Hi, I am looking for the most appropriate API endpoint to call to check number of instances of a known CVE.
I see that you can call either ‘/api/3/vulnerabilities/’ or ‘/api/3/vulnerabilities/{id}’ if you have the vulnerability id value.
Is it possible to perform a search based only on the CVE ID?
Thanks
So those endpoints don’t actually show you just the assets with the instances but instead show you all possible vulnerability checks that we can perform.
What you’re probably looking for is POST Asset Search
The payload would be using vulnerability-title contains “CVE-XXXX-XXXX”:
{
"match": "all",
"filters": [
{
"field": "vulnerability-title",
"operator": "contains",
"value": "CVE-XXXX-XXXX"
}
]
}