vulnerability#
Autogenerated API
- argus_api.lib.assets.v2.vulnerability.add_vulnerability(customer: str = None, dataSource: str = None, asset: str = None, vulnerability: str = None, components: dict = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, observationReferences: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Creates a new vulnerability instance (PUBLIC)
- param str customer
ID or short name of customer, if not specified then current user’s customer will be assigned.
- param str dataSource
ID or short name of the Data Source
- param str asset
ID or short name of asset. If short name is specified, then the asset is looked up from the customer.
- param str vulnerability
Either vulnerability definition ID (UUID) or vulnerability identifier (e.g. CVE-2015-3429). First the value will be used to lookup vulnerability definition (UUID will only be supported for vulnerability definition lookup). If vulnerability definition exists, then associate this vulnerability instance to it, and require read permission on vulnerability source of the definition. Otherwise create vulnerability instance with vulnerability identifier. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
- param list components
Specify components to be added with the vulnerability.
- param float cvss
CVSS score of vulnerability (range from 0 to 10). Setting this field will overwrite
vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.
- param str severity
Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.
Setting this field will overwrite vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.
- param str rawOutput
Raw output from vulnerability scan. Will be sanitized as html.
- param int ttl
Time to live duration of this vulnerability since last seen, 0 means won’t expire.
- param str observationDescription
Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.
- param list observationReferences
References specific to this vulnerability e.g. internal URLs. May contain customer specific data.
- param bool forceIndex
Whether to force an Elasticsearch index refresh making the new vulnerability immediately searchable.
- param json
return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.- param verify
path to a certificate bundle or boolean indicating whether SSL verification should be performed.
- param apiKey
Argus API key.
- param authentication
authentication override
- param server_url
API base URL override
- param body
body of the request. other parameters will override keys defined in the body.
- param api_session
session to use for this request. If not set, the global session will be used.
- raises AuthenticationFailedException
on 401
- raises AccessDeniedException
on 403
- raises ValidationErrorException
on 412
- raises ArgusException
on other status codes
- returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.add_vulnerability_definition(vulnerabilitySource: str = None, vulnerabilityID: str = None, name: str = None, description: str = None, solution: str = None, conclusion: str = None, references: str = None, exploitAvailable: bool = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, cvss: float = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Creates a new vulnerability definition also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)
- Parameters
vulnerabilitySource (str) – Define vulnerability source by source ID or short name.
vulnerabilityID (str) – Identifier of vulnerability (e.g. plug-in ID from vulnerability scanner). Needs to be unique. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
name (str) – Name of vulnerability. Will be sanitized as text.
description (str) – Description of vulnerability. Will be sanitized as html.
solution (str) – How to fix vulnerability. Will be sanitized as html.
conclusion (str) – Short summary of vulnerability. Will be sanitized as html.
references (list) – References to vulnerability (e.g. CVE number). Will be sanitized as html.
exploitAvailable (bool) – Set if an exploit is available for the vulnerability.
severity (str) – Severity level of vulnerability definition. If not provided, then severity will be calculated based on CVSS value.
forceIndex (bool) – Whether to force an Elasticsearch index refresh making the new vulnerability definition immediately searchable.
exploitAvailableTimestamp (int) – Set the timestamp when the exploit became available. Setting this value also expects setting exploitAvailable to ‘true’ with this request. Setting/leaving it to 0 will use current timestamp. (default 0)
cvss (float) – CVSS score of vulnerability definition (range from 0 to 10). (default 0.0)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.add_vulnerability_source(shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Creates a new VulnerabilitySource (INTERNAL)
- Parameters
shortName (str) – Vulnerability source short name, required and unique => [a-zA-Z0-9_:\-.]*
name (str) – Name of source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
readPermission (str) – Permission required to allow read access of source & vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*
writePermission (str) – Permission required to allow write access (create/update/delete) source & of vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.bulk_resolve_vulnerabilities(observations: str = None, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Bulk resolves a set of vulnerabilities. (PUBLIC)
- Parameters
observations (list) – The observations’ unique ids
resolution (str) – Specify resolution reason.
resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)
comment (str) – Comment on why the vulnerability is resolved. If present will apply to all vulnerabilities in the request. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.delete_vulnerability(id: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Delete vulnerability (PUBLIC)
- Parameters
id (str) – vulnerability ID
forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the Vulnerability are immediately searchable
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.delete_vulnerability_definition(idOrVulnerabilityID: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Delete Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)
- Parameters
idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability
forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the VulnerabilityDefinition are immediately searchable.
