From fe0b1012bec85657acd89bdf0e077f8b95bf8337 Mon Sep 17 00:00:00 2001 From: cfullerton12345 Date: Thu, 3 Oct 2024 15:04:25 -0300 Subject: [PATCH] TD-377 Postman Postman updates --- postman/Kenna_API_postman_collection.json | 3003 ++++++++++++++++----- 1 file changed, 2300 insertions(+), 703 deletions(-) diff --git a/postman/Kenna_API_postman_collection.json b/postman/Kenna_API_postman_collection.json index 0832fca..c620ed4 100644 --- a/postman/Kenna_API_postman_collection.json +++ b/postman/Kenna_API_postman_collection.json @@ -1,7 +1,7 @@ { "info": { "_postman_id": "f86db6eb-71f5-442f-8ee5-e9bd6656c459", - "name": "Kenna Security API", + "name": "Cisco Vulnerability Management Security API", "description": "Use steps: Update authorization tab with your API code and then proceed to the API requests you require which are grouped by function (assets, vulnerabilities, etc)\r\n\r\n*************************************************************************************************************\r\n\r\nThis is a list of API calls that can be leveraged to get the most out of the Kenna Platform. The most current documentation can be found at: https://apidocs.kennasecurity.com/reference#reference-getting-started \r\n\r\n\r\nGetting Started\r\nThis page will help you get started with Kenna Platform API.\r\n\r\n \r\nNo connector available yet for one of your security tools? No problem. You can push vulnerabilities from any external system into Kenna using our simple, secure API. Enterprise integration has never been easier.\r\n\r\nThe API is organized around REST to have predictable, resource-oriented URLs and to use HTTP response codes to indicate errors. We use HTTP verbs, which can be understood by off-the-shelf HTTP clients and libraries. The API utilizes JSON as the data exchange format.\r\n\r\nAll API calls must be made over HTTPS and be accompanied by a valid token parameter.\r\n\r\nYour Kenna API root path depends on your Kenna URL. In most cases the API root path will be https://{{API_URL}}, assuming your Kenna instance url is https://mycompany.kennasecurity.com/.\r\n\r\nIf you have an instance in the EU or in a private environment, your Kenna instance URL will include additional subdomain components, such as https://mycompany.eu.kennasecurity.com. In that case, only the instance specific hostname component (mycompany in the example)\r\nis replaced with api, so an instance with an EU address will use the EU api address of https://api.eu.kennasecurity.com/.\r\n\r\nSUGGEST EDITS\r\nAuthentication\r\n \r\nAccess to the API is controlled using a token. Every account has a token generated when the account is created.\r\n\r\nYou may locate and change your API token by logging in and clicking your company's name in the upper right hand corner. In the dropdown that appears, chose 'API Keys'. Your API token will be listed first in the table found on the applications page. You would replace in the example below with your API token.\r\n\r\nAll API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.\r\n\r\nRequests are limited to a maximum of 5 requests per second. If you exceed this limit, your request will receive a \u201c429: Too Many Requests\" status code response.\r\n\r\nSUGGEST EDITS\r\nParameters\r\n \r\nMany API methods take optional parameters. For GET requests, parameters are specified as a segment in the path. For example if you were requesting data regarding a vulnerability with an id of 100:\r\n\r\nRequest\r\nResponse\r\ncurl -H \"X-Risk-Token: \" \"https://{{API_URL}}/vulnerabilities/100\" -X GET\r\nFor most POST requests, parameters are encoded as JSON, with a Content-Type of 'application/json':\r\n\r\nRequest\r\nResponse\r\ncurl -H \"X-Risk-Token: \" -H \"Content-Type: application/json\"\r\n https://{{API_URL}}/vulnerabilities\r\n -X POST\r\n -d '{\r\n \"vulnerability\":\r\n {\r\n \"wasc_id\" : \"WASC-01\",\r\n \"primary_locator\" : \"url\",\r\n \"url\" : \"http://www.example.com\"\r\n }\r\n }'\r\nNote: The Content-Type parameter should be omitted for specific POST request endpoints, such as the \"Upload Data File\" endpoint.\r\n\r\nLarger record sets are paginated by 500. For example, when requesting your list of vulnerabilities. To page through the record set, you pass a page parameter. Each paginated response includes meta data containing the current page and the total number of pages. Page limit is currently set to 20. Pages are 1-indexed based.\r\n\r\nRequest\r\nResponse\r\ncurl -H \"X-Risk-Token: \" \"https://{{API_URL}}/vulnerabilities/?page=3\" -X GET\r\nSUGGEST EDITS\r\nData Types\r\n \r\nThe API utilizes JSON as the data exchange format.\r\n\r\nRequest\r\nResponse\r\ncurl -H \"X-Risk-Token: \" \"https://{{API_URL}}/vulnerabilities/100\" -X GET\r\nSUGGEST EDITS\r\nErrors\r\n \r\nIn the case of an error, the appropriate HTTP status code will be returned in the response header. In addition, the response body will contain a JSON formatted description of what went wrong. The JSON will contain an error attribute, and may contain a more explanatory message attribute as well. It also includes a success attribute with a value of false.\r\n\r\nRequest\r\nResponse\r\ncurl -H \"X-Risk-Token: \" \"https://{{API_URL}}/assets/100\" -X PUT -d {\"priority\":\"-1\"}\r\nSUGGEST EDITS\r\nHTTP Status Codes\r\n \r\nThe following HTTP status codes are returned by the API.\r\n\r\nCode\tMeaning\r\n102\tProcessing\r\n200\tOK\r\n201\tCreated\r\n204\tNo Content\r\n400\tBad Request\r\n401\tUnauthorized\r\n404\tNot Found\r\n409\tConflict\r\n412\tPrecondition Failed\r\n422\tUnprocessable Entity\r\n429\tToo Many Requests (more than 5 per second)\r\n500\tInternal Server Error\r\nSUGGEST EDITS\r\nPagination\r\n \r\nRequests that return multiple items will be paginated to 1000 items at a time, by default. You can request further pages with the page parameter, and/or change the number of items returned with the per_page parameter. Note that page numbering is 1-based and that omitting the page parameter will return the first page.\r\n", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -22,13 +22,27 @@ ], "path": [ "vulnerabilities" - ] - }, - "description": "Returns a list of all of your open vulnerabilities that are associated with active assets paginated by 500 records at a time.\r\n\r\nThe response includes the current page requested as well as the total number of pages. Pagination is explained on the Parameters page. To retrieve closed vulnerabilities, you pass a \"filter\" parameter with the value \"closed\" (i.e. ?filter=closed)." - }, - "response": [] + ], + "query": [ + { + "key": "filter", + "value": "string", + "description": "integer\nFilter the results based on the filter string", + "disabled": true + }, + { + "key": "page", + "value": "integer", + "description": "integer\nThe page number from 1 to 20.", + "disabled": true + } + ] + }, + "description": "Returns a list of all of the open vulnerabilities that are associated with active assets. To retrieve closed vulnerabilities, use the `filter` query parameter with the value \"closed\". The default page size is 500, the maximum page size is 500, and the maximum pages allowed is 20." + }, + "response": [] }, - { + { "name": "Search Vulnerabilities", "request": { "method": "GET", @@ -59,13 +73,73 @@ { "key": "asset_id[]", "value": "array of integers", - "description": "array of integers\nSearch for all fixes related to vulnerabilities that are connected to a set of assets.", + "description": "array of integers\nSearch for vulnerabilities related to the specified asset IDs.", "disabled": true }, { - "key": "status[]", + "key": "asset[max_priority]", + "value": "integer", + "description": "integer\nFind vulnerabilities related to assets with priority levels that are less than or equal to this value.", + "disabled": true + }, + { + "key": "asset[min_priority]", + "value": "integer", + "description": "integer\nFind vulnerabilities related to assets with priority levels that are greater than or equal to this value.", + "disabled": true + }, + { + "key": "asset[operating_system][]", + "value": "array of strings", + "description": "array of strings\nAn array of the names of the operating systems associated with a set of assets.", + "disabled": true + }, + { + "key": "asset[primary_locator][]", + "value": "array of strings", + "description": "array of strings\nThe primary locator used for an asset. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, fqdn, file, or application.", + "disabled": true + }, + { + "key": "asset[service_names][]", + "value": "array of strings", + "description": "array of strings\nAn array of service names relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "asset[service_ports][]", + "value": "array of integers", + "description": "array of integers\nAn array of ports relating to your assets.", + "disabled": true + }, + { + "key": "asset[service_products][]", + "value": "array of strings", + "description": "array of strings\nAn array of service products relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "asset[service_protocols][]", + "value": "array of strings", + "description": "array of strings\nAn array of service protocols relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "asset[status][]", + "value": "array of strings", + "description": "array of strings\nSearch for vulnerabilities related to assets with the specified statuses.", + "disabled": true + }, + { + "key": "asset[status_set_manually][]", + "value": "array of booleans", + "description": "array of booleans\nA boolean to indicate whether an asset's active/inactive status was set automatically by Cisco Vulnerability Management or manually by a human.", + "disabled": true + }, + { + "key": "asset[tags][]", "value": "array of strings", - "description": "array of strings\nBy default, only fixes for vulnerabilities with active assets are returned. To override this default specify the status param for an asset as shown. Status choices are active and inactive.", + "description": "array of strings\nAn array of tag names associated with your assets.", "disabled": true }, { @@ -89,7 +163,7 @@ { "key": "custom_fields:CUSTOM_FIELD_NAME[]", "value": "array of strings", - "description": "array of strings\nSearch for all vulnerabilities that have a specific custom field value. The proper format for a custom field query is 'custom_fields:', then the id of the custom_field, then the name of the custom_field you are searching on, then the value you are searching for.", + "description": "array of strings\nSearch for all vulnerabilities that have a specific custom field and its value. The proper format for a custom field query is 'custom_fields:', the name of the custom field that you are searching on, and the value you are searching for. For example: custom_fields:Category[]=good. Note the following: Testing custom_fields in the \"Try It!\" pane does not work, use the example above as a guide in curl or some other language, to search multiple custom fields, add another query parameter. and search must have a value and there is no wildcarding.", "disabled": true }, { @@ -98,16 +172,22 @@ "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities by those that have seen high levels of exploitation recently.", "disabled": true }, + { + "key": "fields", + "value": "string", + "description": "string\nA comma separated list of fields to be returned in the response.", + "disabled": true + }, { "key": "has_known_exploits[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified known exploit related details.", + "value": "array of booleans", + "description": "array of booleans\nDeprecated: Please use the \"malware_exploitable\" query parameter.", "disabled": true }, { "key": "has_known_malware[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified known malware related details.vu", + "value": "array of booleans", + "description": "array of booleans\nDeprecated: Please use the \"malware_exploitable\" query parameter.", "disabled": true }, { @@ -122,28 +202,16 @@ "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities by those that have had pieces of malware identified.", "disabled": true }, - { - "key": "max_priority", - "value": "string", - "description": "string\nFind all vulnerabilities on assets with priority levels less than this value.", - "disabled": true - }, - { - "key": "min_priority", - "value": "string", - "description": "Find all vulnerabilities on assets with priority levels greater than this value.", - "disabled": true - }, { "key": "max_risk_meter_score", "value": "int32", - "description": "int32\nFind all vulnerabilities with risk scores less than this value.", + "description": "int32\nFind all vulnerabilities with risk scores that are less than or equal to this value.", "disabled": true }, { "key": "min_risk_meter_score", "value": "int32", - "description": "int32\nFind all vulnerabilities with risk scores greater than this value.\n\n", + "description": "int32\nFind all vulnerabilities with risk scores that are greater than or equal to this value.\n\n", "disabled": true }, { @@ -161,25 +229,25 @@ { "key": "max_severity", "value": "int32", - "description": "Find all vulnerabilities with severity levels less than this value.", + "description": "Find all vulnerabilities with severity levels that are less than or equal to this value.", "disabled": true }, { "key": "min_severity", "value": "int32", - "description": "int32\nFind all vulnerabilities with severity levels greater than this value.", + "description": "int32\nFind all vulnerabilities with severity levels that are greater than or equal to this value.", "disabled": true }, { "key": "max_threat", "value": "int32", - "description": "int32\nFind all vulnerabilities with threat levels less than this value.\n\n", + "description": "int32\nFind all vulnerabilities with threat levels that are less than or equal to this value.\n\n", "disabled": true }, { "key": "min_threat", "value": "int32", - "description": "int32\nFind all vulnerabilities with threat levels greater than this value.\n\n", + "description": "int32\nFind all vulnerabilities with threat levels that are greater than or equal to this value.\n\n", "disabled": true }, { @@ -188,10 +256,22 @@ "description": "array of integers\nExclude all vulnerabilities for the identified definition IDs.\n\n\n\n", "disabled": true }, + { + "key": "page", + "value": "integer", + "description": "integer\nThe page number from 1 to 20.\n\n\n\n", + "disabled": true + }, + { + "key": "per_page", + "value": "integer", + "description": "integer\nThe page size from 1 to 5,000. Default is 500.\n\n\n\n", + "disabled": true + }, { "key": "pci_related[]", "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified PCI related details.", + "description": "array of strings\nAn array of booleans for filtering your vulnerabilities by those that are Payment Card Industry related", "disabled": true }, { @@ -214,8 +294,8 @@ }, { "key": "prioritized[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified priority details.\n\n\n\n", + "value": "array of booleans", + "description": "array of booleans\nDeprecated: Please use the \"top_priority\" query parameter.\n\n\n\n", "disabled": true }, { @@ -226,8 +306,8 @@ }, { "key": "remote_code_execution[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified RCEs.\n\n\n\n", + "value": "array of booleans", + "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities by those that be executed remotely.\n\n\n\n", "disabled": true }, { @@ -245,31 +325,31 @@ { "key": "status[]", "value": "array of strings", - "description": "array of strings\nAn array of statuses for your vulnerabilities.\n\n\n\n", + "description": "array of strings\nAn array of strings to filter by vulnerability status.\n\n\n\n", "disabled": true }, { "key": "top_exploit[]", "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified top exploit related details.", + "description": "array of strings\nDeprecated: Please use the \"active_internet_breach\" query parameter.", "disabled": true }, { "key": "top_priority[]", "value": "array of booleans", - "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities by those that Kenna recommends should be a top priority to fix.\n\n\n\n", + "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities by those that Cisco Vulnerability Management recommends should be a top priority to fix.\n\n\n\n", "disabled": true }, { "key": "trending[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified trending related details.", + "value": "array of booleans", + "description": "array of booleans\nAn array of booleans for filtering by vulnerabilities that are trending.", "disabled": true }, { "key": "vulnerability_class[]", "value": "array of strings", - "description": "array of strings\nAn array of strings describing the class of your vulnerabilities.", + "description": "array of strings\nAn array of strings for filtering by vulnerability classification.", "disabled": true }, { @@ -281,18 +361,18 @@ { "key": "wasc_classification[]", "value": "array of strings", - "description": "array of strings\nAn array of WASC classifications related to your vulnerabilities.\n\n\n\n", + "description": "array of strings\nAn array to filter your vulnerabilities by specified WASC classifications.\n\n\n\n", "disabled": true }, { "key": "zero_day[]", - "value": "array of strings", - "description": "array of strings\nFind all vulnerabilities matching the specified zero day related details.", + "value": "array of booleans", + "description": "array of booleans\nAn array of booleans for filtering by vulnerabilities that have zero days.", "disabled": true } ] }, - "description": "Filters vulnerabilities by a given set of parameters and returns the filtered vulnerabilities as well as the total number of vulnerabilities in the filtered set.\r\n\r\nBy default, only open vulnerabilities with active assets are returned. Results are paginated in pages of 500. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all vulnerabilities with status=[\"open\"] and port=[\"443\", \"80\"] you will receive all open vulnerabilities that have either port 443 or port 80. This is shown in the CURL example below." + "description": "Filters vulnerabilities by a given set of parameters and returns the filtered vulnerabilities as well as the total number of vulnerabilities in the filtered set.\r\n\r\nBy default, only open vulnerabilities with active assets are returned. Each unique parameter is combined using AND while each of the values passed in a single array will be combined using OR. For example, if you search for all vulnerabilities with status=[\"open\"] and port=[\"443\", \"80\"] you will receive all open vulnerabilities that have either port 443 or port 80. The default page size is 500, the maximum page size is 5,000, and the maximum pages allowed is 20." }, "response": [] }, @@ -315,7 +395,7 @@ { "key": "q", "value": "string", - "description": "string\nThis can be any query string you want to search for, including a regex. For more detailed documentation on our search syntax visit our Help Center.\n\n" + "description": "string\nThis is the q string to be validated. For more detailed documentation on our search syntax visit our Help Center.\n\n" } ] }, @@ -350,7 +430,7 @@ "key": "id", "value": "", "type": "string", - "description": "Kenna platform Vulnerability ID." + "description": "The vulnerability ID." } ] }, @@ -379,11 +459,11 @@ "key": "id", "value": "int32", "type": "string", - "description": "the vulnerability ID found in Kenna when selected" + "description": "The vulnerability ID." } ] }, - "description": "Returns an array of the scanner vulnerability details associated to a vulnerability by ID." + "description": "Returns an array of the scanner vulnerability details and solution associated to a vulnerability by ID." }, "response": [] }, @@ -424,27 +504,27 @@ "disabled": true }, { - "key": "cve_id", + "key": "application", "value": "string", - "description": "string\nA National Vulnerability Database CVE identifier,", + "description": "string\nThe application name. The application can be specified along with file to match an asset with file as primary locator in specified application.", "disabled": true }, { - "key": "cwe_id", + "key": "cve_id", "value": "string", - "description": "string\nA CWE - Common Weakness Enumeration identifier\n\n", + "description": "string\nA National Vulnerability Database CVE identifier, 'CVE-YYYY-NNNN', 'CVE-YYYY-NNNNN', or 'CVE-YYYY-NNNNNNN'. One of the following fields, cve_id, cwe_id, or wasc_id, is required.", "disabled": true }, { - "key": "closed_at", + "key": "cwe_id", "value": "string", - "description": "string\nThe datetime(as a UTC timestamp) to mark when a vulnerability was closed in the format (2013-09-01", + "description": "string\nA CWE - Common Weakness Enumeration identifier, 'CWE-'. One of the following fields, cve_id, cwe_id, or wasc_id, is required.\n\n", "disabled": true }, { - "key": "custom_fields", - "value": "object", - "description": "object\nCustom Fields are defined by Custom Field Definitions which can be set up in the UI for your account. When updating a vulnerability's custom fields, reference them by their custom_field_definition_id as in the example. Only ids that are present in the UPDATE request will be modified (ie: leaving out custom fields in the UPDATE request will not delete them on the server). To remove a vulnerability's custom field value, UPDATE it with an empty string. { \"777\": \"\" }", + "key": "closed_at", + "value": "string", + "description": "string\nThe datetime (as a UTC timestamp) to mark when a vulnerability was closed in the format (2023-09-01).", "disabled": true }, { @@ -498,13 +578,13 @@ { "key": "jira_key", "value": "string", - "description": "string\nA JIRA ticket key to associate this vulnerability with", + "description": "string\nA JIRA ticket key to associate this vulnerability with.", "disabled": true }, { "key": "last_seen_time", "value": "string", - "description": "string\nThe date a vulnerability was last seen on", + "description": "string\nThe date a vulnerability was last seen on.", "disabled": true }, { @@ -516,7 +596,7 @@ { "key": "notes", "value": "string", - "description": "string\nStrings may be used to store plain english notes on a vulnerability", + "description": "string\nStrings may be used to store plain English notes on a vulnerability. Maximum 50,000 characters allowed.", "disabled": true }, { @@ -525,12 +605,6 @@ "description": "Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset.", "disabled": true }, - { - "key": "override_score", - "value": "int32", - "description": "int32\nAn integer (0 - 100) representing the risk score for a vulnerability. Kenna continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes.", - "disabled": true - }, { "key": "port", "value": "int32", @@ -544,21 +618,9 @@ "disabled": true }, { - "key": "prioritized", - "value": "boolean", - "description": "boolean\nBoolean that indicates whether the vulnerability is a top priority or not.", - "disabled": true - }, - { - "key": "severity", - "value": "int32", - "description": "int32\nThe severity of the vulnerability instance; an integer between 1 (low) to 10 (high)", - "disabled": true - }, - { - "key": "status", - "value": "string", - "description": "string\nThe status of a vulnerability (open, closed, risk_accepted, false_positive).", + "key": "service_ticket", + "value": "object", + "description": "object\nA service ticket to associate with a vulnerability. A null service_ ticket value will unassociate the service ticket associated with these vulnerabilities.", "disabled": true }, { @@ -576,7 +638,7 @@ { "key": "wasc_id", "value": "string", - "description": "string\nA WASC 2.0 Threat Classification ID", + "description": "string\nA WASC 2.0 Threat Classification ID. One of the following fields is required: cve_id, cwe_id, or wasc_id.", "disabled": true } ] @@ -642,13 +704,13 @@ { "key": "closed_at", "value": "string", - "description": "string\nThe datetime(as a UTC timestamp) to mark when a vulnerability was closed in the format (2013-09-01", + "description": "string\nThe datetime (as a UTC timestamp) to mark when a vulnerability was closed in the format (2023-09-01)", "disabled": true }, { "key": "custom_fields", "value": "object", - "description": "object\nCustom Fields are defined by Custom Field Definitions which can be set up in the UI for your account. When updating a vulnerability's custom fields, reference them by their custom_field_definition_id as in the example. Only ids that are present in the UPDATE request will be modified (ie: leaving out custom fields in the UPDATE request will not delete them on the server). To remove a vulnerability's custom field value, UPDATE it with an empty string. { \"777\": \"\" }", + "description": "object\nThe custom field ID and value to be updated. The key is the custom field ID, and the value is the desired value of the custom field. For updating a date type custom field, the value must be in ISO-8601 date-time format YYYY-MM-DDTHH:MM:SS.", "disabled": true }, { @@ -720,7 +782,7 @@ { "key": "notes", "value": "string", - "description": "string\nStrings may be used to store plain english notes on a vulnerability", + "description": "string\nStrings may be used to store plain English notes on a vulnerability. Maximum 50,000 characters allowed.", "disabled": true }, { @@ -732,7 +794,7 @@ { "key": "override_score", "value": "int32", - "description": "int32\nAn integer (0 - 100) representing the risk score for a vulnerability. Kenna continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes.", + "description": "int32\nAn integer (0 - 100) representing the risk score for a vulnerability. Cisco Vulnerability Management continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes.", "disabled": true }, { @@ -750,25 +812,31 @@ { "key": "prioritized", "value": "boolean", - "description": "boolean\nBoolean that indicates whether the vulnerability is a top priority or not.", + "description": "boolean\nBoolean that indicates whether the vulnerability is a top priority or not. Default is false.", + "disabled": true + }, + { + "key": "service_ticket", + "value": "object", + "description": "object\nA service ticket to associate with a vulnerability. A null service_ ticket value will unassociate the service ticket associated with these vulnerabilities.", "disabled": true }, { "key": "severity", "value": "int32", - "description": "int32\nThe severity of the vulnerability instance; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe severity of the vulnerability instance; an integer between 1 (low) to 10 (high).", "disabled": true }, { "key": "status", "value": "string", - "description": "string\nThe status of a vulnerability (open, closed, risk_accepted, false_positive).", + "description": "string\nThe status to be updated to for this vulnerability - open, closed, risk_accepted, false_positive.", "disabled": true }, { "key": "threat", "value": "int32", - "description": "int32\nThe threat level of the vulnerability instance; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe threat level of the vulnerability instance; an integer between 1 (low) to 10 (high).", "disabled": true }, { @@ -831,7 +899,7 @@ { "key": "vulnerability_ids", "value": "[]", - "description": "array of integers\nKenna IDs of all vulnerabilities to be updated", + "description": "array of integers\nIDs of all vulnerabilities to be updated.", "disabled": true }, { @@ -855,13 +923,13 @@ { "key": "closed_at", "value": "string", - "description": "string\nThe datetime(as a UTC timestamp) to mark when a vulnerability was closed in the format (2013-09-01", + "description": "string\nThe datetime(as a UTC timestamp) to mark when a vulnerability was closed in the format (2023-09-01)", "disabled": true }, { "key": "custom_fields", "value": "object", - "description": "object\nCustom Fields are defined by Custom Field Definitions which can be set up in the UI for your account. When updating a vulnerability's custom fields, reference them by their custom_field_definition_id as in the example. Only ids that are present in the UPDATE request will be modified (ie: leaving out custom fields in the UPDATE request will not delete them on the server). To remove a vulnerability's custom field value, UPDATE it with an empty string. { \"777\": \"\" }", + "description": "object\nCustom Fields are defined by Custom Field Definitions which can be set up in the UI for your account. When updating a vulnerability's custom fields, reference them by their custom_field_definition_id, the key in the CUSTOM_FIELDS OBJECT below. Only IDs that are present in the \"Bulk Update\" request will be modified (ie: leaving out custom fields in the \"Bulk Update\" request will not delete them on the server). To remove a vulnerability's custom field value, use an empty string, { \"777\": \"\" }. For updating a date type custom field, the value must be in ISO-8601 date-time format YYYY-MM-DDTHH:MM:SS.", "disabled": true }, { @@ -933,7 +1001,7 @@ { "key": "notes", "value": "string", - "description": "string\nStrings may be used to store plain english notes on a vulnerability", + "description": "string\nStrings may be used to store plain English notes on a vulnerability. Maximum 50,000 characters allowed.", "disabled": true }, { @@ -945,7 +1013,7 @@ { "key": "override_score", "value": "int32", - "description": "int32\nAn integer (0 - 100) representing the risk score for a vulnerability. Kenna continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes.", + "description": "int32\nAn integer (0 - 100) representing the risk score for a vulnerability. Cisco Vulnerability Management continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes.", "disabled": true }, { @@ -957,7 +1025,7 @@ { "key": "primary_locator", "value": "string", - "description": "string\nThe primary locator used for the corresponding asset. This is required to associate the vulnerability with the asset it was found on. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, or fqdn", + "description": "string\nThe primary locator used for the corresponding asset. This is required to associate the vulnerability with the asset it was found on. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, or fqdn.", "disabled": true }, { @@ -966,22 +1034,28 @@ "description": "boolean\nBoolean that indicates whether the vulnerability is a top priority or not.", "disabled": true }, + { + "key": "service_ticket", + "value": "object", + "description": "object\nA service ticket to associate with a vulnerability. A null service_ ticket value will unassociate the service ticket associated with these vulnerabilities.", + "disabled": true + }, { "key": "severity", "value": "int32", - "description": "int32\nThe severity of the vulnerability instance; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe severity of the vulnerability instance; an integer between 1 (low) to 10 (high).", "disabled": true }, { "key": "status", "value": "string", - "description": "string\nThe status of a vulnerability (open, closed, risk_accepted, false_positive).", + "description": "string\nThe status to be updated for requested vulnerabilities - open, closed, risk_accepted, false_positive.", "disabled": true }, { "key": "threat", "value": "int32", - "description": "int32\nThe threat level of the vulnerability instance; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe threat level of the vulnerability instance; an integer between 1 (low) to 10 (high).", "disabled": true }, { @@ -1030,7 +1104,7 @@ "key": "id", "value": "int32", "type": "string", - "description": "int32: ID of the vulnerability found in the URL of the Kenna Platform after selecting." + "description": "int32: The vulnerability ID to be deleted." } ] }, @@ -1066,17 +1140,17 @@ { "key": "**Don's include this line - Update Vulns in Body**", "value": null, - "description": "Obtain vuln ids from Kenna Platform url & update Body in Postman", + "description": "An array of vulnerability IDs to be deleted.", "disabled": true } ] }, - "description": "Delete multiple vulnerabilities at a time using the bulk delete endpoint. Delete limit is 2,000 vulnerabilities at a time." + "description": "Delete multiple vulnerabilities at a time. Delete limit is 2,000 vulnerabilities at a time." }, "response": [] }, { - "name": "Download Zipped Data", + "name": "Download Zipped Vulnerability Data", "request": { "method": "GET", "header": [], @@ -1091,7 +1165,7 @@ "download_data_zip" ] }, - "description": "Will return a zip file with the most recent data export of all of your vulnerabilities. In order to arrange for a daily full data export please contact our tech support staff." + "description": "Will return a gzipped file with the most recent data export of all of your vulnerabilities. In order to arrange for a daily full data export please contact our tech support staff. The format of the uncompressed data, is JSONL, JSON, or XML. This is determined when the technical support staff is contacted." }, "response": [] } @@ -1135,7 +1209,7 @@ "assets" ] }, - "description": "Returns a list of all of your active assets with open vulnerabilities paginated by 500 records at a time.\r\n\r\nThe response includes the current page requested as well as the total number of pages. Pagination is explained on the Parameters page. To retrieve inactive assets, you pass a \"filter\" parameter with the value \"inactive\" (i.e. ?filter=inactive)." + "description": "Returns a list of all of your active assets with open vulnerabilities. The default page size is 500, the maximum page size is 500, and the maximum pages allowed is 20. The total number of asset groups, page number, and total number of pages are available in the meta data. To retrieve inactive assets, you pass a \"filter\" parameter with the value \"inactive\" (i.e. ?filter=inactive)." }, "response": [ { @@ -1249,7 +1323,7 @@ { "key": "exclude_child_filter[]", "value": "array of strings", - "description": "array of strings\nIf you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "description": "array of strings\n\"Include all assets\" includes all assets regardless of the vulnerability filters. \"Assets without Vulnerabilities\" will return only the assets without vulnerabilities. If this parameter is omitted, then the vulnerability filters are used.", "disabled": true }, { @@ -1261,25 +1335,37 @@ { "key": "max_priority", "value": "int32", - "description": "int32\nSearch for all assets that have a priority less than this value.", + "description": "int32\nSearch for all assets that have a priority less than or equal to this value.", "disabled": true }, { "key": "min_priority", "value": "int32", - "description": "int32\nSearch for all assets that have a priority greater than this value", + "description": "int32\nSearch for all assets that have a priority greater than or equal to this value", "disabled": true }, { "key": "max_risk_meter_score", "value": "int32", - "description": "int32\nSearch for all assets that have a risk meter score less than this value.", + "description": "int32\nSearch for all assets that have a risk meter score less than or equal to this value.", "disabled": true }, { "key": "min_risk_meter_score", "value": "int32", - "description": "int32\nSearch for all assets that have a risk meter score greater than this value.", + "description": "int32\nSearch for all assets that have a risk meter score greater than or equal to this value.", + "disabled": true + }, + { + "key": "page", + "value": "integer", + "description": "integer\nThe page number from 1 to 20.", + "disabled": true + }, + { + "key": "per_page", + "value": "integer", + "description": "integer\nThe page size from 1 to 50,000. Default page size is 500. A page size of 5,000 is recommended. Larger page sizes can cause performance issues.", "disabled": true }, { @@ -1297,7 +1383,7 @@ { "key": "q", "value": "string", - "description": "string\nThis can be any query string you want to search for, including a regex. We also have our own search syntax that enables you to search assets based on specific locators and fields. For more detailed documentation on our search syntax visit our Help Center. As stated in our Help Center, it is also possible to use our search syntax on vulnerability fields. In order to apply a query for a vulnerability field to an asset search you must nest the query string under a vulnerability key. The example below shows how to search for all assets that relate to vulnerabilities that are connected to the Heartbleed CVE.", + "description": "string\nAdditional text search parameters, as documented at: Cisco Vulnerability Management Search Terms, section \"Asset Terms\". Example q=tag:(mytag+AND+thetag)", "disabled": true }, { @@ -1327,7 +1413,13 @@ { "key": "status[]", "value": "array of strings", - "description": "array of strings\nAn array of statuses for your assets which can include active and/or inactive. NOTE: By default, only active assets are returned when searching. You must specify the asset status you want in order to override that default.", + "description": "array of strings\nAn array of statuses for your assets which can include active and/or inactive. Note: By default, only active assets are returned when searching. You must specify the asset status you want in order to override that default.", + "disabled": true + }, + { + "key": "status_set_manually", + "value": "array of booleans", + "description": "array of booleans\nA boolean to indicate whether an asset's active/inactive status was set automatically by Cisco Vulnerability Management or manually by a human.", "disabled": true }, { @@ -1342,6 +1434,7 @@ "description": "string\nSet this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags.", "disabled": true }, + { "key": "tags[]", "value": "array of strings", @@ -1349,144 +1442,318 @@ "disabled": true }, { - "key": "vulnerability", - "value": "object", - "description": "Vulnerability ids. Search for all assets that have vulnerabilities with these ids.", + "key": "vulnerability[classification][]", + "value": "array of strings", + "description": "array of strings\nClassification of the vulnerability.", "disabled": true - } - ] - }, - "description": "Filters assets by a given set of parameters and returns the filtered assets as well as the total number of assets in the filtered set.\r\n\r\nBy default, only active assets with open vulnerabilities are returned. Results are paginated in pages of 500. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all assets with status=[\"active\"] and tags=[\"foo\", \"bar\"] you will receive all active assets that have either a \"foo\" tag or a \"bar\" tag. This is shown in the CURL example below." - }, - "response": [] - }, - { - "name": "Search Assets by Custom Query", - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "https://{{API_URL}}/assets/search?q=asset_created:<2020-12-08", - "protocol": "https", - "host": [ - "{{API_URL}}" - ], - "path": [ - "assets", - "search" - ], - "query": [ + }, { - "key": "application_id", - "value": "int32", - "description": "The ID of an application to retrieve assets for. All other search parameters are ignored if application_id is provided.", + "key": "vulnerability[connector_names][]", + "value": "array of strings", + "description": "array of strings\nConnector names of the vulnerabilities.", "disabled": true }, { - "key": "exclude_child_filter[]", + "key": "vulnerability[connector_types][]", "value": "array of strings", - "description": "array of strings\nIf you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "description": "array of strings\nConnector types of the vulnerabilities.", "disabled": true }, { - "key": "id[]", - "value": "array of integers", - "description": "array of integers\nArray of asset IDs", + "key": "vulnerability[has_known_exploits][]", + "value": "array of strings", + "description": "array of strings\nVulnerabilities that have known exploits.", "disabled": true }, { - "key": "max_priority", - "value": "int32", - "description": "int32\nSearch for all assets that have a priority less than this value.", + "key": "vulnerability[has_known_malware][]", + "value": "array of strings", + "description": "array of strings\nVulnerabilities that have known malware.", "disabled": true }, { - "key": "min_priority", - "value": "int32", - "description": "int32\nSearch for all assets that have a priority greater than this value", + "key": "vulnerability[id][]", + "value": "array of integers", + "description": "array of integers\nVulnerability IDs.", "disabled": true }, { - "key": "max_risk_meter_score", - "value": "int32", - "description": "int32\nSearch for all assets that have a risk meter score less than this value.", + "key": "vulnerability[max_risk_meter_score]", + "value": "integer", + "description": "integer\nVulnerability risk scores that are less than or equal to this value.", "disabled": true }, { - "key": "min_risk_meter_score", - "value": "int32", - "description": "int32\nSearch for all assets that have a risk meter score greater than this value.", + "key": "vulnerability[max_rounded_risk_meter_score]", + "value": "integer", + "description": "integer\nVulnerability risk scores rounded to the integer that is less than or equal to this value.", "disabled": true }, { - "key": "operating_system[]", - "value": "array of strings", - "description": "array of strings\nAn array of the names of the operating systems associated with a set of assets.", + "key": "vulnerability[max_severity]", + "value": "integer", + "description": "integer\nVulnerabilities with severity levels that are less than or equal to this value.", "disabled": true }, { - "key": "primary_locator[]", - "value": "array of strings", - "description": "array of strings\nThe primary locator used for an asset. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, fqdn, file, or application", + "key": "vulnerability[max_threat]", + "value": "integer", + "description": "integer\nVulnerabilities with threat levels that are less than or equal to this value.", "disabled": true }, { - "key": "q", - "value": "asset_created:<2020-12-08", - "description": "string\nThis can be any query string you want to search for, including a regex. We also have our own search syntax that enables you to search assets based on specific locators and fields. For more detailed documentation on our search syntax visit our Help Center. As stated in our Help Center, it is also possible to use our search syntax on vulnerability fields. In order to apply a query for a vulnerability field to an asset search you must nest the query string under a vulnerability key. The example below shows how to search for all assets that relate to vulnerabilities that are connected to the Heartbleed CVE." + "key": "vulnerability[min_risk_meter_score]", + "value": "integer", + "description": "integer\nVulnerabilities with threat levels that are less than or equal to this value.", + "disabled": true }, { - "key": "service_names[]", - "value": "array of strings", - "description": "array of strings\nAn array of service names relating to your assets. Make sure all letters are lowercase.", + "key": "vulnerability[min_rounded_risk_meter_score]", + "value": "integer", + "description": "integer\nVulnerability risk scores rounded to the integer that is greater than or equal to this value.", "disabled": true }, { - "key": "service_ports[]", - "value": "array of strings", - "description": "array of strings\nAn array of ports relating to your assets.", + "key": "vulnerability[min_severity]", + "value": "integer", + "description": "integer\nVulnerabilities with severity levels that are greater than or equal to this value.", "disabled": true }, { - "key": "service_products[]", - "value": "array of integers", - "description": "array of integers\nAn array of service products relating to your assets. Make sure all letters are lowercase.", + "key": "vulnerability[min_threat]", + "value": "integer", + "description": "integer\nVulnerabilities with threat levels that are greater than or equal to this value.", "disabled": true }, { - "key": "service_protocols[]", - "value": "array of strings", - "description": "array of strings\nAn array of service protocols relating to your assets. Make sure all letters are lowercase.", + "key": "vulnerability[no_vulnerability_definition_id][]", + "value": "array of integers", + "description": "array of integers\nExclude Vulnerability IDs.", "disabled": true }, { - "key": "status[]", - "value": "array of strings", - "description": "array of strings\nAn array of statuses for your assets which can include active and/or inactive. NOTE: By default, only active assets are returned when searching. You must specify the asset status you want in order to override that default.", + "key": "vulnerability[pci_related][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that are Payment Card Industry related.", "disabled": true }, { - "key": "search_id", - "value": "int32", - "description": "int32\nSearch values specified in the risk meter group definition will override their respective values provided in this request when search_id is provided.", + "key": "vulnerability[port][]", + "value": "array of integers", + "description": "array of integers\nPorts associated with vulnerabilities.", "disabled": true }, { - "key": "tag_boolean_mode", - "value": "string", - "description": "string\nSet this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags.", + "key": "vulnerability[predicted_exploitable][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that are predicted to be exploitable.", "disabled": true }, { - "key": "tags[]", - "value": "array of strings", - "description": "array of strings\nAn array of tag names associated with your assets.", + "key": "vulnerability[prioritized][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that are prioritized.", + "disabled": true + }, + { + "key": "vulnerability[q]", + "value": "string", + "description": "string\nVulnerability query string.", + "disabled": true + }, + { + "key": "vulnerability[remote_code_execution][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that can be executed remotely.", + "disabled": true + }, + { + "key": "vulnerability[service_ticket_status][]", + "value": "array of strings", + "description": "array of strings\nVulnerability ticket status.", + "disabled": true + }, + { + "key": "vulnerability[status][]", + "value": "array of strings", + "description": "array of strings\nVulnerability status.", + "disabled": true + }, + { + "key": "vulnerability[top_exploit][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that are actively being used for internet breaches.", + "disabled": true + }, + { + "key": "vulnerability[top_priority][]", + "value": "array of booleans", + "description": "array of booleans\nAn array of booleans for filtering your vulnerabilities that Cisco recommends should be a top priority to fix.", + "disabled": true + }, + { + "key": "vulnerability[trending][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that are trending.", + "disabled": true + }, + { + "key": "vulnerability[vulnerability_class][]", + "value": "array of strings", + "description": "array of strings\nVulnerability classification.", + "disabled": true + }, + { + "key": "vulnerability[vulnerability_definition_id][]", + "value": "array of integers", + "description": "array of integers\nVulnerability definition IDs.", + "disabled": true + }, + { + "key": "vulnerability[wasc_classification][]", + "value": "array of strings", + "description": "array of strings\nVulnerability WASC classification.", + "disabled": true + }, + { + "key": "vulnerability[zer_day][]", + "value": "array of booleans", + "description": "array of booleans\nVulnerabilities that have zero day exploits.", + "disabled": true + } + ] + }, + "description": "Filters assets by a given set of input parameters and returns the filtered assets as well as the total number of assets in the filtered set. The default page size is 500, the maximum page size is 50,000, and the maximum pages allowed is 20. The total number of asset groups, page number, and total number of pages are available in the meta data. \r\n\r\nBy default, only active assets with open vulnerabilities are returned. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all assets with status=[\"active\"] and tags=[\"foo\", \"bar\"] you will receive all active assets that have either a \"foo\" tag or a \"bar\" tag." + }, + "response": [] + }, + { + "name": "Search Assets by Custom Query", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/assets/search?q=asset_created:<2020-12-08", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "assets", + "search" + ], + "query": [ + { + "key": "application_id", + "value": "int32", + "description": "The ID of an application to retrieve assets for. All other search parameters are ignored if application_id is provided.", + "disabled": true + }, + { + "key": "exclude_child_filter[]", + "value": "array of strings", + "description": "array of strings\nIf you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "disabled": true + }, + { + "key": "id[]", + "value": "array of integers", + "description": "array of integers\nArray of asset IDs", + "disabled": true + }, + { + "key": "max_priority", + "value": "int32", + "description": "int32\nSearch for all assets that have a priority less than this value.", + "disabled": true + }, + { + "key": "min_priority", + "value": "int32", + "description": "int32\nSearch for all assets that have a priority greater than this value", + "disabled": true + }, + { + "key": "max_risk_meter_score", + "value": "int32", + "description": "int32\nSearch for all assets that have a risk meter score less than this value.", + "disabled": true + }, + { + "key": "min_risk_meter_score", + "value": "int32", + "description": "int32\nSearch for all assets that have a risk meter score greater than this value.", + "disabled": true + }, + { + "key": "operating_system[]", + "value": "array of strings", + "description": "array of strings\nAn array of the names of the operating systems associated with a set of assets.", + "disabled": true + }, + { + "key": "primary_locator[]", + "value": "array of strings", + "description": "array of strings\nThe primary locator used for an asset. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, fqdn, file, or application", + "disabled": true + }, + { + "key": "q", + "value": "asset_created:<2020-12-08", + "description": "string\nThis can be any query string you want to search for, including a regex. We also have our own search syntax that enables you to search assets based on specific locators and fields. For more detailed documentation on our search syntax visit our Help Center. As stated in our Help Center, it is also possible to use our search syntax on vulnerability fields. In order to apply a query for a vulnerability field to an asset search you must nest the query string under a vulnerability key. The example below shows how to search for all assets that relate to vulnerabilities that are connected to the Heartbleed CVE." + }, + { + "key": "service_names[]", + "value": "array of strings", + "description": "array of strings\nAn array of service names relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "service_ports[]", + "value": "array of strings", + "description": "array of strings\nAn array of ports relating to your assets.", + "disabled": true + }, + { + "key": "service_products[]", + "value": "array of integers", + "description": "array of integers\nAn array of service products relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "service_protocols[]", + "value": "array of strings", + "description": "array of strings\nAn array of service protocols relating to your assets. Make sure all letters are lowercase.", + "disabled": true + }, + { + "key": "status[]", + "value": "array of strings", + "description": "array of strings\nAn array of statuses for your assets which can include active and/or inactive. NOTE: By default, only active assets are returned when searching. You must specify the asset status you want in order to override that default.", + "disabled": true + }, + { + "key": "search_id", + "value": "int32", + "description": "int32\nSearch values specified in the risk meter group definition will override their respective values provided in this request when search_id is provided.", + "disabled": true + }, + { + "key": "tag_boolean_mode", + "value": "string", + "description": "string\nSet this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags.", + "disabled": true + }, + { + "key": "tags[]", + "value": "array of strings", + "description": "array of strings\nAn array of tag names associated with your assets.", "disabled": true }, { "key": "vulnerability", "value": "object", - "description": "Vulnerability ids. Search for all assets that have vulnerabilities with these ids.", + "description": "Vulnerability IDs. Search for all assets that have vulnerabilities with these IDs.", "disabled": true } ] @@ -1646,7 +1913,7 @@ { "key": "q", "value": "string", - "description": "string\nThis can be any query string you want to search for, including a regex. For more detailed documentation on our search syntax visit our Help Center." + "description": "string\nThis is the q string to be validated. For more detailed documenation, see the Cisco Vulnerability Management Search Terms article in the Help Center, section \"Asset Terms\"." } ] }, @@ -1681,11 +1948,11 @@ "key": "id", "value": "", "type": "string", - "description": "Asset ID of Kenna found in platform. Select asset and look in URL for ID." + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when a risk meter is selected." } ] }, - "description": "Returns a single asset by ID." + "description": "Returns information about a single asset by ID. This endpoint does not return tag source information." }, "response": [] }, @@ -1727,97 +1994,103 @@ { "key": "application", "value": "string", - "description": "string\nThe application name\n\n", + "description": "string\nThe application name. Either application or application_id may be specified.\n\n", + "disabled": true + }, + { + "key": "application_id", + "value": "string", + "description": "string\nThe application locator of the asset. Either application_id or application may be specified.", "disabled": true }, { "key": "external_id", "value": "string", - "description": "string\nThe external_id of the asset", + "description": "string\nThe external_id of the asset.", "disabled": true }, { "key": "database", "value": "string", - "description": "string\nThe database name of the asset", + "description": "string\nThe database name of the asset.", "disabled": true }, { "key": "ec2", "value": "string", - "description": "string\nThe ec2 name of the asset", + "description": "string\nThe ec2 name of the asset.", "disabled": true }, { "key": "file", "value": "string", - "description": "string\nThe Fully Qualified path of the file", + "description": "string\nThe Fully Qualified path of the file.", "disabled": true }, { "key": "fqdn", "value": "string", - "description": "string\nThe Fully Qualified Domain Name of the asset", + "description": "string\nThe Fully Qualified Domain Name of the asset.", "disabled": true }, { "key": "hostname", "value": "string", - "description": "string\nThe hostname of the asset", + "description": "string\nThe hostname of the asset.", "disabled": true }, { "key": "inactive", "value": "boolean", - "description": "boolean\nA boolean value to set the asset inactive", + "description": "boolean\nA boolean value to set the asset inactive.", "disabled": true }, { "key": "ip_address", "value": "string", - "description": "string\nThe IP address of the asset", + "description": "string\nThe IP address of the asset.", "disabled": true }, { "key": "ipv6", "value": "string", - "description": "string\nThe asset's ipv6 address", + "description": "string\nThe asset's ipv6 address.", "disabled": true }, { "key": "last_booted_at", "value": "string", - "description": "string\nA datetime (as an iso8601 timestamp) identifying when the asset was last booted\n\n", + "description": "string\nA datetime (as an ISO-601 timestamp) identifying when the asset was last booted.\n\n", "disabled": true }, { "key": "last_seen_time", "value": "string", - "description": "string - A datetime (as an iso8601 timestamp) identifying when the asset was last seen", + "description": "string - A datetime (as an ISO-8601 timestamp) identifying when the asset was last seen.", "disabled": true }, { "key": "mac_address", "value": "string", - "description": "string\nThe MAC address of the asset", + "description": "string\nThe MAC address of the asset.", "disabled": true }, { "key": "netbios", "value": "string", - "description": "string\nThe NetBIOS address of the asset", + "description": "string\nThe NetBIOS address of the asset.", "disabled": true }, { "key": "notes", "value": "string", - "description": "string\nStrings may be used to store plain english notes about an asset\n\n", + "description": "string\nStrings may be used to store plain english notes about an asset.\n\n", "disabled": true }, { "key": "operating_system", "value": "string", - "description": "string\nThe operating system of the asset", + "description": "string\nThe operating system of the asset.", "disabled": true }, { @@ -1835,13 +2108,13 @@ { "key": "priority", "value": "int32", - "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high).", "disabled": true }, { "key": "url", "value": "string", - "description": "string\nThe URL of the asset", + "description": "string\nThe URL of the asset.", "disabled": true } ] @@ -1857,7 +2130,7 @@ "header": [], "body": { "mode": "raw", - "raw": "{\r\n \"asset\": {\r\n \"application\": \"\",\r\n \"external_id\": \"\",\r\n \"database\": \"\",\r\n \"ec2\": \"\",\r\n \"file\": \"\",\r\n \"fqdn\": \"\",\r\n \"hostname\": \"\",\r\n \"inactive\": \"\",\r\n \"ip_address\": \"\",\r\n \"ipv6\": \"\",\r\n \"last_booted_at\": \"\",\r\n \"last_seen_time\": \"\",\r\n \"mac_address\": \"\",\r\n \"netbios\": \"\",\r\n \"notes\": \"\",\r\n \"operating_system\": \"\",\r\n \"owner\": \"\",\r\n \"primary_locator\": \"\",\r\n \"priority\": \"\",\r\n \"url\": \"\"\r\n }\r\n}", + "raw": "{\r\n \"asset\": {\r\n \"application\": \"\",\r\n \"application_id\": \"\",\r\n \"external_id\": \"\",\r\n \"database\": \"\",\r\n \"ec2\": \"\",\r\n \"file\": \"\",\r\n \"fqdn\": \"\",\r\n \"hostname\": \"\",\r\n \"inactive\": \"\",\r\n \"ip_address\": \"\",\r\n \"ipv6\": \"\",\r\n \"last_booted_at\": \"\",\r\n \"last_seen_time\": \"\",\r\n \"mac_address\": \"\",\r\n \"netbios\": \"\",\r\n \"notes\": \"\",\r\n \"operating_system\": \"\",\r\n \"owner\": \"\",\r\n \"primary_locator\": \"\",\r\n \"priority\": \"\",\r\n \"url\": \"\"\r\n }\r\n}", "options": { "raw": { "language": "json" @@ -1894,73 +2167,79 @@ { "key": "application", "value": "string", - "description": "string\nThe application name\n\n", + "description": "string\nThe application name. Either application or application_id may be specified.\n\n", + "disabled": true + }, + { + "key": "application_id", + "value": "string", + "description": "string\nThe application locator of the asset. Either application_id or application may be specified.\n\n", "disabled": true }, { "key": "external_id", "value": "string", - "description": "string\nThe external_id of the asset", + "description": "string\nThe external_id of the asset.", "disabled": true }, { "key": "database", "value": "string", - "description": "string\nThe database name of the asset", + "description": "string\nThe database name of the asset.", "disabled": true }, { "key": "ec2", "value": "string", - "description": "string\nThe ec2 name of the asset", + "description": "string\nThe ec2 name of the asset.", "disabled": true }, { "key": "file", "value": "string", - "description": "string\nThe Fully Qualified path of the file", + "description": "string\nThe Fully Qualified path of the file.", "disabled": true }, { "key": "fqdn", "value": "string", - "description": "string\nThe Fully Qualified Domain Name of the asset", + "description": "string\nThe Fully Qualified Domain Name of the asset.", "disabled": true }, { "key": "hostname", "value": "string", - "description": "string\nThe hostname of the asset", + "description": "string\nThe hostname of the asset.", "disabled": true }, { "key": "inactive", "value": "boolean", - "description": "boolean\nA boolean value to set the asset inactive", + "description": "boolean\nA boolean value to set the asset inactive.", "disabled": true }, { "key": "ip_address", "value": "string", - "description": "string\nThe IP address of the asset", + "description": "string\nThe IP address of the asset.", "disabled": true }, { "key": "ipv6", "value": "string", - "description": "string\nThe asset's ipv6 address", + "description": "string\nThe asset's ipv6 address.", "disabled": true }, { "key": "last_booted_at", "value": "string", - "description": "string\nA datetime (as an iso8601 timestamp) identifying when the asset was last booted\n\n", + "description": "string\nA datetime (as an ISO-8601 timestamp) identifying when the asset was last booted.\n\n", "disabled": true }, { "key": "last_seen_time", "value": "string", - "description": "string - A datetime (as an iso8601 timestamp) identifying when the asset was last seen", + "description": "string - A datetime (as an ISO-8601 timestamp) identifying when the asset was last seen.", "disabled": true }, { @@ -1978,13 +2257,13 @@ { "key": "notes", "value": "string", - "description": "string\nStrings may be used to store plain english notes about an asset\n\n", + "description": "string\nStrings may be used to store plain English notes about an asset.\n\n", "disabled": true }, { "key": "operating_system", "value": "string", - "description": "string\nThe operating system of the asset", + "description": "string\nThe operating system of the asset.", "disabled": true }, { @@ -2002,13 +2281,13 @@ { "key": "priority", "value": "int32", - "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high)", + "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high).", "disabled": true }, { "key": "url", "value": "string", - "description": "string\nThe URL of the asset", + "description": "string\nThe URL of the asset.", "disabled": true } ], @@ -2017,7 +2296,7 @@ "key": "id", "value": "int32", "type": "string", - "description": "ID can be found in Kenna Platform in URL after selecting the asset" + "description": "ID can be found in the Cisco Vulnerability Management URL after selecting the asset." } ] }, @@ -2059,7 +2338,7 @@ { "key": "asset_ids", "value": "array of integers", - "description": "array of integers - Kenna ids found in URL of asset when selected", + "description": "array of integers - IDs of all assets to be updated.", "disabled": true }, { @@ -2068,39 +2347,39 @@ "disabled": true }, { - "key": "inactive", - "value": "boolean", - "description": "boolean\nA boolean value to set the asset inactive", + "key": "priority", + "value": "int32", + "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high).", "disabled": true }, { - "key": "ipv6", + "key": "notes", "value": "string", - "description": "string\nThe asset's ipv6 address", + "description": "string\nStrings may be used to store plain english notes about an asset.\n\n", "disabled": true }, { - "key": "last_booted_at", + "key": "operating_system", "value": "string", - "description": "string\nA datetime (as an iso8601 timestamp) identifying when the asset was last booted\n\n", + "description": "string\nThe operating system of the asset.", "disabled": true }, { - "key": "last_seen_time", + "key": "last_booted_at", "value": "string", - "description": "string - A datetime (as an iso8601 timestamp) identifying when the asset was last seen", + "description": "string\nA datetime (as an iso8601 timestamp) identifying when the asset was last booted.\n\n", "disabled": true }, { - "key": "notes", + "key": "ipv6", "value": "string", - "description": "string\nStrings may be used to store plain english notes about an asset\n\n", + "description": "string\nThe asset's ipv6 address.", "disabled": true }, { - "key": "operating_system", - "value": "string", - "description": "string\nThe operating system of the asset", + "key": "inactive", + "value": "boolean", + "description": "boolean\nA boolean value to set the asset inactive.", "disabled": true }, { @@ -2109,39 +2388,45 @@ "description": "string\nThe name of the owner of an asset.", "disabled": true }, - { - "key": "priority", - "value": "int32", - "description": "int32\nThe priority of the asset; an integer between 1 (low) to 10 (high)", - "disabled": true - }, { "key": "reset_tags", "value": "boolean", - "description": "Boolean - reset tags?", + "description": "Boolean - reset tags.", "disabled": true }, { "key": "remove_tags", "value": "[]", - "description": "array of strings- specify which ones to remove", + "description": "array of strings - specify which ones to remove.", "disabled": true }, { "key": "tags", "value": "[]", - "description": "array of strings - add tags", + "description": "array of strings - add tags.", + "disabled": true + }, + { + "key": "last_seen_time", + "value": "string", + "description": "string - A datetime (as an ISO-8601 timestamp) identifying when the asset was last seen.", + "disabled": true + }, + { + "key": "remove_override", + "value": "boolean", + "description": "boolean - A datetime (as an ISO-8601 timestamp) identifying when the asset was last seen.", "disabled": true }, { "key": "realtime", "value": "boolean", - "description": "Boolean - determines if indexing is required in real time or background", + "description": "Boolean - Assets will be updated synchronously if realtime is true. Please note that there is a limit of no more than 100 assets per realtime bulk update request.", "disabled": true } ] }, - "description": "Update multiple assets at a time using the bulk update endpoint. Update limit is 30,000 assets at a time.