vulnerability#

Autogenerated API

argus_api.lib.assets.v2.vulnerability.add_vulnerability(customer: str = None, dataSource: str = None, asset: str = None, vulnerability: str = None, components: dict = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, observationReferences: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Creates a new vulnerability instance (PUBLIC)

param str customer

ID or short name of customer, if not specified then current user’s customer will be assigned.

param str dataSource

ID or short name of the Data Source

param str asset

ID or short name of asset. If short name is specified, then the asset is looked up from the customer.

param str vulnerability

Either vulnerability definition ID (UUID) or vulnerability identifier (e.g. CVE-2015-3429). First the value will be used to lookup vulnerability definition (UUID will only be supported for vulnerability definition lookup). If vulnerability definition exists, then associate this vulnerability instance to it, and require read permission on vulnerability source of the definition. Otherwise create vulnerability instance with vulnerability identifier. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

param list components

Specify components to be added with the vulnerability.

param float cvss

CVSS score of vulnerability (range from 0 to 10). Setting this field will overwrite

vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.

param str severity

Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.

Setting this field will overwrite vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.

param str rawOutput

Raw output from vulnerability scan. Will be sanitized as html.

param int ttl

Time to live duration of this vulnerability since last seen, 0 means won’t expire.

param str observationDescription

Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.

param list observationReferences

References specific to this vulnerability e.g. internal URLs. May contain customer specific data.

param bool forceIndex

Whether to force an Elasticsearch index refresh making the new vulnerability immediately searchable.

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationErrorException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.add_vulnerability_definition(vulnerabilitySource: str = None, vulnerabilityID: str = None, name: str = None, description: str = None, solution: str = None, conclusion: str = None, references: str = None, exploitAvailable: bool = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, cvss: float = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Creates a new vulnerability definition also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

Parameters
  • vulnerabilitySource (str) – Define vulnerability source by source ID or short name.

  • vulnerabilityID (str) – Identifier of vulnerability (e.g. plug-in ID from vulnerability scanner). Needs to be unique. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • name (str) – Name of vulnerability. Will be sanitized as text.

  • description (str) – Description of vulnerability. Will be sanitized as html.

  • solution (str) – How to fix vulnerability. Will be sanitized as html.

  • conclusion (str) – Short summary of vulnerability. Will be sanitized as html.

  • references (list) – References to vulnerability (e.g. CVE number). Will be sanitized as html.

  • exploitAvailable (bool) – Set if an exploit is available for the vulnerability.

  • severity (str) – Severity level of vulnerability definition. If not provided, then severity will be calculated based on CVSS value.

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh making the new vulnerability definition immediately searchable.

  • exploitAvailableTimestamp (int) – Set the timestamp when the exploit became available. Setting this value also expects setting exploitAvailable to ‘true’ with this request. Setting/leaving it to 0 will use current timestamp. (default 0)

  • cvss (float) – CVSS score of vulnerability definition (range from 0 to 10). (default 0.0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.add_vulnerability_source(shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Creates a new VulnerabilitySource (INTERNAL)

Parameters
  • shortName (str) – Vulnerability source short name, required and unique => [a-zA-Z0-9_:\-.]*

  • name (str) – Name of source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • readPermission (str) – Permission required to allow read access of source & vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*

  • writePermission (str) – Permission required to allow write access (create/update/delete) source & of vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.bulk_resolve_vulnerabilities(observations: str = None, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Bulk resolves a set of vulnerabilities. (PUBLIC)

Parameters
  • observations (list) – The observations’ unique ids

  • resolution (str) – Specify resolution reason.

  • resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)

  • comment (str) – Comment on why the vulnerability is resolved. If present will apply to all vulnerabilities in the request. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability(id: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Delete vulnerability (PUBLIC)

Parameters
  • id (str) – vulnerability ID

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the Vulnerability are immediately searchable

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability_definition(idOrVulnerabilityID: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Delete Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

Parameters
  • idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the VulnerabilityDefinition are immediately searchable.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Marks a VulnerabilitySource as deleted (INTERNAL)

Parameters
  • source (str) – VulnerabilitySource ID or short name

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_by_id(id: str, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get Vulnerability by ID. (PUBLIC)

Parameters
  • id (str) – Vulnerability ID (UUID)

  • includeRawOutput (bool) – Whether include raw output, default not include

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_definition(idOrVulnerabilityID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get Vulnerability definition, also require to have read permission of vulnerability source that the definition is belonging to. (PUBLIC)

Parameters
  • idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get VulnerabilitySource (INTERNAL)

