Find specific CVE on Assets in InsightVM via the API

Hello,

I am trying to search my insightvm console via the API for all assets pertaining to a specific CVE. The documentation isn’t too specific on which GET method to use for this. Does anyone have any recommendations on how I can accomplish this?

Thanks in advance,

Jake

{console_url}/api/3/vulnerabilities/{vulnerability_id}/assets

Hey @jacob_horning, as Brandon mentioned if you already know the vulnerability ID then you can use the endpoint he provided.

If you don’t know the exact vulnerability ID in question, then there are two other ways to pull information on assets pertaining to a CVE reference.

First, you could leverage a SQL query and use the dim_vulnerability_reference table:

select da.asset_id, da.ip_address, da.host_name, da.last_assessed_for_vulnerabilities, dvf.source, dvf.reference, favf.vulnerability_instances, favf.vulnerability_id
FROM fact_asset_vulnerability_finding favf
JOIN dim_vulnerability_reference dvf ON dvf.vulnerability_id = favf.vulnerability_id
JOIN dim_asset da ON da.asset_id = favf.asset_id
WHERE dvf.reference = 'CVE-2017-8682'

This will result in output similar to:

asset_id ip_address host_name last_assessed_for_vulnerabilities source reference vulnerability_instances vulnerability_id
18 10.0.0.1 hostname-1 2020-03-26 10:04:24.218 CVE CVE-2017-8682 1 77345

If a report is more the form you are hoping to get this in for easy consumption and large numbers of devices, then this would be a good way to go and you can always use the API to bulk pull this data: Extracting Bulk Data with the InsightVM Console API.

The second option would be to use the Asset Search endpoint with a filter similar to:

{
    "filters": [
        {
            "field": "cve",
            "operator": "is",
            "value": "CVE-2017-8682"
        }
    ],
    "match": "all"
}

A bit more information on how to use this endpoint can be found here: InsightVM Asset Search Automation.

Hope these two options help! Definitely let us know if one of these was more suitable for your needs.