\r\n\r\nBy default we will index the assets in the background. In order to index your assets synchronously pass in the realtime parameter and set it to true.\r\n\r\nIn addition to the standard attributes on the \"asset\" parameter, you can also provide a \"remove_tags\" params: an array of strings that represent tags you would like removed, and a \"reset_tags\" param: a boolean value set to true if you would like to completely clear tags for each asset." + "description": "Update multiple assets at a time using the bulk update endpoint. Update limit is 30,000 assets at a time.\r\n\r\nBy default we will index the assets in the background. To index your assets synchronously, pass in the realtime parameter and set it to true.\r\n\r\nIn addition to the standard attributes on the \"asset\" parameter, you can also provide a \"remove_tags\" param: an array of strings that represent tags you would like removed, and a \"reset_tags\" param: a boolean value set to true if you would like to completely clear tags for each asset. If \"reset_tags\" is true, all tags will be removed from the assets regardless of source." }, "response": [] }, @@ -2166,7 +2451,7 @@ "key": "id", "value": "int32", "type": "string", - "description": "ID can be found in Kenna Platform in URL after selecting the asset" + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when the asset is selected" } ] }, @@ -2175,7 +2460,7 @@ "response": [] }, { - "name": "Download Zipped Data", + "name": "Download Zipped Asset Data", "request": { "method": "GET", "header": [], @@ -2190,12 +2475,12 @@ "download_data_zip" ] }, - "description": "Will return a gzipped file with the most recent data export of all of your assets. In order to arrange for a daily full data export please contact our tech support staff." + "description": "Returs a gzipped file with the most recent data export of all of your assets. To arrange for a daily full data export, contact Support. The format of the uncompressed data, is JSONL, JSON, or XML. This is determined when when you contact Support." }, "response": [] } ], - "description": "Kenna API use cases for Assets within the Kenna Platform." + "description": "Cisco Vulnerability Management API use cases for Assets in the Cisco Vulnerability Management." }, { "name": "Asset Tagging", @@ -2233,7 +2518,7 @@ "key": "id", "value": "int32", "type": "string", - "description": "ID can be found in Kenna Platform in URL after selecting the asset" + "description": "The asset ID." } ] }, @@ -2283,11 +2568,23 @@ "key": "id", "value": "int32", "type": "string", - "description": "ID can be found in Kenna Platform in URL after selecting the asset" + "description": "The asset ID." + }, + { + "key": "asset", + "value": "object", + "description": "Asset information.", + "disabled": true + }, + { + "key": "tags", + "value": "array of strings", + "description": "A string array of asset tags.", + "disabled": true } ] }, - "description": "Update a single asset by ID with given tags or tag. Supports either an array of tags, each tag wrapped in single or double quotes, or a single string with a comma separator." + "description": "Update a single asset based on ID by using a tag or tags. Supports either an array of tags, each tag wrapped in single or double quotes, or a single string with a comma separator." }, "response": [] }, @@ -2332,12 +2629,24 @@ { "key": "**{{id}} - field to be updated in the variable or URL above**", "value": "int32", - "description": "Asset ID found in the Kenna Platform URL when the asset is selected", + "description": "The asset ID.", + "disabled": true + }, + { + "key": "asset", + "value": "object", + "description": "Asset information.", + "disabled": true + }, + { + "key": "tags", + "value": "array of strings", + "description": "A string array of asset tags.", "disabled": true } ] }, - "description": "Update a single asset by ID removing given tags or tag. Supports either an array of tags, each tag wrapped in single or double quotes, or a single string with a comma separator." + "description": "Update a single asset by ID by removing a tag or tags. Supports either an array of tags, each tag wrapped in single or double quotes, or a single string with a comma separator. Requests to this endpoint will only remove taggings created through the UI or API." }, "response": [] } @@ -2364,18 +2673,18 @@ { "key": "page", "value": "int32", - "description": "int32 - The specific page being requested.", + "description": "int32 - The specific page being requested from 1 to 20.", "disabled": true }, { "key": "per_page", "value": "int32", - "description": "int32 - Number of Asset Groups per page. This differs from the typical default of 1000.", + "description": "int32 - Number of Asset Groups per page. The default is 30 and the maximum page size is 100.", "disabled": true } ] }, - "description": "Returns a list of all of your asset groups. Pagination defaults to a value of 30 asset groups per page, which differs from the typical default of 1000 items per page." + "description": "Returns a list of all of your asset groups. The default page size is 30, and the maximum page size is 100. The total number of asset groups, page number, and total number of pages are available in the meta data." }, "response": [] }, @@ -2398,7 +2707,7 @@ { "key": "**Update {{id}} in the URL above to reflect asset group ", "value": "int32", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group or risk meter ID.", "disabled": true } ] @@ -2427,7 +2736,7 @@ { "key": "**Update {{id}} in the URL above to reflect asset group ", "value": "int32", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group or risk meter ID.", "disabled": true } ] @@ -2480,29 +2789,27 @@ "response": [] }, { - "name": "Create Asset Group and Risk Meter", + "name": "Create Child Asset Group or Risk Meter", "request": { "method": "POST", "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"asset_group\":\r\n {\r\n \"name\":\"Test123\",\r\n \"query\":\r\n {\r\n \"status\": [\"active\"],\r\n \"tags\": [\"foo\", \"bar\"],\r\n \"vulnerability\":\r\n { \r\n \"q\":\"vulnerability_found:>now-90d AND closed_at:>now-1d\"\r\n }\r\n } \r\n }\r\n}\r\n", - "options": { - "raw": { - "language": "json" - } - } - }, "url": { - "raw": "https://{{API_URL}}/asset_groups", + "raw": "https://{{API_URL}}/asset_groups/{{parent_id}}/children", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "asset_groups" + "asset_groups", + "{{id}}" ], "query": [ + { + "key": "**{{id}} above in url (or variable) to be updated with asset group ID found in Cisco Vulnerability Management", + "value": null, + "description": "**Select asset group in Cisco Vulnerability Management and get asset id from the URL", + "disabled": true + }, { "key": "**All fields below are to updated in Body Params**", "value": null, @@ -2512,7 +2819,7 @@ { "key": "exclude_child_filter[]", "value": "array of strings", - "description": "array of strings - If you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "description": "array of strings - Asset Groups and Risk Meters normally require that assets have open vulnerabilities. If you would like to include all assets, including assets without open vulnerabilities, pass an array with the value of [\"Include all assets\"].", "disabled": true }, { @@ -2566,7 +2873,127 @@ { "key": "service_protocols[]", "value": "array of strings", - "description": "array of strings - An array of service protocols relating to your assets. Make sure all letters are lowercase.", + "description": "array of strings - An array of service protocols relating to your assets.", + "disabled": true + }, + { + "key": "status[]", + "value": "array of strings", + "description": "array of strings - An array of statuses for your assets which can include active and/or inactive. NOTE: By default, only active assets are returned when searching. You must specify the asset status you want in order to override that default.", + "disabled": true + }, + { + "key": "tags[]", + "value": "array of strings", + "description": "array of strings - An array of tag names associated with your assets.", + "disabled": true + }, + { + "key": "tag_boolean_mode", + "value": "string", + "description": "string - Set this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags.", + "disabled": true + }, + { + "key": "vulnerability: {id: []}", + "value": "array of integers", + "description": "array of integers - Vulnerability IDs. Search for all assets that have vulnerabilities with these IDs.", + "disabled": true + } + ] + }, + "description": "Creates a new child Asset Group or Risk Meter. The Hierarchical Risk Meters feature flag must be enabled to use this endpoint. When the Skip Calculations During Risk Meter Creation feature flag is enabled, asset_count, risk_meter_score, and true_risk_meter_score calculations are skipped on the response payload and the value is returned as null." + }, + "response": [] + }, + { + "name": "Create Asset Group or Risk Meter", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"asset_group\":\r\n {\r\n \"name\":\"Test123\",\r\n \"query\":\r\n {\r\n \"status\": [\"active\"],\r\n \"tags\": [\"foo\", \"bar\"],\r\n \"vulnerability\":\r\n { \r\n \"q\":\"vulnerability_found:>now-90d AND closed_at:>now-1d\"\r\n }\r\n } \r\n }\r\n}\r\n", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "https://{{API_URL}}/asset_groups", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "asset_groups" + ], + "query": [ + { + "key": "**All fields below are to updated in Body Params**", + "value": null, + "description": "**All fields below are to updated in Body Params**", + "disabled": true + }, + { + "key": "exclude_child_filter[]", + "value": "array of strings", + "description": "array of strings - If you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "disabled": true + }, + { + "key": "id[]", + "value": "array of integers", + "description": "array of integers - Array of asset ids", + "disabled": true + }, + { + "key": "min_priority", + "value": "int32", + "description": "int32 - Search for all assets that have a priority greater than this value.", + "disabled": true + }, + { + "key": "max_priority", + "value": "int32", + "description": "int32 - Search for all assets that have a priority less than this value.", + "disabled": true + }, + { + "key": "min_risk_meter_score", + "value": "int32", + "description": "int32 - Search for all assets that have a risk meter score greater than this value.", + "disabled": true + }, + { + "key": "operating_system[]", + "value": "array of strings", + "description": "array of strings - An array of the names of the operating systems associated with a set of assets.", + "disabled": true + }, + { + "key": "primary_locator[]", + "value": "array of strings", + "description": "array of strings - The primary locator used for an asset. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, fqdn, file, or application", + "disabled": true + }, + { + "key": "q", + "value": "string", + "description": "string - This can be any query string you want to search for, including a regex. We also have our own search syntax that enables you to search assets based on specific locators and fields. For more detailed documentation on our search syntax visit our Help Center. Below is an example of our search syntax being used to find all assets with the hostname foobar. As stated in our Help Center, it is also possible to use our search syntax on vulnerability fields. In order to apply a query for a vulnerability field to an asset search you must nest the query string under a vulnerability key. The example below shows how to search for all assets that relate to vulnerabilities that are connected to the Heartbleed CVE.", + "disabled": true + }, + { + "key": "service_ports[]", + "value": "array of strings", + "description": "array of strings - An array of ports relating to your assets.", + "disabled": true + }, + { + "key": "service_protocols[]", + "value": "array of strings", + "description": "array of strings - An array of service protocols relating to your assets. Make sure all letters are lowercase.", "disabled": true }, { @@ -2595,7 +3022,7 @@ } ] }, - "description": "Creates a new Asset Group and Risk Meter." + "description": "Creates a new Asset Group and Risk Meter. This API converts all filters into a querystring that can't exceed 8,000 characters. When the Skip Calculations During Risk Meter Creation feature flag is enabled, asset_count, risk_meter_score, and true_risk_meter_score calculations are skipped on the response payload and the value is returned as null." }, "response": [] }, @@ -2744,9 +3171,9 @@ ], "query": [ { - "key": "**{{id}} above in url (or variable) to be updated with asset group ID found in Kenna Platform", + "key": "**{{id}} above in url (or variable) to be updated with asset group ID found in Cisco Vulnerability Management", "value": null, - "description": "**Select asset group in Kenna Platform and get asset id from the URL", + "description": "**Select asset group in Cisco Vulnerability Management and get asset id from the URL", "disabled": true }, { @@ -2758,7 +3185,7 @@ { "key": "exclude_child_filter[]", "value": "array of strings", - "description": "array of strings - If you want to include all assets regardless of vulnerability filters, pass a value of [\"Include all assets\"]; otherwise, omit this parameter.", + "description": "array of strings - Asset Groups and Risk Meters normally require that assets have open vulnerabilities. If you would like to include all assets, including assets without open vulnerabilities, pass an array with the value of [\"Include all assets\"].", "disabled": true }, { @@ -2812,7 +3239,7 @@ { "key": "service_protocols[]", "value": "array of strings", - "description": "array of strings - An array of service protocols relating to your assets. Make sure all letters are lowercase.", + "description": "array of strings - An array of service protocols relating to your assets.", "disabled": true }, { @@ -2830,18 +3257,18 @@ { "key": "tag_boolean_mode", "value": "string", - "description": "string - Set this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags. For example, if you want to return all assets the have the tag foo and the tag bar your request would look like this:", + "description": "string - Set this to 'all' if you would like to return assets that contain all of the tags in your query rather than assets that contain any of the tags.", "disabled": true }, { "key": "vulnerability: {id: []}", "value": "array of integers", - "description": "array of integers - Vulnerability ids. Search for all assets that have vulnerabilities with these ids.", + "description": "array of integers - Vulnerability IDs. Search for all assets that have vulnerabilities with these IDs.", "disabled": true } ] }, - "description": "Update a single asset group's attributes by ID. This will update the asset group's risk meter as well." + "description": "Update a parent asset group or risk meter attributes by ID. This API converts all filters into a querystring that can't exceed 8,000 characters." }, "response": [] }, @@ -2864,22 +3291,56 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group or risk meter ID.", "disabled": true } ] }, - "description": "Delete as asset group using its ID. This also deletes its risk meter." + "description": "Delete an asset group or risk meter using its ID. Note: A child or descendant asset group cannot be deleted via the API. Use the UI to delete the child or descendant asset group." }, "response": [] } ] }, + { + "name": "Calculate Asset Group Metric", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/asset_groups/{id}/metric_name/{metric_name}", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "asset_groups", + "{{id}}" + ], + "query": [ + { + "key": "**Update {{metric_name}} in the URL above to reflect asset group", + "value": "int32", + "description": "The asset group or risk meter ID.", + "disabled": true + }, + { + "key": "**Update {{id}} in the URL above to reflect asset group", + "value": "int32", + "description": "The name of the metric used to calculate the new value for the asset group.", + "disabled": true + } + ] + }, + "description": "Returns a newly calculated metric value for an asset group based on its ID and the specified metric name." + }, + "response": [] + }, { "name": "Asset Group Reporting", "item": [ { - "name": "Historical Mean Time To Remediate by Risk Level", + "name": "Historical Mean Time To Remediate Findings by Risk Level", "request": { "method": "GET", "header": [], @@ -2899,7 +3360,7 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group identification number.", "disabled": true }, { @@ -2910,13 +3371,13 @@ { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 days ago.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you wish to report on. Defaults to 30 days ago.", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -2928,17 +3389,17 @@ } ] }, - "description": "Returns a listing of the historical Mean Time To Remediate by Risk Level (MTTR) for the Asset Group ID provided." + "description": "Returns a list of Mean Time To Remediate (MTTR) findings in days based on the Risk Level for the provided Asset Group ID." }, "response": [] }, { - "name": "Historical Risk Meter Scores", + "name": "Historical Mean Time To Remediate Vulnerabilities by Risk Level", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/asset_groups/:id/report_query/historical_risk_meter_scores", + "raw": "https://{{API_URL}}/asset_groups/:id/report_query/historical_mean_time_to_remediate_by_risk_level", "protocol": "https", "host": [ "{{API_URL}}" @@ -2947,31 +3408,79 @@ "asset_groups", ":id", "report_query", - "historical_risk_meter_scores" + "historical_mean_time_to_remediate_by_risk_level" ], "query": [ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group identification number.", "disabled": true }, { "key": "all_time", - "value": "boolean", - "description": "boolean- Setting this parameter to any value will retrieve the MTTR for the asset group for its whole lifetime. This parameter overrides the start_date and end_date parameters.", + "value": "true", + "description": "boolean- Setting this parameter to any value will retrieve the MTTR for the asset group for its whole lifetime. This parameter overrides the start_date and end_date parameters." + }, + { + "key": "start_date", + "value": "string", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you wish to report on. Defaults to 30 days ago.", + "disabled": true + }, + { + "key": "end_date", + "value": "string", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "189941", + "description": "The asset group or risk meter ID." + } + ] + }, + "description": "Returns a list of Mean Time To Remediate (MTTR) vulnerabilities in days by Risk Level specified by the Asset Group ID." + }, + "response": [] + }, + { + "name": "Historical Risk Meter Scores", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/asset_groups/:id/report_query/historical_risk_meter_scores", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "asset_groups", + ":id", + "report_query", + "historical_risk_meter_scores" + ], + "query": [ + { + "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", + "value": "int32 (in path)", + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when risk meter is selected", "disabled": true }, { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 days ago.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 days ago.", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -2983,7 +3492,7 @@ } ] }, - "description": "Returns a listing of the historical Risk Meter scores for the Asset Group ID provided. If a start or end date is not provided, this endpoint defaults to returning risk meter scores for all time for the specified Asset Group." + "description": "Returns a list of the historical Risk Meter scores for the Asset Group ID provided. If a start or end date is not provided, this endpoint defaults to returning risk meter scores for all time for the specified Asset Group." }, "response": [] }, @@ -3008,19 +3517,19 @@ { "key": "**Update {{id}} in the URL above (or in the variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "Asset group id can be found in the Cisco Vulnerability Management URL when risk meter is selected", "disabled": true }, { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 days ago.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 days ago.", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -3032,7 +3541,7 @@ } ] }, - "description": "Returns a listing of the historical Vulnerability Risk Category (\"High\", \"Medium\", \"Low\") counts for the Asset Group ID provided. If a start or end date is not provided, this endpoint defaults to returning data for all time for the specified Asset Group." + "description": "Returns a list of the historical Vulnerability Risk Category (\"High\", \"Medium\", \"Low\") counts for the Asset Group ID provided. If a start or end date is not provided, this endpoint defaults to returning data for all time for the specified Asset Group." }, "response": [] }, @@ -3085,6 +3594,43 @@ }, "response": [] }, + { + "name": "Total Past Due Vulnerabilities by Risk Level", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/asset_groups/:id/report_query/total_past_due_vulnerabilities_by_risk_level", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "asset_groups", + ":id", + "report_query", + "total_past_due_vulnerabilities_by_risk_level" + ], + "query": [ + { + "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", + "value": "int32 (in path)", + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when risk meter is selected", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "integer", + "description": "The asset group or risk meter ID." + } + ] + }, + "description": "Returns the count of vulnerabilities for an asset group that are past their assigned due dates, sorted by high, medium and low risk vulnerabilities." + }, + "response": [] + }, { "name": "Vulnerabilities by Due Date", "request": { @@ -3106,7 +3652,7 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when risk meter is selected", "disabled": true } ], @@ -3114,7 +3660,7 @@ { "key": "id", "value": "integer", - "description": "Risk meter ID" + "description": "The asset group or risk meter ID." } ] }, @@ -3143,19 +3689,19 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group or risk meter ID.", "disabled": true }, { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 ", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 days ago.", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -3163,7 +3709,7 @@ { "key": "id", "value": "integer", - "description": "Risk meter ID" + "description": "The asset group or risk meter ID." } ] }, @@ -3192,19 +3738,19 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "Asset group ID can be found in the Cisco Vulnerability Management URL when risk meter is selected.", "disabled": true }, { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 ", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 ", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -3212,7 +3758,7 @@ { "key": "id", "value": "integer", - "description": "Risk meter ID" + "description": "The asset group or risk meter ID." } ] }, @@ -3221,7 +3767,7 @@ "response": [] }, { - "name": "False Positive by Risk Level Over Time", + "name": "False Positives by Risk Level Over Time", "request": { "method": "GET", "header": [], @@ -3241,26 +3787,27 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect asset group ", "value": "int32 (in path)", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected", + "description": "The asset group or risk meter ID.", "disabled": true }, { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 ", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 days ago.", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], "variable": [ { "key": "id", - "value": "" + "value": "integer", + "description": "The asset group or risk meter ID." } ] }, @@ -3294,13 +3841,13 @@ { "key": "start_date", "value": "string", - "description": "string - The iso timestamp of the start date of the period you wish to report on. Defaults to 30 ", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the start date of the period you want to report on. Defaults to 30 ", "disabled": true }, { "key": "end_date", "value": "string", - "description": "string - The iso timestamp of the end date of the period you wish to report on. Defaults to today.", + "description": "string - The ISO-8601 timestamp (YYYY-MM-DD) of the end date of the period you want to report on. Defaults to today.", "disabled": true } ], @@ -3308,7 +3855,7 @@ { "key": "id", "value": "integer", - "description": "Asset group id can be found in Kenna platform URL when risk meter is selected" + "description": "The asset group or risk meter ID." } ] }, @@ -3339,7 +3886,7 @@ } ] }, - "description": "Refresh all reporting data. Only one client report refresh can be run at a time. If the scheduled client report refresh or a manual refresh is already running you will not be able to manually kick off a new one until the one currently running is finished." + "description": "Refresh all reporting data. Only one client report refresh can be run at a time. If the scheduled client report refresh or a manual refresh is already running, you will not be able to manually kick off a new one until the one currently running is finished." }, "response": [] }, @@ -3366,7 +3913,7 @@ } ] }, - "description": "Get status of reporting data refresh . Only one client report refresh can be run at a time. If the scheduled client report refresh or a manual refresh is already running you will not be able to manually kick off a new one until the one currently running is finished." + "description": "Get status of reporting data refresh. Only one client report refresh can be run at a time. If the scheduled client report refresh or a manual refresh is already running you will not be able to manually kick off a new one until the one currently running is finished." }, "response": [] } @@ -3422,7 +3969,7 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect connector identifier", "value": "int32 above", - "description": "Connector id can be found in Kenna platform URL when connector is selected", + "description": "The Connector ID.", "disabled": true }, { @@ -3433,7 +3980,7 @@ { "key": "name", "value": "string", - "description": "string- The name used to identify this connector within Kenna.", + "description": "string- The name used to identify this connector in Cisco Vulnerability Management.", "disabled": true }, { @@ -3504,7 +4051,7 @@ { "key": "**Update {{id}} in the URL above (or variable) to reflect connector identifier", "value": "int32 above", - "description": "Connector id can be found in Kenna platform in URL when selected from connector tab", + "description": "The connector ID from the List Connectors API.", "disabled": true } ] @@ -3534,18 +4081,18 @@ { "key": "**Update connector run {{id}} in the URL above (or variable) to reflect connector run identifier", "value": "int32 above", - "description": "Connector id can be found from UI when selected", + "description": "The connector ID.", "disabled": true }, { "key": "**Update connector run {{connector_run_id}}} in the URL above (or variable) to reflect connector run identifier", "value": null, - "description": "Connector run id can be found from API \"List ", + "description": "The connector run ID which can be obtained from the List Connectors API or the UI -> Connectors.", "disabled": true } ] }, - "description": "Return a single connector run by ID." + "description": "Return information about a single connector run by ID." }, "response": [] }, @@ -3593,25 +4140,25 @@ { "key": "{{**Update params below in body tab - doco only below **}}", "value": null, - "description": "{{**Update params below in body tab - doco only below **}}", + "description": "The connector ID. The connector ID can found in the List Connectors API endpoint.", "disabled": true }, { - "key": "file", - "value": "file name", - "description": "File to be uploaded and associated with connector", + "key": "encoding", + "value": "string", + "description": "string - Compression encoding of the file input. Currently 'deflate' is the only valid value, which implies Python's zlib.compressobj(). Default is null.", "disabled": true }, { - "key": "encoding", - "value": "string", - "description": "string - Compression encoding (or absent, currently deflate is the only valid encoding if this parameter is present) of the file input.", + "key": "file", + "value": "file name", + "description": "File name to be uploaded to the associated connector. This is a fully qualifed path name.", "disabled": true }, { "key": "run", "value": "boolean", - "description": "boolean \"true\" if you want the connector to run immediately after the file has been uploaded", + "description": "boolean \"true\" The value true implies that the connector will run immediately after the file has been uploaded. Default is false.", "disabled": true } ], @@ -3624,7 +4171,7 @@ } ] }, - "description": "Uploads a data file to a file based connector.\r\n\r\n-- Including the parameter \"Content-Type: application/json\" in the header will result in a 422 Unprocessable Entity.\r\n-- Including the parameter \"run: true\", refer to the response from the Run Connector endpoint." + "description": "Uploads a data file to a file based connector specified by the ID. The ID can be found from the List Connectors API. The file format is dependent on the connector specified by the ID. In most cases, the file format is the Data Importer format. This is a JSON format that specifies assets and vulnerabilities.\r\n\r\n-- Including the parameter \"Content-Type: application/json\" in the header will result in a HTTP status code 400.\r\n-- If including the parameter \"run: true\", refer to the response from the Run Connector endpoint." }, "response": [] }, @@ -3648,7 +4195,7 @@ { "key": "data_files[]", "value": "array of integers", - "description": "array of integers - associated with data files uploaded. Defaults to the most recently updated if not specified.\n", + "description": "array of integers - The data file ID from the Upload Data File API.\n", "disabled": true } ], @@ -3657,7 +4204,7 @@ "key": "id", "value": "int32 above", "type": "string", - "description": "Connector id can be found in Kenna platform in URL when selected from connector tab" + "description": "The connector ID. This can be obtained from the List Connectors API or the UI -> Connectors." } ] }, @@ -3689,6 +4236,47 @@ }, "response": [] }, + { + "name": "Search users", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/users", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "users", + "search" + ], + "query": [ + { + "key": "firstname", + "value": "string", + "description": "string\nSearch for all users that have this first name.", + "disabled": true + }, + { + "key": "lastname", + "value": "string", + "description": "string\nSearch for all users that have this last name.", + "disabled": true + }, + { + "key": "email", + "value": "string", + "description": "string\nSearch for the user that has this email address.", + "disabled": true + } + ] + }, + "description": "Filters users by a given set of input parameters and returns the filtered users and the total number of users in the filtered set." + }, + "response": [] + }, + { "name": "Show User", "request": { @@ -3707,13 +4295,13 @@ "variable": [ { "key": "id", - "value": "", + "value": "int32", "type": "string", - "description": "Kenna ID for user found in the Kenna Platform when user is selected" + "description": "Cisco Vulnerability Management ID for the user found in Cisco Vulnerability Management when user is selected" } ] }, - "description": "Returns a single user by ID." + "description": "Returns information about a single user by ID." }, "response": [] }, @@ -3754,48 +4342,48 @@ { "key": "**email", "value": "string", - "description": "string - The user will need an email address in order to login to Kenna.", + "description": "string - The user will need an email address to log in to Cisco Vulnerability Management.", "disabled": true }, { "key": "**firstname", "value": "string", - "description": "sring - first nameof the user", + "description": "string - First Name of the user", "disabled": true }, { "key": "**lastname", "value": "string", - "description": "string - last name of the user", + "description": "string - Last Name of the user", "disabled": true }, { - "key": "**role", - "value": "string", - "description": "string - role assigned to a user", + "key": "**roles", + "value": "array of strings", + "description": "array of strings - The roles assigned to a user, required if role_ids is not provided", "disabled": true }, { - "key": "**phone", - "value": "string", - "description": "string - The user's phone number", + "key": "**role_ids", + "value": "array of integers", + "description": "array of integers - The role IDs assigned to a user, required if roles is not provided", "disabled": true }, { - "key": "**current_password", + "key": "**external_id", "value": "string", - "description": "string - Existing password, if you wish to update the user's password", + "description": "string - A client defined string; for example, an internal Active Directory account name.", "disabled": true }, { - "key": "**password", + "key": "**phone", "value": "string", - "description": "string - New password, if you wish to update the user's password. current_password must be provided correctly, or this operation will fail.", + "description": "string - The user's phone number", "disabled": true } ] }, - "description": "Creates a single user and returns the record." + "description": "Creates a single user and returns the record. Creates a single user and returns the record. You can assign up to ten roles per user with the new \"Multiple Roles Per User\" feature. Use \"roles\" or \"role_ids\" in the request, \"role\" is no longer supported after Sep 08, 2021." }, "response": [] }, @@ -3806,7 +4394,7 @@ "header": [], "body": { "mode": "raw", - "raw": "{\r\n \"user\":\r\n {\r\n \"firstname\": \"Steve\",\r\n \"lastname\": \"Allen\",\r\n \"roles\": [\"normal user\", \"custom_user\"],\r\n \"role_ids\": [4422, 4433], \"phone\": \"\",\r\n \"current_password\": \"\", \"password\": \"\" }\r\n }", + "raw": "{\r\n \"user\":\r\n {\r\n \"email\": \"sallen@example.com\",\r\n \"firstname\": \"Steve\",\r\n \"lastname\": \"Allen\",\r\n \"roles\": [\"normal user\", \"custom_user\"],\r\n \"role_ids\": [4422, 4433], \r\n \"external_id\": \"1234567\", \"phone\": \"\",\r\n \"current_password\": \"\", \"password\": \"\" }\r\n }", "options": { "raw": { "language": "json" @@ -3840,11 +4428,11 @@ "key": "id", "value": "int32", "type": "string", - "description": "int32 - found in Kenna Platform when user is selected" + "description": "int32 - found in Cisco Vulnerability Management when user is selected" } ] }, - "description": "Update a single user's attributes by ID." + "description": "Update a single user's attributes by ID. You can assign up to ten roles per user with the new \"Multiple Roles Per User\" feature. \r\n\r\nUse roles or role_ids in the request, role is no longer supported after Sep 08, 2021.\r\n\r\nImportant: All of the user's roles or role_ids should be provided in the arrays including the existing ones and the new ones, any existing roles or role_ids that are not included in the arrays will be unassigned from the user. For more details, see the Understanding Multiple Roles per User help article (https://help.kennasecurity.com/hc/en-us/articles/4405055529236-Understanding-Multiple-Roles-per-User)." }, "response": [] }, @@ -3875,9 +4463,9 @@ "variable": [ { "key": "id", - "value": "int32", - "type": "string", - "description": "int32 - found in Kenna Platform when user is selected" + "value": "User ID", + "type": "int32", + "description": "int32 - found in Cisco Vulnerability Management when user is selected" } ] }, @@ -3929,14 +4517,15 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - id of the role found in Kenna when it is selected" + "description": "int32 - ID of the role found in Cisco Vulnerability Management when it is selected." } ] }, - "description": "Returns a single role by ID." + "description": "Returns information about a single role by ID." }, "response": [] }, + { "name": "Create Role", "request": { @@ -3965,7 +4554,7 @@ { "key": "**All Params updated in Body Tab", "value": null, - "description": "role - object\nname - string - The name of the role.\naccess_level - string - The access level assigned to the role. This must be either \"read\" or \"write\"\nasset_groups - array of strings - An array of asset group names that you want associated with the role. If an asset group name cannot be found an error will be returned.\nasset_groups - array of strings - An array of asset group names that you want associated with the role. If an asset group name cannot be found an error will be returned.\napplications - array of strings - An array of application names to add to a role's set of applications.", + "description": "role - object\nname - string - The name of the role.\ndescription - string - The description of the role\naccess_level - string - The access level assigned to the role. This must be either \"read\" or \"write\"\nasset_group_ids - array of integers - An array of asset group IDs that you want associated with the role. If an asset group cannot cannot be found an error will be returned.\napplications - array of strings - An array of application names to add to a role's set of applications.\nasset_groups [DEPRECATED] - array of strings - An array of asset group names that you want associated with the role. If an asset group name cannot be found an error will be returned. Because name conflicts will cause an error, we suggest using asset_group_ids instead.", "disabled": true } ] @@ -3974,6 +4563,45 @@ }, "response": [] }, + { + "name": "Bulk Update Permissions", + "request": { + "method": "PUT", + "header": [], + "url": { + "raw": "https://{{API_URL}}/roles/update_permissions_in_bulk", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "update_permissions_in_bulk" + ], + "query": [ + { + "key": "**All parms below updated in Body", + "value": "Items below for doc", + "description": "**All parms updated in Body", + "disabled": true + }, + { + "key": "roles", + "value": "array of objects", + "description": "array of objects - Roles to be updated.", + "disabled": true + }, + { + "key": "realtime", + "value": "boolean", + "description": "boolean - Roles' permissions will be updated synchronously if \"realtime\" is true. Note that there is a limit of no more than 1000 roles per realtime bulk update request.", + "disabled": true + } +] +}, + "description": "Allow admins to bulk update permissions of custom roles. Currently the end point supports enabling/disabling home page and AppSec reporting page access for custom roles. Update limit is 10,000 permissions at a time. By default we will index the permissions in the background and it responds with {\"result\":\"Your request to update permissions in bulk is being processed in the background.\"} after receiving the request, updated changes can be seen in the UI under \"Roles\" or by invoking the \"List Roles\" API. In order to index your permissions synchronously, pass in the \"realtime\" parameter and set it to true." + }, + "response": [] + }, { "name": "Update Role", "request": { @@ -4010,11 +4638,11 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - id of the role found in Kenna when selected" + "description": "int32 - ID of the role found in Cisco Vulnerability Management when selected." } ] }, - "description": "Update a single role's attributes by ID.\r\n\r\nWhen updating asset groups for a role, all current asset groups for a role will be over written by the array passed in the update params. To add asset groups to a role without overwriting a role's current asset groups use the add_asset_groups endpoint. If you would like to update custom role permissions, please use the custom_permissions endpoint." + "description": "Update a single role's attributes by ID.\r\n\r\nWhen updating asset groups for a role, all current asset groups for a role will be over written by the array passed in the update params. To add asset groups to a role without overwriting a role's current asset groups, use the add_asset_groups endpoint. If you would like to update custom role permissions, use the custom_permissions endpoint." }, "response": [] }, @@ -4045,9 +4673,9 @@ ], "query": [ { - "key": "**asset_groups - updated in body tab", + "key": "**asset_group_ids - updated in body tab", "value": "array of strings", - "description": "array of strings - An array of asset group names to add to a role's existing set of asset groups.", + "description": "array of strings - An array of asset group ids that you want associated with the role. If an asset group cannot cannot be found an error will be returned.", "disabled": true } ], @@ -4056,11 +4684,11 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - ID of role found in the Kenna platform when selected" + "description": "int32 - ID of role found in Cisco Vulnerability Management when selected." } ] }, - "description": "Update a single role's attributes by ID." + "description": "Add asset groups to a role by ID." }, "response": [] }, @@ -4102,11 +4730,11 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - ID of role found in Kenna platform after it is selected" + "description": "int32 - ID of role found in Cisco Vulnerability Management after it is selected." } ] }, - "description": "Update a single role's attributes by ID." + "description": "Add applications to a role by ID." }, "response": [] }, @@ -4176,16 +4804,241 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - found for role in UI" + "description": "int32 - The role to update, the ID can be found in the UI." } ] }, - "description": "Update custom role permissions." + "description": "Update custom role permissions by role ID." }, "response": [] } ] }, + { + "name": "Stacks", + "item": [ + { + "name": "Show Stack", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks/{id}", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Return information about a stack by ID." + }, + "response": [] + }, + { + "name": "Delete Stack", + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks/{id}", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Delete a Stack using its ID." + }, + "response": [] + }, + { + "name": "Update Stack", + "request": { + "method": "PUT", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks/{id}", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks", + ":id" + ], + "query": [ + { + "key": "**Update in Body Tab", + "value": "**Doc Only -->>", + "description": "stack\nobject\n\nname\nstring\nThe new name of the stack\n\napplication_ids\narray of integers\napplication_ids\n\nAn array containing application IDs that will replace the current IDs in the stack\n\nasset_search_ids\narray of integers\nasset_search_ids\n\nAn array containing asset IDs that will replace the current IDs the stack", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Update a stack by its ID." + }, + "response": [] + }, + { + "name": "Stack's Application statistics", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks/{id}/stats/applications", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks", + ":id", + "stats", + "applications" + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Return the application statistics about a stack by ID." + }, + "response": [] + }, + { + "name": "Stack's Asset Groups statistics", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks/{id}/stats/asset_groups", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks", + ":id", + "stats", + "asset_groups" + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Return the asset groups statistics about a stack by ID." + }, + "response": [] + }, + { + "name": "List Stacks", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks" + ], + "query": [ + { + "key": "page", + "value": "int32", + "description": "int32 - The specific page being requested from 1 to the total number of pages returned in the meta object.", + "disabled": true + }, + { + "key": "per_page", + "value": "int32", + "description": "int32 - The page size from 1 to 5,000. Default page size is 100.", + "disabled": true + } + ] + }, + "description": "Returns a list of all of your stacks. The default page size is 100, and the maximum page size is 100." + }, + "response": [] + }, + { + "name": "Create Stack", + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "https://{{API_URL}}/stacks", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "stacks" + ], + "query": [ + { + "key": "**Update in Body Tab", + "value": "**Doc Only -->>", + "description": "stack\nobject\n\nname\nstring\nThe name of the stack\n\napplication_ids\narray of integers\napplication_ids\n\nasset_search_ids\narray of integers\nasset_search_ids", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "Stack ID", + "type": "int32", + "description": "int32 - ID of the stack found in Cisco Vulnerability Management when it is selected." + } + ] + }, + "description": "Creates a Stack and returns the created stack details." + }, + "response": [] + } + ] + }, { "name": "Fixes", "item": [ @@ -4207,13 +5060,13 @@ { "key": "page", "value": "int32", - "description": "which page to list", + "description": "The specific page being requested from 1 to the total number of pages returned in the meta object.", "disabled": true }, { "key": "per_page", "value": "int32", - "description": "number to display per page", + "description": "Number of Fixes per page. The default is 25 and the maximum page size is 100.", "disabled": true } ] @@ -4246,14 +5099,14 @@ }, { "key": "id[]", - "value": "int32", - "description": "array of integers - Search for all fixes related to vulnerabilities that are connected to a set of assets.\n\nid\n\n", + "value": "string", + "description": "string - Search for all fixes related to vulnerabilities that are connected to a set of assets.\n\nid\n\n", "disabled": true }, { "key": "status[]", - "value": "array of strings", - "description": "array of strings - By default, only fixes for vulnerabilities with active assets are returned. To override this default specify the status param for an asset as shown. Status choices are active and inactive.", + "value": "string", + "description": "string - By default, only fixes for vulnerabilities with active assets are returned. To override this default, specify the status parameter for an asset as shown. Status choices are active and inactive.", "disabled": true }, { @@ -4295,19 +5148,25 @@ { "key": "max_risk_meter_score", "value": "int32", - "description": "int32 - Find all fixes for vulnerabilities with risk scores less than this value.", + "description": "int32 - Find all fixes for vulnerabilities with risk scores less than or equal to this value.", "disabled": true }, { "key": "min_risk_meter_score", "value": "int32", - "description": "int32 - Find all fixes for vulnerabilities with risk scores greater than this value.", + "description": "int32 - Find all fixes for vulnerabilities with risk scores greater than or equal to this value.", + "disabled": true + }, + { + "key": "page", + "value": "int32", + "description": "int32 - The specific page being requested from 1 to the total number of pages returned in the meta object.", "disabled": true }, { "key": "pci_related[]", "value": "array of booleans", - "description": "array of booleans - An array of booleans to filter for PCI related vulnerabilities.", + "description": "array of booleans - An array of booleans to filter for Payment Card Industry related vulnerabilities", "disabled": true }, { @@ -4322,12 +5181,6 @@ "description": "array of integers - An array of ports associated with your vulnerabilities.", "disabled": true }, - { - "key": "search_id", - "value": "int32", - "description": "int32 - The ID of a risk meter group to retrieve fixes for. Other parameters are ignored if search_id is provided.", - "disabled": true - }, { "key": "service_ticket_status", "value": "array of strings", @@ -4343,7 +5196,7 @@ { "key": "top_priority[]", "value": "array of booleans", - "description": "array of booleans - An array of booleans for filtering your vulnerabilities by those that Kenna recommends should be a top priority to fix.", + "description": "array of booleans - An array of booleans for filtering your vulnerabilities by those that Cisco Vulnerability Management recommends should be a top priority to fix.", "disabled": true }, { @@ -4366,7 +5219,7 @@ } ] }, - "description": "Filters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes as well as the total number of fixes. By default, only fixes for open vulnerabilities with active assets are returned. Results are paginated in pages of 100. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all fixes belonging to vulnerabilities with status=[\"open\"] and port=[\"443\", \"80\"] you will receive all fixes for open vulnerabilities that have either port 443 or port 80. This is shown in the CURL example below." + "description": "Filters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes as well as the total number of fixes. By default, only fixes for open vulnerabilities with active assets are returned. The default page size is 25, the maximum page size is 5,000. The total number of alternative fixes, page number, and total number of pages are available in the meta data. \r\n\r\nEach unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all fixes belonging to vulnerabilities with status=[\"open\"] and port=[\"443\", \"80\"] you will receive all fixes for open vulnerabilities that have either port 443 or port 80." }, "response": [] }, @@ -4390,11 +5243,11 @@ "key": "id", "value": "", "type": "string", - "description": "int32 - found in Kenna when fix is selected" + "description": "int32 - The fix ID." } ] }, - "description": "Returns a single fix by ID." + "description": "Returns information about a single fix by ID." }, "response": [] }, @@ -4414,12 +5267,26 @@ ":id", "alternatives" ], + "query": [ + { + "key": "page", + "value": "int32", + "description": "The specific page being requested from 1 to the total number of pages returned in the meta object.", + "disabled": true + }, + { + "key": "per_page", + "value": "int32", + "description": "Number of Fixes per page. The default is 25 and the maximum page size is 100.", + "disabled": true + } + ], "variable": [ { "key": "id", "value": "", "type": "string", - "description": "int32 - found in Kenna when fix is selected" + "description": "int32 - The fix ID." } ] }, @@ -4430,138 +5297,317 @@ ] }, { - "name": "Applications", + "name": "Integrations", "item": [ { - "name": "List Applications", + "name": "ServiceNow List Fixes", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/applications", + "raw": "https://{{API_URL}}/integrations/service_now/fixes", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "applications" + "service_now", + "fixes" + ], + "query": [ + { + "key": "page", + "value": "int32", + "description": "int32 - The specific page being requested from 1 to 20.", + "disabled": true + }, + { + "key": "per_page", + "value": "int32", + "description": "int32 - Number of Asset Groups per page. The default is 30 and the maximum page size is 100.", + "disabled": true + } ] }, - "description": "Returns a list of all of your applications." + "description": "List fixes in a ServiceNow format. The default page size is 1,000, the maximum page size is 1,000. The total number of asset groups, page number, and total number of pages are available in the meta data. Note: The functionality of this ServiceNow fix endpoint is intended to be migrated in the future. Updates and instructions on new endpoint will be provided in advance of any migration." }, "response": [] + } + ] + }, { + "name": "ServiceNow Search Vulnerabilities", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/integrations/service_now/vulnerabilities", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "service_now", + "vulnerabilites" + ], + "query": [ + { + "key": "classification[]", + "value": "array of strings", + "description": "array of strings - Find all vulnerabilities matching the specified classifications.", + "disabled": true + }, + { + "key": "page", + "value": "int32", + "description": "int32 - The page number starting from 1. Pages must be requested sequentially, in serial, for accurate results.", + "disabled": true + }, + { + "key": "per_page", + "value": "int32", + "description": "int32 - The page size from 500 to 10,000. Default is 10,000.", + "disabled": true + }, + { + "key": "q", + "value": "string", + "description": "string - Additional text search parameters are documented in the Cisco Vulnerability Management Search Terms article on the help site (https://help.kennasecurity.com/hc/en-us/articles/206280593-Cisco-Vulnerability-Management-Search-Terms), in the section \"Vulnerability Terms\". Example q=tag:(mytag+AND+thetag).", + "disabled": true + }, + { + "key": "search_id", + "value": "int32", + "description": "int32 - The ID of a risk meter group to retrieve vulnerabilities for. Other parameters are ignored if search_id is provided.", + "disabled": true + } + ] }, + "description": "Filters vulnerabilities by a given set of parameters and returns the filtered vulnerabilities as well as the total number of vulnerabilities in the filtered set. The default page size is 10,000, the maximum page size is 10,000.\r\n\r\nBy default, only open vulnerabilities with active assets are returned. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all vulnerabilities with status=[\"open\"] and classification[]=CVE you will receive all open vulnerabilities that have CVEs.\r\n\r\nNote: The functionality of this ServiceNow fix endpoint is intended to be migrated in the future. Updates and instructions on new endpoint will be provided in advance of any migration." + }, + "response": [] + }, + { + "name": "Remediation Score", + "item": [ { - "name": "Show Application", + "name": "Show Remediation Score", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/applications/:id", + "raw": "https://{{API_URL}}/reports/remediation_score", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "applications", - ":id" - ], - "query": [ - { - "key": "doc only>>", - "value": "doc only>>", - "description": "Response attribute\tDescription\nid\tThe unique identifier in the Kenna system\nname\tName of the application\nrepo_url\tURL of the repository for the application\nhost_name\tHost Name of the application\nowner\tOwner of the application\nteam_name\tTeam Name of the application\nbusiness_units\tBusiness Units of the application\nnotes\tNotes for the application\nrisk_meter_score\tRisk meter score of the application\nvulnerability_count\tNumber of vulnerabilities associated with an application\nasset_count\tNumber of assets associated with the application\ntotal_vulnerability_count\tNumber of vulnerabilities associated with an application including closed vulnerabilities and vulnerabilities on inactive assets\nopen_vulnerability_count_by_risk_level\tNumber of vulnerabilities open vulnerabilities separated by high risk, medium risk, low risk, and total\nidentifiers\tArray of identifiers for the application\nexternal_facing\tTrue if the application is external facing.\npriority\tPriority of application, on a scale of 1 (low) to 10 (high).", - "disabled": true - } - ], - "variable": [ - { - "key": "id", - "value": "int32", - "type": "string", - "description": "int32 - ID of application found in Kenna when selected" - } + "reports", + "remediation_score" ] }, - "description": "Return a single application by ID." + "description": "Returns Remediation Score, which is a measurement of how well an organization is addressing the risk on a group of assets. This is different than the Risk Score, which is not performance based, but the point-in-time level of risk on a group of assets. Remediation Score is calculated through four metrics on an organization's vulnerabilities (both open and closed) related to the organization's assets. The four metrics of a Remediation Score are: Coverage, Efficiency, Velocity, and Capacity. This API endpoint is a premium feature, depending on your subscription you may not have access." }, "response": [] - }, + } + ] + }, + { + "name": "SLA Adherence", + "item": [ { - "name": "Update Application", + "name": "Show SLA Adherence", "request": { - "method": "PUT", + "method": "GET", "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"application\": {\r\n \"name\": \"Demo Test 12\",\r\n \"repo_url\": \"Demo repo URL\",\r\n \"host_name\": \"Demo host name\",\r\n \"owner\": \"Demo owner\",\r\n \"team_name\": \"Demo team\",\r\n \"business_units\": \"Demo business units\",\r\n \"notes\": \"Demo notes\",\r\n \"priority\": 10,\r\n \"identifiers\": [\r\n \"demo2\",\"demo3\"\r\n ]\r\n }\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, "url": { - "raw": "https://{{API_URL}}/applications/:id", + "raw": "https://{{API_URL}}/reports/sla_adherences", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "applications", - ":id" - ], - "query": [ - { - "key": "{{id}} - ** updated in path above or variable", - "value": "int32", - "description": "int32 - id of application found in Kenna when selected", - "disabled": true - }, - { - "key": "**Items to be updated in Body Tab", - "value": "doc only>>", - "description": "application\nobject\n\nbusiness_units\nstring\nBusiness units for the application\n\nexternal_facing\nboolean\nSet this to true if your application is external facing.\n\n\ntrue\nidentifiers\narray of strings\nArray of identifiers for the application\n\nidentifiers\n\nhost_name\nstring\nName of the host where the application is deployed\n\nname\nstring\nName of the application\n\nnotes\nstring\nAny notes regarding the application\n\nowner\nstring\nName of the application owner\n\npriority\nint32\nThe priority of your application, on a scale of 1 (low priority) to 10 (high priority).\n\n10\nrepo_url\nstring\nURL to the code repository for the application\n\nteam_name\nstring\nName of the team responsible for the application\n\n", - "disabled": true - } - ], - "variable": [ - { - "key": "id", - "value": "245134", - "type": "string" - } + "reports", + "sla_adherences" ] }, - "description": "Update a single application's attributes by ID." + "description": "Returns Service Level Agreement (SLA) adherence metrics from up to the last 60 days. Note: If vulnerability metric (low, medium, high) does not have data, it will not be shown." }, "response": [] - }, + } + ] + }, + { + "name": "High Risk Vulnerability Densities", + "item": [ { - "name": "Delete Application", + "name": "Show High Risk Vulnerability Densities", "request": { - "method": "DELETE", + "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/applications/:id", + "raw": "https://{{API_URL}}/reports/vulnerability_densities", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "applications", - ":id" - ], - "variable": [ - { - "key": "id", - "value": "int32", + "reports", + "vulnerability_densities" + ] + }, + "description": "Returns high risk vulnerability densities metrics, which are open high priority vulnerabilities by Kenna Risk score, grouped by asset priority buckets, from up to the last 180 days. The response will contain your metrics as well as your industry metrics. Note: If vulnerability densities metric (low, medium, critical) does not have data, it will not be shown." + }, + "response": [] + } + ] + }, + { + "name": "Applications", + "item": [ + { + "name": "List Applications", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/applications", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "applications" + ], + "query": [ + { + "key": "page", + "value": "int32", + "description": "int32 - The specific page being requested.", + "disabled": true + }, + { + "key": "per_page", + "value": "int32", + "description": "int32 - Number of Applications per page. The default is 100 and the maximum page size is 100.", + "disabled": true + } + ] + }, + "description": "Returns a list of all of your applications. The default page size is 100, and the maximum page size is 100." + }, + "response": [] + }, + { + "name": "Show Application", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/applications/:id", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "applications", + ":id" + ], + "query": [ + { + "key": "doc only>>", + "value": "doc only>>", + "description": "Response attribute\tDescription\nid\tThe unique identifier in Cisco Vulnerability Management\nname\tName of the application\nrepo_url\tURL of the repository for the application\nhost_name\tHost Name of the application\nowner\tOwner of the application\nteam_name\tTeam Name of the application\nbusiness_units\tBusiness Units of the application\nnotes\tNotes for the application\nrisk_meter_score\tRisk meter score of the application\nvulnerability_count\tNumber of vulnerabilities associated with an application\nasset_count\tNumber of assets associated with the application\ntotal_vulnerability_count\tNumber of vulnerabilities associated with an application including closed vulnerabilities and vulnerabilities on inactive assets\nopen_vulnerability_count_by_risk_level\tNumber of vulnerabilities open vulnerabilities separated by high risk, medium risk, low risk, and total\nidentifiers\tArray of identifiers for the application\nexternal_facing\tTrue if the application is external facing.\npriority\tPriority of application, on a scale of 1 (low) to 10 (high).", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "int32", + "type": "string", + "description": "int32 - ID of application found in Cisco Vulnerability Management when selected" + } + ] + }, + "description": "Returns information about a single application by ID." + }, + "response": [] + }, + { + "name": "Update Application", + "request": { + "method": "PUT", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"application\": {\r\n \"name\": \"Demo Test 12\",\r\n \"repo_url\": \"Demo repo URL\",\r\n \"host_name\": \"Demo host name\",\r\n \"owner\": \"Demo owner\",\r\n \"team_name\": \"Demo team\",\r\n \"business_units\": \"Demo business units\",\r\n \"notes\": \"Demo notes\",\r\n \"priority\": 10,\r\n \"identifiers\": [\r\n \"demo2\",\"demo3\"\r\n ]\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "https://{{API_URL}}/applications/:id", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "applications", + ":id" + ], + "query": [ + { + "key": "{{id}} - ** updated in path above or variable", + "value": "int32", + "description": "int32 - id of application found in Cisco Vulnerability Management when selected", + "disabled": true + }, + { + "key": "**Items to be updated in Body Tab", + "value": "doc only>>", + "description": "application\nobject\n\nbusiness_units\nstring\nBusiness units for the application\n\nexternal_facing\nboolean\nSet this to true if your application is external facing\n\n\ntrue\nidentifiers\narray of strings\nArray of identifiers for the application\n\nidentifiers\n\nhost_name\nstring\nName of the host where the application is deployed\n\nname\nstring\nName of the application\n\nnotes\nstring\nAny notes regarding the application\n\nowner\nstring\nName of the application owner\n\npriority\nint32\nThe priority of your application, on a scale of 1 (low priority) to 10 (high priority).\n\n10\nrepo_url\nstring\nURL to the code repository for the application\n\nteam_name\nstring\nName of the team responsible for the application\n\n", + "disabled": true + } + ], + "variable": [ + { + "key": "id", + "value": "245134", + "type": "string" + } + ] + }, + "description": "Update a single application's attributes by ID." + }, + "response": [] + }, + { + "name": "Delete Application", + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "https://{{API_URL}}/applications/:id", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "applications", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "int32", "type": "string", - "description": "int32 - ID of application found in Kenna when selected" + "description": "int32 - ID of application found in Cisco Vulnerability Management when selected" } ] }, - "description": "Delete an Application using its ID." + "description": "Delete an application using its ID." }, "response": [] }, @@ -4607,12 +5653,12 @@ "name": "Application Reporting", "item": [ { - "name": "Historical Mean Time To Remediate by Risk Level", + "name": "Historical Mean Time To Remediate Findings by Risk Level", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/applications/:id/report_query/historical_mean_time_to_remediate_by_risk_level", + "raw": "https://{{API_URL}}/applications/:id/report_query/findings/historical_mean_time_to_remediate_by_risk_level", "protocol": "https", "host": [ "{{API_URL}}" @@ -4628,14 +5674,44 @@ "key": "id", "value": "int32", "type": "string", - "description": "int32 - id of application found in Kenna when selected" + "description": "int32 - id of application found in Cisco Vulnerability Management when selected." } ] }, - "description": "Returns a listing of the historical Mean Time To Remediate by Risk Level (MTTR) for the Application ID provided." + "description": "Returns a list of the Mean Time To Remediate (MTTR) findings in days based on the Risk Level for the provided Asset Group ID." }, "response": [] }, + { + "name": "Historical Mean Time To Remediate Vulnerabilities by Risk Level", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/applications/:id/report_query/historical_mean_time_to_remediate_by_risk_level", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "applications", + ":id", + "report_query", + "historical_mean_time_to_remediate_by_risk_level" + ], + "variable": [ + { + "key": "id", + "value": "int32", + "type": "string", + "description": "int32 - id of application found in Cisco Vulnerability Management when selected." + } + ] + }, + "description": "Returns a list of the historical Mean Time To Remediate (MTTR) vulnerabilities by Risk Level for the application ID provided." + }, + "response": [] + }, { "name": "Historical Vulnerability Risk Category Counts", "request": { @@ -4658,18 +5734,18 @@ "key": "id", "value": "int32", "type": "string", - "description": "int32 - id of application found in Kenna when selected" + "description": "int32 - id of application found in Cisco Vulnerability Management when selected." } ] }, - "description": "Returns a listing of the historical Vulnerability Risk Category (\"High\", \"Medium\", \"Low\") counts for the Application ID provided. This endpoint returns \"all time\" data for the specified Application." + "description": "Returns a list of the historical Vulnerability Risk Category (\"High\", \"Medium\", \"Low\") counts for the Application ID provided. This endpoint returns \"all time\" data for the specified Application. The return data is in floating point, for example, 16.0." }, "response": [] } ] }, { - "name": "Dashboard Groups (Views)", + "name": "Dashboard Groups", "item": [ { "name": "Create Dashboard Group", @@ -4698,7 +5774,7 @@ { "key": "**Update in Body Tab", "value": "**Doc Only -->>", - "description": "dashboard_group\nobject\n\nasset_search_ids\narray of integers\nasset_search_ids\n\nasset_search_order\nstring\nname\nstring\nrole_ids\narray of integers\nCan only by updated by the creator of the Dashboard Group\n\nrole_ids\n\nshare_method\nstring\nCan only by updated by the creator of the Dashboard Group", + "description": "dashboard_group\nobject\n\nasset_search_ids\narray of integers\nasset_search_ids\n\nasset_search_order\nstring\nname\nstring\nrole_ids\narray of integers\nCan only be updated by the creator of the Dashboard Group\n\nrole_ids\n\nshare_method\nstring\nCan only be updated by the creator of the Dashboard Group", "disabled": true } ] @@ -4735,7 +5811,7 @@ { "key": "**Update in Body Tab", "value": "**Doc Only -->>", - "description": "dashboard_group\nobject\n\nasset_search_ids\narray of integers\nasset_search_ids\n\nasset_search_order\nstring\nname\nstring\nrole_ids\narray of integers\nCan only by updated by the creator of the Dashboard Group\n\nrole_ids\n\nshare_method\nstring\nCan only by updated by the creator of the Dashboard Group", + "description": "dashboard_group\nobject\n\nasset_search_ids\narray of integers\nasset_search_ids\n\nasset_search_order\nstring\nname\nstring\nrole_ids\narray of integers\nCan only be updated by the creator of the Dashboard Group\n\nrole_ids\n\nshare_method\nstring\nCan only be updated by the creator of the Dashboard Group", "disabled": true } ], @@ -4784,11 +5860,11 @@ "key": "id", "value": "int32", "type": "string", - "description": "int32 - id of dashboard group found in Kenna when selected" + "description": "int32 - ID of dashboard group found in Cisco Vulnerabilty Management when selected." } ] }, - "description": "Return a single Dashboard Group by ID." + "description": "Return information about a single Dashboard Group by ID." }, "response": [] }, @@ -4839,11 +5915,11 @@ { "key": "id", "value": "int32", - "description": "int32 - id of dashboard group found in Kenna when selected" + "description": "int32 - id of dashboard group found in Cisco Vulnerability Management when selected." } ] }, - "description": "Delete a Dashboard Group using its ID." + "description": "Delete a Dashboard Group using a given ID." }, "response": [] } @@ -5243,11 +6319,11 @@ { "key": "search_id", "value": "int32", - "description": "Get all results from a previously created asynchronous search from search_id. \nResponse data will be found in local gzip file" + "description": "An ID returned by Request Data Export that identifies the data_export to be retrieved." } ] }, - "description": "Get all results from a previously created asynchronous search using the search_id.\r\n\r\nIf your search has not been completed you will receive an Export Incomplete Response to indicate that we are still processing your search results." + "description": "Get all results from a previously created export using the search_id returned in the Request Data Export API response.\r\n\r\nThe response is gzipped and the content of the response data is determined by the model field in export_settings in the Request Data Export API body parameters. Usually, the response is stored in a file and gzipped.\r\n\r\nIf your search has not been completed you will receive an Export Incomplete Response to indicate that we are still processing your search results.The response example shows an uncompressed response for asset exports; whereas, the response schema shows the options of returning asset, fix, or vulnerability information in its uncompressed format. For more details, refer to Downloading Export Files guide, \"Acquiring the Download File\" section." }, "response": [] }, @@ -5270,11 +6346,11 @@ { "key": "search_id", "value": "int32", - "description": "Get status of a previously created asynchronous search from search_id." + "description": "An ID returned by Request Data Export that identifies the data_export." } ] }, - "description": "Get all results from a previously created asynchronous search using the search_id. This is useful for checking if a search is already in progress, failed, or expired." + "description": "Get the status message from a previously created asynchronous search using the search_id. The following messages are currently returned with the appropriate HTTP response status code: 200: Export ready for download, 206: The export is currently enqueued. Try again later, 206: The export is currently processing. Try again later, 404: No search found, 410: The search has expired and is no longer available, and 500: There was an error getting your search data. Please contact tech support for more details.\r\n\r\nError handling in client code should be based on the HTTP status code." }, "response": [] }, @@ -5297,24 +6373,50 @@ { "key": "export_id", "value": "int32", - "description": "Get all results from a previously created asynchronous search (only use either export_id or Job_uuid)" - }, + "description": "The search_id returned by Request Data Export that identifies the data_export to terminate." + } + ] + }, + "description": "Kill a running export by specifying the export ID. The following messages are currently returned with the appropriate HTTP response status code: 200: Terminating client data export, 400: Export not found, 400: Cannot kill an already cancelled, failed, or completed export, and 500: There was an error while killing the export. Please contact tech support for more details." + }, + "response": [] + } + ] + }, + { + "name": "Entitlements", + "item": [ + { + "name": "Get Overage Status", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/entitlements/overage", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "overage" + ], + "query": [ { - "key": "job_uuid", - "value": "string", - "description": "Get all results from a previously created asynchronous search (only use either export_id or Job_uuid)", + "key": "doc only>>", + "value": "doc only>>", + "description": "Response attribute\noverage_status\tIndicates if the client is in overage.", "disabled": true } ] }, - "description": "Kill a running export by specifying the export ID or the export's job UUID." + "description": "Returns the client entitlements overage status." }, "response": [] } ] }, { - "name": "KENNA.VI+", + "name": "Vulnerability Intelligene+", "item": [ { "name": "Show Vulnerability Definition", @@ -5693,250 +6795,241 @@ } } ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "vulnerability_definitions", + ":cve_id" + ], + "query": [ + { + "key": "fields", + "value": "string", + "description": "string\nComma delimited list of optional fields for the result set that can be returned.The cve_id value is always returned regardless whether it is added to \"fields\". The following is a list of available fields:exploits, fixes, threat_actors, created_at, daily_trend, predicted_exploitable, predicted_exploitable_confidence, successful_exploitations, velocity_day, velocity_month, velocity_week, cve_id, cvss_score, cvss_exploit_subscore, cvss_impact_subscore, cvss_vector, cvss_temporal_score, cvss_v3_score, cvss_v3_exploit_subscore, cvss_v3_impact_subscore, cvss_v3_vector, cvss_v3_temporal_score, last_modified, published, vulnerable_products, state, id, cve_description, cvss_access_complexity, cvss_access_vector, cvss_authentication, description, risk_meter_score, cvss_availability_impact, cvss_confidentiality_impact, cvss_integrity_impact, easily_exploitable, malware_exploitable, active_internet_breach, malware_count, chatter_count, popular_target, remote_code_execution, pre_nvd_chatter.", + "disabled": true + } + ], + "variable": [ + { + "key": "cve_id", + "value": "cve-2014-3566", + "type": "string", + "description": "string - A CVE in the form of CVE-YYYY-nnnnn." + } + ] + }, + "description": "Returns a single vulnerability definition by CVE ID." + }, + "response": [] + }, + { + "name": "List CVE Identifiers", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id", + "raw": "https://{{API_URL}}/vulnerability_definitions/cve_identifiers", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ "vulnerability_definitions", - ":cve_id" + "cve_identifiers" ], - "variable": [ + "query": [ { - "key": "cve_id", - "value": "cve-2014-3566", - "type": "string", - "description": "string - CVE id in which you want to query" + "key": "updated_since", + "value": "string", + "description": "string\nA datetime (as an ISO-8601 timestamp) filtering the returned CVE IDs. Only CVEs created or updated after the timestamp are returned." + }, + { + "key": "minimal_risk_score", + "value": "number", + "description": "number\nA number filtering the returned CVE IDs. Only CVEs that have risk meter score equal or higher than the specified minimal_risk_score are returned." + }, + { + "key": "active_internet_breach", + "value": "boolean", + "description": "boolean\nA boolean filtering the returned CVE IDs. If active_internet_breach is true, only CVE IDs with active internet breach are returned. Likewise, if active_internet_breach is false, only CVE IDs without active internet breach are returned." + }, + { + "key": "rce", + "value": "boolean", + "description": "boolean\nA boolean filtering the returned CVE IDs. RCE is remote code execution. If RCE is true, only CVE IDs with RCE are returned.Likewise, if RCE is false, only CVE IDs without RCE are returned." + }, + { + "key": "easily_exploitable", + "value": "boolean", + "description": "boolean\nA boolean filtering the returned CVE IDs. If easily_exploitable is true, only easily exploitable CVE IDs are returned.Likewise, if easily_exploitable is false, only CVE IDs that is not easily_exploitable are returned." } ] }, - "description": "Returns a single vulnerability definition by CVE ID." + "description": "Returns all known CVE IDs." }, "response": [] }, { - "name": "List CVE Identifiers", + "name": "Search for Vulnerability Definitions", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/cve_identifiers?updated_since=\"2020-05-01\"", + "raw": "https://{{API_URL}}/vulnerability_definitions/search", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ "vulnerability_definitions", - "cve_identifiers" + "search" ], "query": [ { - "key": "updated_since", - "value": "\"2020-05-01\"", - "description": "A datetime (as an iso8601 timestamp) filtering the returned CVE IDs. Only CVEs created or updated after the timestamp are returned." + "key": "qids", + "value": "string", + "description": "string\nA comma separated list of Qualys vulnerability QIDs." + }, + { + "key": "rce", + "value": "boolean", + "description": "boolean\nRCE is remote code execution. If RCE is true, only vulnerability definitions with true RCE are returned, similarly, if RCE is false, only vulnerability definitions with false RCE are returned. If RCE is not specified, all vulnerability definitions are returned." + }, + { + "key": "state", + "value": "string", + "description": "string\nCVE state filter. If \"state\" filter is not provided, CVEs with all states are returned." } ] }, - "description": "Returns all known CVE IDs." + "description": "Returns vulnerability definitions that match given search criteria for only Qualys customers." }, "response": [] }, { - "name": "List Vulnerability Definitions", + "name": "Get Vulnerability Trends", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions?cves=string", + "raw": "https://{{API_URL}}/vulnerability_definitions/trends", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "vulnerability_definitions" + "vulnerability_definitions", + "trends" ], "query": [ { - "key": "cves", + "key": "trend", "value": "string", - "description": "Comma-delimited list of CVE identifiers. Maximum number of CVEs specified is 600." + "description": "string\nThe type of the trend." + }, + { + "key": "sort_by", + "value": "string", + "description": "string\nSorting option: day, week, or month." } ] }, - "description": "Return one or more vulnerability definitions by CVE ID." + "description": "Returns top 20 Vulnerability Trends defined by the `trend` and `sort_by` parameters. For example: \r\n\r\n1. Requesting with `trend=risk_score` and `sort_by=week` will return the top 20 Vulnerabilities that had the most `risk_score` difference changes in the last week. \r\n\r\n2. Requesting with `trend=chatter` and `sort_by=month` will return the top 20 Vulnerabilites that had the most chatter (mentions all over the internet) over the last month" }, "response": [] }, { - "name": "Show CVE History", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "// Access the response data JSON as a JavaScript object\r", - "const res = pm.response.json();\r", - "\r", - "// -----------------------------\r", - "// - Structure data for charts -\r", - "// -----------------------------\r", - "\r", - "// EDIT THIS OBJECT TO BIND YOUR DATA\r", - "const vizData = {\r", - " \r", - " // Labels take an array of strings\r", - " labels: _.map(Object.values(res.CVE-2019-0708), 'changed_at')\r", - " \r", - " // Data takes an array of numbers\r", - " data: _.map(Object.values(res.CVE-2019-0708), 'to')\r", - "};\r", - "\r", - "// ------------\r", - "// - Template -\r", - "// ------------\r", - "\r", - "// Configure the template\r", - "var template = `\r", - "\r", - "\r", - " \r", - "\r", - "`;\r", - "\r", - "// -------------------------\r", - "// - Bind data to template -\r", - "// -------------------------\r", - "\r", - "// Set the visualizer template\r", - "pm.visualizer.set(template, vizData);" - ], - "type": "text/javascript" - } - } - ], + "name": "List Vulnerability Definitions", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/history?cves=CVE-2019-0708", + "raw": "https://{{API_URL}}/vulnerability_definitions", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ - "vulnerability_definitions", - "history" + "vulnerability_definitions" ], "query": [ { - "key": "****Doco only on what comes out", - "value": null, - "description": "CVE Attributes\nid\tThe unique identifier in the Kenna system.\nrisk_meter_score\tA numeric value between 0-100 representing the sum of the defined CVSS scores and priority for this vulnerability.\nrisk_meter_score_history\tA list of changes associated with this CVE ordered by the change time (oldest to newest). An empty list is an indication that no changes have been made to the initial risk_meter_score.\nChange Attributes\nchanged_at\tThe date and time of the change occurrence represented as a string.\nfrom\tThe risk_meter_score prior to this change.\nto\tThe risk_meter_score after to this change.\nWarnings\nCustomers who have purchased the Threat API may access any CVE. Customers who have not purchased the Threat API may only access CVEs that correspond to vulnerabilities within their instance.\n\nAttempting to access CVEs which are not available to your account will return a warning response with the following attributes:\n\ncode\tA unique numerical identifier for this warning.\nmessage\tA description of the warning.\nunavailable_cve_identifiers\tA list of CVE identifiers requested, but which are not available to your account.\nurl\tA url link to the API documentation.\nWarning Codes\n1\tOne or more of the requested CVEs are unavailable to your account.", - "disabled": true + "key": "cves", + "value": "string", + "description": "Comma-delimited list of CVE identifiers. Maximum number of CVEs specified is 600." }, { - "key": "cves", - "value": "CVE-2019-0708" + "key": "fields", + "value": "string", + "description": "Comma delimited list of optional fields for the result set that can be returned.The cve_id value is always returned regardless whether it is added to \"fields\". The following is a list of available fields:exploits, fixes, threat_actors, created_at, daily_trend, predicted_exploitable, predicted_exploitable_confidence, successful_exploitations, velocity_day, velocity_month, velocity_week, cve_id, cvss_score, cvss_exploit_subscore, cvss_impact_subscore, cvss_vector, cvss_temporal_score, cvss_v3_score, cvss_v3_exploit_subscore, cvss_v3_impact_subscore, cvss_v3_vector, cvss_v3_temporal_score, last_modified, published, vulnerable_products, state, id, cve_description, cvss_access_complexity, cvss_access_vector, cvss_authentication, description, risk_meter_score, cvss_availability_impact, cvss_confidentiality_impact, cvss_integrity_impact, easily_exploitable, malware_exploitable, active_internet_breach, malware_count, chatter_count, popular_target, remote_code_execution, pre_nvd_chatter." + }, + { + "key": "rce", + "value": "boolean", + "description": "RCE is remote code execution. If RCE is true, only vulnerability definitions with true RCE are returned, similarly, if RCE is false, only vulnerability definitions with false RCE are returned. If RCE is not specified, all vulnerability definitions are returned." + }, + { + "key": "state", + "value": "string", + "description": "CVE state filter. If \"state\" filter is not provided, CVEs with all states are returned." } ] }, - "description": "Returns Kenna's CVE score history for one or more CVE identifiers. Customers who have purchased the Threat API may access any CVE. Customers who have not purchased the Threat API may only access CVEs that correspond to vulnerabilities within their instance." + "description": "Return one or more vulnerability definitions by CVE ID." }, "response": [] }, { - "name": "Show Chatter Data", + "name": "Vulnerability Definitions With Significant Score Changes", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id/chatter", + "raw": "https://{{API_URL}}/vulnerability_definitions/with_significant_score_changes", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ "vulnerability_definitions", - ":cve_id", - "chatter" + "with_significant_score_changes" ], - "variable": [ + "query": [ { - "key": "cve_id", - "value": "cve-2019-0708", - "type": "string", - "description": "The CVE_ID to be queried" + "key": "fields", + "value": "string", + "description": "Comma delimited list of optional fields for the result set that can be returned. The cve_id, realtime_score, and risk_meter_score values are always returned regardless whether it is added to \"fields\". The following is a list of available fields: exploits, fixes, threat_actors, created_at, daily_trend, predicted_exploitable, predicted_exploitable_confidence, successful_exploitations, velocity_day, velocity_month, velocity_week, cve_id, cvss_score, cvss_exploit_subscore, cvss_impact_subscore, cvss_vector, cvss_temporal_score, cvss_v3_score, cvss_v3_exploit_subscore, cvss_v3_impact_subscore, cvss_v3_vector, cvss_v3_temporal_score, last_modified, published, vulnerable_products, state, id, cve_description, cvss_access_complexity, cvss_access_vector, cvss_authentication, description, risk_meter_score, cvss_availability_impact, cvss_confidentiality_impact, cvss_integrity_impact, easily_exploitable, malware_exploitable, active_internet_breach, malware_count, chatter_count, popular_target, remote_code_execution, pre_nvd_chatter.." + }, + { + "key": "rce", + "value": "boolean", + "description": "RCE is remote code execution. If RCE is true, only vulnerability definitions with true RCE are returned, similarly, if RCE is false, only vulnerability definitions with false RCE are returned. If RCE is not specified, all vulnerability definitions are returned" + }, + { + "key": "state", + "value": "string", + "description": "CVE state filter. If \"state\" filter is not provided, CVEs with all states are returned." } ] }, - "description": "Returns chatter stats for a single vulnerability definition by CVE ID.\r\n\r\nKenna defines chatter as anytime a given vulnerability is mentioned anywhere on the Internet including dark web." + "description": "Returns vulnerability definitions with significant score changes (more than 1 point of change up or down) by CVE ID. An empty array is returned if there are no vulnerability defintions with significant score changes.The `realtime_score` field is included and reflects the current score change, which can be compared to the less frequently more stable `risk_meter_score` field." }, "response": [] }, { - "name": "Show Malware Family Data", + "name": "Show Chatter Data", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id/malware_families", + "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id/chatter", "protocol": "https", "host": [ "{{API_URL}}" @@ -5944,75 +7037,67 @@ "path": [ "vulnerability_definitions", ":cve_id", - "malware_families" + "chatter" ], "variable": [ { "key": "cve_id", "value": "cve-2019-0708", "type": "string", - "description": "The CVE_ID to be queried" + "description": "A CVE in the form of CVE-YYYY-nnnnn." } ] }, - "description": "Displays the known malware variant name and malware classifications (family) that are mentioned with a particular CVE. Family type includes classifications such as Ransomware.\r\n\r\nReturns malware family stats for a single vulnerability definition by CVE ID." + "description": "Cisco Vulnerability Management defines chatter as anytime a given vulnerability is mentioned anywhere on the Internet including the dark web. Returns chatter information for a single vulnerability definition specified by CVE ID." }, "response": [] }, { - "name": "Download VI+ Data Snapshot File", + "name": "Show Malware Hashes", "request": { "method": "GET", "header": [], "url": { - "raw": "https://{{API_URL}}/vulnerability_definitions/vi_data_snapshot", + "raw": "https://{{API_URL}}/vulnerability_definitions/:cve_id/malware", "protocol": "https", "host": [ "{{API_URL}}" ], "path": [ "vulnerability_definitions", - "vi_data_snapshot" + ":cve_id", + "malware" + ], + "variable": [ + { + "key": "cve_id", + "value": "cve-2019-0708", + "type": "string", + "description": "A CVE in the form of CVE-YYYY-nnnnn." + } ] }, - "description": "Provides the location to obtain the download of the VI+ data snapshot.\r\n\rAn HTTP 302 status code indicates that a redirection is required. For the URL value, use the Location key in the HTTP response header in an HTTP GET request. The response of the HTTP GET will return gzipped data." + "description": "Returns a list of known malware hashes (MD5, SHA1 and SHA256) for a single vulnerability definition by CVE ID." }, "response": [] - } - ] - }, - { - "name": "Granular Search", - "item": [ + }, { - "name": "Get CVE", + "name": "Download VI+ Data Snapshot File", "request": { "method": "GET", "header": [], "url": { - "raw": "https://services.nvd.nist.gov/rest/json/cve/1.0/:cveid", + "raw": "https://{{API_URL}}/vulnerability_definitions/vi_data_snapshot", "protocol": "https", "host": [ - "services", - "nvd", - "nist", - "gov" + "{{API_URL}}" ], "path": [ - "rest", - "json", - "cve", - "1.0", - ":cveid" - ], - "variable": [ - { - "key": "cveid", - "value": "cve-2018-10388", - "type": "string" - } + "vulnerability_definitions", + "vi_data_snapshot" ] - } + }, + "description": "Provides the location to obtain the download of the VI+ data snapshot.\r\n\rA HTTP 302 status code indicates redirection and to use the URL value of the Locaton key in the HTTP response header in a HTTP GET. The response of the HTTP GET will return gzip data. \r\n\rHowever some libraries and applications due to options or default behavior, perform the redirect and return a HTTP 200 status code along with gzipped response data. \r\n\rNo matter which way the gzipped data is obtained, it is the responsibility of the client to ungzip the response data. The unzipped data is in the JSONL format. \r\n\rThe response schema and example shows one line of ungzipped data in JSONL format." }, "response": [] }, @@ -6157,15 +7242,112 @@ } }, { - "name": "Audit Log Search", + "name": "CVEs", "item": [ { - "name": "Audit Log Search", + "name": "Show CVE History", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "// Access the response data JSON as a JavaScript object\r", + "const res = pm.response.json();\r", + "\r", + "// -----------------------------\r", + "// - Structure data for charts -\r", + "// -----------------------------\r", + "\r", + "// EDIT THIS OBJECT TO BIND YOUR DATA\r", + "const vizData = {\r", + " \r", + " // Labels take an array of strings\r", + " labels: _.map(Object.values(res.CVE-2019-0708), 'changed_at')\r", + " \r", + " // Data takes an array of numbers\r", + " data: _.map(Object.values(res.CVE-2019-0708), 'to')\r", + "};\r", + "\r", + "// ------------\r", + "// - Template -\r", + "// ------------\r", + "\r", + "// Configure the template\r", + "var template = `\r", + "\r", + "\r", + " \r", + "\r", + "`;\r", + "\r", + "// -------------------------\r", + "// - Bind data to template -\r", + "// -------------------------\r", + "\r", + "// Set the visualizer template\r", + "pm.visualizer.set(template, vizData);" + ], + "type": "text/javascript" + } + } + ], "request": { "method": "GET", "header": [], "url": { - "raw": "https://api.kennasecurity.com/audit_logs?start_date=2020-11-01&end_date=2020-11-28", + "raw": "https://{{API_URL}}/audit_logs", "protocol": "https", "host": [ "{{API_URL}}" @@ -6175,25 +7357,57 @@ ], "query": [ { - "key": "start_date", - "value": "2020-11-01", - "description": "The start date of the period you wish to receive audit logs from. Must be less than or equal to end_date. The format is 'YYYY-MM-DD'." - }, + "key": "cves", + "value": "string", + "description": "Comma-delimited list of CVE identifiers. The maximum number of CVEs per request is 250.." + } + + ] + }, + "description": "Returns Cisco Vulnerability Management's CVE score history for one or more CVE identifiers. Customers who have purchased the Vulnerability Intelligence+ API may access any CVE. Customers who have not purchased Vulnerability Intelligence+ API may only access CVEs that correspond to vulnerabilities within their instance." + }, + "response": [] + } + ] + }, + { + "name": "Audit Log Search", + "item": [ + { + "name": "Audit Log Search", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "https://{{API_URL}}/audit_logs", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "audit_logs" + ], + "query": [ + { + "key": "start_date", + "value": "string", + "description": "The start date of the period you want to receive audit logs from. Must be less than or equal to end_date. This is a required field. The format is 'YYYY-MM-DD'." + }, { "key": "end_date", - "value": "2020-11-28", - "description": "The end date of the period you wish to receive audit logs from. Must be greater than or equal to start_date. The format is 'YYYY-MM-DD'." + "value": "string", + "description": "The end date of the period you want to receive audit logs from. Must be greater than or equal to start_date. The date must be a full day before the current date. This is a required field. The format is 'YYYY-MM-DD'." } ] }, - "description": "Returns a compressed (gzip) JSON lines file with all entries for the specified date range. If there are no audit logs for the specified period, the returned file will have no content." + "description": "Returns a compressed (gzip) JSON lines file with all entries for the specified date range. If there are no audit logs for the specified period, the returned file will have no content. The date is in an ISO-8601 format. Only the day portion (YYYY-MM-DD) is used for both start_date and end_date." }, "response": [] } ] }, { - "name": "AppSec Findings", + "name": "Findings", "item": [ { "name": "Search Findings", @@ -6224,28 +7438,126 @@ "query": [ { "key": "status[]", - "value": "in_progress" + "value": "array of strings", + "description": "array of strings\nAn array of statuses. Default: [open, in_progress, new, triaged].\n\n", + "disabled": true }, { - "key": "status[]", - "value": "resolved" + "key": "identifier[]", + "value": "array of strings", + "description": "array of strings\nAn array of CVE, CWE, or WASCs. Example: [CWE-242, CVE=2020-9524].\n\n", + "disabled": true + }, + { + "key": "id[]", + "value": "array of integers", + "description": "array of integers\nArray of finding IDs.\n\n", + "disabled": true + }, + { + "key": "page", + "value": "integer", + "description": "integer\nThe specific page being requested from 1 to the total number of pages returned in the meta object.\n\n", + "disabled": true + }, + { + "key": "per_page", + "value": "integer", + "description": "integer\nThe number of findings being requested for the current page. The default page size is 100. Any other page size will return an error.\n\n", + "disabled": true }, { "key": "sort_by", - "value": "found_on" + "value": "string", + "description": "string\nThe results will be sorted by this field. Default: score.\n\n", + "disabled": true }, { "key": "sort_direction", - "value": "desc" + "value": "string", + "description": "string\nThe sort direction of the field specified in \"sort_by\". Default: desc.\n\n", + "disabled": true + }, + { + "key": "earliest_closed_at", + "value": "string", + "description": "string\nSearches for findings with a 'closed at' on or after a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "latest_closed_at", + "value": "string", + "description": "string\nSearches for findings with a 'closed_at' on or before a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "earliest_due_date", + "value": "string", + "description": "string\nSearches for findings with a 'due_date' on or after a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "latest_due_date", + "value": "string", + "description": "string\nSearches for findings with a 'due_date' on or before a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "earliest_last_found_on", + "value": "string", + "description": "string\nSearches for findings with a 'last_found_on' on or after a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "latest_last_found_on", + "value": "string", + "description": "string\nSearches for findings with a 'last_found_on' on or before a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "earliest_created_at", + "value": "string", + "description": "string\nSearches for findings with a 'created_at' on or after a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "latest_created_at", + "value": "string", + "description": "string\nSearches for findings with a 'created_at' on or before a date in ISO 8601 format.\n\n", + "disabled": true + }, + { + "key": "earliest_updated_at", + "value": "string", + "description": "string\nSearches for findings with a 'updated_at' on or after a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "latest_updated_at", + "value": "string", + "description": "string\nSearches for findings with a 'updated_at' on or before a date in ISO-8601 format.\n\n", + "disabled": true + }, + { + "key": "min_score", + "value": "integer", + "description": "integer\nSearches for findings with a 'score' greater than or equal to this value.\n\n", + "disabled": true + }, + { + "key": "max_score", + "value": "integer", + "description": "integer\nSearches for findings with a 'score' less than or equal to this value.\n\n", + "disabled": true } ] }, - "description": "Filters findings by a given set of parameters and returns the filtered findings as well as the total number of findings in the filtered set.\r\n\r\nEach unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all findings with status=[\"new\", \"resolved\"] and sort_by=\"score\", you will receive all findings with either status \"new\" or \"resolved,\" sorted by score in the response.\r\n\r\nBy default, 100 results are returned per page. The response includes the current page requested as well as the total number of pages." + "description": "Filters findings by a given set of parameters and returns the filtered findings as well as the total number of findings in the filtered set.\r\n\r\nIf no filters are specified, then \"Search Findings\" is \"List Findings\".\r\n\r\nEach unique parameter is combined using AND while each of the values passed in a single array will be combined using OR. For example, if you search for all findings with status=[\"new\", \"resolved\"] and sort_by=\"score\", you will receive all findings with either status \"new\" or \"resolved,\" sorted by score in the response.\r\n\r\nThe default page size is 100, the maximum page size is 100, and the maximum pages allowed is 2,000. The total number of asset groups, page number, and total number of pages are available in the meta data.\r\n\r\nTo avoid ambiguity with regards to dates, this endpoint accepts strings formatted according to a stricter version of ISO-8601: \"YYYY-MM-DDThh:mm:ss.sssTZD\". All fields besides nanoseconds and timezone are required. If time is omitted, UTC is used." }, "response": [] }, { - "name": "Show Findings", + "name": "Show Finding", "request": { "method": "GET", "header": [ @@ -6269,8 +7581,8 @@ "variable": [ { "key": "id", - "value": "", - "description": "ID of the finding in Kenna" + "value": "integer", + "description": "ID of the finding in Cisco Vulnerability Management." } ] }, @@ -6278,11 +7590,296 @@ }, "response": [] }, + { + "name": "Update Finding", + "request": { + "method": "PUT", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"finding\": {\r\n \"asset_id\": \"\",\r\n \"external_unique_id\": \"\",\r\n \"identifier\": \"\",\r\n \"closed_at\": \"\",\r\n \"due_date\": \"\",\r\n \"found_on\": \"\",\r\n \"last_found_on\": \"\",\r\n \"additional_fields\": \"\",\r\n \"remediation\": \"\",\r\n \"scanner_score\": \"\",\r\n \"status\": \"\"\r\n }\r\n}" + }, + "url": { + "raw": "https://{{API_URL}}/findings:id", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "findings", + ":id" + ], + "query": [ + { + "key": "**Update {{id}} below in path parm", + "value": null, + "disabled": true + }, + { + "key": "**All parms below updated in Body", + "value": "Items below for doc", + "description": "**All parms updated in Body", + "disabled": true + }, + { + "key": "asset_id", + "value": "integer", + "description": "integer\nThe ID of the Asset associated with the Finding.\n\n", + "disabled": true + }, + { + "key": "external_unique_id", + "value": "string", + "description": "string\nA unique ID, created by a Scanner or client.\n\n", + "disabled": true + }, + { + "key": "identifier", + "value": "string", + "description": "string\nA CVE, CWE, or WASC. Example: CWE-242.", + "disabled": true + }, + { + "key": "closed_at", + "value": "date-time", + "description": "date-time\nWhen the Finding was closed. The status body parameter is required to have the status body parameter set to one of the valid closed status values: closed, duplicate, false_positive, resolved, and not_a_security_issue. This implies that both closed_at and status will be updated.", + "disabled": true + }, + { + "key": "due_date", + "value": "date-time", + "description": "date-time\nWhen the Finding should be fixed.", + "disabled": true + }, + { + "key": "found_on", + "value": "date-time", + "description": "date-time\nWhen the Finding was initially found.", + "disabled": true + }, + { + "key": "last_found_on", + "value": "date-time", + "description": "date-time\nWhen the Finding was last seen.", + "disabled": true + }, + { + "key": "additional_fields", + "value": "object", + "description": "object\nAny additional information you want associated with the Finding.", + "disabled": true + }, + { + "key": "remediation", + "value": "string", + "description": "string\nInstructions for remediating the Finding.", + "disabled": true + }, + { + "key": "scanner_score", + "value": "float", + "description": "float\nThe score provided by the Scanner.", + "disabled": true + }, + { + "key": "status", + "value": "string", + "description": "string\nThe new status of the Finding", + "disabled": true + } + ] + }, + "description": "Update a single finding's attributes by ID. To avoid ambiguity with regards to dates, this endpoint accepts strings formatted according to a stricter version of ISO-8601: \"YYYY-MM-DDThh:mm:ss.sssZ\". All fields besides nanoseconds and timezone are required. If timezone is omitted, UTC is used." + }, + "response": [] + }, + { + "name": "Bulk Delete Findings", + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "https://{{API_URL}}/findings/bulk_delete", + "protocol": "https", + "host": [ + "{{API_URL}}" + ], + "path": [ + "findings", + "bulk_delete" + ], + "query": [ + { + "key": "finding_ids[]", + "value": "array of integers", + "description": "array of integers - An array of finding IDs to be deleted.", + "disabled": true + } + ] + }, + "description": "Delete multiple findings at a time using the bulk delete endpoint. Delete limit is 2,000 findings at a time." + }, + "response": [] + }, { "name": "Create Finding", "request": { + "auth": { + "type": "apikey", + "apikey": [ + { + "key": "value", + "value": "uJPSArehEUbWNDPeGBWggsUUvNUBdKG82vX6Pzt4C1s6451V36cRcYz6tqxcChUg", + "type": "string" + }, + { + "key": "key", + "value": "X-Risk-Token", + "type": "string" + } + ] + }, "method": "POST", "header": [ + { + "key": "X-Risk-Token", + "value": "" + }, + { + "key": "Content-type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"finding\": {\n \"additional_fields\": {\n \"fields\": [\n { \"field_name\": \"foo\", \"value\": \"far\" },\n { \"field_name\": \"boo\", \"value\": \"bar\" }\n ]\n },\n \"asset_id\": 123,\n \"closed_at\": \"2020-06-16T17:50:33.000Z\",\n \"due_date\": \"2020-06-17\",\n \"external_unique_id\": \"3287238723\",\n \"found_on\": \"2020-06-11T15:25:43.000Z\",\n \"identifier\": \"CWE-242\",\n \"last_found_on\": \"2020-06-15T12:28:10.000Z\",\n \"prioritized\": true,\n \"remediation\": \"Fix me!\",\n \"scanner_score\": 67,\n \"status\": \"resolved\"\n }\n }" + }, + "url": { + "raw": "https://api.kennasecurity.com/findings", + "protocol": "https", + "host": [ + "api", + "kennasecurity", + "com" + ], + "path": [ + "findings", + "id" + ], + "query": [ + { + "key": "**Update {{id}} below in path parm", + "value": null, + "disabled": true + }, + { + "key": "**All parms below updated in Body", + "value": "Items below for doc", + "description": "**All parms updated in Body", + "disabled": true + }, + { + "key": "asset_id", + "value": "integer", + "description": "integer\nThe ID of the Asset associated with the Finding.\n\n", + "disabled": true + }, + { + "key": "external_unique_id", + "value": "string", + "description": "string\nA unique ID, created by a Scanner or client.\n\n", + "disabled": true + }, + { + "key": "identifier", + "value": "string", + "description": "string\nA CVE, CWE, or WASC. Example: CWE-242. Required if definition is not specified.\n\n", + "disabled": true + }, + { + "key": "definition", + "value": "object", + "description": "object\nRequired if identifier is not specified.\n\n", + "disabled": true + }, + { + "key": "closed_at", + "value": "date-time", + "description": "date-time\nWhen the Finding was closed. The status body parameter is required to have the status body parameter set to one of the valid closed status values: closed, duplicate, false_positive, resolved, and not_a_security_issue. This implies that both closed_at and status will be updated.\n\n", + "disabled": true + }, + { + "key": "due_date", + "value": "date-time", + "description": "date-time\nWhen the Finding should be fixed.\n\n", + "disabled": true + }, + { + "key": "found_on", + "value": "date-time", + "description": "date-time\nWhen the Finding was initially found.\n\n", + "disabled": true + }, + { + "key": "last_found_on", + "value": "date-time", + "description": "date-time\nWhen the Finding was last seen.\n\n", + "disabled": true + }, + { + "key": "additional_fields", + "value": "object", + "description": "object\nAny additional information you want associated with the Finding.\n\n", + "disabled": true + }, + { + "key": "remediation", + "value": "string", + "description": "string\nInstructions for remediating the Finding.\n\n", + "disabled": true + }, + { + "key": "scanner_score", + "value": "float", + "description": "float\nThe score provided by the Scanner.\n\n", + "disabled": true + }, + { + "key": "status", + "value": "string", + "description": "string\nThe current status of the Finding.\n\n", + "disabled": true + } + ] + }, + "description": "Creates a single finding and returns the record.\r\n\r\nTo associate this Finding with a vulnerability definition, either identifier or definition is required. The identifier should be used when the Finding is associated with a known vulnerability: CVE, CWE, or WASC ID (e.g. \"CWE-242\"). However, certain scanners will not report a known vulnerability, in which case the definition can be used. The keys of definition are documented below, with scanner_identifier being minimally required.\r\n\r\nTo avoid ambiguity with regards to dates, this endpoint accepts strings formatted according to a stricter version of ISO-8601: \"YYYY-MM-DDThh:mm:ss.sssTZD\". All fields besides nanoseconds and timezone are required. If timezone is omitted, UTC is used." + }, + "response": [] + }, + { + "name": "Create Finding Copy", + "request": { + "auth": { + "type": "apikey", + "apikey": [ + { + "key": "value", + "value": "uJPSArehEUbWNDPeGBWggsUUvNUBdKG82vX6Pzt4C1s6451V36cRcYz6tqxcChUg", + "type": "string" + }, + { + "key": "key", + "value": "X-Risk-Token", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "X-Risk-Token", + "value": "" + }, { "key": "Content-type", "value": "application/json"