Parameters
  • source (str) – VulnerabilitySource ID or short name

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_statistics(keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, fieldAggregation: dict = None, rangeMetric: dict = None, statisticsMetric: dict = None, includeRawOutput: bool = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Generate the requested statistics for Vulnerabilities matching the provided search criteria. (DEV)

Parameters
  • keywords (list) – Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy

  • keywordFieldStrategy (list) – Defines which fields will be queried for keywords (defaults to all observation fields) (default all)

  • keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)

  • references (list) – Search for vulnerabilities by exact matches in their definition references

  • observationReferences (list) – Search for vulnerabilities by exact matches in their references

  • startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

  • endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

  • timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)

  • timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

  • userFieldStrategy (list) – Defines which user fields will be filtered with user ids or shortnames (default all)

  • user (list) – Retrieve vulnerabilities by these users, identified by their id or username

  • asset (list) – Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

  • assetGroup (list) – Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

  • vulnerabilityID (list) – Retrieve vulnerabilities by their external ID e.g. CVE-XXXX

  • vulnerabilityDefinition (list) – Retrieve vulnerabilities by their vulnerability definition id or name

  • customer (list) – Retrieve vulnerabilities by Customer id or name

  • severity (list) – Retrieve vulnerabilities with these severities

  • resolution (list) – Retrieve vulnerabilities with these resolutions

  • dataSource (list) – Search for vulnerabilities detected and reported by these data sources, identified by id or shortName

  • minimumCvss (float) – Retrieve Vulnerabilities with at least this CVSS score

  • maximumCvss (float) – Retrieve Vulnerabilities with at most this CVSS score

  • component (list) – Search for Vulnerabilities with these components

  • assetComponent (list) – Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria

  • includeFlags (list) – Explicitly retrieve Vulnerabilities that contain these flags

  • excludeFlags (list) – Explicitly filter out Vulnerabilities that contain these flags

  • subCriteria (list) – Set additional criteria that are applied with logical OR by default

  • fieldAggregation (list) – The fields by which to group statistics

  • rangeMetric (list) – The timestamp fields for which to generate statistics.

  • statisticsMetric (list) – The numerical fields for which to generate metrics.

  • includeRawOutput (bool) – Whether to include raw output in the result objects (default false)

  • includeDeleted (bool) – Whether to include deleted Vulnerabilities (default false)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.list_vulnerabilities(customer: str = None, asset: str = None, dataSource: str = None, vulnerabilityID: str = None, severity: str = None, resolution: str = None, timeFieldStrategy: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Basic Vulnerability search. Will not return vulnerabilities seen more than 31 days ago. Please use advanced search to return older vulnerabilities. If start/end timestamps are present, the range must be valid for at least one of the time stamp fields. Check the documentation for the TimestampFieldStrategy field for more details. (PUBLIC)

Parameters
  • customer (list) – Customer ids or short names

  • asset (list) – Asset ids or short names. Will resolve with the provided customers, or those the current user has access to if none are provided

  • dataSource (list) – Data source, identified by id or shortname, that detected the Vulnerability

  • vulnerabilityID (list) – Vulnerability external ID

  • severity (list) – Vulnerability Severity

  • resolution (list) – Vulnerability Resolution

  • timeFieldStrategy (list) – Which time field(s) to filter by timestamp start/end

  • sortBy (list) – Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted

  • limit (int) – Limit results. The sum of limit and offset must be <= 10’000

  • startTimestamp (str) – Lower bound timestamp filter value

  • endTimestamp (str) – Upper bound timestamp filter value

  • offset (int) – Offset results. The sum of limit and offset must be <= 10’000

  • includeDeleted (bool) – Include deleted

  • includeRawOutput (bool) –

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.list_vulnerability_definitions(vulnerabilityID: str = None, keywords: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Basic Vulnerability Definition search. (PUBLIC)

Parameters
  • vulnerabilityID (list) – External Vulnerability ID

  • keywords (list) – Keywords to search by. Will return matches in any field defined by the ‘all’ KeywordFieldStrategy

  • sortBy (list) – Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted

  • limit (int) – Limit results. The sum of limit and offset must be <= 10’000

  • startTimestamp (str) – Lower bound timestamp filter value

  • endTimestamp (str) – Upper bound timestamp filter value

  • offset (int) – Offset results. The sum of limit and offset must be <= 10’000

  • includeDeleted (bool) – Include deleted

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.reopen_vulnerability(id: str, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Reopens a vulnerability, marking it as unresolved. (PUBLIC)

Parameters
  • id (str) – Vulnerability ID

  • comment (str) – Comment describing why the vulnerability should be reopened

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the reopened vulnerability is immediately searchable.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.resolve_vulnerability(id: str, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Resolves a vulnerability. (PUBLIC)

Parameters
  • id (str) – Vulnerability ID

  • resolution (str) – Specify resolution reason.

  • resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)

  • comment (str) – Comment on why the vulnerability is resolved. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the resolved vulnerability is immediately searchable.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerabilities(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, indexStartTimestamp: str = None, indexEndTimestamp: str = None, includeRawOutput: bool = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Search Vulnerabilities (PUBLIC)

Parameters
  • sortBy (list) –

  • keywords (list) – Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy

  • keywordFieldStrategy (list) – Defines which fields will be queried for keywords (defaults to all observation fields) (default all)

  • keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)

  • references (list) – Search for vulnerabilities by exact matches in their definition references

  • observationReferences (list) – Search for vulnerabilities by exact matches in their references

  • startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

  • endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

  • timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)

  • timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

  • userFieldStrategy (list) – Defines which user fields will be filtered with user ids or shortnames (default all)

  • user (list) – Retrieve vulnerabilities by these users, identified by their id or username

  • asset (list) – Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

  • assetGroup (list) – Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

  • vulnerabilityID (list) – Retrieve vulnerabilities by their external ID e.g. CVE-XXXX

  • vulnerabilityDefinition (list) – Retrieve vulnerabilities by their vulnerability definition id or name

  • customer (list) – Retrieve vulnerabilities by Customer id or name

  • severity (list) – Retrieve vulnerabilities with these severities

  • resolution (list) – Retrieve vulnerabilities with these resolutions

  • dataSource (list) – Search for vulnerabilities detected and reported by these data sources, identified by id or shortName

  • minimumCvss (float) – Retrieve Vulnerabilities with at least this CVSS score

  • maximumCvss (float) – Retrieve Vulnerabilities with at most this CVSS score

  • component (list) – Search for Vulnerabilities with these components

  • assetComponent (list) – Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria

  • includeFlags (list) – Explicitly retrieve Vulnerabilities that contain these flags

  • excludeFlags (list) – Explicitly filter out Vulnerabilities that contain these flags

  • subCriteria (list) – Set additional criteria that are applied with logical OR by default

  • indexStartTimestamp (str) – Limit search to indices created on or after this timestamp. Must be in the range [12 months ago - today].

  • indexEndTimestamp (str) – Limit search to indices created on or before this timestamp. Must be in the range [12 months ago - today].

  • includeRawOutput (bool) – Whether to include raw output in the result objects (default false)

  • limit (int) – Limit the results to the specified amount. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 25)

  • offset (int) – Skip specified amount of results. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 0)

  • includeDeleted (bool) – Whether to include deleted Vulnerabilities (default false)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object or dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_definitions(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, vulnerabilitySource: str = None, vulnerabilityID: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, includeFlags: str = None, excludeFlags: str = None, severity: str = None, maxCVSS: float = None, minCVSS: float = None, subCriteria: dict = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Search Vulnerability Definitions (PUBLIC)

Parameters
  • sortBy (list) –

  • keywords (list) – Search for keywords against fields defined by a KeywordFieldStrategy

  • keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)

  • keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)

  • vulnerabilitySource (list) – Retrieve definitions by their source ID or shortname

  • vulnerabilityID (list) – Retrieve definitions by their external ID e.g. CVE-XXXX

  • startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

  • endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

  • timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastUpdatedTimestamp)

  • timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

  • userFieldStrategy (list) – Defines which user fields to filter with the submitted user value(s) (default all)

  • user (list) – Search for VulnerabilityDefinitions by associated user IDs or short names defined by the UserFieldStrategy

  • includeFlags (list) – Explicitly search for VulnerabilityDefinitions that contain these flags

  • excludeFlags (list) – Explicitly filter out VulnerabilityDefinitions that contain these flags

  • severity (list) – Filter VulnerabilityDefinitions by Severity.

  • maxCVSS (float) – Filter VulnerabilityDefinitions by CVSS lower or equal than.

  • minCVSS (float) – Filter VulnerabilityDefinitions by CVSS higher or equal than.