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.delete_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Marks a VulnerabilitySource as deleted (INTERNAL)
- Parameters
source (str) – VulnerabilitySource ID or short name
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.get_vulnerability_by_id(id: str, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Get Vulnerability by ID. (PUBLIC)
- Parameters
id (str) – Vulnerability ID (UUID)
includeRawOutput (bool) – Whether include raw output, default not include
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.get_vulnerability_definition(idOrVulnerabilityID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Get Vulnerability definition, also require to have read permission of vulnerability source that the definition is belonging to. (PUBLIC)
- Parameters
idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.get_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Get VulnerabilitySource (INTERNAL)
- Parameters
source (str) – VulnerabilitySource ID or short name
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.get_vulnerability_statistics(keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, fieldAggregation: dict = None, rangeMetric: dict = None, statisticsMetric: dict = None, includeRawOutput: bool = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Generate the requested statistics for Vulnerabilities matching the provided search criteria. (DEV)
- param list keywords
Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy
- param list keywordFieldStrategy
Defines which fields will be queried for keywords (defaults to all observation fields) (default all)
- param str keywordMatchStrategy
Defines how strict different keywords should be matched (default match all keywords) (default any)
- param list references
Search for vulnerabilities by exact matches in their definition references
- param list observationReferences
Search for vulnerabilities by exact matches in their references
- param str startTimestamp
Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)
- param str endTimestamp
Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)
- param list timeFieldStrategy
Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)
- param str timeMatchStrategy
Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)
- param list userFieldStrategy
Defines which user fields will be filtered with user ids or shortnames (default all)
- param list user
Retrieve vulnerabilities by these users, identified by their id or username
- param list asset
Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.
- param list assetGroup
Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.
- param list vulnerabilityID
Retrieve vulnerabilities by their external ID e.g. CVE-XXXX
- param list vulnerabilityDefinition
Retrieve vulnerabilities by their vulnerability definition id or name
- param list customer
Retrieve vulnerabilities by Customer id or name
- param list severity
Retrieve vulnerabilities with these severities
- param list resolution
Retrieve vulnerabilities with these resolutions
- param list dataSource
Search for vulnerabilities detected and reported by these data sources, identified by id or shortName
- param float minimumCvss
Retrieve Vulnerabilities with at least this CVSS score
- param float maximumCvss
Retrieve Vulnerabilities with at most this CVSS score
- param list component
Search for Vulnerabilities with these components
- param list assetComponent
Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria
- param list includeFlags
Explicitly retrieve Vulnerabilities that contain these flags
- param list excludeFlags
Explicitly filter out Vulnerabilities that contain these flags
- param list subCriteria
Set additional criteria that are applied with logical OR by default
- param list fieldAggregation
The fields by which to group statistics.
The order of fieldAggregations in the request will determine the hierarchy of the aggregations and their buckets.
- param list rangeMetric
The timestamp fields for which to generate statistics.
- param list statisticsMetric
The numerical fields for which to generate metrics.
- param bool includeRawOutput
Whether to include raw output in the result objects (default false)
- param bool includeDeleted
Whether to include deleted Vulnerabilities (default false)
- param json
return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.- param verify
path to a certificate bundle or boolean indicating whether SSL verification should be performed.
- param apiKey
Argus API key.
- param authentication
authentication override
- param server_url
API base URL override
- param body
body of the request. other parameters will override keys defined in the body.
- param api_session
session to use for this request. If not set, the global session will be used.
- raises AuthenticationFailedException
on 401
- raises AccessDeniedException
on 403
- raises ValidationErrorException
on 412
- raises ArgusException
on other status codes
- returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.list_vulnerabilities(customer: str = None, asset: str = None, dataSource: str = None, vulnerabilityID: str = None, severity: str = None, resolution: str = None, timeFieldStrategy: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Basic Vulnerability search. Will not return vulnerabilities seen more than 31 days ago. Please use advanced search to return older vulnerabilities. If start/end timestamps are present, the range must be valid for at least one of the time stamp fields. Check the documentation for the TimestampFieldStrategy field for more details. (PUBLIC)
- param list customer
Customer ids or short names
- param list asset
Asset ids or short names. Will resolve with the provided customers, or those the current user has access to if none are provided
- param list dataSource
Data source, identified by id or shortname, that detected the Vulnerability
- param list vulnerabilityID
Vulnerability external ID
- param list severity
Vulnerability Severity
- param list resolution
Vulnerability Resolution
- param list timeFieldStrategy
Which time field(s) to filter by timestamp start/end
- param list sortBy
Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted
- param int limit
Limit results. The sum of limit and offset must be <= 10’000 when not streaming
- param str startTimestamp
Lower bound timestamp filter value
- param str endTimestamp
Upper bound timestamp filter value
- param int offset
Offset results. The sum of limit and offset must be <= 10’000 when not streaming
- param bool includeDeleted
Include deleted
- param bool includeRawOutput
Include raw output from scanner
- param json
return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.- param verify
path to a certificate bundle or boolean indicating whether SSL verification should be performed.
- param apiKey
Argus API key.
- param authentication
authentication override
- param server_url
API base URL override
- param body
body of the request. other parameters will override keys defined in the body.
- param api_session
session to use for this request. If not set, the global session will be used.
