulnerabilities.

Get A List Of All Known Vulnerabilities

Returns a list of all known vulnerabilities in the vulnerability dictionary.

Parameter Description
id_ddi Sort the list by FVM ID.
is_new Sort the list by if the vulnerability check is new.
severity_ddi Sort the list by vulnerability severity.
title Sort the list by vulnerability title.

 

 
Parameter Description
include_details Use true or false.Default is false.

Set to true to include the solution and description in the vulnerabilities list.

include_references Use true or false. Default is false.

Set to true to include external references in the vulnerabilities list.

                  GET https://vm.frontline.cloud/api/vulndictionary 
                
$ curl 'https://vm.frontline.cloud/api/vulndictionary' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "count" : 24597,
   "next" : "https://vm.frontline.cloud/api/vulndictionary/?count=2&page=2",
   "previous" : null,
   "results" : [
      {
         "date_created" : "2015-04-29T15:49:53.710789Z",
         "id" : 1627,
         "id_ddi" : 103653,
         "is_new" : false,
         "is_recent" : false,
         "namespace" : "ddi",
         "products" : [
            "VM"
         ],
         "severity_list" : {
            "ddi" : "Medium",
            "nvd" : "High",
            "pci" : "Fail"
         },
         "summary" : {
            "cves" : [
               "CVE-2008-1620"
            ],
            "cvss_score" : 7.5,
            "cvss_vector" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "date_disclosed" : "2008-03-31T00:00:00Z",
            "date_discovered" : "2008-03-31T00:00:00Z",
            "owasp_category" : "",
            "tag_list" : [
               "easy to fix",
               "file transfer"
            ],
            "title" : "2X ThinClientServer 2XTFTPd Service Directory Traversal"
         }
      },
      ...
      ...
    ]
}

                

Get A Specific Vulnerability Dictionary Entry

Returns the details for a specific vulnerability <id_ddi> in the vulnerability dictionary.

                  GET https://vm.frontline.cloud/api/vulndictionary/<id_ddi> 
                
$ curl 'https://vm.frontline.cloud/api/vulndictionary/104433' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "date_created" : "2015-04-29T15:49:53.730998Z",
   "details" : {
      "solution_details" : {
         "detail_type" : "solution_details",
         "name" : "Solution Details",
         "revision" : 0,
         "sort_order" : 5,
         "value" : "It is advised that the password of the account(s) listed in the data section be changed to something secure and complex.",
         "vulnerability_id" : 2196
      },
      "vulnerability_details" : {
         "detail_type" : "vulnerability_details",
         "name" : "Vulnerability Details",
         "revision" : 0,
         "sort_order" : 0,
         "value" : "The web application on the this host has accounts configured with default or weak passwords.  Attackers can easily leverage this condition to gain complete access to the web application.",
         "vulnerability_id" : 2196
      }
   },
   "id" : 2196,
   "id_ddi" : 104433,
   "is_new" : false,
   "is_recent" : false,
   "namespace" : "ddi",
   "products" : [
      "VM",
      "WAS"
   ],
   "references" : [],
   "severity_list" : {
      "ddi" : "Critical",
      "nvd" : "High",
      "pci" : "Fail"
   },
   "summary" : {
      "cves" : [],
      "cvss_score" : 10,
      "cvss_vector" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "date_disclosed" : "2011-05-14T00:00:00Z",
      "date_discovered" : "2011-05-14T00:00:00Z",
      "owasp_category" : "",
      "tag_list" : [
         "moderate to fix"
      ],
      "title" : "HTTP Easily Guessable Credentials"
   }
} 
                

System

Use these API paths to get information about various system info related to your account.

Get A List Of All Asset Groups

Returns a list of all system and user created asset groups.

Available Sort Parameters
Parameter Description
name Sort the list by asset group name.
is_dynamic Sort the list by asset group type.
rule_count Sort the list by asset group rule count.
weight Sort list by asset group risk weight.
GET https://vm.frontline.cloud/api/assetgroups/
                
$ curl 'https://vm.frontline.cloud/api/assetgroups/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  [
   {
      "businessgroups" : [
          {
              "id" : 540,
              "name" : "Enterprise Admins"
          }
       ]
       "description" : null,
       "group_id" : 64407,
       "id" : 257996,
       "is_dynamic" : false,
       "is_enabled_for_scanning" : true,
       "name" : "10.10.10.x-Test",
       "network_profile_names" : [
           "Internal Scanner Profile 2",
           "Not In Use 2"
      ]
      "rule_count" : 3,
      "system" : false,
      "tip" : true,
      "use_as_tag" : true,
      "use_default_weight" : true,
      "weight" : null
   },
   ...
}

                

Get A List Of All Business Groups

Returns a list of all system and user created business groups.

