Download OpenAPI specification: Download
Contact:
support@rapid7.com
This guide documents the InsightVM Application Programming Interface (API) Version 3. This API supports the
Representation State Transfer (REST) design pattern. Unless noted otherwise this API accepts and produces the
application/json media type. This API uses Hypermedia as the Engine of Application State (HATEOAS) and
is hypermedia friendly. All API connections must be made to the security console using HTTPS.
Versioning is specified in the URL and the base path of this API is: https://<host>:<port>/api/3/.
An OpenAPI v2 specification (also known as Swagger 2) of this API is available. Tools such as swagger-codegen can be used to generate an API client in the language of your choosing using this specification document.
Download the specification: Download
Authorization to the API uses HTTP Basic Authorization
(see RFC 2617 for more information). Requests must
supply authorization credentials in the Authorization header using a Base64 encoded hash of "username:password".
This API supports two-factor authentication (2FA) by supplying an authentication token in addition to the Basic
Authorization. The token is specified using the Token request header. To leverage two-factor authentication, this
must be enabled on the console and be configured for the account accessing the API.
Resource names represent nouns and identify the entity being manipulated or accessed. All collection resources are pluralized to indicate to the client they are interacting with a collection of multiple resources of the same type. Singular resource names are used when there exists only one resource available to interact with.
The following naming conventions are used by this API:
| Type | Case |
|---|---|
| Resource names | lower_snake_case |
| Header, body, and query parameters parameters | camelCase |
| JSON fields and property names | camelCase |
A collection resource is a parent resource for instance resources, but can itself be retrieved and operated on independently. Collection resources use a pluralized resource name. The resource path for collection resources follow the convention:
/api/3/{resource_name}
An instance resource is a "leaf" level resource that may be retrieved, optionally nested within a collection resource. Instance resources are usually retrievable with opaque identifiers. The resource path for instance resources follows the convention:
/api/3/{resource_name}/{instance_id}...
The following HTTP operations are supported throughout this API. The general usage of the operation and both its failure and success status codes are outlined below.
| Verb | Usage | Success | Failure |
|---|---|---|---|
GET | Used to retrieve a resource by identifier, or a collection of resources by type. | 200 | 400, 401, 402, 404, 405, 408, 410, 415, 500 |
POST | Creates a resource with an application-specified identifier. | 201 | 400, 401, 404, 405, 408, 413, 415, 500 |
POST | Performs a request to queue an asynchronous job. | 202 | 400, 401, 405, 408, 410, 413, 415, 500 |
PUT | Creates a resource with a client-specified identifier. | 200 | 400, 401, 403, 405, 408, 410, 413, 415, 500 |
PUT | Performs a full update of a resource with a specified identifier. | 201 | 400, 401, 403, 405, 408, 410, 413, 415, 500 |
DELETE | Deletes a resource by identifier or an entire collection of resources. | 204 | 400, 401, 405, 408, 410, 413, 415, 500 |
OPTIONS | Requests what operations are available on a resource. | 200 | 401, 404, 405, 408, 500 |
All resources respond to the OPTIONS request, which allows discoverability of available operations that are supported.
The OPTIONS response returns the acceptable HTTP operations on that resource within the Allow header. The response
is always a 200 OK status.
Collection resources can support the GET, POST, PUT, and DELETE operations.
The GET operation invoked on a collection resource indicates a request to retrieve all, or some, of the entities
contained within the collection. This also includes the optional capability to filter or search resources during
the request. The response from a collection listing is a paginated document. See
hypermedia links for more information.
The POST is a non-idempotent operation that allows for the creation of a new resource when the resource identifier
is not provided by the system during the creation operation (i.e. the Security Console generates the identifier). The
content of the POST request is sent in the request body. The response to a successful POST request should be a
201 CREATED with a valid Location header field set to the URI that can be used to access to the newly
created resource.
The POST to a collection resource can also be used to interact with asynchronous resources. In this situation,
instead of a 201 CREATED response, the 202 ACCEPTED response indicates that processing of the request is not fully
complete but has been accepted for future processing. This request will respond similarly with a Location header with
link to the job-oriented asynchronous resource that was created and/or queued.
The PUT is an idempotent operation that either performs a create with user-supplied identity, or a full replace
or update of a resource by a known identifier. The response to a PUT operation to create an entity is a 201 Created
with a valid Location header field set to the URI that can be used to access to the newly created resource.
PUT on a collection resource replaces all values in the collection. The typical response to a PUT operation that
updates an entity is hypermedia links, which may link to related resources caused by the side-effects of the changes
performed.
The DELETE is an idempotent operation that physically deletes a resource, or removes an association between resources.
The typical response to a DELETE operation is hypermedia links, which may link to related resources caused by the
side-effects of the changes performed.
Instance resources can support the GET, PUT, POST, PATCH and DELETE operations.
Retrieves the details of a specific resource by its identifier. The details retrieved can be controlled through property selection and property views. The content of the resource is returned within the body of the response in the acceptable media type.
Allows for and idempotent "full update" (complete replacement) on a specific resource. If the resource does not exist,
it will be created; if it does exist, it is completely overwritten. Any omitted properties in the request are assumed to
be undefined/null. For "partial updates" use POST or PATCH instead.
The content of the PUT request is sent in the request body. The identifier of the resource is specified within the URL
(not the request body). The response to a successful PUT request is a 201 CREATED to represent the created status,
with a valid Location header field set to the URI that can be used to access to the newly created (or fully replaced)
resource.
Performs a non-idempotent creation of a new resource. The POST of an instance resource most commonly occurs with the
use of nested resources (e.g. searching on a parent collection resource). The response to a POST of an instance
resource is typically a 200 OK if the resource is non-persistent, and a 201 CREATED if there is a resource
created/persisted as a result of the operation. This varies by endpoint.
The PATCH operation is used to perform a partial update of a resource. PATCH is a non-idempotent operation that
enforces an atomic mutation of a resource. Only the properties specified in the request are to be overwritten on the
resource it is applied to. If a property is missing, it is assumed to not have changed.
Permanently removes the individual resource from the system. If the resource is an association between resources, only
the association is removed, not the resources themselves. A successful deletion of the resource should return
204 NO CONTENT with no response body. This operation is not fully idempotent, as follow-up requests to delete a
non-existent resource should return a 404 NOT FOUND.
Unless otherwise indicated, the default request body media type is application/json.
Commonly used request headers include:
| Header | Example | Purpose |
|---|---|---|
Accept | application/json | Defines what acceptable content types are allowed by the client. For all types, use */*. |
Accept-Encoding | deflate, gzip | Allows for the encoding to be specified (such as gzip). |
Accept-Language | en-US | Indicates to the server the client's locale (defaults en-US). |
Authorization | Basic Base64("username:password") | Basic authentication |
Token | 123456 | Two-factor authentication token (if enabled) |
Dates and/or times are specified as strings in the ISO 8601 format(s). The following formats are supported as input:
| Value | Format | Notes |
|---|---|---|
| Date | YYYY-MM-DD | Defaults to 12 am UTC (if used for a date & time |
| Date & time only | YYYY-MM-DD'T'hh:mm:ss[.nnn] | Defaults to UTC |
| Date & time in UTC | YYYY-MM-DD'T'hh:mm:ss[.nnn]Z | |
| Date & time w/ offset | YYYY-MM-DD'T'hh:mm:ss[.nnn][+|-]hh:mm | |
| Date & time w/ zone-offset | YYYY-MM-DD'T'hh:mm:ss[.nnn][+|-]hh:mm[<zone-id>] |
Timezones are specified in the regional zone format, such as "America/Los_Angeles", "Asia/Tokyo", or "GMT".
Pagination is supported on certain collection resources using a combination of two query parameters, page and size.
As these are control parameters, they are prefixed with the underscore character. The page parameter dictates the
zero-based index of the page to retrieve, and the size indicates the size of the page.
For example, /resources?page=2&size=10 will return page 3, with 10 records per page, giving results 21-30.
The maximum page size for a request is 500.
Sorting is supported on paginated resources with the sort query parameter(s). The sort query parameter(s) supports
identifying a single or multi-property sort with a single or multi-direction output. The format of the parameter is:
sort=property[,ASC|DESC]...
Therefore, the request /resources?sort=name,title,DESC would return the results sorted by the name and title
descending, in that order. The sort directions are either ascending ASC or descending DESC. With single-order
sorting, all properties are sorted in the same direction. To sort the results with varying orders by property,
multiple sort parameters are passed.
For example, the request /resources?sort=name,ASC&sort=title,DESC would sort by name ascending and title
descending, in that order.
The following response statuses may be returned by this API.
| Status | Meaning | Usage |
|---|---|---|
200 | OK | The operation performed without error according to the specification of the request, and no more specific 2xx code is suitable. |
201 | Created | A create request has been fulfilled and a resource has been created. The resource is available as the URI specified in the response, including the Location header. |
202 | Accepted | An asynchronous task has been accepted, but not guaranteed, to be processed in the future. |
400 | Bad Request | The request was invalid or cannot be otherwise served. The request is not likely to succeed in the future without modifications. |
401 | Unauthorized | The user is unauthorized to perform the operation requested, or does not maintain permissions to perform the operation on the resource specified. |
403 | Forbidden | The resource exists to which the user has access, but the operating requested is not permitted. |
404 | Not Found | The resource specified could not be located, does not exist, or an unauthenticated client does not have permissions to a resource. |
405 | Method Not Allowed | The operations may not be performed on the specific resource. Allowed operations are returned and may be performed on the resource. |
408 | Request Timeout | The client has failed to complete a request in a timely manner and the request has been discarded. |
413 | Request Entity Too Large | The request being provided is too large for the server to accept processing. |
415 | Unsupported Media Type | The media type is not supported for the requested resource. |
500 | Internal Server Error | An internal and unexpected error has occurred on the server at no fault of the client. |
The response statuses 401, 403 and 404 need special consideration for security purposes. As necessary, error statuses and messages may be obscured to strengthen security and prevent information exposure. The following is a guideline for privileged resource response statuses:
| Use Case | Access | Resource | Permission | Status |
|---|---|---|---|---|
| Unauthenticated access to an unauthenticated resource. | Unauthenticated | Unauthenticated | Yes | 20x |
| Unauthenticated access to an authenticated resource. | Unauthenticated | Authenticated | No | 401 |
| Unauthenticated access to an authenticated resource. | Unauthenticated | Non-existent | No | 401 |
| Authenticated access to a unauthenticated resource. | Authenticated | Unauthenticated | Yes | 20x |
| Authenticated access to an authenticated, unprivileged resource. | Authenticated | Authenticated | No | 404 |
| Authenticated access to an authenticated, privileged resource. | Authenticated | Authenticated | Yes | 20x |
| Authenticated access to an authenticated, non-existent resource | Authenticated | Non-existent | Yes | 404 |
Commonly used response headers include:
| Header | Example | Purpose |
|---|---|---|
Allow | OPTIONS, GET | Defines the allowable HTTP operations on a resource. |
Cache-Control | no-store, must-revalidate | Disables caching of resources (as they are all dynamic). |
Content-Encoding | gzip | The encoding of the response body (if any). |
Location | Refers to the URI of the resource created by a request. | |
Transfer-Encoding | chunked | Specified the encoding used to transform response. |
Retry-After | 5000 | Indicates the time to wait before retrying a request. |
X-Content-Type-Options | nosniff | Disables MIME type sniffing. |
X-XSS-Protection | 1; mode=block | Enables XSS filter protection. |
X-Frame-Options | SAMEORIGIN | Prevents rendering in a frame from a different origin. |
X-UA-Compatible | IE=edge,chrome=1 | Specifies the browser mode to render in. |
When application/json is returned in the response body it is always pretty-printed (indented, human readable output).
Additionally, gzip compression/encoding is supported on all responses.
Dates or times are returned as strings in the ISO 8601 'extended' format. When a date and time is returned (instant) the value is converted to UTC.
For example:
| Value | Format | Example |
|---|---|---|
| Date | YYYY-MM-DD | 2017-12-03 |
| Date & Time | YYYY-MM-DD'T'hh:mm:ss[.nnn]Z | 2017-12-03T10:15:30Z |
In some resources a Content data type is used. This allows for multiple formats of representation to be returned
within resource, specifically "html" and "text". The "text" property returns a flattened representation suitable
for output in textual displays. The "html" property returns an HTML fragment suitable for display within an HTML
element. Note, the HTML returned is not a valid stand-alone HTML document.
The response to a paginated request follows the format:
{
resources": [
...
],
"page": {
"number" : ...,
"size" : ...,
"totalResources" : ...,
"totalPages" : ...
},
"links": [
"first" : {
"href" : "..."
},
"prev" : {
"href" : "..."
},
"self" : {
"href" : "..."
},
"next" : {
"href" : "..."
},
"last" : {
"href" : "..."
}
]
}
The resources property is an array of the resources being retrieved from the endpoint, each which should contain at
minimum a "self" relation hypermedia link. The page property outlines the details of the current page and total
possible pages. The object for the page includes the following properties:
The last property of the paged response is the links array, which contains all available hypermedia links. For
paginated responses, the "self", "next", "previous", "first", and "last" links are returned. The "self" link must
always be returned and should contain a link to allow the client to replicate the original request against the
collection resource in an identical manner to that in which it was invoked.
The "next" and "previous" links are present if either or both there exists a previous or next page, respectively. The "next" and "previous" links have hrefs that allow "natural movement" to the next page, that is all parameters required to move the next page are provided in the link. The "first" and "last" links provide references to the first and last pages respectively.
Requests outside the boundaries of the pageable will result in a 404 NOT FOUND. Paginated requests do not provide a
"stateful cursor" to the client, nor does it need to provide a read consistent view. Records in adjacent pages may
change while pagination is being traversed, and the total number of pages and resources may change between requests
within the same filtered/queries resource collection.
The "depth" of the response of a resource can be configured using a "view". All endpoints supports two views that can
tune the extent of the information returned in the resource. The supported views are summary and details (the default).
View are specified using a query parameter, in this format:
/<resource>?view={viewName}
Any error responses can provide a response body with a message to the client indicating more information (if applicable) to aid debugging of the error. All 40x and 50x responses will return an error response in the body. The format of the response is as follows:
{
"status": <statusCode>,
"message": <message>,
"links" : [ {
"rel" : "...",
"href" : "..."
} ]
}
The status property is the same as the HTTP status returned in the response, to ease client parsing. The message
property is a localized message in the request client's locale (if applicable) that articulates the nature of the
error. The last property is the links property. This may contain additional
hypermedia links to troubleshoot.
Multiple resources make use of search criteria to match assets. Search criteria is an array of search filters. Each search filter has a generic format of:
{
"field": "<field-name>",
"operator": "<operator>",
["value": "<value>",]
["lower": "<value>",]
["upper": "<value>"]
}
Every filter defines two required properties field and operator. The field is the name of an asset property that
is being filtered on. The operator is a type and property-specific operating performed on the filtered property. The
valid values for fields and operators are outlined in the table below.
Every filter also defines one or more values that are supplied to the operator. The valid values vary by operator and are outlined below.
The following table outlines the search criteria fields and the available operators:
| Field | Operators |
|---|---|
alternate-address-type | in |
container-image | is is not starts with ends with contains does not contain is like not like |
container-status | is is not |
containers | are |
criticality-tag | is is not is greater than is less than is applied is not applied |
custom-tag | is is not starts with ends with contains does not contain is applied is not applied |
cve | is is not contains does not contain |
cvss-access-complexity | is is not |
cvss-authentication-required | is is not |
cvss-access-vector | is is not |
cvss-availability-impact | is is not |
cvss-confidentiality-impact | is is not |
cvss-integrity-impact | is is not |
cvss-v3-confidentiality-impact | is is not |
cvss-v3-integrity-impact | is is not |
cvss-v3-availability-impact | is is not |
cvss-v3-attack-vector | is is not |
cvss-v3-attack-complexity | is is not |
cvss-v3-user-interaction | is is not |
cvss-v3-privileges-required | is is not |
host-name | is is not starts with ends with contains does not contain is empty is not empty is like not like |
host-type | in not in |
ip-address | is is not in range not in range is like not like |
ip-address-type | in not in |
last-scan-date | is-on-or-before is on or after is between is earlier than is within the last |
location-tag | is is not starts with ends with contains does not contain is applied is not applied |
mobile-device-last-sync-time | is-within-the-last is earlier than |
open-ports | is is not in range |
operating-system | contains does not contain is empty is not empty |
owner-tag | is is not starts with ends with contains does not contain is applied is not applied |
pci-compliance | is |
risk-score | is is not in range greater than less than |
service-name | contains does not contain |
site-id | in not in |
software | contains does not contain |
vAsset-cluster | is is not contains does not contain starts with |
vAsset-datacenter | is is not |
vAsset-host-name | is is not contains does not contain starts with |
vAsset-power-state | in not in |
vAsset-resource-pool-path | contains does not contain |
vulnerability-assessed | is-on-or-before is on or after is between is earlier than is within the last |
vulnerability-category | is is not starts with ends with contains does not contain |
vulnerability-cvss-v3-score | is is not |
vulnerability-cvss-score | is is not in range is greater than is less than |
vulnerability-exposures | includes does not include |
vulnerability-title | contains does not contain is is not starts with ends with |
vulnerability-validated-status | are |
The following fields have enumerated values:
| Field | Acceptable Values |
|---|---|
alternate-address-type | 0=IPv4, 1=IPv6 |
containers | 0=present, 1=not present |
container-status | created running paused restarting exited dead unknown |
cvss-access-complexity |
|
cvss-integrity-impact |
|
cvss-confidentiality-impact |
|
cvss-availability-impact |
|
cvss-access-vector |
|
cvss-authentication-required |
|
cvss-v3-confidentiality-impact |
|
cvss-v3-integrity-impact |
|
cvss-v3-availability-impact |
|
cvss-v3-attack-vector |
|
cvss-v3-attack-complexity |
|
cvss-v3-user-interaction |
|
cvss-v3-privileges-required |
|
host-type | 0=Unknown, 1=Guest, 2=Hypervisor, 3=Physical, 4=Mobile |
ip-address-type | 0=IPv4, 1=IPv6 |
pci-compliance | 0=fail, 1=pass |
vulnerability-validated-status | 0=present, 1=not present |
The following table outlines which properties are required for each operator and the appropriate data type(s):
| Operator | value | lower | upper |
|---|---|---|---|
are | string | ||
contains | string | ||
does-not-contain | string | ||
ends with | string | ||
in | Array[ string ] | ||
in-range | numeric | numeric | |
includes | Array[ string ] | ||
is | string | ||
is-applied | |||
is-between | numeric | numeric | |
is-earlier-than | numeric | ||
is-empty | |||
is-greater-than | numeric | ||
is-on-or-after | string (yyyy-MM-dd) | ||
is-on-or-before | string (yyyy-MM-dd) | ||
is-not | string | ||
is-not-applied | |||
is-not-empty | |||
is-within-the-last | string | ||
less-than | string | ||
like | string | ||
not-contains | string | ||
not-in | Array[ string ] | ||
not-in-range | numeric | numeric | |
not-like | string | ||
starts-with | string |
Dynamic sites make use of search criteria to match assets from a discovery connection. Search criteria is an array of search filters.
Each search filter has a generic format of:
{
"field": "<field-name>",
"operator": "<operator>",
["value": "<value>",]
["lower": "<value>",]
["upper": "<value>"]
}
Every filter defines two required properties field and operator. The field is the name of an asset property that
is being filtered on. The list of supported fields vary depending on the type of discovery connection configured
for the dynamic site (e.g vSphere, ActiveSync, etc.). The operator is a type and property-specific operating
performed on the filtered property. The valid values for fields outlined in the tables below and are grouped by the
type of connection.
Every filter also defines one or more values that are supplied to the operator. See Search Criteria Operator Properties for more information on the valid values for each operator.
This section documents search criteria information for ActiveSync discovery connections. The discovery connections
must be one of the following types: "activesync-ldap", "activesync-office365", or "activesync-powershell".
The following table outlines the search criteria fields and the available operators for ActiveSync connections:
| Field | Operators |
|---|---|
last-sync-time | is-within-the-last is-earlier-than |
operating-system | contains does-not-contain |
user | is is-not contains does-not-contain starts-with |
This section documents search criteria information for AWS discovery connections. The discovery connections must be the type "aws".
The following table outlines the search criteria fields and the available operators for AWS connections:
| Field | Operators |
|---|---|
availability-zone | contains does-not-contain |
guest-os-family | contains does-not-contain |
instance-id | contains does-not-contain |
instance-name | is is-not contains does-not-contain starts-with |
instance-state | in not-in |
instance-type | in not-in |
ip-address | in-range not-in-range is is-not |
region | in not-in |
vpc-id | is is-not contains does-not-contain starts-with |
This section documents search criteria information for DHCP discovery connections. The discovery connections must be the type "dhcp".
The following table outlines the search criteria fields and the available operators for DHCP connections:
| Field | Operators |
|---|---|
host-name | is is-not contains does-not-contain starts-with |
ip-address | in-range not-in-range is is-not |
mac-address | is is-not contains does-not-contain starts-with |
This section documents search criteria information for Sonar discovery connections. The discovery connections must be the type "sonar".
The following table outlines the search criteria fields and the available operators for Sonar connections:
| Field | Operators |
|---|---|
search-domain | contains is |
ip-address | in-range is |
sonar-scan-date | is-within-the-last |
This section documents search criteria information for vSphere discovery connections. The discovery connections must be the type "vsphere".
The following table outlines the search criteria fields and the available operators for vSphere connections:
| Field | Operators |
|---|---|
cluster | is is-not contains does-not-contain starts-with |
data-center | is is-not |
discovered-time | is-on-or-before is-on-or-after is-between is-earlier-than is-within-the-last |
guest-os-family | contains does-not-contain |
host-name | is is-not contains does-not-contain starts-with |
ip-address | in-range not-in-range is is-not |
power-state | in not-in |
resource-pool-path | contains does-not-contain |
last-time-seen | is-on-or-before is-on-or-after is-between is-earlier-than is-within-the-last |
vm | is is-not contains does-not-contain starts-with |
The following fields have enumerated values:
| Field | Acceptable Values |
|---|---|
power-state | poweredOn poweredOff suspended |
This API follows Hypermedia as the Engine of Application State (HATEOAS) principals and is therefore hypermedia friendly.
Hyperlinks are returned in the links property of any given resource and contain a fully-qualified hyperlink to
the corresponding resource. The format of the hypermedia link adheres to both the
{json:api} v1
"Link Object" and
JSON Hyper-Schema
"Link Description Object"
formats. For example:
"links": [{
"rel": "<relation>",
"href": "<href>"
...
}]
Where appropriate link objects may also contain additional properties than the rel and href properties, such as id, type, etc.
See the Root resources for the entry points into API discovery.
Returns a listing of the resources (endpoints) that are available to be invoked in this API.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Resources and operations for managing assets. Assets can be created under the Site Assets resource.
Returns all assets for which you have access.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
},
],
}
},
],
}
],
}
],
}
],
}
],
}
],
}
]
}
],
}
],
}
],
}
},
],
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates or updates an asset with the specified details.
The identifier of the site.
The details of the asset being added or updated.
The operating system can be specified in one of three ways, with the order of precedence: "osFingerprint", "os", "cpe"
| addresses null |
Address
All addresses discovered on the asset. |
|
|
|
| configurations null |
Configuration
Configuration key-values pairs enumerated on the asset. |
|
|
|
| cpe null |
string
The Common Platform Enumeration (CPE) of the operating system. This is the tertiary means of specifying the operating system fingerprint. Use |
|
|
|
| databases null |
Database
The databases enumerated on the asset. |
|
|
|
| date null |
string
Required
The date the data was collected on the asset. |
|
|
|
| description null |
string
The description of the source or collection of information on the asset. This description will appear in the history of the asset for future auditing purposes. |
|
|
|
| files null |
File
The files discovered with searching on the asset. |
|
|
|
| hostName null |
HostName
The primary host name (local or FQDN) of the asset. |
|
|
|
| hostNames null |
HostName
Additional host names for the asset. |
|
|
|
| id null |
integer <int64>
The identifier of the asset. |
|
|
|
| ids null |
UniqueId
Unique identifiers found on the asset, such as hardware or operating system identifiers. |
|
|
|
| ip null |
string
The primary IPv4 or IPv6 address of the asset. |
|
|
|
| links null |
Link
|
|
|
|
| mac null |
string
The primary Media Access Control (MAC) address of the asset. The format is six groups of two hexadecimal digits separated by colons. |
|
|
|
| os null |
string
Free-form textual description of the operating system of the asset, typically from a fingerprinting source. This input will be parsed to produce a full fingerprint. This is the secondary means of specifying the operating system. Use |
|
|
|
| osFingerprint null |
OperatingSystem
The details of the operating system of the asset. |
|
|
|
| services null |
Service
The services discovered on the asset. |
|
|
|
| software null |
Software
The software discovered on the asset. |
|
|
|
| type null |
string
The type of asset. |
|
|
|
| userGroups null |
GroupAccount
The group accounts enumerated on the asset. |
|
|
|
| users null |
UserAccount
The user accounts enumerated on the asset. |
|
|
|
| vulnerabilities null |
AssetVulnerabilities
Summary information for vulnerabilities on the asset. |
|
|
|
200 OK
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
],
}
],
}
],
}
],
}
},
],
}
],
}
],
}
},
],
}
},
],
}
],
}
],
}
],
}
],
}
]
}
],
}
],
}
],
}
},
],
}
],
}
200 OK
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all assets for which you have access that match the given search criteria.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
param1
| filters null |
SwaggerSearchCriteriaFilter
Filters used to match assets. See Search Criteria for more information on the structure and format. |
|
|
|
| match null |
string
"any" "all"
Operator to determine how to match filters. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{ "match": "all", "filters": [ { "field": "service-name", "operator": "contains", "value": "ssh"} ] }
{ "match": "all", "filters": [ { "field": "risk-score", "operator": "is-greater-than", "value": 5000 }, { "field": "operating-system", "operator": "contains", "value": "windows" }, { "field": "service-name", "operator": "contains", "value": "ssh" } ] }
{ "match": "all", "filters": [ { "field": "operating-system", "operator": "contains", "value": "Microsoft Windows 10" } ] }
{ "match": "all", "filters": [ { "field": "owner-tag", "operator": "contains", "value": "Bob" }, { "field": "vulnerability-cvss-score", "operator": "is-greater-than", "value": 8 } ] }
{ "match": "all", "filters": [ { "field": "location-tag", "operator": "contains", "value": "Los Angeles Datacenter" }, { "field": "containers", "operator": "are", "value": "0" }, { "field": "service-name", "operator": "contains", "value": "ssh" } ] }
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
},
],
}
},
],
}
],
}
],
}
],
}
],
}
],
}
]
}
],
}
],
}
],
}
},
],
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the specified asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
},
],
}
},
],
}
],
}
],
}
],
}
],
}
],
}
]
}
],
}
],
}
],
}
},
],
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the databases enumerated on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the files discovered on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the services discovered on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the service running a port and protocol on the asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
],
}
],
}
],
}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the configuration (properties) of a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the databases running on a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the user groups enumerated on a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the users enumerated on a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the web applications running on a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns a web application running on a port and protocol on an asset.
The identifier of the asset.
The protocol of the service.
The port of the service.
The identifier of the web application.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the software on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns tags assigned to an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
],
}
]
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Assigns the specified tag to the asset.
The identifier of the asset.
The identifier of the tag.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the specified tag from the asset's tags.
The identifier of the asset.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns user groups enumerated on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns users enumerated on an asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all operating systems discovered across all assets.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for an operating system.
The identifier of the operating system.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all software enumerated on any asset.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for software.
The identifier of the software.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Resources for managing and viewing the mechanisms used to automatically discover assets.
Returns all discovery connections.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns a discovery connection.
The identifier of the discovery connection.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Attempts to reconnect the discovery connection.
The identifier of the discovery connection.
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all sonar queries.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a sonar query.
param0
| criteria null |
SonarCriteria
The search criteria used to search for assets from the Sonar API. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
The name of the Sonar query. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
]
}
],
}
{ "criteria": { "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" } ] }, "name": "Assets In IP Range" }
{ "criteria": { "filters": [ { "type": "domain-contains", "domain": "acme.com" }, { "type": "scan-date-within-the-last", "days": "30" } ] }, "name": "Recently Scanned ACME Assets" }
{ "criteria": { "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }, { "type": "scan-date-within-the-last", "days": "30" } ] }, "name": "Recently Scanned Assets in IP Range" }
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Executes a Sonar query to discover assets with the given search criteria.
param0
| filters null |
SonarCriterion
The filters in the Sonar query. |
||||||||||||||||||||
|
|||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{ "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" } ] }
{ "filters": [ { "type": "domain-contains", "domain": "acme.com"}, { "type": "scan-date-within-the-last", "days": "30"} ] }
{ "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }, { "type": "scan-date-within-the-last", "days": "30" } ] }
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
[]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns a sonar query.
The identifier of the Sonar query.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates a sonar query.
The identifier of the Sonar query.
param1
| criteria null |
SonarCriteria
The search criteria used to search for assets from the Sonar API. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
The name of the Sonar query. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
]
}
],
}
{ "criteria": { "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" } ] }, "name": "Assets In IP Range" }
{ "criteria": { "filters": [ { "type": "domain-contains", "domain": "acme.com" }, { "type": "scan-date-within-the-last", "days": "30" } ] }, "name": "Recently Scanned ACME Assets" }
{ "criteria": { "filters": [ { "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }, { "type": "scan-date-within-the-last", "days": "30" } ] }, "name": "Recently Scanned Assets in IP Range" }
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a sonar query.
The identifier of the Sonar query.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the assets that are discovered by a Sonar query.
The identifier of the Sonar query.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all asset groups.
The type of asset group.
A search pattern for the name of the asset group. Searches are case-insensitive contains.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new asset group. The searchCriteria field can be passed no matter what the type of the asset group is. The asset group type changes when the assets are refreshed. Dynamic asset groups constantly refreshed their membership as assets are scanned whereas static asset groups do not change membership automatically.
See the Search Criteria for more information on using dynamic criteria.
The details of the asset group.
| description null |
string
The description of the asset group. |
|
|
|
| name null |
string
Required
The name of the asset group. |
|
|
|
| searchCriteria null |
SearchCriteria
Search criteria used to determine dynamic membership, if |
|
|
|
| type null |
string
Required
"static" "dynamic"
The type of the asset group. |
|
|
|
| vulnerabilities null |
Vulnerabilities
Summary information for distinct vulnerabilities found on the assets. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
]
{ "description": "A Static Asset Group With No Assets. In order to add assets to this group you can POST to the /assets endpoint or PUT to the /assets/{assetID} endpoint.", "name": "Empty Static Asset Groups", "type": "static" }
{ "description": "A Static Asset Group with Assets that are Linux Assets running Containers (With Low Access Complexity Vulnerabilities) for remediation purposes.", "name": "Container Hosts - Linux", "searchCriteria": { "filters": [ { "field": "operating-system", "operator": "contains", "value": "linux" }, { "field": "containers", "operator": "are", "value": 0 }, { "field": "cvss-access-complexity", "operator": "is", "value": "L" } ], "match": "all" }, "type": "static" }
{ "description": "A Static Asset Group with Assets that are Linux Assets running Containers (With Low Access Complexity Vulnerabilities) for remediation purposes.", "name": "Container Hosts - Linux", "searchCriteria": { "filters": [ { "field": "operating-system", "operator": "contains", "value": "linux" }, { "field": "containers", "operator": "are", "value": 0 }, { "field": "cvss-access-complexity", "operator": "is", "value": "L" } ], "match": "all" }, "type": "dynamic" }
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns an asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the details of an asset group. See the search criteria endpoint (/search_criteria) for more information about building the search criteria and examples.
The identifier of the asset group.
The details of the asset group.
| description null |
string
The description of the asset group. |
|
|
|
| name null |
string
Required
The name of the asset group. |
|
|
|
| searchCriteria null |
SearchCriteria
Search criteria used to determine dynamic membership, if |
|
|
|
| type null |
string
Required
"static" "dynamic"
The type of the asset group. |
|
|
|
| vulnerabilities null |
Vulnerabilities
Summary information for distinct vulnerabilities found on the assets. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links for the assets that belong to an asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates all the assets that belong to a static asset group.
The identifier of the asset group.
The assets to place in the asset group.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the assets from the given static asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds an asset to a static asset group.
The identifier of the asset group.
The identifier of the asset.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes an asset from an asset group.
The identifier of the asset group.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the search criteria of a dynamic asset group.For a reference of valid search criteria input see the Asset Search resource.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the search criteria of a dynamic asset group. For a reference of valid search criteria input see the Asset Search resource.
The identifier of the asset group.
The search criteria specification.
| filters null |
SwaggerSearchCriteriaFilter
Filters used to match assets. See Search Criteria for more information on the structure and format. |
|
|
|
| match null |
string
"any" "all"
Operator to determine how to match filters. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{ "description": "This is an asset group that contains assets that have not been recently scanned in our Los Angeles Datacenter that are also high risk.", "name": "Stale Los Angeles Assets (High Risk)", "type": "dynamic", "searchCriteria": { "match": "all", "filters": [ { "field": "location-tag", "operator": "contains", "value": "Los Angeles Datacenter" }, { "field": "risk-score", "operator": "is-greater-than", "value": 5000 }, { "field": "last-scan-date", "operator": "is-on-or-before", "value": "2016-12-31" } ] } }
{ "description": "This is an asset group that contains Windows Assets that are not PCI compliant and not assigned to an owner.", "name": "Unassigned PCI Incompliant Windows Assets", "type": "dynamic", "searchCriteria": { "match": "all", "filters": [ { "field": "pci-compliance", "operator": "is", "value": "0" }, { "field": "owner-tag", "operator": "is-not-applied" }, { "field": "operating-system", "operator": "contains", "value": "windows" } ] } }
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the tags assigned to an asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the tags of an asset group.
The identifier of the asset group.
The tags to associate to the asset group.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes all tag associations from the asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds a tag to an asset group.
The identifier of the asset group.
The identifier of the tag.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a tag from an asset group.
The identifier of the asset group.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links for the users with access to this asset group.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants users with sufficient privileges access to an asset group.
The identifier of the asset group.
The users to grant access to the asset group.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants a user with sufficient privileges access to the asset group.
The identifier of the asset group.
The identifier of the user.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a user's access from an asset group.
The identifier of the asset group.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all defined shared credential resources.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new shared credential.
The specification of a shared credential.
| account null |
SharedCredentialAccount
Required
Specify the type of service to authenticate as well as all of the information required by that service.
service string
"as400"
"cifs"
"cifshash"
"cvs"
"db2"
"ftp"
"http"
"ms-sql"
"mysql"
"notes"
"oracle"
"pop"
"postgresql"
"remote-exec"
"snmp"
"snmpv3"
"ssh"
"ssh-key"
"sybase"
"telnet"
The type of service to authenticate with.
The following are the names of the valid values for service:
The following is a specification of supported credential properties for each type of service. These properties are to be specified within the
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
ntlmHash string Required
The NTLM password hash. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
realm string
The realm.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The Notes ID password. Note: This property is not returned in responses for security.
notesIDPassword string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
sid string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
enumerateSids boolean
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to
oracleListenerPassword string
The Oracle Net Listener password. Used to enumerate SIDs from your environment.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
communityName string Required
The community name that will be used for authenticating. Note: This property is not returned in responses for security.
authenticationType string Required
"no-authentication"
"md5"
"sha"
The authentication protocols available to use in SNMP v3.
username string Required
The user name for the account that will be used for authenticating.
password string
The password for the account that will be used for authenticating. Is required when the property
privacyType string
"no-privacy"
"des"
"aes-128"
"aes-192"
"aes-192-with-3-des-key-extension"
"aes-256"
"aes-265-with-3-des-key-extension"
The privacy protocols available to use in SNMP v3.
privacyPassword string
The privacy password for the account that will be used for authenticating. Is required when the property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
username string Required
The user name for the account that will be used for authenticating.
privateKeyPassword string Required
The password for private key. Note: This property is not returned in responses for security.
pemKey string Required
The PEM-format private key. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| description null |
string
The description of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| hostRestriction null |
string
The host name or IP address that you want to restrict the credentials to. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| id null |
integer <int32>
The identifier of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| name null |
string
Required
The name of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| portRestriction null |
integer <int32>
[ 1 .. 65535 ]
Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| siteAssignment null |
string
Required
Assigns the shared scan credential either to be available to all sites or to a specific list of sites. The following table describes each supported value:
Shared scan credentials assigned to a site can disabled within the site configuration, if needed. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| sites null |
integer <int32>
List of site identifiers. These sites are explicitly assigned access to the shared scan credential, allowing the site to use the credential for authentication during a scan. This property can only be set if the value of property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
]
{ "name": "CIFS Administrator", "description": "This is a cifs credential for an administrator", "account": { "service": "cifs", "username": "joe_smith@acme.com", "password": "******", "domain": "acme" }, "siteAssignment": "all-sites" }
{ "name": "MS SQL Administrator", "description": "This is an administrator credential for a Microsoft SQL Server database. Configured to use windows authentication. Credential is not assigned to any sites by default.", "account": { "service": "ms-sql", "database": "usersdb", "useWindowsAuthentication": true, "domain": "acme", "username": "admin", "password": "******" }, "siteAssignment": "specific-sites", "hostRestriction": "machine1.acme.com" }
{ "name": "Oracle DB Administrator", "description": "This is an administrator credential for an Oracle database. Credential is assigned to a single site.", "account": { "service": "oracle", "sid": "usersdb", "username": "admin", "password": "******", "enumerateSids": true, "oracleListenerPassword": "******" }, "siteAssignment": "specific-sites", "sites": [1], "hostRestriction": "192.168.1.1" }
{ "name": "SNMP v3 Administator", "account": { "service": "snmpv3", "authenticationType": "md5", "username": "admin", "password": "******", "privacyType": "aes-256", "privacyPassword": "******" }, "siteAssignment": "all-sites" }
{ "name": "SSH Administrator", "description": "This is an SSH credential for an administrator. Credential is assigned to all sites.", "account": { "service": "ssh", "username": "admin", "password": "******" }, "siteAssignment": "all-sites" }
{ "name": "SSH User (permission elevation with sudo+su)", "description": "This is an SSH credential for an non-administrative user. Credential is configured to perform permission elevation using sudo+su for additional access.", "account": { "service": "ssh", "username": "jsmith", "password": "******", "permissionElevation": "sudosu", "permissionElevationUserName": "root", "permissionElevationPassword": "******" }, "siteAssignment": "all-sites" }
{ "name": "SSH Public Key credential (permission elevation with sudo)", "description": "This is an SSH credential for a non-administrative user using a PEM-format private key. Credential is also configured to elevate permissions using sudo.", "account": { "service": "ssh-key", "username": "admin", "privateKeyPassword": "*******", "pemKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,0D364155CB54D4B485BDB3B11B76BF59\n\nGLH7n9qeWzZ43g8d5ZNo9BcSWGXo7i8yd3ig9SLKXJd9GoxOrI4OepxZbhOJFDC9\nXer799R8M4+ZGUwIC14R4lfzgKjcqEBCzya/c99MxK9Haz8pt5BjTMtUQRWO5y+/\nyySosHRVebB05TuMhmLnJkNnDfTYwT+Hnvdhu/2ArEm2FN9Rr+guumwhQeGxUha5\n7zjjSimLYjuU2uayjgFLfnh9g/Fe24qmHCw80z+nuHsm9WMWeoeOdmMrMmxhLxUb\nb+zYZs/xRYjKgBMTRiXNSK9UIy21t2+7TUzeyDwfvHq0f5KpinhD1vzYSL+N0k/H\ndg6vqM1gD/DLb+eKoAGpXTE0gpHWcXLg526ivlyZEpAxbuyGPVQ+7IIGytjxN7lG\nJyvbk3fpKDwIJLDOFN4eb9DUaUoqyarqVl44BZhcs7mM0Cvn49IA7PfhcznLv4rJ\netAoZ2Tjt0AiM774+4X29EaYBGXKGC3SYKfiznoEEy1Jpi6Akwxz4FKCEazH1wce\nUaUS/N8VbquMPTqcLjCfoztdOgk65j4FczGt22CtGz4Ns8XB0KRM9fcVQFD4ZmRQ\ni9Sr2onZUAMuvg3R6ZNdpm7FtQhNEpqV432TJdNZEMbXlDmG61P2vgILugKmu56r\ngZfgI1QMUSUzZrnH+DXn0GY9KycRKTpY6L8PSUeTVyhDUFlTrTchvbnFf7LpVRRj\n0+99EUxQFIogXt2rNuj6qioEpabh6rGtIPjICEkue75n2Y4Eu+pdPpSFAPNXLuMB\nCcvoydmxWkBcq/wrCWcTKdKbGKXEj1xvHXAdUwcmlhXpn1igxcwRtcpwrN8cyRRB\nddc1dDX6X/6iEnnWdDDWHZYjaMLUWVO0pPXzSEsZMFhS3wPvY1lg1Ertiag6DD0Q\nwnJq19fJ5M8ehu9qMBdHgPIWdcZBMXSvaQqZ8gBtMO5UyuLA5BTP0yb6Jh3foXCq\nCPihqYSCGUtXzupJCr/oE+jOaYNWjL5icEU0llA6lr71WWdj3b1OwrUTlrmgA0nK\nxZu6LrqRT+nxbd4phYbkqmhXccq9H/d8pcZwKwPtF+z8HoZXSddaACYFAqY4eaxa\nNRk2Zt1JJ+tUsNT9LLV1tUrQ+q1JsKlJp7LW60loljiex8uadsvzwnKIdoom8q0I\nroXHdrwwqyubf4yYApRckbgzW9gLPbclKSqsVFGsDB+KysDYmg3QlTpkrgGl2555\naQ7Z2TWWvcVL3y7z1l1F238m11LxKUY8Uvu7enpQ/gTrqQ1qqIi2/yv+LvZmAXWV\nCFO2lMafpmmHjHEAI5ifXYzZlHCXYBHGHYJdGALFuhODiQqF4pOJI8CX/00msnlJ\nbMH0+dGnk2AviiaLXb7eCZ7mELCX+Ah+00UU75Vdv7O3vhGHpjuMULvbLW2uo+cw\n6rogJ4SfUBb0t+yS970Xty650DgpHYxCzDwZZzrQqPuX6SeOD8AnXuJL3cl3B5YU\n60IPVJPsONIwvJlvZuiij4V8L95usGtvDVsexBKQlj3sSVZ5egICMBjkduEyDl3O\nxOZtdnqktsWNF5XYUfa/8/HUYnN35g0UktpmKlg0yxhAxUAn4lENAY8xvhMGsSCO\n-----END RSA PRIVATE KEY-----", "permissionElevation": "sudo", "permissionElevationUserName": "root", "permissionElevationPassword": "*******" }, "siteAssignment": "all-sites" }
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all shared credentials.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified shared credential.
