Get list of vulnerabilities

Cortex XSIAM Platform APIs
post /public_api/uvem/v1/get_vulnerabilities

Get a list of vulnerabilities that match the filter fields. The list includes key information about each vulnerability.

Required license: Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on.

CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}" headers = { 'content-type': "application/json" } conn.request("POST", "/public_api/uvem/v1/get_vulnerabilities", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "attack_vector", "operator": "string", "value": "string" } ], "sort": { "field": "string", "keyword": "asc" }, "search_from": 0, "search_to": 0, "use_page_token": true, "next_page_token": "string" } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}") .asString();
import Foundation let headers = ["content-type": "application/json"] let parameters = ["request_data": [ "filters": [ [ "field": "attack_vector", "operator": "string", "value": "string" ] ], "sort": [ "field": "string", "keyword": "asc" ], "search_from": 0, "search_to": 0, "use_page_token": true, "next_page_token": "string" ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}", CURLOPT_HTTPHEADER => [ "content-type: application/json" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/uvem/v1/get_vulnerabilities"); var request = new RestRequest(Method.POST); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"attack_vector\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"string\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":0,\"use_page_token\":true,\"next_page_token\":\"string\"}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobjectrequired
filtersarray

An array of filter fields

[
fieldstring (Enum)

Identifies the field the filter is matching.

Allowed values:"attack_vector""cisa_kev""cvss_score""cvss_score_source""cvss_severity""cvss_severity_source""cvss_version""distribution_and_releases""epss_score""first_published""last_modified""package_names""reported_exploited_by""vendors""vulnerability_id"
operatorstring

Identifies the comparison operator you want to use for this filter. Allowed values depend on the filter used.

  • contains/not_contains: use with attack_vector, cvss_score_source, cvss_severity_source, cvss_version , distribution_and_releases, package_names, reported_exploited_by, vendors, vulnerability_id
  • eq/neq: use with attack_vector, cisa_kev, cvss_score, cvss_score_source, cvss_severity_source, cvss_version, epss_score, vulnerability_id
  • gte/lte: use with cvss_score, epss score, first_published, last_modified
  • range: use with first_published, last_modified
  • relative_timestamp: use with first_published, last_modified
valuestring

Values for filtering the results.

  • array[string]: use with affected_cpu_archs, distribution_and_releases, package_names, reported_exploited_by
  • boolean: cisa_kev
  • string: use with attack_vector, cvss_score, cvss_severity, cvss_score_source, cvss_severity_source, cvss_version, vulnerability_id
  • integer: use with first_published, last_modified
  • number: use with cvss_score, epss_score
]
sortobject
fieldstring

Sort on any filter field except fields that take an array as their value.

keywordstring (Enum)
Allowed values:"asc""desc"
search_frominteger

An integer representing the start offset index of results Default value - 0

search_tointeger

An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination. Default value - 500

use_page_tokenboolean

Use "use_page_token":true in the initial request to paginate the response data.

next_page_tokenstring

If "use_page_token":true was included in the initial request, the response for that request will include a page token. Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.

REQUEST
{ "request_data": { "filters": [ { "field": "attack_vector", "operator": "example", "value": "example" } ], "sort": { "field": "example", "keyword": "asc" }, "search_from": 0, "search_to": 0, "use_page_token": false, "next_page_token": "example" } }
Responses

OK

Body
application/json
replyobject
result_countinteger
total_countinteger
vulnerabilitiesarray
[
vulnerability_idstring
epss_scoreobject
cvss_scoreinteger
cvss_severitystring
package_namesarray[string]
vendorsarray[string]
distribution_and_releasesarray[string]
cisa_kevobject
cvss_severity_sourcestring
cvss_score_sourcestring
first_publishedinteger
last_modifiedinteger
reported_exploited_byarray
[
]
attack_vectorstring
cvss_versionstring
]
next_page_tokenstring
RESPONSE
{ "reply": { "result_count": 0, "total_count": 0, "vulnerabilities": [ { "vulnerability_id": "example", "epss_score": {}, "cvss_score": 0, "cvss_severity": "example", "package_names": [ "example" ], "vendors": [ "example" ], "distribution_and_releases": [ "example" ], "cisa_kev": {}, "cvss_severity_source": "example", "cvss_score_source": "example", "first_published": 0, "last_modified": 0, "reported_exploited_by": [ {} ], "attack_vector": "example", "cvss_version": "example" } ], "next_page_token": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobject
err_codestring
err_msgstring
err_extrastring
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobject
err_codestring
err_msgstring
err_extrastring
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }