Get All Vulnerabilities In Environment API

ross_palmer · July 21, 2022, 10:36am

Hi all,
End goal is to be able to output a list of the top 10 vulnerabilities in the environment sorted by CVSS score. And also the top 10 sorted by Risk Score. And also how many Assets these top 10 affect.
In the GUI, this is pretty easy to see, just click on Vulnerabilities and the information is there in a table already for you.
Via the API, this seems little more challenging. I cant see an API endpoint that allows you to grab All the vulnerabilities affecting an environment without querying every single asset individually, then collating the information. This would result in hundreds/thousands of API calls…
Surely there has to be a better way?!

john_hartman · July 26, 2022, 2:57pm

https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getVulnerabilities

john_hartman · July 26, 2022, 2:59pm

I strongly suggest downloading Postman and downloading our swagger file for the API and working with it through Postman. It makes it much easier to see and work with. You would need to play with the params and sorting to get what you’re looking for but you can look at all vulnerabilities in the environment instead of looping through each asset.

ross_palmer · July 26, 2022, 8:35pm

Thanks John. I have explored the API for quite a few things now.
I know there is an endpoint for seeing all the vulnerabilities that R7 has in its “database”, which you have linked to, however, that doesnt solve the original problem.
I want to have a list of vulnerabilities that specifically affect the environment.
After digging some more, it seems ill have to use a SQL report query and grab the data that way, which isnt ideal due to the asynchronous nature, but better than nothing i guess…

john_hartman · July 26, 2022, 9:17pm

Ah I see now, my mistake.

I think you are correct that using the SQL Queries would be your best bet. I tried the API call to download the latest report data from a SQL Query but it doesn’t appear to display all data. It may work with some tweaking though. You would still need to create the SQL Query and save within a report though to get the data of course. Just use an API call to generate the report and then follow up with a call to download the latest data.

https://help.rapid7.com/insightvm/en-us/api/index.html#operation/downloadReport

https://help.rapid7.com/insightvm/en-us/api/index.html#operation/generateReport

ross_palmer · July 26, 2022, 9:29pm

Yep, i have it working currently, its just a bit of a “clunky” solution. When i get more time, ill submit a feature request for the API to be updated with additional endpoints!