Available Sort Parameters
Parameter Description
name Sort the list by business group name.
primary_contact Sort the list by business group primary contact.
user_count Sort the list by business group rule count.
GET https://vm.frontline.cloud/api/businessgroups/
                
                                    $ curl 'https://vm.frontline.cloud/api/businessgroups/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  [
   {
      "all_account_users" : true,
      "all_enterprise" : true,
      "all_rules" : true,
      "all_scanners" : true,
      "assetgroups" : [
          1234
          ...
       ]
       "description" : "Enterprise Admins Group",
       "group_members" : [],
       "id" : 540,
       "name" : "Enterprise Admins",
       "primary_contact" : 222,
       "readonly" : false,
       "rules" : [],
       "scanners" : [
           9999,
           ...
      ]
      "system" : true,
      "user_count" : 0
   },
   ...
}

                

Get A List Of All Scanner Profiles

Returns a list of all scanner profiles.

Available Sort Parameters
Parameter Description
name Sort the list by scanner profile name.
rule_count Sort the list by scanner profile rule count.
GET https://vm.frontline.cloud/api/networkprofiles/
                
                                    $ curl 'https://vm.frontline.cloud/api/networkprofiles/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  [
   {
      "description" : null,
      "id" : 3846,
      "internal" : true,
      "name" : "Wanderloop",
      "rule_count" : 3,
      "scanner_ids" : [
          3987
       ]
       "scanner_names" : [
          "Wanderloop-VMInt-0118"
       ],
       "sync_blackout_window" : true,
       "use_default_weight" : true,
       "visible" : true,
       "weight" : 0
   },
]
                

Get A Specific Scanner Profile

Returns a single scanner profile for the given <id>.

GET https://vm.frontline.cloud/api/networkprofiles/<id>
                
                                    $ curl 'https://vm.frontline.cloud/api/networkprofiles /3846/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "blackout_window" : {
      "Friday" : [
         false,
         ...
      ],
      "Monday" : [
         ...
      ],
      "Saturday" : [
         ...
      ],
      ...
      "id" : 3846
   },
   "description" : null,
   "id" : 3846,
   "internal" : true,
   "name" : "Wanderloop",
   "rule_count" : 3,
   "rules" : [
      {
          "account_id" : 115,
          "account_name" : "Demo Account",
          "asset_group_id" : null,
          "filter_rule" : null,
          "id" : 1225810,
          "inclusion" : "none",
          "ip_address_range" : {],
             "cidr_block" : null,
             "dhcp" : false,
             "fragile" : false,
             "high_ip_address" : "10.255.255.255",
             "high_ip_number" : 184549375,
             "id" : 1198498,
             "internal" : true,
             "ipv6" : false,
             "low_ip_address" : "10.0.0.0",
             "low_ip_number" : 167772160
         },
         "named_asset" : null,
         "network_profile_id" : 3846,
         "network_profile_name" : "Wanderloop",
         "port_range" : null,
         "rule_action" : "include",
         "rule_scope" : "scanner",
         "scanner" : "N/A",
         "use_default_weight" : true,
         "weight" : null
      },
      ...
   ]
   "scanner_ids" : [
   3987
   ]
   "scanner_names" : [
      "Wanderloop-VMInt-0118"
   ],
   "sync_blackout_window" : true,
   "use_default_weight" : true,
   "visible" : true,
   "weight" : 0
}

                

Get A List Of A Specific Scanner Profile’s Rules

Returns a list of scanner profile’s <id> rules.

GET https://vm.frontline.cloud/api/networkprofiles/<id>
                
                                    $ curl 'https://vm.frontline.cloud/api/networkprofiles /3846/' \
-H 'Authorization: Token YOUR_API_TOKEN' \
-X GET
                  {
   "count" : 3,
   "next" : null,
   "previous" : null,
   "results" : [
      {
          "account_id" : 115,
          "account_name" : "Demo Account",
          "asset_group_id" : null,
          "filter_rule" : null,
          "id" : 1225810,
          "inclusion" : "none",
          "ip_address_range" : {,
             "cidr_block" : null,
             "dhcp" : false,
             "fragile" : false,
             "high_ip_address" : "10.255.255.255",
             "high_ip_number" : 184549375,
             "id" : 1198498,
             "internal" : true,
             "ipv6" : false,
             "low_ip_address" : "10.0.0.0",
             "low_ip_number" : 167772160
         },
         "named_asset" : null,
         "network_profile_id" : 3846,
         "network_profile_name" : "Wanderloop",
         "port_range" : null,
         "rule_action" : "include",
         "rule_scope" : "scanner",
         "use_default_weight" : true,
         "weight" : null
      },
      ...
   ]
}

                

Filters

Fortra VM API filters give you great flexibility in tailoring your result set.

Usage

When using filter parameters, each parameter must be prefixed with a count using the format of _x_operand_filter. Query strings from different parameter groups can all begin with 0 (zero).

For example, you are searching for servers with an asset rating of F:

&_0_iexact_host_os_type=server&_0_eq_host_rating_ddi=F

Filters from the same filter group must increment their count.

For example, you are searching for servers or devices:

&_0_iin_host_os_type=server&_1_iin_host_os_type=device

Additionally, when using more than one filter, the filters intersect (AND) the results. For example, you are searching for assets that are servers AND have an asset rating of D or worse:

&_0_iexact_host_os_type=server&_0_lte_host_rating_ddi=D

You can, however, use our special union (OR) operands within the same group to union (OR) the results. For example, you are searching for assets that are a server OR device AND have an asset rating of A:

&_0_iin_host_os_type=server&_1_iin_host_os_type=device&_0_eq_host_rating_ddi=A

Be mindful when using OR operands as they cannot be mixed with AND operands from the same group. This will result in an empty set. For example, look at the following query:

&_0_lte_vuln_severity_ddi=High&_1_iin_vuln_severity_ddi=Low

The above intent was to retrieve vulnerabilities with a severity worse than or equal to High AND with a severity equal to Low (OR). Again, this will result in an empty set!

To properly retrieve Critical, High, and Low vulnerabilities, use the following instead:

&_0_iin_vuln_severity_ddi=Critical&_1_iin_vuln_severity_ddi=High&_2_iin_vuln_severity_ddi=Low

Operands

All of our filter parameters use operands to specify the target data. The below list defines the purpose of each operand.

Parameter

Description

eq, iexact

Returns data exactly matching the given value.

Used to created ‘AND’ type result sets.

noteq, notiexact

Returns data that does not exactly matching the given value.

Used to created ‘AND’ type result sets.

in, iin

Returns data exactly matching the given value.

Used to created ‘OR’ type result sets.

notin, notiin

Returns data that does not exactly match the given value.

Used to create ‘OR’ type result sets.

contains

Returns data that matches the partial given value.

Used to created ‘AND’ type result sets.

notcontains

Returns data that does not match the partial value given.

Used to created ‘AND’ type result sets.

inicontains

Returns data partially matching the given value.

Used to create ‘OR’ type result sets.

notincontains

Returns data partially that does not match the partial given value.

Used to create ‘OR’ type result sets.

lt

Returns data that is less than the integer / decimal value or before the DateTime value.

lte

Returns data that is less than or equal to the integer / decimal value or before or equal to the DateTime value.

gt

Returns data that is greater than the integer / decimal value or after the DateTime value.

gte

Returns data that is greater than or equal to the integer / decimal value or after or equal to the DateTime value.

Active View Asset Filters

The following table contains the various parameters that can be used to filter your results within Active View assets.

Parameter

Description

host_active_view_status

Filter the Active View results by Status in Active View.

Type: String. Must be one of the following: new, matched

Operands: iexact, notiexact, iin, notiin

host_assessed_db_auth

Filter the Active View results by Assessed DB auth.

Type: Boolean.

Operands: eq, noteq

host_assessed_os_auth

Filter the Active View results by Assessed OS auth.

Type: Boolean.

Operands: eq, noteq

host_assessed_threatscan_auth

Filter the Active View results by Assessed threat scan.

Type: Boolean.

Operands: eq, noteq

host_assessed_unauth

Filter the Active View results by Assessed unauth.

Type: Boolean.

Operands: eq, noteq

host_belongs_to_asset_group

Filter the Active View results by Belongs to asset group.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains.

host_date_created

Filter the Active View results by Asset scanned on.

Type: Date.

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

host_date_first_created

Filter the Active View results by Asset first scanned on.

Type: Date.

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

host_discovered_in_last

Filter the Active View results by Asset discovered in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

host_discovery_method

Filter the Active View results by Discovery Method.

Type: String. Must be one of the following: unknown, syn, ping, forced, broadcast, arp, dns, syn-ack, ipsec, snmp, ntp, nbname, udp

Operands: iexact, notiexact, iin, notiin

host_dns_name

Filter the Active View results by DNS name.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin.

host_duplicate_hostname

Filter the Active View results by Same hostnames.

Type: Boolean.

Operands: eq, noteq

Used to build “Or Does Not Contain” queries.

host_duplicate_ip

Filter the Active View results by Same IPs.

Type: Boolean.

Operands: eq, noteq

host_has_antivirus

Filter the Active View results by Has anti-virus.

Type: Boolean.

Operands: eq, noteq

host_has_host_notes

Filter the Active View results by Has asset notes.

Type: Boolean.

Operands: eq, noteq

host_has_malware

Filter the Active View results by Has malware.

Type: Boolean.

Operands: eq, noteq

host_has_notes

Filter the Active View results by Has notes.

Type: Boolean.

Operands: eq, noteq

host_has_outdated_antivirus

Filter the Active View results by Has outdated anti-virus.

Type: Boolean.

Operands: eq, noteq

host_has_vuln_notes

Filter the Active View results by Has vulnerability notes.

Type: Boolean.

Operands: eq, noteq

host_hidden

Filter the Active View results by Hidden.

Type: Boolean.

Operands: eq, noteq

host_hostname

Filter the Active View results by Hostname.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_id

Filter the Active View results by Asset ID.

Type: Integer.

Operands: eq, in, noteq, notin, lt, lte, gt, gte

host_internal

Filter the Active View results by Detected with scanner type.

Type: String. Must be one of the following: internal, external

Operands: iexact, notiexact, iin, notiin

host_ip_address

Filter the Active View results by IP address.

Type: Ip.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte

host_ip_address_list_ranges

Filter the Active View results by IP address lists.

Type: Stringexact.

Operands: eq

host_is_compromised

Filter the Active View results by Compromised during Pentest.

Type: Boolean.

Operands: eq, noteq

host_labels

Filter the Active View results by Label.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

host_last_scanned_with_policy

Filter the Active View results by Last scanned using scan policy.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

host_last_scanned_with_template

Filter the Active View results by Last scanned with scan name.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_mac_address

Filter the Active View results by MAC address.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_named_asset_name

Filter the Active View results by DNS named asset.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_netbios_name

Filter the Active View results by NetBIOS name.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_network_profile

Filter the Active View results by Detected in scanner profile.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

host_new

Filter the Active View results by Asset is new.

Type: Boolean.

Operands: eq, noteq

host_notes_author

Filter the Active View results by Note Author.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_notes_content

Filter the Active View results by Note Content.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_only_scanned_with_policy

Filter the Active View results by Scanned only using scan policy.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

host_os

Filter the Active View results by OS.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_os_type

Filter the Active View results by Type.

Type: String. Must be one of the following: client, server, ip phone, domain controller, device, firewall, printer, unknown

Operands: iexact, notiexact, iin, notiin

host_partially_scanned

Filter the Active View results by Partially scanned.

Type: Boolean.

Operands: eq, noteq

host_rating_ddi

Filter the Active View results by Rating.

Type: Rating. Must be one of the following: A, B, C, D, F

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

host_risk_weight

Filter the Active View results by Risk weight.

Type: Integer.

Operands: eq, in, noteq, notin, lt, lte, gt, gte

host_scan_id

Filter the Active View results by Associated scan id.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_scanned_in_last

Filter the Active View results by Asset scanned in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

host_scanned_with_policy

Filter the Active View results by Scanned using scan policy.

Type: String.

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

host_scanned_with_template

Filter the Active View results by Scanned with scan name.

Type: String.

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

host_using_named_asset_name

Filter the Active View results by Asset scanned by hostname.

Type: Boolean.

Operands: eq, noteq

Active View Vulnerabilities Filters

The following table contains the various parameters that can be used to filter your results within Active View vulnerabilities.

Parameter Description
vuln_acceptable_risk

Filter the results by Acceptable risk.

Type: Boolean

Operands: eq, noteq

vuln_active_view_date_first_created

Filter the results by Date first found.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_active_view_status

Filter the results by Status in Active View.

Type: String. Must be one of the following: new, recurred, fixed

Operands: iexact, notiexact, iin, notiin

vuln_cvc_added_in_last

Filter the results by CVC added to scanner in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

vuln_cvss_score

Filter the results by CVSS score.

Type: Decimal

Operands: eq, noteq, lt, lte, gt, gte

vuln_cvss_vector

Filter the results by CVSS vector.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_cvss_vector_a

Filter the results by CVSS availability.

Type: String. Must be one of the following: complete, partial, none

Operands: iexact, notiexact, iin, notiin

vuln_cvss_vector_ac

Filter the results by CVSS access complexity.

Type: String. Must be one of the following: high, medium, low

Operands: iexact, notiexact, iin, notiin

vuln_cvss_vector_au

Filter the results by CVSS authentication.

Type: String. Must be one of the following: none, single, multiple

Operands: iexact, notiexact, iin, notiin

vuln_cvss_vector_av

Filter the results by CVSS access vector.

Type: String. Must be one of the following: local, adjacent, network

Operands: iexact, notiexact, iin, notiin

vuln_cvss_vector_c

Filter the results by CVSS confidentiality.

Type: String. Must be one of the following: complete, partial, none

Operands: iexact, notiexact, iin, notiin

vuln_cvss_vector_i

Filter the results by CVSS integrity.

Type: String. Must be one of the following: complete, partial, none

Operands: iexact, notiexact, iin, notiin

vuln_data

Filter the results by Data.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_date_created

Filter the results by Date found.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_date_cvc_added_to_scanner

Filter the results by Date CVC added to scanner.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_date_fixed

Filter the results by Date fixed.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_detect_type

Filter the results by Detect method.

Type: String. Must be one of the following: auth, unauth

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

vuln_dictionary_labels

Filter the results by Vuln dictionary label.

Type: String. Must be one of the following: xss, web, easy to fix, file transfer, database, rce, sqli, difficult to fix, voip, dos, mail, bof, moderate to fix

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

vuln_false_positive

Filter the results by False positive.

Type: Boolean

Operands: eq, noteq

vuln_first_found_in_last

Filter the results by First found in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

vuln_fixed_in_last

Filter the results by Fixed in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

vuln_found_in_last

Filter the results by Found in last.

Type: String. Must be one of the following: day, week, month, three months, six months, year

Operands: eq, noteq

vuln_has_notes

Filter the results by Has notes.

Type: Boolean

Operands: eq, noteq

vuln_hidden

Filter the results by Hidden.

Type: Boolean

Operands: eq, noteq

vuln_hide_from_now_on

Filter the results by Continuously hidden.

Type: Boolean

Operands: eq, noteq

vuln_id

Filter the results by Instance ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

vuln_id_ddi

Filter the results by FVM ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

vuln_internal

Filter the results by Detected with scanner type.

Type: String. Must be one of the following: internal, external

Operands: iexact, notiexact, iin, notiin

vuln_id

Filter the results by Instance ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

vuln_is_crimewareable

Filter the results by Used by threat actors.

Type: String. Must be one of the following: True, False, Unknown

Operands: eq, noteq, in, notin

vuln_is_exploitable

Filter the results by Exploitable.

Type: String. Must be one of the following: True, False, Unknown

Operands: eq, noteq, in, notin

vuln_labels

Filter the results by Label.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

vuln_manually_added_fix_status_name

Filter the results by Manually added fix status.

Type: String. Must be one of the following: unattempted, attempted, confirmed, failed

Operands: eq, noteq, in, notin

vuln_manually_added_fixed_by_email

Filter the results by Manually Added fixed by (email).

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_manually_added_fixed_by_name

Filter the results by Manually Added fixed by name.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_network_profile

Filter the results by Detected in scanner profile.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

vuln_notes_author

Filter the results by Note Author.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_notes_content

Filter the results by Note Content.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_port

Filter the results by Port.

Type: Port

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_protocol

Filter the results by Protocol.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_severity_ddi

Filter the results by Severity (FVM).

Type: Rating. Must be one of the following: Critical, High, Medium, Low, Trivial, Info

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vuln_sla_enabled

Filter the results by SLA filter enabled.

Type: Boolean

Operands: eq, noteq

vuln_title

Filter the results by Title.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vuln_transport

Filter the results by Service transport.

Type: String. Must be one of the following: tcp, udp, icmp

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

vuln_tunnel

Filter the results by Tunnel.

Type: String. Must be one of the following: ssl, none

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

vuln_vuln_class

Filter the results by Detect class.

Type: String. Must be one of the following: explicit, potential, recon, malware, compliance

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

Scan Activity Filters

The following table contains the various parameters that can be used to filter your scan results.

Parameter Description
asset_group

Filter the results by Scanned asset groups.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

businessgroup_name

Filter the results by Business Group.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

created_by_user

Filter the results by Created by user.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

date_finished

Filter the results by Date finished.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

date_started

Filter the results by Date started.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

ip_address

Filter the results by Scanned IPs.

Type: Ip

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte

name

Filter the results by Name.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

scan_exclude_from_active_view

Filter the results by Included in Active View.

Type: Boolean

Operands: eq, noteq

scan_host_id

Filter the results by Asset ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

scan_locations

Filter the results by Scan Location.

Type: String. Must be one of the following: both, external, internal

Operands: eq, noteq

scan_policy

Filter the results by Using scan policy.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

scan_schedule_recurring

Filter the results by Using recurring schedule.

Type: Boolean

Operands: eq, noteq

scan_status

Filter the results by Status.

Type: String. Must be one of the following: Scheduled, Launching, Running, Resuming, Pausing, Paused, Blackout, Queued, Loading, PT in progress, PT review, PT complete, Completed, Canceling, Canceled, Errored

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

scan_vulnerability_id

Filter the results by Vulnerability ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

scan_workflow

Filter the results by Using workflow.

Type: String. Must be one of the following: Penetration Test, Vulnerability Assessment

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

Scheduled Scan Filters

The following table contains the various parameters that can be used to filter your scan results.

Parameter Description
asset_group

Filter the results by Scanned asset groups.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

businessgroup_name

Filter the results by Business Groups.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

description

Filter the results by Description.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

ip_address

Filter the results by Scanned IPs.

Type: Ip

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte

name

Filter the results by Name.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

scan_policy

Filter the results by Using scan policy.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

scan_schedule_recurring

Filter the results by Using recurring schedule.

Type: Boolean

Operands: eq, noteq

Report Filters

The following table contains the various parameters that can be used to filter your report results.

Parameter Description
report_account_user

Filter the results by Created by.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

report_businessgroup_name

Filter the results by Business Group.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

report_date_created

Filter the results by Date created.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

report_report_status

Filter the results by Status.

Type: String. Must be one of the following: generating, complete

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

report_scan_created_by_user

Filter the results by Scan created by.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

report_title

Filter the results by Title.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

Vuln Dictionary Filters

The following table contains the various parameters that can be used to filter your vuln dictionary results.

Parameter Description
products

Filter the results by Product.

Type: String. Must be one of the following: VM, WAS

Operands: eq, noteq

scanner_version

Filter the results by Scanner Version.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vulnerability_auth_only

Filter the results by Auth only.

Type: Boolean

Operands: eq, noteq

vulnerability_cvss_score

Filter the results by CVSS Score.

Type: Decimal

Operands: eq, noteq, lt, lte, gt, gte

vulnerability_cvss_vector

Filter the results by CVSS Vector.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vulnerability_cvss_vector_a

Filter the results by CVSS availability.

Type: String. Must be one of the following: local, adjacent, network

Operands: iexact, notiexact, iin, notiin

vulnerability_cvss_vector_ac

Filter the results by CVSS access complexity.

Type: String. Must be one of the following: high, medium, low

Operands: iexact, notiexact, iin, notiin

vulnerability_cvss_vector_au

Filter the results by CVSS authentication.

Type: String. Must be one of the following: none, single, multiple

Operands: iexact, notiexact, iin, notiin

vulnerability_cvss_vector_av

Filter the results by CVSS access vector.

Type: String. Must be one of the following: local, adjacent, network

Operands: iexact, notiexact, iin, notiin

vulnerability_cvss_vector_c

Filter the results by CVSS confidentiality.

Type: String. Must be one of the following: local, adjacent, network

Operands: iexact, notiexact, iin, notiin

vulnerability_cvss_vector_i

Filter the results by CVSS integrity.

Type: String. Must be one of the following: local, adjacent, network

Operands: iexact, notiexact, iin, notiin

vulnerability_date_created

Filter the results by Date added to FVM.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vulnerability_date_disclosed

Filter the results by Date disclosed.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vulnerability_date_discovered

Filter the results by Date discovered.

Type: Date

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vulnerability_detail

Filter the results by Vulnerability details.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vulnerability_has_known_detect_types

Filter the results by Has detect types.

Type: String. Must be one of the following: remote, auth

Operands: eq, noteq

vulnerability_has_known_vuln_classes

Filter the results by Has vuln classes.

Type: String. Must be one of the following: explicit, recon, potential, compliance, malware

Operands: eq, noteq

vulnerability_id_ddi

Filter the results by FVM ID.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

vulnerability_is_new

Filter the results by Is new.

Type: Boolean

Operands: eq, noteq

vulnerability_reference

Filter the results by Reference.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

vulnerability_severity_ddi

Filter the results by Severity (FVM).

Type: Rating. Must be one of the following: Critical, High, Medium, Low, Trivial, Info

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

vulnerability_title

Filter the results by Title.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

Asset Group Filters

The following table contains the various parameters that can be used to filter your asset group results.

Parameter Description
assetgroup_name

Filter the results by Name.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

assetgroup_system

Filter the results by System Asset Group.

Type: Boolean

Operands: eq, noteq

assetgroup_weight

Filter the results by Risk weight.

Type: Integer

Operands: eq, in, noteq, notin, lt, lte, gt, gte

businessgroup_name

Filter the results by Business Group.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

networkprofile_name

Filter the results by Associated scanner profile.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

rule_inclusion

Filter the results by Has rules of inclusion type.

Type: String. Must be one of the following: full, partial, none, n/a

Operands: iexact, notiexact, iin, notiin

rule_network_internal

Filter the results by Has non-routable IPs.

Type: Boolean

Operands: eq, noteq

rule_network_ip_address

Filter the results by Has IP addresses.

Type: Ip

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte

rule_port_number

Filter the results by Has ports.

Type: Port

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

rule_rule_action

Filter the results by Has rule type.

Type: String. Must be one of the following: Include, Exclude

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

Business Group Filters

The following table contains the various parameters that can be used to filter your business group results.

Parameter Description
businessgroup_account_users

Filter the results by Member.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

businessgroup_description

Filter the results by Description.

Type: String

Operands: contains, inicontains, notcontains, notincontains, iexact, notiexact, iin, notiin

businessgroup_name

Filter the results by Name.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

businessgroup_primary_contact

Filter the results by Primary contact.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

businessgroup_scanners

Filter the results by Associated scanner.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

Scanner Profile Filters

The following table contains the various parameters that can be used to filter your scanner profile results.

Parameter Description
networkprofile_internal

Filter the results by Is internal.

Type: Boolean

Operands: eq, noteq

networkprofile_name

Filter the results by Name.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains

rule_network_internal

Filter the results by Has non-routable IPs.

Type: Boolean

Operands: eq, noteq

rule_network_ip_address

Filter the results by Has IP addresses.

Type: Ip

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains, lt, lte, gt, gte

rule_port_number

Filter the results by Has ports.

Type: Port

Operands: eq, iin, noteq, notiin, lt, lte, gt, gte

rule_rule_action

Filter the results by Has rule type.

Type: String. Must be one of the following: Include, Exclude

Operands: iexact, notiexact, contains, inicontains, notcontains, notincontains

scanner_name

Filter the results by Associated scanner.

Type: String

Operands: eq, iin, noteq, notiin, contains, inicontains, notcontains, notincontains