Where can I locate the id of the asset and vulnerability id number?

I just started exploring the R7 api, I’d like to create a bulk exception. What I am need assistance with is where to find instance id.
here is my sample code (generated from postman)

import requests
import json

url = "https://redacted:3780/api/3/vulnerability_exceptions"

payload = json.dumps({
  "expires": "",
  "scope": {
    "type": "asset",
    "vulnerability": "Java CPU April 2015 Java SE 2D vulnerability (CVE-2015-046)"
  "state": "Under Review",
  "submit": {
    "reason": "Acceptable Risk"
headers = {
  'Authorization': 'Basic readcted=',
  'Content-Type': 'application/json'

response = requests.request("POST", url, headers=headers, data=payload)


running this returns this error

"messages": [
        "Java CPU April 2015 Java SE 2D vulnerability (CVE-2015-046 is an invalid vulnerability. Please provide a valid vulnerability id.",
        "The scope provided is invalid. All scopes besides 'All Instances' require an 'id' field be provided. Only Global exceptions can be applied with an 'id'."

I want to apply this to 5 different hosts at once (there are many other vulnerability exception to add as well). is it possible to pass in the asset name instead of the asset id because I have no clue where to find the asset id.

Try Searching for you asset first:
use Search Criteria to e.g., search on ip-address or host-name. The matching assets are returned in an array under resources. The response will include the asset it.

But do understand that the error message you show, complains about the lack of a vulnerability id.
Once you have found your asset ID, you could list all vulnerabilities on that asset to find it’s ID

1 Like

Thank you!