The identifier of the credential.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified shared credential.
The identifier of the credential.
The specification of the shared credential to update.
| account null |
SharedCredentialAccount
Required
Specify the type of service to authenticate as well as all of the information required by that service.
service string
"as400"
"cifs"
"cifshash"
"cvs"
"db2"
"ftp"
"http"
"ms-sql"
"mysql"
"notes"
"oracle"
"pop"
"postgresql"
"remote-exec"
"snmp"
"snmpv3"
"ssh"
"ssh-key"
"sybase"
"telnet"
The type of service to authenticate with.
The following are the names of the valid values for service:
The following is a specification of supported credential properties for each type of service. These properties are to be specified within the
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
ntlmHash string Required
The NTLM password hash. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
realm string
The realm.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The Notes ID password. Note: This property is not returned in responses for security.
notesIDPassword string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
sid string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
enumerateSids boolean
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to
oracleListenerPassword string
The Oracle Net Listener password. Used to enumerate SIDs from your environment.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
communityName string Required
The community name that will be used for authenticating. Note: This property is not returned in responses for security.
authenticationType string Required
"no-authentication"
"md5"
"sha"
The authentication protocols available to use in SNMP v3.
username string Required
The user name for the account that will be used for authenticating.
password string
The password for the account that will be used for authenticating. Is required when the property
privacyType string
"no-privacy"
"des"
"aes-128"
"aes-192"
"aes-192-with-3-des-key-extension"
"aes-256"
"aes-265-with-3-des-key-extension"
The privacy protocols available to use in SNMP v3.
privacyPassword string
The privacy password for the account that will be used for authenticating. Is required when the property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
username string Required
The user name for the account that will be used for authenticating.
privateKeyPassword string Required
The password for private key. Note: This property is not returned in responses for security.
pemKey string Required
The PEM-format private key. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| description null |
string
The description of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| hostRestriction null |
string
The host name or IP address that you want to restrict the credentials to. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| id null |
integer <int32>
The identifier of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| name null |
string
Required
The name of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| portRestriction null |
integer <int32>
[ 1 .. 65535 ]
Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| siteAssignment null |
string
Required
Assigns the shared scan credential either to be available to all sites or to a specific list of sites. The following table describes each supported value:
Shared scan credentials assigned to a site can disabled within the site configuration, if needed. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| sites null |
integer <int32>
List of site identifiers. These sites are explicitly assigned access to the shared scan credential, allowing the site to use the credential for authentication during a scan. This property can only be set if the value of property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified shared scan credential.
The identifier of the credential.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of policies with compliance results for the specified asset.
The identifier of the asset.
An optional boolean parameter indicating the policies retrieved should only include those with a policy compliance status of either a PASS of FAIL result. Default value is false, which will also include policies with a compliance status of NOT_APPLICABLE.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy with rule compliance results for the specified asset.
The identifier of the asset.
The identifier of the policy
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
],
}
},
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy group with rule compliance results for the specified asset.
The identifier of the asset.
The identifier of the policy
The identifier of the policy group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
],
}
},
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of policy rules defined directly, or indirectly, underneath the specified policy group and the compliance results for the specified asset.
The identifier of the asset.
The identifier of the policy
The identifier of the policy group.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of policy rules with compliance results for the specified asset and policy.
The identifier of the asset.
The identifier of the policy
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of policies.
Filters the retrieved policies with those whose titles that match the parameter.
Flag indicating the policies retrieved should only include those with Pass or Fail compliance results. The list of scanned policies is based on the user's list of accessible assets.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy.
The identifier of the policy
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
],
}
},
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified policy.
The identifier of the policy
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves asset resources with rule compliance results for the specified policy.
The identifier of the policy
An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is false, which will also include assets with a compliance status of NOT_APPLICABLE.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves an asset resource with rule compliance results for the specified asset and policy.
The identifier of the policy
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of policy groups for the specified policy.
The identifier of the policy
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified policy group.
The identifier of the policy
The identifier of the policy group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
},
],
}
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves asset resources with rule compliance status against all rules under the specified policy group.
The identifier of the policy
The identifier of the policy group.
An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is false, which will also include assets with a compliance status of NOT_APPLICABLE.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves an asset resource with rule compliance status against all rules under the specified policy group.
The identifier of the policy
The identifier of the policy group.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy group.
The identifier of the policy
The identifier of the policy group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
],
}
},
],
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of policy rules defined directly, or indirectly, underneath the specified policy group.
The identifier of the policy
The identifier of the policy group.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of policy rules for the specified policy.
The identifier of the policy
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of disabled policy rules for the specified policy.
The identifier of the policy
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified policy rule.
The identifier of the policy
The identifier of the policy rule.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
},
],
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves asset resources with rule compliance results for the specified policy policy rule.
The identifier of the policy
The identifier of the policy rule.
An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is false, which will also include assets with a compliance status of NOT_APPLICABLE.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves an asset resource with rule compliance results for the specified policy policy rule.
The identifier of the policy
The identifier of the policy rule.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the policy rule proof captured during evaluation against the specified asset.
The identifier of the policy
The identifier of the policy rule.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all NIST SP 800-53 controls mappings for each CCE within the specified policy rule.
The identifier of the policy
The identifier of the policy rule.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the policy rule rationale for the specified policy.
The identifier of the policy
The identifier of the policy rule.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the policy rule remediation for the specified policy.
The identifier of the policy
The identifier of the policy rule.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a compliance summary of all policies.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves policy overrides defined on policy rules for the specified asset.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
],
}
},
],
}
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves policy overrides defined on policy rules.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
},
],
}
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Submit a policy override. The policy override can be submitted or it can be submitted and approved in a single request.
The specification of a policy override. Allows users to override the compliance result of a policy rule.
| expires null |
string
The date the policy override is set to expire. Date is represented in ISO 8601 format. |
||||||||||||||||||
|
|
|||||||||||||||||||
| links null |
Link
|
||||||||||||||||||
|
|
|||||||||||||||||||
| review null |
PolicyOverrideReviewer
Details regarding the review and/or approval of the policy override. |
||||||||||||||||||
|
|
|||||||||||||||||||
| scope null |
PolicyOverrideScope
Required
The scope of the policy override. Indicates which assets' policy compliance results are to be affected by the override. |
||||||||||||||||||
|
|
|||||||||||||||||||
| state null |
string
Required
The state of the policy override. Can be one of the following values:
|
||||||||||||||||||
|
|
|||||||||||||||||||
| submit null |
PolicyOverrideSubmitter
Required
Details regarding the submission of the policy override. |
||||||||||||||||||
|
|
|||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
}
]
}
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieve the specified policy override.
The identifier of the policy override.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
},
],
}
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a policy override created for a policy rule.
The identifier of the policy override.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Get the expiration date for a policy override.
The identifier of the policy override.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Set the expiration date for a policy override. This must be a valid date in the future.
The identifier of the policy override.
The date the policy override is set to expire. Date is represented in ISO 8601 format.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Update the status of the specified policy override. The status can be one of the following: "recall", "approve", or "reject".
The identifier of the policy override.
Policy Override Status
A comment describing the change of the policy override status.
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
"string"
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the highest-superceding rollup solutions for a vulnerability on an asset. The solution(s) selected will be the most recent and cost-effective means by which the vulnerability can be remediated.
The identifier of the asset.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
],
}
},
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Resources and operations for managing and generating reports. Reports are broadly categorized into document, export, and file types. document reports use section-based report templates to control the output and can be generated in several formats. export reports are designed to output their contents into a specific file format. file reports are templatized reports that output based on the format of a template file. Reports can be configured to generate on a schedule and be distributed via email to specific recipients.
Returns all available report formats. A report format indicates an output file format specification (e.g. PDF, XML, etc). Some printable formats may be templated, and others may not. The supported templates for each formated are provided.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all available report templates.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details of a report template. Report templates govern the contents generated within a report.
The identifier of the report template;
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all defined report configurations.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
},
},
],
}
},
},
],
],
]
}
]
},
],
},
],
}
},
],
],
],
]
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Configures a new report for generation. Report types are controlled through either or both a format and template. Non-templatized (export) report formats do not require a template and have their output format preset. Templatized (document and file) report formats support a report template that governs the content of the output and the output format can be chosen from a list of supported formats.
The specification of a report configuration.
| bureau null |
string
The name of the bureau for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| component null |
string
The name of the component for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| database null |
ReportConfigDatabaseResource
Configuration for database export. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| email null |
ReportEmail
Email distribution settings for the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| enclave null |
string
The name of the enclave for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| filters null |
ReportConfigFiltersResource
Filters applied to the contents of the report. The supported filters for a report vary by format and template.
categories Object
The vulnerability categories to include or exclude in the report. Only included or excluded may be specified, not both.
included Array[string]
The identifiers of the vulnerability categories to included in the report.
excluded Array[string]
The identifiers of the vulnerability categories to exclude in the report.
severity string
"all"
"critical"
"critical-and-severe"
The vulnerability severities to include in the report.
statuses Array[string]
"vulnerable"
"vulnerable-version"
"potentially-vulnerable"
"vulnerable-and-validated"
The vulnerability statuses to include in the report. If
"vulnerable-and-validated" is selected
no other values can be specified.
The following filter elements may be defined for non-templatized report formats:
The following filter elements may be defined for templatized report formats:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| format null |
string
The output format of the report. The format will restrict the available templates and parameters that can be specified. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| frequency null |
ReportFrequency
The recurring frequency with which to generate the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| language null |
string
The locale (language) in which the report is generated |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| name null |
string
The name of the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| organization null |
string
The organization used for a XCCDF XML report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| owner null |
integer <int32>
The identifier of the report owner. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| policy null |
integer <int64>
The policy to report on. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| query null |
string
SQL query to run against the Reporting Data Model. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| scope null |
ReportConfigScopeResource
The scope of the report. Scope is an object that has the following properties that vary by format and template:
assets Array[integer <int32>]
The identifiers of the assets to report on.
sites Array[integer <int32>]
The identifiers of the sites to report on.
assetGroups Array[integer <int32>]
The identifiers of the asset to report on.
tags Array[integer <int32>]
The identifiers of the tag to report on.
scan integer <int32>
The identifier of the scan to report on.
The following scope elements may be defined for non-templatized report formats:
The following scope elements may be defined for templatized report formats:
If a report supports specifying a scan as the scope and a scan is specified, no other scope elements may be defined.
In all other cases as many different types of supported scope elements can be specified in any combination. All
reports except the |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| storage null |
ReportStorage
The additional storage location and path. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| template null |
string
The template for the report (only required if the format is templatized). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| timezone null |
string
The timezone the report generates in, such as |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| users null |
integer <int32>
The identifiers of the users granted explicit access to the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version null |
string
The version of the report Data Model to report against. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
},
],
}
},
},
],
],
]
}
]
},
},
},
],
],
],
]
},
{ "format": "nexpose-simple-xml", "name": "Scan Report for February scan", "filters": { "statuses": [ "vulnerable", "vulnerable-version" ] }, "scope": { "scan": 2 } }
{ "format": "qualys-xml", "name": "Qualys Export", "filters": { "severity": "critical-and-severe", "categories": { "included": [ "Adobe" ] } }, "scope": { "sites": [ 3 ] } }
{ "format": "oval-xml", "name": "OVAL XML", "policy": 32, "scope": { "sites": [ 17 ] } }
{ "format": "xccdf-csv", "name": "XCDDF CSV Report", "policy": 89, "scope": { "assets": [ 4, 7, 9, 22 ] }, "filters": { "severity": "critical" }, "frequency": { "start": "2017-11-30", "repeat": { "every": "week", "interval": 2 } } }
{ "format": "xccdf-xml", "name": "XCCDF XML", "policy": 12, "organization": "Acme Organization", "scope": { "tags": [ 4 ] }, "filters": { "severity": "critical" }, "frequency": { "start": "2018-11-30", "repeat": { "every": "date-of-month", "interval": 3, "dateOfMonth": "last" } } }
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the configuration details of a report.
