We’re trying to create a custom report, right now we’re extracting some data using the API. Just a few questions:
• Is there a way to extract risk score history per asset group?
I was thinking of using /api/3/scans but it seems to return only the vulnerability counts and not the risk score and not sure if we can filter that out per asset group.
• Is there a way to get a list of vulnerabilities per asset group?
Something like the CSV Export when querying vulnerabilities filtered using asset.groups.
I was thinking of using /api/3/assets/{id}/vulnerabilities and aggregating the results but there might be a better way of going through with this?
The API does not track a history of it, you would essentially need to query the /api/3/asset_groups API endpoint on a regular basis to build a history of your own on another spreadsheet or database to accumulate the history.
If you want to display the vulnerabilities based on assets within an asset group I would suggest using the Cloud Integrations API instead and creating tags with the asset groups that can then be used to filter on in the Cloud API query builder.
The payload would include:
{
"asset": "tags IN ['<your_tag>']"
}
And you would want to include the includeSame=true parameter to return the actual vulnerabilities.
Of course this is all a JSON response so you would need to convert it to CSV if that’s what you’re looking to do.