  • subCriteria (list) – Set additional criteria that are applied with logical OR by default

  • limit (int) – Limit the results to the specified amount (default 25)

  • offset (int) – Skip specified amount of results (default 0)

  • includeDeleted (bool) – Whether to include deleted Vulnerability Definitions (default false)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources(sortBy: str = None, source: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, subCriteria: dict = None, includeDeleted: bool = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Search VulnerabilitySource with specified criteria (INTERNAL)

Parameters
  • sortBy (list) –

  • source (list) – Restrict to specified Vulnerability source (ID or short name)

  • keywords (list) – Search for keywords against fields defined by keywordFieldStrategy

  • keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)

  • keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default all)

  • startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

  • endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

  • timeFieldStrategy (list) – Defines which timestamps will be included in the search (default lastUpdatedTimestamp) (default lastUpdatedTimestamp)

  • timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

  • subCriteria (list) – Set additional criteria which are applied with logical OR by default

  • includeDeleted (bool) – Whether include deleted results (default false)

  • limit (int) – Limit maximum amount of results (default 25)

  • offset (int) – Skip specified amount of results (default 0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources_simplified(keywords: str = None, keywordField: str = None, timeField: str = None, source: str = None, sortBy: str = None, limit: int = 25, keywordMatch: str = 'all', startTimestamp: str = '0', endTimestamp: str = '0', timeMatch: str = 'any', offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Search VulnerabilitySources with specified query parameters (INTERNAL)

Parameters
  • keywords (list) – Search by keywords

  • keywordField (list) – Set field strategy for keyword search

  • timeField (list) – Set field strategy for time range search

  • source (list) – Search by sources (ID or short name)

  • sortBy (list) – Sort search result

  • limit (int) – Maximum number of returned results

  • keywordMatch (str) – Set match strategy for keyword search

  • startTimestamp (str) – Start timestamp for time range search

  • endTimestamp (str) – End timestamp for time range search

  • timeMatch (str) – Set match strategy for time range search

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability(id: str, vulnerabilityDefinition: str = None, addComponents: dict = None, deleteComponents: str = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, addObservationReferences: str = None, deleteObservationReferences: str = None, forceIndex: bool = None, updateLastSeen: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Updates an existing Vulnerability (PUBLIC)

Parameters
  • id (str) – vulnerability ID

  • vulnerabilityDefinition (str) – Assign vulnerability definition. Only allowed when there was no vulnerability definition assigned.

  • addComponents (list) – Specify components to be added with the vulnerability.

  • deleteComponents (list) – Specify IDs of the components to be deleted from the vulnerability.

  • cvss (float) – Update CVSS score of vulnerability (range from 0 to 10).

  • severity (str) – Update severity level of vulnerability.

  • rawOutput (str) – Update raw output from vulnerability scan. Will be sanitized as html.

  • ttl (int) – Time to live duration of this vulnerability since last seen, 0 means won’t expire.

  • observationDescription (str) – Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.

  • addObservationReferences (list) – Add references specific to this vulnerability e.g. internal URLs. May contain customer specific data. Will be sanitized as HTML.

  • deleteObservationReferences (list) – Delete references specific to this vulnerability. Will be sanitized as HTML first before checking against existing references.

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that changes to the vulnerability are immediately searchable.

  • updateLastSeen (bool) – Temporary field added to make updating lastSeenTimestamp/UserId easier.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability_definition(idOrVulnerabilityID: str, name: str = None, description: str = None, solution: str = None, conclusion: str = None, addReferences: str = None, deleteReferences: str = None, exploitAvailable: bool = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, cvss: float = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Updates an existing Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

Parameters
  • idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability

  • name (str) – Update name of the vulnerability definition. Will be sanitized as text.

  • description (str) – Update description of the vulnerability definition. Will be sanitized as html.

  • solution (str) – Update how to fix the vulnerability. Will be sanitized as html.

  • conclusion (str) – Update short summary of the vulnerability. Will be sanitized as html.

  • addReferences (list) – Add references to the vulnerability definition (e.g. CVE number). Will be sanitized as html.

  • deleteReferences (list) – Delete references from the vulnerability definition. Will be sanitized as html first before check against existing references.

  • exploitAvailable (bool) – Update whether an exploit is available for the vulnerability.

  • severity (str) – Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.

  • forceIndex (bool) – Whether to force an Elasticsearch index refresh such that changes to the VulnerabilityDefinition are immediately searchable.

  • exploitAvailableTimestamp (int) – Set or update the timestamp when the exploit became available. Setting this value also expects having exploitAvailable as ‘true’ or setting it with this request. If it hasn’t been set before, then setting/leaving it to 0 will use current timestamp. (default 0)

  • cvss (float) – CVSS score of vulnerability (range from 0 to 10). (default 0.0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability_source(source: str, shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Updates an existing VulnerabilitySource (INTERNAL)

Parameters
  • source (str) – VulnerabilitySource ID or short name

  • shortName (str) – Update short name of vulnerability source => [a-zA-Z0-9_:\-.]*

  • name (str) – Update name of vulnerability source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • readPermission (str) – Update the permission required to allow read access of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*

  • writePermission (str) – Update the permission required to allow write access (create/update/delete) of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON