Hey,
I was wondering if there is a standard approach to retrieve vulnerability findings (including CVE IDs) on all assets associated with an account?
The best way I’ve found so far is to make requests to https://{region}.api.insight.rapid7.com/vm/v4/integration/assets which can list all the vulnerabilities for each asset and then I can make a request for each unique vulnerability to https://{region}.api.insight.rapid7.com/vm/v4/integration/vulnerabilities using the "vulnerability": "vulnerability.vulnKey = '{vulnerability_id}'" payload.
Although I dont think this will scale very well as there could be a lot of vulnerability API requests - as far as I can tell there’s no way to get CVEs for more than 1 vulnerability at a time.
Any suggestions are welcome for this API! I’m not able to use the V3 On-Premise API which seems to be supported a lot more than V4.
Thanks in advance