post
/vulnerability-management/v1/vulnerability-finding/snapshot/
Executes an XQL query against the uvm_findings dataset and returns results as a newline-delimited JSON (NDJSON) stream for large result sets.
Rate limit: 10 requests per 24-hour window per tenant
Response variants:
- Stream (
application/x-ndjson) — large result sets; each line is aVulnerabilityFindingJSON object - Inline (
application/json) — small result sets returned directly
Required license: Cortex Cloud Runtime Security or Cortex Cloud Posture Management
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/x-ndjson,application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/'
-d
'{
"timeframe" : "",
"limit" : 10000
}'
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}"
headers = { 'content-type': "application/json" }
conn.request("POST", "/vulnerability-management/v1/vulnerability-finding/snapshot/", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"limit": 10000,
"timeframe": {
"from": 15989076,
"to": 1771482089874
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/")
.header("content-type", "application/json")
.body("{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}")
.asString();import Foundation
let headers = ["content-type": "application/json"]
let parameters = ["request_data": [
"limit": 10000,
"timeframe": [
"from": 15989076,
"to": 1771482089874
]
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}",
CURLOPT_HTTPHEADER => [
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/vulnerability-management/v1/vulnerability-finding/snapshot/");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"limit\":10000,\"timeframe\":{\"from\":15989076,\"to\":1771482089874}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
Top-level request envelope.
request_dataobjectRequest parameters for the vulnerability findings snapshot export.
Request parameters for the vulnerability findings snapshot export.
limitintegerMaximum number of rows to return. Omit for the full dataset.
Maximum number of rows to return. Omit for the full dataset.
Example:
10000timeframeobjectOptional XQL timeframe using an absolute range (from + to). When omitted the server's default lookback window is used.
Optional XQL timeframe using an absolute range (from + to). When omitted the server's default lookback window is used.
fromintegerrequiredint64Start of the timeframe as a Unix timestamp in milliseconds.
Start of the timeframe as a Unix timestamp in milliseconds.
Example:
15989076tointegerrequiredint64End of the timeframe as a Unix timestamp in milliseconds.
End of the timeframe as a Unix timestamp in milliseconds.
Example:
1771482089874REQUEST
{
"request_data": {
"timeframe": {
"from": 15989076874,
"to": 1771482089874
}
}
}{
"request_data": {
"limit": 5000
}
}{
"request_data": {
"timeframe": {
"from": 15989076787,
"to": 1771482089874
},
"limit": 10000
}
}Responses
Newline-delimited JSON stream response. Body is a newline-delimited stream of VulnerabilityFinding JSON objects.
Body
application/x-ndjson
Newline-delimited JSON stream. Each line is a self-contained VulnerabilityFinding JSON object.
stringbinaryNewline-delimited JSON stream. Each line is a self-contained VulnerabilityFinding JSON object.
Newline-delimited JSON stream. Each line is a self-contained VulnerabilityFinding JSON object.
RESPONSE
"{\"platform_id\":\"abc123\",\"asset_name\":\"prod-web-01\",\"cve_id\":\"CVE-2024-12345\",\"cvss_severity\":\"CRITICAL\",\"epss_score\":0.87,\"first_observed\":1700000000000,\"last_observed\":1710000000000}\n{\"platform_id\":\"xyz789\",\"asset_name\":\"db-server-02\",\"cve_id\":\"CVE-2023-99999\",\"cvss_severity\":\"HIGH\",\"epss_score\":0.12,\"first_observed\":1705000000000,\"last_observed\":1710000000000}"Invalid request parameters, or the feature is disabled.
Body
application/json
Standard error response for vulnerability findings endpoints.
replyobject
err_codeinteger
Example:
400err_msgstring
Example:
"Invalid filter parameters"err_extrastring
Example:
"Field 'unknown_field' is not allowed"RESPONSE
{
"error": {
"message": "Invalid Request"
}
}{
"error": {
"message": "Invalid request parameters"
}
}Request timed out waiting for response.
Body
application/json
Standard error response for vulnerability findings endpoints.
replyobject
err_codeinteger
Example:
400err_msgstring
Example:
"Invalid filter parameters"err_extrastring
Example:
"Field 'unknown_field' is not allowed"RESPONSE
{
"error": {
"message": "Timed out waiting for results. Please try again later."
}
}Rate limit exceeded. Maximum 10 snapshot requests per 24-hour window per tenant.
Body
application/json
Standard error response for vulnerability findings endpoints.
replyobject
err_codeinteger
Example:
400err_msgstring
Example:
"Invalid filter parameters"err_extrastring
Example:
"Field 'unknown_field' is not allowed"RESPONSE
{
"reply": {
"err_code": 400,
"err_msg": "Invalid filter parameters",
"err_extra": "Field 'unknown_field' is not allowed"
}
}