Distributed Cloud AIP utilizes data from a wide variety of sources, including the packages installed on your individual servers, to show you potentially vulnerable software. The vulnerabilities endpoint enables you to interact with your vulnerability data.
This method enables you to list all vulnerabilities found across the infrastructure in your Distributed Cloud AIP organization.
NOTE
The response defaults to display the active and suppressed vulnerabilities. This endpoint is paginated and returns up to 100 records at a time.
Find all CVEs:
https://api.threatstack.com/v2/vulnerabilities
Find all active CVEs:
https://api.threatstack.com/v2/vulnerabilities?status=active
Find all active CVEs for which hasSecurityNotices is available:
https://api.threatstack.com/v2/vulnerabilities?status=active&hasSecurityNotices=true
Find all CVEs for a specific agentId:
https://api.threatstack.com/v2/vulnerabilities?agentId=<foo>
Success
Unauthorized response
Rate limit hit
An internal error has occurred
{- "cves": [
- {
- "cveNumber": "string",
- "reportedPackage": "string",
- "systemPackage": "string",
- "vectorType": "Local",
- "isSuppressed": true,
- "severity": "high",
- "securityNotices": [
- {
- "securityNoticeId": "string",
- "source": "Amazon Linux AMI Security Advisory",
- "url": "string"
}
]
}
], - "token": "string"
}This method enables you to list all vulnerabilities found across the infrastructure in your Distributed Cloud AIP organization.
NOTE
You can only pass one
CVEnumber at a time.
Find all of the servers affected by a CVE:
https://api.threatstack.com/v2/vulnerabilities/{CVE}/servers
The 404 error code means that the CVE was not found in the database.
Success
Bad parameters
Unauthorized response
The resource was not found
Rate limit hit
An internal error has occurred
{- "servers": [
- {
- "agentId": "string",
- "hostname": "string"
}
]
}This method enables you to get the list of CVEs found across the infrastructure in your Distributed Cloud AIP organization for a specific software package.
NOTE
You can only pass one
package(without a version) at a time.
The response defaults to show both active and suppressed vulnerabilities.
Find all CVEs for a package, example sudo:
https://api.threatstack.com/v2/vulnerabilities/package/sudo
To get the list of active CVEs for a package:
https://api.threatstack.com/v2/vulnerabilities/package/{package}?status=active
The 400 error code means a required parameter is missing or is not correctly specified as a valid option for a parameter.
Success
Bad parameters
Unauthorized response
The resource was not found
Rate limit hit
An internal error has occurred
{- "cves": [
- {
- "cveNumber": "string",
- "reportedPackage": "string",
- "systemPackage": "string",
- "vectorType": "Local",
- "isSuppressed": true,
- "severity": "high",
- "securityNotices": [
- {
- "securityNoticeId": "string",
- "source": "Amazon Linux AMI Security Advisory",
- "url": "string"
}
]
}
]
}This method enables you to get the list of current CVE suppressions with suppression reason details for your organization.
Find the list of current CVE suppressions with details:
https://api.threatstack.com/v2/vulnerabilities/suppressions
The 400 error code means a required parameter is missing or is incorrectly specified and not a valid option for the parameter. You may hit this on an active query.
Success
Bad parameters
Unauthorized response
Rate limit hit
An internal error has occurred
{- "suppressions": [
- {
- "cve": "string",
- "suppressionReason": "string",
- "suppressedAt": "string"
}
]
}This method enables you to list all of the suppressed CVEs for a specific package.
NOTE
The list does not show the version of the suppressed CVEs.
Success
Bad parameters
Unauthorized response
Rate limit hit
An internal error has occurred
{- "cves": [
- {
- "cveNumber": "string",
- "reportedPackage": "string",
- "systemPackage": "string",
- "vectorType": "Local",
- "isSuppressed": true,
- "severity": "high",
- "securityNotices": [
- {
- "securityNoticeId": "string",
- "source": "Amazon Linux AMI Security Advisory",
- "url": "string"
}
]
}
]
}This method enables you to list all of the suppressed CVEs in your Distributed Cloud AIP organization. The list returns all suppressed CVEs.
If you suppress a vulnerability, then the vulnerability for that package version is no longer assessed during a Vulnerability Assessment scan. It will display on a suppressed vulnerabilities list, and will not be listed as an active vulnerability. For more information, see the Vulnerability Assessment Overview
To view CVES for a particular server, you can use one of the following query params:
agentID - The ID of the Agenthostname - The name of the hostYou may only use one of these options per query. If multiple are used, the API returns a Bad Request.
To view suppressed CVEs of a specific severity, use the severity query parameter. You can filter for high, medium, or low severities within Distributed Cloud AIP. For example, to view all low severity, suppressed CVEs:
https://api.threatstack.com/v2/vulnerabilities/suppressed?severity=low
OK
Bad parameters
Unauthorized response
Rate limit hit
An internal error has occurred
{- "cves": [
- {
- "cveNumber": "string",
- "reportedPackage": "string",
- "systemPackage": "string",
- "vectorType": "Local",
- "isSuppressed": true,
- "severity": "high",
- "securityNotices": [
- {
- "securityNoticeId": "string",
- "source": "Amazon Linux AMI Security Advisory",
- "url": "string"
}
]
}
], - "token": "string"
}