The identifier of the report.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
},
],
}
},
},
],
],
]
}
]
},
],
},
],
}
},
],
],
],
]
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the configuration details of a report.
The identifier of the report.
The specification of a report configuration.
| bureau null |
string
The name of the bureau for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| component null |
string
The name of the component for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| database null |
ReportConfigDatabaseResource
Configuration for database export. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| email null |
ReportEmail
Email distribution settings for the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| enclave null |
string
The name of the enclave for a CyberScope report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| filters null |
ReportConfigFiltersResource
Filters applied to the contents of the report. The supported filters for a report vary by format and template.
categories Object
The vulnerability categories to include or exclude in the report. Only included or excluded may be specified, not both.
included Array[string]
The identifiers of the vulnerability categories to included in the report.
excluded Array[string]
The identifiers of the vulnerability categories to exclude in the report.
severity string
"all"
"critical"
"critical-and-severe"
The vulnerability severities to include in the report.
statuses Array[string]
"vulnerable"
"vulnerable-version"
"potentially-vulnerable"
"vulnerable-and-validated"
The vulnerability statuses to include in the report. If
"vulnerable-and-validated" is selected
no other values can be specified.
The following filter elements may be defined for non-templatized report formats:
The following filter elements may be defined for templatized report formats:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| format null |
string
The output format of the report. The format will restrict the available templates and parameters that can be specified. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| frequency null |
ReportFrequency
The recurring frequency with which to generate the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| language null |
string
The locale (language) in which the report is generated |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| name null |
string
The name of the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| organization null |
string
The organization used for a XCCDF XML report. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| owner null |
integer <int32>
The identifier of the report owner. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| policy null |
integer <int64>
The policy to report on. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| query null |
string
SQL query to run against the Reporting Data Model. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| scope null |
ReportConfigScopeResource
The scope of the report. Scope is an object that has the following properties that vary by format and template:
assets Array[integer <int32>]
The identifiers of the assets to report on.
sites Array[integer <int32>]
The identifiers of the sites to report on.
assetGroups Array[integer <int32>]
The identifiers of the asset to report on.
tags Array[integer <int32>]
The identifiers of the tag to report on.
scan integer <int32>
The identifier of the scan to report on.
The following scope elements may be defined for non-templatized report formats:
The following scope elements may be defined for templatized report formats:
If a report supports specifying a scan as the scope and a scan is specified, no other scope elements may be defined.
In all other cases as many different types of supported scope elements can be specified in any combination. All
reports except the |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| storage null |
ReportStorage
The additional storage location and path. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| template null |
string
The template for the report (only required if the format is templatized). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| timezone null |
string
The timezone the report generates in, such as |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| users null |
integer <int32>
The identifiers of the users granted explicit access to the report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version null |
string
The version of the report Data Model to report against. Only used when the format is |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
},
],
}
},
},
],
],
]
}
]
},
},
},
],
],
],
]
},
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the configuration of a report.
The identifier of the report.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Generates a configured report and returns the instance identifier of the report.
The identifier of the report.
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all historical details for generation of the report over time.
The identifier of the report.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a generation of the report.
The identifier of the report.
The identifier of the report instance.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a generation of the report.
The identifier of the report.
The identifier of the report instance.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the contents of a generated report. The report content is usually returned in a GZip compressed format.
The identifier of the report.
The identifier of the report instance.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all scans.
Return running scans or past scans (true/false value).
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the specified scan.
The identifier of the scan.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the scan status. Can pause, resume, and stop scans using this resource. In order to stop a scan the scan must be running or paused. In order to resume a scan the scan must be paused. In order to pause a scan the scan must be running.
The identifier of the scan.
The status of the scan.
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the scans for the specified site.
The identifier of the site.
Return running scans or past scans (true/false value).
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Starts a scan for the specified site.
The identifier of the site.
The details for the scan.
| engineId null |
integer <int32>
The identifier of the scan engine. |
|
|
|
| hosts null |
string
The hosts that should be included as a part of the scan. This should be a mixture of IP Addresses and Hostnames as a String array. |
|
|
|
| name null |
string
The user-driven scan name for the scan. |
|
|
|
| templateId null |
string
The identifier of the scan template |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns engine pools available to use for scanning.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new engine pool.
The details for the scan engine to update.
| engines null |
integer <int32>
The identifiers of the scan engines in the engine pool. |
|
|
|
| id null |
integer <int32>
Required
The identifier of the scan engine. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The name of the scan engine. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the details for an engine pool.
The identifier of the engine pool.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified engine pool.
The identifier of the engine pool.
The details for the scan engine to update.
| engines null |
integer <int32>
The identifiers of the scan engines in the engine pool. |
|
|
|
| id null |
integer <int32>
Required
The identifier of the scan engine. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The name of the scan engine. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified engine pool.
The identifier of the engine pool.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Get the engines in the engine pool.
The identifier of the engine pool.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Set the engines in the engine pool.
The identifier of the engine pool.
The identifiers of the scan engines to place into the engine pool.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Add an engine to the engine pool.
The identifier of the engine pool.
The identifier of the scan engine.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Remove the specified engine from the engine pool.
The identifier of the engine pool.
The identifier of the scan engine.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns links to the sites associated with this engine pool.
The identifier of the engine pool.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns scan engines available to use for scanning.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new scan engine.
The specification of a scan engine.
| address null |
string
Required
The address the scan engine is hosted. |
|
|
|
| id null |
integer <int32>
Required
The identifier of the scan engine. |
|
|
|
| name null |
string
Required
The name of the scan engine. |
|
|
|
| port null |
integer <int32>
Required
The port used by the scan engine to communicate with the Security Console. |
|
|
|
| sites null |
integer <int32>
A list of identifiers of each site the scan engine is assigned to. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the details for a scan engine.
The identifier of the scan engine.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified scan engine.
The identifier of the scan engine.
The specification of the scan engine to update.
| address null |
string
Required
The address the scan engine is hosted. |
|
|
|
| id null |
integer <int32>
Required
The identifier of the scan engine. |
|
|
|
| name null |
string
Required
The name of the scan engine. |
|
|
|
| port null |
integer <int32>
Required
The port used by the scan engine to communicate with the Security Console. |
|
|
|
| sites null |
integer <int32>
A list of identifiers of each site the scan engine is assigned to. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified scan engine.
The identifier of the scan engine.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of engine pools the scan engine is currently assigned to.
The identifier of the scan engine.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the scans that have been run on a scan engine.
The identifier of the scan engine.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of sites the specified scan engine is assigned to.
The identifier of the scan engine.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all scan templates.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
],
]
}
},
],
],
]
}
],
}
},
],
],
]
}
},
],
}
},
},
],
]
},
},
},
},
}
}
},
],
}
}
],
}
],
}
},
],
],
}
},
],
}
},
},
},
},
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new scan template.
The details of the scan template.
| checks null |
ScanTemplateVulnerabilityChecks
Settings for which vulnerability checks to run during a scan.
|
|
|
|
| database null |
ScanTemplateDatabase
Settings for discovery databases. |
|
|
|
| description null |
string
A verbose description of the scan template.. |
|
|
|
| discovery null |
ScanTemplateDiscovery
Discovery settings used during a scan. |
|
|
|
| discoveryOnly null |
boolean
Whether only discovery is performed during a scan. |
|
|
|
| enableWindowsServices null |
boolean
Whether Windows services are enabled during a scan. Windows services will be temporarily reconfigured when this option is selected. Original settings will be restored after the scan completes, unless it is interrupted. |
|
|
|
| enhancedLogging null |
boolean
Whether enhanced logging is gathered during scanning. Collection of enhanced logs may greatly increase the disk space used by a scan. |
|
|
|
| maxParallelAssets null |
integer <int32>
The maximum number of assets scanned simultaneously per scan engine during a scan. |
|
|
|
| maxScanProcesses null |
integer <int32>
The maximum number of scan processes simultaneously allowed against each asset during a scan. |
|
|
|
| name null |
string
A concise name for the scan template. |
|
|
|
| policy null |
Policy
Policy configuration settings used during a scan. |
|
|
|
| policyEnabled null |
boolean
Whether policy assessment is performed during a scan. |
|
|
|
| telnet null |
Telnet
Settings for interacting with the Telnet protocol. |
|
|
|
| vulnerabilityEnabled null |
boolean
Whether vulnerability assessment is performed during a scan. |
|
|
|
| web null |
ScanTemplateWebSpider
Web spider settings used during a scan. |
|
|
|
| webEnabled null |
boolean
Whether web spidering and assessment are performed during a scan. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
]
},
],
]
},
],
]
},
},
},
],
]
},
},
},
},
}
}
},
}
},
],
},
},
},
},
},
],
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns a scan template.
The identifier of the scan template
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
],
]
}
},
],
],
]
}
],
}
},
],
],
]
}
},
],
}
},
},
],
]
},
},
},
},
}
}
},
],
}
}
],
}
],
}
},
],
],
}
},
],
}
},
},
},
},
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates a scan template.
The identifier of the scan template
The details of the scan template.
| checks null |
ScanTemplateVulnerabilityChecks
Settings for which vulnerability checks to run during a scan.
|
|
|
|
| database null |
ScanTemplateDatabase
Settings for discovery databases. |
|
|
|
| description null |
string
A verbose description of the scan template.. |
|
|
|
| discovery null |
ScanTemplateDiscovery
Discovery settings used during a scan. |
|
|
|
| discoveryOnly null |
boolean
Whether only discovery is performed during a scan. |
|
|
|
| enableWindowsServices null |
boolean
Whether Windows services are enabled during a scan. Windows services will be temporarily reconfigured when this option is selected. Original settings will be restored after the scan completes, unless it is interrupted. |
|
|
|
| enhancedLogging null |
boolean
Whether enhanced logging is gathered during scanning. Collection of enhanced logs may greatly increase the disk space used by a scan. |
|
|
|
| maxParallelAssets null |
integer <int32>
The maximum number of assets scanned simultaneously per scan engine during a scan. |
|
|
|
| maxScanProcesses null |
integer <int32>
The maximum number of scan processes simultaneously allowed against each asset during a scan. |
|
|
|
| name null |
string
A concise name for the scan template. |
|
|
|
| policy null |
Policy
Policy configuration settings used during a scan. |
|
|
|
| policyEnabled null |
boolean
Whether policy assessment is performed during a scan. |
|
|
|
| telnet null |
Telnet
Settings for interacting with the Telnet protocol. |
|
|
|
| vulnerabilityEnabled null |
boolean
Whether vulnerability assessment is performed during a scan. |
|
|
|
| web null |
ScanTemplateWebSpider
Web spider settings used during a scan. |
|
|
|
| webEnabled null |
boolean
Whether web spidering and assessment are performed during a scan. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
]
},
],
]
},
],
]
},
},
},
],
]
},
},
},
},
}
}
},
}
},
],
},
},
},
},
},
],
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes a scan template.
The identifier of the scan template
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of assets linked with the specified site.
The identifier of the site.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
],
}
},
],
}
},
],
}
],
}
],
}
],
}
],
}
],
}
]
}
],
}
],
}
],
}
},
],
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes all assets from the specified site. Assets will be deleted entirely from the Security Console if either Asset Linking is disabled or if Asset Linking is enabled and the asset only existed in this site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves a paged resource of accessible sites.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new site with the specified configuration.
Resource for creating a site configuration.
| description null |
string
The site's description. |
|
|
|
| engineId null |
integer <int32>
The identifier of a scan engine. Default scan engine is selected when not specified. |
|
|
|
| importance null |
string
"very_low" "low" "normal" "high" "very_high"
The site importance. Defaults to |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The site name. Name must be unique. |
|
|
|
| scan null |
ScanScope
Defines the scope of scan targets for the site, which can be addresses, or asset groups, for static sites and a discovery configuration for dynamic sites. Only one property must be set by the user when saving a site. |
|
|
|
| scanTemplateId null |
string
The identifier of a scan template. Default scan template is selected when not specified. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
}
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the site with the specified identifier.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the configuration of the site with the specified identifier.
The identifier of the site.
Resource for updating a site configuration.
| description null |
string
The site's description. |
|
|
|
| engineId null |
integer <int32>
Required
The identifier of a scan engine. |
|
|
|
| importance null |
string
Required
"very_low" "low" "normal" "high" "very_high"
The site importance. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The site name. Name must be unique. |
|
|
|
| scanTemplateId null |
string
Required
The identifier of a scan template. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
site.delete.description
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieve all alerts defined in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all alerts from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all SMTP alerts defined in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
}
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new SMTP alert for the specified site.
The identifier of the site.
Resource for creating a new SMTP alert.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| limitAlertText null |
boolean
Reports basic information in the alert, if enabled. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| recipients null |
string
Required
The recipient list. At least one recipient must be specified. Each recipient must be a valid e-mail address. |
|
|
|
| relayServer null |
string
Required
The SMTP server/relay to send messages through. |
|
|
|
| senderEmailAddress null |
string
The sender e-mail address that will appear in the from field. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
],
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates all SMTP alerts for the specified site in a single request using the array of resources defined in the request body.
The identifier of the site.
Array of resources for updating all SMTP alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| limitAlertText null |
boolean
Reports basic information in the alert, if enabled. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| recipients null |
string
Required
The recipient list. At least one recipient must be specified. Each recipient must be a valid e-mail address. |
|
|
|
| relayServer null |
string
Required
The SMTP server/relay to send messages through. |
|
|
|
| senderEmailAddress null |
string
The sender e-mail address that will appear in the from field. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
}
},
},
],
}
],
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all SMTP alerts from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified SMTP alert.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified SMTP alert.
The identifier of the site.
The identifier of the alert.
Resource for updating the specified SMTP alert.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| limitAlertText null |
boolean
Reports basic information in the alert, if enabled. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| recipients null |
string
Required
The recipient list. At least one recipient must be specified. Each recipient must be a valid e-mail address. |
|
|
|
| relayServer null |
string
Required
The SMTP server/relay to send messages through. |
|
|
|
| senderEmailAddress null |
string
The sender e-mail address that will appear in the from field. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
],
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified SMTP alert from the site.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all SNMP alerts defined in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new SNMP alert for the specified site.
The identifier of the site.
Resource for creating a new SNMP alert.
| community null |
string
Required
The SNMP community name. |
|
|
|
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The SNMP management server. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates all SNMP alerts for the specified site in a single request using the array of resources defined in the request body.
The identifier of the site.
Array of resources for updating all SNMP alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
| community null |
string
Required
The SNMP community name. |
|
|
|
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The SNMP management server. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
}
},
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all SNMP alerts from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified SNMP alert.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified SNMP alert.
The identifier of the site.
The identifier of the alert.
Resource for updating the specified SNMP alert.
| community null |
string
Required
The SNMP community name. |
|
|
|
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The SNMP management server. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified SNMP alert from the site.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all Syslog alerts defined in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new Syslog alert for the specified site.
The identifier of the site.
Resource for creating a new Syslog alert.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The Syslog server to send messages to. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates all Syslog alerts for the specified site in a single request using the array of resources defined in the request body.
The identifier of the site.
Array of resources for updating all Syslog alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The Syslog server to send messages to. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
}
},
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all Syslog alerts from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified Syslog alert.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified Syslog alert.
The identifier of the site.
The identifier of the alert.
Resource for updating the specified Syslog alert.
| enabled null |
boolean
Required
Flag indicating the alert is enabled. |
|
|
|
| enabledScanEvents null |
ScanEvents
Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| enabledVulnerabilityEvents null |
VulnerabilityEvents
Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of |
|
|
|
| id null |
integer <int32>
The identifier of the alert. |
|
|
|
| links null |
Link
|
|
|
|
| maximumAlerts null |
integer <int32>
>= 1
The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of |
|
|
|
| name null |
string
Required
The name of the alert. |
|
|
|
| notification null |
string
Required
"SMTP" "SNMP" "Syslog"
The type of alert. |
|
|
|
| server null |
string
Required
The Syslog server to send messages to. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified Syslog alert from the site.
The identifier of the site.
The identifier of the alert.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes an asset from a site. The asset will only be deleted if it belongs to no other sites.
The identifier of the site.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the discovery connection assigned to the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the discovery connection assigned to the site.
The identifier of the site.
The identifier of the discovery connection.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
0
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieve the search criteria of the dynamic site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Update the search criteria of the dynamic site.
The identifier of the site.
param1
| connectionType null |
string
"activesync-ldap" "activesync-office365" "activesync-powershell" "aws" "dhcp" "sonar" "vsphere"
The type of discovery connection configured for the site. This property only applies to dynamic sites. |
|
|
|
| filters null |
SwaggerDiscoverySearchCriteriaFilter
Filters used to match assets from a discovery connection. See Discovery Connection Search Criteria for more information on the structure and format. |
|
|
|
| match null |
string
"any" "all"
Operator to determine how to match filters. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the excluded asset groups in a static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the excluded asset groups in a static site.
The identifier of the site.
Array of asset group identifiers.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes all excluded asset groups from the specified static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the specified asset group from the excluded asset groups configured in the static site.
The identifier of the site.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the excluded targets in a static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the excluded targets in a static site.
The identifier of the site.
List of addresses to be the site's new excluded scan targets. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the included asset groups in a static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
],
}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the included asset groups in a static site.
The identifier of the site.
Array of asset group identifiers.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes all included asset groups from the specified static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the specified asset group from the included asset groups configured in the static site.
The identifier of the site.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the included targets in a static site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the included targets in a static site.
The identifier of the site.
List of addresses to be the site's new included scan targets. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the site organization information.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the site organization information.
The identifier of the site.
Resource for updating the specified site's organization information.
| address null |
string
The address. |
|
|
|
| city null |
string
The city. |
|
|
|
| contact null |
string
The contact person name. |
|
|
|
| country null |
string
The country. |
|
|
|
| email null |
string
The e-mail address. |
|
|
|
| jobTitle null |
string
The job title. |
|
|
|
| name null |
string
The organization name. |
|
|
|
| phone null |
string
The phone number. |
|
|
|
| state null |
string
The state. |
|
|
|
| url null |
string
The organization URL. |
|
|
|
| zipCode null |
string
The zip or region code. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the resource of the scan engine assigned to the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the assigned scan engine to the site.
The identifier of the site.
The identifier of the scan engine.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
0
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all scan schedules for the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
],
}
],
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new scan schedule for the specified site.
The identifier of the site.
Resource for a scan schedule.
| assets null |
ScheduledScanTargets
Allows one or more assets defined within the site to be scanned for this scan schedule. This property is only supported for static sites. When this property is |
||||||||||||
|
|
|||||||||||||
| duration null |
string
Specifies the maximum duration the scheduled scan is allowed to run. Scheduled scans that do not complete within specified duration will be paused. The scan duration are represented by the format
For example, |
||||||||||||
|
|
|||||||||||||
| enabled null |
boolean
Required
Flag indicating whether the scan schedule is enabled. |
||||||||||||
|
|
|||||||||||||
| id null |
integer <int32>
The identifier of the scan schedule. |
||||||||||||
|
|
|||||||||||||
| links null |
Link
|
||||||||||||
|
|
|||||||||||||
| onScanRepeat null |
string
Required
Specifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. The following table describes each supported value:
|
||||||||||||
|
|
|||||||||||||
| repeat null |
RepeatResource
Settings for repeating a scheduled task. |
||||||||||||
|
|
|||||||||||||
| scanEngineId null |
integer <int32>
The identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used. |
||||||||||||
|
|
|||||||||||||
| scanName null |
string
A user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching. Names must be unique. |
||||||||||||
|
|
|||||||||||||
| scanTemplateId null |
string
The identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used. |
||||||||||||
|
|
|||||||||||||
| start null |
string
Required
The scheduled start date and time. Date is represented in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time. |
||||||||||||
|
|
|||||||||||||
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
],
}
},
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates all scan schedules for the specified site in a single request using the array of resources defined in the request body.
The identifier of the site.
Array of resources for updating all scan schedules defined in the site. Scan schedules defined in the site that are omitted from this request will be deleted from the site.
| assets null |
ScheduledScanTargets
Allows one or more assets defined within the site to be scanned for this scan schedule. This property is only supported for static sites. When this property is |
||||||||||||
|
|
|||||||||||||
| duration null |
string
Specifies the maximum duration the scheduled scan is allowed to run. Scheduled scans that do not complete within specified duration will be paused. The scan duration are represented by the format
For example, |
||||||||||||
|
|
|||||||||||||
| enabled null |
boolean
Required
Flag indicating whether the scan schedule is enabled. |
||||||||||||
|
|
|||||||||||||
| id null |
integer <int32>
The identifier of the scan schedule. |
||||||||||||
|
|
|||||||||||||
| links null |
Link
|
||||||||||||
|
|
|||||||||||||
| onScanRepeat null |
string
Required
Specifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. The following table describes each supported value:
|
||||||||||||
|
|
|||||||||||||
| repeat null |
RepeatResource
Settings for repeating a scheduled task. |
||||||||||||
|
|
|||||||||||||
| scanEngineId null |
integer <int32>
The identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used. |
||||||||||||
|
|
|||||||||||||
| scanName null |
string
A user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching. Names must be unique. |
||||||||||||
|
|
|||||||||||||
| scanTemplateId null |
string
The identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used. |
||||||||||||
|
|
|||||||||||||
| start null |
string
Required
The scheduled start date and time. Date is represented in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time. |
||||||||||||
|
|
|||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
}
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
],
}
},
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all scan schedules from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified scan schedule.
The identifier of the site.
The identifier of the scan schedule.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
],
}
],
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified scan schedule.
The identifier of the site.
The identifier of the scan schedule.
Resource for updating the specified scan schedule.
| assets null |
ScheduledScanTargets
Allows one or more assets defined within the site to be scanned for this scan schedule. This property is only supported for static sites. When this property is |
||||||||||||
|
|
|||||||||||||
| duration null |
string
Specifies the maximum duration the scheduled scan is allowed to run. Scheduled scans that do not complete within specified duration will be paused. The scan duration are represented by the format
For example, |
||||||||||||
|
|
|||||||||||||
| enabled null |
boolean
Required
Flag indicating whether the scan schedule is enabled. |
||||||||||||
|
|
|||||||||||||
| id null |
integer <int32>
The identifier of the scan schedule. |
||||||||||||
|
|
|||||||||||||
| links null |
Link
|
||||||||||||
|
|
|||||||||||||
| onScanRepeat null |
string
Required
Specifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. The following table describes each supported value:
|
||||||||||||
|
|
|||||||||||||
| repeat null |
RepeatResource
Settings for repeating a scheduled task. |
||||||||||||
|
|
|||||||||||||
| scanEngineId null |
integer <int32>
The identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used. |
||||||||||||
|
|
|||||||||||||
| scanName null |
string
A user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching. Names must be unique. |
||||||||||||
|
|
|||||||||||||
| scanTemplateId null |
string
The identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used. |
||||||||||||
|
|
|||||||||||||
| start null |
string
Required
The scheduled start date and time. Date is represented in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time. |
||||||||||||
|
|
|||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
]
}
},
],
]
}
},
],
]
}
}
],
]
}
],
}
},
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified scan schedule from the site.
The identifier of the site.
The identifier of the scan schedule.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the resource of the scan template assigned to the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
],
]
}
},
],
],
]
}
],
}
},
],
],
]
}
},
],
}
},
},
],
]
},
},
},
},
}
}
},
],
}
}
],
}
],
}
},
],
],
}
},
],
}
},
},
},
},
],
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the assigned scan template to the site.
The identifier of the site.
The identifier of the scan template.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieve all of the shared credentials assigned to the site. These shared credentials can be enabled/disabled for the site's scan.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Enable or disable the shared credential for the site's scans.
The identifier of the site.
The identifier of the shared credential.
Flag indicating whether the shared credential is enabled for the site's scans.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
true
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all defined site credential resources.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new site credential.
The identifier of the site.
The specification of a site credential.
| account null |
Account
Required
Specify the type of service to authenticate as well as all of the information required by that service.
service string
"as400"
"cifs"
"cifshash"
"cvs"
"db2"
"ftp"
"http"
"ms-sql"
"mysql"
"notes"
"oracle"
"pop"
"postgresql"
"remote-exec"
"snmp"
"snmpv3"
"ssh"
"ssh-key"
"sybase"
"telnet"
The type of service to authenticate with.
The following are the names of the valid values for service:
The following is a specification of supported credential properties for each type of service. These properties are to be specified within the
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
ntlmHash string Required
The NTLM password hash. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
realm string
The realm.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The Notes ID password. Note: This property is not returned in responses for security.
notesIDPassword string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
sid string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
enumerateSids boolean
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to
oracleListenerPassword string
The Oracle Net Listener password. Used to enumerate SIDs from your environment.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
communityName string Required
The community name that will be used for authenticating. Note: This property is not returned in responses for security.
authenticationType string Required
"no-authentication"
"md5"
"sha"
The authentication protocols available to use in SNMP v3.
username string Required
The user name for the account that will be used for authenticating.
password string
The password for the account that will be used for authenticating. Is required when the property
privacyType string
"no-privacy"
"des"
"aes-128"
"aes-192"
"aes-192-with-3-des-key-extension"
"aes-256"
"aes-265-with-3-des-key-extension"
The privacy protocols available to use in SNMP v3.
privacyPassword string
The privacy password for the account that will be used for authenticating. Is required when the property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
username string Required
The user name for the account that will be used for authenticating.
privateKeyPassword string Required
The password for private key. Note: This property is not returned in responses for security.
pemKey string Required
The PEM-format private key. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| description null |
string
The description of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| enabled null |
boolean
Flag indicating whether the credential is enabled for use during the scan. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| hostRestriction null |
string
The host name or IP address that you want to restrict the credentials to. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| id null |
integer <int32>
The identifier of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| links null |
Link
|
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| name null |
string
Required
The name of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| portRestriction null |
integer <int32>
[ 1 .. 65535 ]
Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
{ "name": "CIFS Administrator", "description": "This is a cifs credential for an administrator. Credential is disabled for use in site scans and restricted to a single host for authentication.", "enabled": false, "account": { "service": "cifs", "username": "joe_smith@acme.com", "password": "******", "domain": "acme" }, "hostRestriction": "machine1.acme.com" }
{ "name": "MS SQL Administrator", "description": "This is an administrator credential for a Microsoft SQL Server database. Configured to use windows authentication. Credential is disabled for use in site scans.", "enabled": false, "account": { "service": "ms-sql", "database": "usersdb", "useWindowsAuthentication": true, "domain": "acme", "username": "admin", "password": "******" }, "hostRestriction": "machine1.acme.com" }
{ "name": "Oracle DB Administrator", "description": "This is an administrator credential for an Oracle database. Credential is restricted to a single host and port for authentication.", "enabled": true, "account": { "service": "oracle", "sid": "usersdb", "username": "admin", "password": "******", "enumerateSids": true, "oracleListenerPassword": "******" }, "hostRestriction": "192.168.1.1", "portRestriction": 1521 }
{ "name": "SNMP v3 Administator", "enabled": true, "account": { "service": "snmpv3", "authenticationType": "md5", "username": "admin", "password": "******", "privacyType": "aes-256", "privacyPassword": "******" } }
{ "name": "SSH Administrator", "description": "This is an SSH credential for an administrator. Credential is enabled for use in site scans.", "enabled": true, "account": { "service": "ssh", "username": "admin", "password": "******" } }
{ "name": "SSH User (permission elevation with sudo+su)", "description": "This is an SSH credential for an non-administrative user. Credential is configured to perform permission elevation using sudo+su for additional access.", "enabled": true, "account": { "service": "ssh", "username": "jsmith", "password": "******", "permissionElevation": "sudosu", "permissionElevationUserName": "root", "permissionElevationPassword": "******" } }
{ "name": "SSH Public Key credential (permission elevation with sudo)", "description": "This is an SSH credential for a non-administrative user using a PEM-format private key. Credential is also configured to elevate permissions using sudo.", "enabled": true, "account": { "service": "ssh-key", "username": "admin", "privateKeyPassword": "*******", "pemKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,0D364155CB54D4B485BDB3B11B76BF59\n\nGLH7n9qeWzZ43g8d5ZNo9BcSWGXo7i8yd3ig9SLKXJd9GoxOrI4OepxZbhOJFDC9\nXer799R8M4+ZGUwIC14R4lfzgKjcqEBCzya/c99MxK9Haz8pt5BjTMtUQRWO5y+/\nyySosHRVebB05TuMhmLnJkNnDfTYwT+Hnvdhu/2ArEm2FN9Rr+guumwhQeGxUha5\n7zjjSimLYjuU2uayjgFLfnh9g/Fe24qmHCw80z+nuHsm9WMWeoeOdmMrMmxhLxUb\nb+zYZs/xRYjKgBMTRiXNSK9UIy21t2+7TUzeyDwfvHq0f5KpinhD1vzYSL+N0k/H\ndg6vqM1gD/DLb+eKoAGpXTE0gpHWcXLg526ivlyZEpAxbuyGPVQ+7IIGytjxN7lG\nJyvbk3fpKDwIJLDOFN4eb9DUaUoqyarqVl44BZhcs7mM0Cvn49IA7PfhcznLv4rJ\netAoZ2Tjt0AiM774+4X29EaYBGXKGC3SYKfiznoEEy1Jpi6Akwxz4FKCEazH1wce\nUaUS/N8VbquMPTqcLjCfoztdOgk65j4FczGt22CtGz4Ns8XB0KRM9fcVQFD4ZmRQ\ni9Sr2onZUAMuvg3R6ZNdpm7FtQhNEpqV432TJdNZEMbXlDmG61P2vgILugKmu56r\ngZfgI1QMUSUzZrnH+DXn0GY9KycRKTpY6L8PSUeTVyhDUFlTrTchvbnFf7LpVRRj\n0+99EUxQFIogXt2rNuj6qioEpabh6rGtIPjICEkue75n2Y4Eu+pdPpSFAPNXLuMB\nCcvoydmxWkBcq/wrCWcTKdKbGKXEj1xvHXAdUwcmlhXpn1igxcwRtcpwrN8cyRRB\nddc1dDX6X/6iEnnWdDDWHZYjaMLUWVO0pPXzSEsZMFhS3wPvY1lg1Ertiag6DD0Q\nwnJq19fJ5M8ehu9qMBdHgPIWdcZBMXSvaQqZ8gBtMO5UyuLA5BTP0yb6Jh3foXCq\nCPihqYSCGUtXzupJCr/oE+jOaYNWjL5icEU0llA6lr71WWdj3b1OwrUTlrmgA0nK\nxZu6LrqRT+nxbd4phYbkqmhXccq9H/d8pcZwKwPtF+z8HoZXSddaACYFAqY4eaxa\nNRk2Zt1JJ+tUsNT9LLV1tUrQ+q1JsKlJp7LW60loljiex8uadsvzwnKIdoom8q0I\nroXHdrwwqyubf4yYApRckbgzW9gLPbclKSqsVFGsDB+KysDYmg3QlTpkrgGl2555\naQ7Z2TWWvcVL3y7z1l1F238m11LxKUY8Uvu7enpQ/gTrqQ1qqIi2/yv+LvZmAXWV\nCFO2lMafpmmHjHEAI5ifXYzZlHCXYBHGHYJdGALFuhODiQqF4pOJI8CX/00msnlJ\nbMH0+dGnk2AviiaLXb7eCZ7mELCX+Ah+00UU75Vdv7O3vhGHpjuMULvbLW2uo+cw\n6rogJ4SfUBb0t+yS970Xty650DgpHYxCzDwZZzrQqPuX6SeOD8AnXuJL3cl3B5YU\n60IPVJPsONIwvJlvZuiij4V8L95usGtvDVsexBKQlj3sSVZ5egICMBjkduEyDl3O\nxOZtdnqktsWNF5XYUfa/8/HUYnN35g0UktpmKlg0yxhAxUAn4lENAY8xvhMGsSCO\n-----END RSA PRIVATE KEY-----", "permissionElevation": "sudo", "permissionElevationUserName": "root", "permissionElevationPassword": "*******" } }
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates multiple site credentials.
The identifier of the site.
A list of site credentials resources.
| account null |
Account
Required
Specify the type of service to authenticate as well as all of the information required by that service.
service string
"as400"
"cifs"
"cifshash"
"cvs"
"db2"
"ftp"
"http"
"ms-sql"
"mysql"
"notes"
"oracle"
"pop"
"postgresql"
"remote-exec"
"snmp"
"snmpv3"
"ssh"
"ssh-key"
"sybase"
"telnet"
The type of service to authenticate with.
The following are the names of the valid values for service:
The following is a specification of supported credential properties for each type of service. These properties are to be specified within the
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
ntlmHash string Required
The NTLM password hash. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
realm string
The realm.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The Notes ID password. Note: This property is not returned in responses for security.
notesIDPassword string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
sid string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
enumerateSids boolean
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to
oracleListenerPassword string
The Oracle Net Listener password. Used to enumerate SIDs from your environment.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
communityName string Required
The community name that will be used for authenticating. Note: This property is not returned in responses for security.
authenticationType string Required
"no-authentication"
"md5"
"sha"
The authentication protocols available to use in SNMP v3.
username string Required
The user name for the account that will be used for authenticating.
password string
The password for the account that will be used for authenticating. Is required when the property
privacyType string
"no-privacy"
"des"
"aes-128"
"aes-192"
"aes-192-with-3-des-key-extension"
"aes-256"
"aes-265-with-3-des-key-extension"
The privacy protocols available to use in SNMP v3.
privacyPassword string
The privacy password for the account that will be used for authenticating. Is required when the property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
username string Required
The user name for the account that will be used for authenticating.
privateKeyPassword string Required
The password for private key. Note: This property is not returned in responses for security.
pemKey string Required
The PEM-format private key. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| description null |
string
The description of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| enabled null |
boolean
Flag indicating whether the credential is enabled for use during the scan. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| hostRestriction null |
string
The host name or IP address that you want to restrict the credentials to. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| id null |
integer <int32>
The identifier of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| links null |
Link
|
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| name null |
string
Required
The name of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| portRestriction null |
integer <int32>
[ 1 .. 65535 ]
Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
}
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes all site credentials from the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the specified site credential.
The identifier of the site.
The identifier of the site credential.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the specified site credential.
The identifier of the site.
The identifier of the site credential.
The specification of the site credential to update.
| account null |
Account
Required
Specify the type of service to authenticate as well as all of the information required by that service.
service string
"as400"
"cifs"
"cifshash"
"cvs"
"db2"
"ftp"
"http"
"ms-sql"
"mysql"
"notes"
"oracle"
"pop"
"postgresql"
"remote-exec"
"snmp"
"snmpv3"
"ssh"
"ssh-key"
"sybase"
"telnet"
The type of service to authenticate with.
The following are the names of the valid values for service:
The following is a specification of supported credential properties for each type of service. These properties are to be specified within the
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
ntlmHash string Required
The NTLM password hash. Note: This property is not returned in responses for security.
domain string
The address of the domain.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
realm string
The realm.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The Notes ID password. Note: This property is not returned in responses for security.
notesIDPassword string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
sid string
The name of the database. If not specified, a default database name will be used during authentication.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
enumerateSids boolean
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to
oracleListenerPassword string
The Oracle Net Listener password. Used to enumerate SIDs from your environment.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
database string
The name of the database.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
communityName string Required
The community name that will be used for authenticating. Note: This property is not returned in responses for security.
authenticationType string Required
"no-authentication"
"md5"
"sha"
The authentication protocols available to use in SNMP v3.
username string Required
The user name for the account that will be used for authenticating.
password string
The password for the account that will be used for authenticating. Is required when the property
privacyType string
"no-privacy"
"des"
"aes-128"
"aes-192"
"aes-192-with-3-des-key-extension"
"aes-256"
"aes-265-with-3-des-key-extension"
The privacy protocols available to use in SNMP v3.
privacyPassword string
The privacy password for the account that will be used for authenticating. Is required when the property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
username string Required
The user name for the account that will be used for authenticating.
privateKeyPassword string Required
The password for private key. Note: This property is not returned in responses for security.
pemKey string Required
The PEM-format private key. Note: This property is not returned in responses for security.
permissionElevation string
"none"
"sudo"
"sudosu"
"su"
"pbrun"
"privileged-exec"
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to
permissionElevationUsername string
The user name for the account with elevated permissions. This property must not be specified when the property
password string
The password for the account with elevated permissions. This property must not be specified when the property
database string
The name of the database. If not specified, a default database name will be used during authentication.
useWindowsAuthentication boolean
Boolean flag signaling whether to connect to the database using Windows authentication. When set to
domain string
The address of the domain. This property cannot be specified unless property
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security.
username string Required
The user name for the account that will be used for authenticating.
password string Required
The password for the account that will be used for authenticating. Note: This property is not returned in responses for security. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| description null |
string
The description of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| enabled null |
boolean
Flag indicating whether the credential is enabled for use during the scan. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| hostRestriction null |
string
The host name or IP address that you want to restrict the credentials to. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| id null |
integer <int32>
The identifier of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| links null |
Link
|
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| name null |
string
Required
The name of the credential. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
| portRestriction null |
integer <int32>
[ 1 .. 65535 ]
Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property |
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the specified site credential.
The identifier of the site.
The identifier of the site credential.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Enable or disable the site credential for scans.
The identifier of the site.
The identifier of the site credential.
Flag indicating whether the credential is enabled for use during the scan.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
true
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the list of tags added to the sites.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
},
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the site's list of tags.
The identifier of the site.
A list of tag identifiers to replace the site's tags.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds a tag to the site.
The identifier of the site.
The identifier of the tag.
201 Created
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
201 Created
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the specified tag from the site's tags.
The identifier of the site.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieve the list of non-administrator users that have access to the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
},
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants a non-administrator user access to the specified site.
The identifier of the site.
The identifier of the user.
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
0
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the site's access list.
The identifier of the site.
A list of user identifiers to replace the site's access list.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the specified user from the site's access list.
The identifier of the site.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all HTML form authentications configured in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all HTTP header authentications configured in the site.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all tags.
name
type
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new tag.
The details of the tag.
| color null |
string
The color to use when rendering the tag in a user interface. |
|
|
|
| created null |
string
The date and time the tag was created. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The name (label) of the tab. |
|
|
|
| riskModifier null |
number <double>
The amount to adjust risk of an asset tagged with this tag. |
|
|
|
| searchCriteria null |
SearchCriteria
Search criteria used to determine dynamic membership, if |
|
|
|
| type null |
string
Required
The type of the tag. |
|
|
|
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
]
201 Created
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns a tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the details of a tag. For more information about accepted fields for the tag search criteria see the PUT /search_criteria documentation.
The identifier of the tag.
The details of the tag.
| color null |
string
The color to use when rendering the tag in a user interface. |
|
|
|
| created null |
string
The date and time the tag was created. |
|
|
|
| links null |
Link
|
|
|
|
| name null |
string
Required
The name (label) of the tab. |
|
|
|
| riskModifier null |
number <double>
The amount to adjust risk of an asset tagged with this tag. |
|
|
|
| searchCriteria null |
SearchCriteria
Search criteria used to determine dynamic membership, if |
|
|
|
| type null |
string
Required
The type of the tag. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Deletes the tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the asset groups associated with the tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Sets the asset groups associated with the tag.
The identifier of the tag.
The asset groups to add to the tag.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the associations between the tag and all asset groups.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds an asset group to this tag.
The identifier of the tag.
The asset group identifier.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes an asset group from this tag.
The identifier of the tag.
The asset group identifier.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the assets tagged with a tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds an asset to the tag.
The identifier of the tag.
The identifier of the asset.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes an asset from the tag. Note: The asset must be added through the asset or tag, if the asset is added using a site, asset group, or search criteria this will not remove the asset.
The identifier of the tag.
The identifier of the asset.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the search criteria associated with the tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the search criteria associated with the tag. The following table outlines the search criteria fields and the available operators: The following table outlines the operators and the values associated with them: The following fields have enumerated values:
Field Operators asset name is,is not,starts with,ends with,contains,does not contain,is empty,is not empty,is like,not like asset risk score is,is not,in range,greater than,less than container image is,is not,starts with,ends with,contains,does not contain,is like,not like container status is,is not containers are CVE IDs is,is not,contains,does not contain CVSS Access Complexity is,is not CVSS Authentication Required is,is not CVSS Access Vector is,is not CVSS Availability Impact is,is not CVSS Confidentiality Impact is,is not CVSS Integrity Impact is,is not CVSS Access Complexity is,is not host type in,not in asset IP Address is,is not,in range,not in range,is like,not like asset IP Address Type in,not in asset last scan date is on or before,is on or after,is between,is earlier than,is within the last mobile device last sync time is within the last,is earlier than open ports is,is not,in range asset operating system contains,does not contain,is empty,is not empty asset alternate address type in asset PCI compliance is asset service name contains,does not contain asset site ID in,not in asset software contains,does not contain asset Criticality tag is,is not,is greater than,is less than,is applied,is not applied asset Custom tag is,is not,starts with, ends with,contains,does not contain,is applied,is not applied asset Location tag is,is not,starts with,ends with,contains,does not contain,is applied,is not applied asset Owner tag is,is not,starts with,ends with,contains,does not contain,is applied,is not applied asset vulnerability validated status are asset VAsset cluster is,is not,contains,does not contain,starts with asset VAsset datacenter is,is not asset VAsset host name is,is not,contains,does not contain,starts with asset VAsset power state in,not in asset VAsset resource pool path contains,does not contain asset vulnerability assessed is on or before,is on or after,is between,is earlier than,is within the last asset vulnerability category is,is not,starts with,ends with,contains,does not contain asset vulnerability CVSS score is,is not,in range,is greater than,is less than asset vulnerability exposures includes,does not include asset vulnerability title contains,does not contain,is,is not,starts with,ends with
Operator Values are A single string property named "value" is between A number property named "lower" and a number property named "upper" contains A single string property named "value" does not contain A single string property named "value" is earlier than A single number property named "value" ends with A single string property named "value" is greater than A single number property named "value" in An array property named "values" not in An array property named "values" in range A number property named "lower" and a number property named "upper" includes An array property named "values" is A single string property named "value" is not A single string property named "value" is applied No value is not applied No value is empty No value is not empty No value less than A single number property named "value" like A single string property named "value" not contains A single string property named "value" not in range A number property named "lower" and a number property named "upper" not like A single string property named "value" is on or after A single string property named "value", which is the date in ISO8601 format (yyyy-MM-dd) is on or before A single string property named "value", which is the date in ISO8601 format (yyyy-MM-dd) starts with A single string property named "value" is within the last A single number property named "value"
Field Acceptable Values containers 0=present, 1=not present asset vulnerability validated status 0=present, 1=not present asset PCI compliance 0=fail, 1=pass asset alternate address type 0=IPv4, 1=IPv6 asset IP Address Type 0=IPv4, 1=IPv6 host type 0=Unknown, 1=Guest, 2=Hypervisor, 3=Physical, 4=Mobile CVSS Access Complexity L=Low, M=Medium, H=High CVSS Integrity Impact N=None, P=Partial, C=Complete CVSS Confidentiality Impact N=None, P=Partial, C=Complete CVSS Availability Impact N=None, P=Partial, C=Complete CVSS Access Vector L=Local, A=Adjacent, N=Network CVSS Authentication Required N=None, S=Single, M=Multiple CVSS Access Complexity L=Low, M=Medium, H=High container status created, running, paused, restarting, exited, dead, unknown
The identifier of the tag.
The details of the search criteria.
| filters null |
SwaggerSearchCriteriaFilter
Filters used to match assets. See Search Criteria for more information on the structure and format. |
|
|
|
| match null |
string
"any" "all"
Operator to determine how to match filters. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the search criteria associated with the tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the sites associated with the tag.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Sets the sites associated with the tag.
The identifier of the tag.
The sites to add to the tag.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes the associations between the tag and the sites.
The identifier of the tag.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Adds a site to this tag.
The identifier of the tag.
The identifier of the site.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a site from this tag.
The identifier of the tag.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all available sources of authentication for users.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for an authentication source.
The identifier of the authentication source.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links for the user accounts that use the authentication source to authenticate.
The identifier of the authentication source.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all privileges that may be granted to a role.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a privilege.
The identifier of the privilege.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links for all users granted the specified privilege by their role.
The identifier of the privilege.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all roles for which users may be assigned.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the details of a role.
The identifier of the role.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the details of a role.
The identifier of the role.
The details of the role.
| description null |
string
Required
The description of the role. |
|
|
|
| id null |
string
Required
The identifier of the role. |
|
|
|
| name null |
string
Required
The human readable name of the role. |
|
|
|
| privileges null |
string
"all-permissions" "create-reports" "configure-global-settings" "manage-sites" "manage-tags" "manage-static-asset-groups" "manage-dynamic-asset-groups" "manage-scan-templates" "manage-report-templates" "manage-scan-engines" "submit-vulnerability-exceptions" "approve-vulnerability-exceptions" "delete-vulnerability-exceptions" "create-tickets" "close-tickets" "assign-ticket-assignee" "manage-site-access" "manage-asset-group-access" "manage-report-access" "use-restricted-report-sections" "manage-policies" "view-asset-group-asset-data" "manage-asset-group-assets" "view-site-asset-data" "specify-site-metadata" "purge-site-asset-data" "specify-scan-targets" "assign-scan-engine" "assign-scan-template" "manage-site-credentials" "manage-scan-alerts" "schedule-automatic-scans" "start-unscheduled-scans"
The privileges granted to the role. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes a role with the specified identifier. The role must not be built-in and cannot be currently assigned to any users.
The identifier of the role.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links for the the users currently assigned a role.
The identifier of the role.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all defined users.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
},
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a new user.
The details of the user.
| authentication null |
CreateAuthenticationSource
The details of the authentication source used to authenticate the user. |
|
|
|
| email null |
string
The email address of the user. |
|
|
|
| enabled null |
boolean
Whether the user account is enabled. Defaults to |
|
|
|
| locale null |
LocalePreferences
The locale and language preferences for the user. |
|
|
|
| login null |
string
Required
The login name of the user. |
|
|
|
| name null |
string
Required
The full name of the user. |
|
|
|
| password null |
string
Required
The password to use for the user. |
|
|
|
| passwordResetOnLogin null |
boolean
Whether to require a reset of the user's password upon first login. Defaults to |
|
|
|
| role null |
UserCreateRole
Required
The privileges and role to assign the user. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
}
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a user.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
},
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the details of a user.
The identifier of the user.
The details of the user.
| authentication null |
CreateAuthenticationSource
The details of the authentication source used to authenticate the user. |
|
|
|
| email null |
string
The email address of the user. |
|
|
|
| enabled null |
boolean
Whether the user account is enabled. Defaults to |
|
|
|
| locale null |
LocalePreferences
The locale and language preferences for the user. |
|
|
|
| login null |
string
Required
The login name of the user. |
|
|
|
| name null |
string
Required
The full name of the user. |
|
|
|
| password null |
string
Required
The password to use for the user. |
|
|
|
| passwordResetOnLogin null |
boolean
Whether to require a reset of the user's password upon first login. Defaults to |
|
|
|
| role null |
UserCreateRole
Required
The privileges and role to assign the user. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
},
],
}
}
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the current authentication token seed (key) for the user, if configured.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Regenerates a new authentication token seed (key) and updates it for the user. This key may be then be used in the appropriate 2FA authenticator.
The identifier of the user.
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Sets the authentication token seed (key) for the user. This key may be then be used in the appropriate 2FA authenticator.
The identifier of the user.
The authentication token seed (key) to use for the user.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the asset groups to which the user has access.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the asset groups to which the user has access. Individual asset group access cannot be granted to users with the allAssetGroups permission.
The identifier of the user.
The identifiers of the asset groups to grant the user access to. Ignored if user has access to allAssetGroups.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Revokes access to all asset groups from the user.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants the user access to the asset group. Individual asset group access cannot be granted to users with the allAssetGroups permission.
The identifier of the user.
The identifier of the asset group.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants the user access to the asset group. Individual asset group access cannot be granted to users with the allAssetGroups permission.
The identifier of the user.
The identifier of the asset group.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Unlocks a locked user account that has too many failed authentication attempts. Disabled accounts may not be unlocked.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Changes the password for the user. Users may only change their own password.
The identifier of the user.
The new password to set.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the privileges granted to the user by their role.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the sites to which the user has access.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Updates the sites to which the user has access. Individual site access cannot be granted to users with the allSites permission.
The identifier of the user.
The identifiers of the sites to grant the user access to. Ignored if the user has access to allSites.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
[]
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Revokes access to all sites from the user.
The identifier of the user.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants the user access to the site. Individual site access cannot be granted to users with the allSites permission.
The identifier of the user.
The identifier of the site.
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Grants the user access to the site. Individual site access cannot be granted to users with the allSites permission.
The identifier of the user.
The identifier of the site.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all known exploits.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for an exploit.
The identifier of the exploit.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the vulnerabilities exploitable to a exploit.
The identifier of the exploit.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all known malware kits.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a malware kit.
The identifier of the malware kit.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the vulnerabilities that are susceptible to being attacked by a malware kit.
The identifier of the malware kit.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for all solutions.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a solution that can remediate one or more vulnerabilities.
The identifier of the solution.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the solutions that must be executed in order for a solution to resolve a vulnerability.
The identifier of the solution.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the solutions that are superseded by this solution.
The identifier of the solution.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the solutions that supersede this solution.
The identifier of the solution.
Whether to return only highest-level "rollup" superseding solutions.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
},
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all vulnerabilities that can be assessed during a scan.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
],
},
],
}
},
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a vulnerability.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
],
},
],
}
},
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Get the assets affected by the vulnerability.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the exploits that can be used to exploit a vulnerability.
The identifier of the vulnerability.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the malware kits that are known to be used to exploit the vulnerability.
The identifier of the vulnerability.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the external references that may be associated to a vulnerability.
The identifier of the vulnerability.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all solutions (across all platforms) that may be used to remediate this vulnerability.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all vulnerabilities categories that can be assigned to a vulnerability. These categories group and label vulnerabilities by general purpose, affected systems, vendor, etc.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the details for a vulnerability category.
The identifier of the vulnerability category.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns hypermedia links to the vulnerabilities that are in a vulnerability category.
The identifier of the vulnerability category.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the external references that may be associated to a vulnerability.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns an external vulnerability reference.
The identifier of the vulnerability reference.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
},
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the vulnerabilities that are referenced by an external reference.
id
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
],
},
],
}
},
}
},
],
}
},
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Resources and operations for view vulnerability checks that can be run as a part of vulnerability content.
Returns the vulnerability checks that assess for a specific vulnerability during a scan.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns vulnerability checks. Optional search and filtering parameters may be supplied to refine the results. Searching allows full text search of the vulnerability details a check is related to.
Vulnerability search term to find vulnerability checks for. e.g. "ssh".
Whether to return vulnerability checks that are considered "safe" to run. Defaults to return safe and unsafe checks.
Whether to only return checks that result in potentially vulnerable results. Defaults to return all checks.
Whether to only return checks that require credentials in order to successfully execute. Defaults to return all checks.
Whether to only return checks that guarantee to be executed once-and-only once on a host resulting in a unique result. False returns checks that can result in multiple occurrences of the same vulnerability on a host.
The type of vulnerability checks to return. See Check Types for all available types.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the vulnerability check.
The identifier of the vulnerability check.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns the vulnerability check types. The type groups related vulnerability checks by their purpose, property, or related characteristic.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all exceptions defined on vulnerabilities.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
},
],
}
},
],
}
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Creates a vulnerability exception.
The vulnerability exception to create.
| expires null |
string
The date and time the vulnerability exception is set to expire. |
|
|
|
| links null |
Link
|
|
|
|
| review null |
Review
Details regarding the review and/or approval of the exception. |
|
|
|
| scope null |
ExceptionScope
The scope of the vulnerability exception, indicating the results it applies to. |
|
|
|
| state null |
string
The state of the vulnerability exception. One of: |
|
|
|
| submit null |
Submission
Details regarding the submission of the exception. |
|
|
|
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
},
],
}
}
],
}
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns an exception made on a vulnerability.
The identifier of the vulnerability exception.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
],
}
},
],
}
}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Removes an exception made on a vulnerability.
id
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Get the expiration date for a vulnerability exception.
id
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Set the expiration date for a vulnerability exception. This must be a valid date in the future.
id
param1
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Update the status of the vulnerability exception. The status can be one of: "recall", "approve", or "reject".
id
Exception Status
param2
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
"string"
200 OK
400 Bad Request
401 Unauthorized
500 Internal Server Error
503 Service Unavailable
{}
]
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Resources and operations for retrieving vulnerability results on assessed assets.
Retrieves the vulnerabilities present on a service running on an asset. A finding may be invulnerable if all instances on the service have exceptions applied.
The identifier of the asset.
The protocol of the service.
The port of the service.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
],
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves all vulnerability findings on an asset. A finding may be invulnerable if all instances have exceptions applied.
The identifier of the asset.
The index of the page (zero-based) to retrieve.
The number of records per page to retrieve.
The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
},
]
}
],
}
],
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Retrieves the details for a vulnerability finding on an asset.
The identifier of the asset.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
],
}
],
],
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}
Returns all vulnerability validations for a vulnerability on an asset. The asset must be currently vulnerable to the validated vulnerable for the validation to be returned.
The identifier of the asset.
The identifier of the vulnerability.
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
503 Service Unavailable
{}
],
}
]
}
],
}
}
{}
],
}
{}
],
}
{}
],
}
{}
],
}