- raises AuthenticationFailedException
on 401
- raises AccessDeniedException
on 403
- raises ValidationErrorException
on 412
- raises ArgusException
on other status codes
- returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.list_vulnerability_definitions(vulnerabilityID: str = None, keywords: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Basic Vulnerability Definition search. (PUBLIC)
- Parameters
vulnerabilityID (list) – External Vulnerability ID
keywords (list) – Keywords to search by. Will return matches in any field defined by the ‘all’ KeywordFieldStrategy
sortBy (list) – Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted
limit (int) – Limit results. The sum of limit and offset must be <= 10’000 when not streaming
startTimestamp (str) – Lower bound timestamp filter value
endTimestamp (str) – Upper bound timestamp filter value
offset (int) – Offset results. The sum of limit and offset must be <= 10’000 when not streaming
includeDeleted (bool) – Include deleted
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.reopen_vulnerability(id: str, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Reopens a vulnerability, marking it as unresolved. (PUBLIC)
- Parameters
id (str) – Vulnerability ID
comment (str) – Comment describing why the vulnerability should be reopened
forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the reopened vulnerability is immediately searchable.
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.resolve_vulnerability(id: str, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Resolves a vulnerability. (PUBLIC)
- Parameters
id (str) – Vulnerability ID
resolution (str) – Specify resolution reason.
resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)
comment (str) – Comment on why the vulnerability is resolved. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the resolved vulnerability is immediately searchable.
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.search_vulnerabilities(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, order: str = None, indexStartTimestamp: str = None, indexEndTimestamp: str = None, includeRawOutput: bool = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search Vulnerabilities (PUBLIC)
- Parameters
sortBy (list) –
keywords (list) – Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy
keywordFieldStrategy (list) – Defines which fields will be queried for keywords (defaults to all observation fields) (default all)
keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)
references (list) – Search for vulnerabilities by exact matches in their definition references
observationReferences (list) – Search for vulnerabilities by exact matches in their references
startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)
endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)
timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)
timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)
userFieldStrategy (list) – Defines which user fields will be filtered with user ids or shortnames (default all)
user (list) – Retrieve vulnerabilities by these users, identified by their id or username
asset (list) – Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.
assetGroup (list) – Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.
vulnerabilityID (list) – Retrieve vulnerabilities by their external ID e.g. CVE-XXXX
vulnerabilityDefinition (list) – Retrieve vulnerabilities by their vulnerability definition id or name
customer (list) – Retrieve vulnerabilities by Customer id or name
severity (list) – Retrieve vulnerabilities with these severities
resolution (list) – Retrieve vulnerabilities with these resolutions
dataSource (list) – Search for vulnerabilities detected and reported by these data sources, identified by id or shortName
minimumCvss (float) – Retrieve Vulnerabilities with at least this CVSS score
maximumCvss (float) – Retrieve Vulnerabilities with at most this CVSS score
component (list) – Search for Vulnerabilities with these components
assetComponent (list) – Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria
includeFlags (list) – Explicitly retrieve Vulnerabilities that contain these flags
excludeFlags (list) – Explicitly filter out Vulnerabilities that contain these flags
subCriteria (list) – Set additional criteria that are applied with logical OR by default
order (list) – Which field(s) by which to sort the results
indexStartTimestamp (str) – Limit search to indices created on or after this timestamp. Must be in the range [12 months ago - today].
indexEndTimestamp (str) – Limit search to indices created on or before this timestamp. Must be in the range [12 months ago - today].
includeRawOutput (bool) – Whether to include raw output in the result objects (default false)
limit (int) – Limit the results to the specified amount. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 25)
offset (int) – Skip specified amount of results. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 0)
includeDeleted (bool) – Whether to include deleted Vulnerabilities (default false)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
requests.Response
object or dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.search_vulnerability_definitions(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, vulnerabilitySource: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, includeFlags: str = None, excludeFlags: str = None, severity: str = None, maximumCvss: float = None, minimumCvss: float = None, subCriteria: dict = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search Vulnerability Definitions (PUBLIC)
- Parameters
sortBy (list) –
keywords (list) – Search for keywords against fields defined by a KeywordFieldStrategy
keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)
keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)
vulnerabilitySource (list) – Retrieve definitions by their source ID or shortname
vulnerabilityID (list) – Retrieve definitions by their external ID e.g. CVE-XXXX
vulnerabilityDefinition (list) – Retrieve definitions by their internal db ID or vulnerabilityID
startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)
endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)
timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastUpdatedTimestamp)
timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)
userFieldStrategy (list) – Defines which user fields to filter with the submitted user value(s) (default all)
user (list) – Search for VulnerabilityDefinitions by associated user IDs or short names defined by the UserFieldStrategy
includeFlags (list) – Explicitly search for VulnerabilityDefinitions that contain these flags
excludeFlags (list) – Explicitly filter out VulnerabilityDefinitions that contain these flags
severity (list) – Filter VulnerabilityDefinitions by Severity.
maximumCvss (float) – Filter VulnerabilityDefinitions by CVSS lower or equal than.
minimumCvss (float) – Filter VulnerabilityDefinitions by CVSS higher or equal than.
subCriteria (list) – Set additional criteria that are applied with logical OR by default
limit (int) – Limit the results to the specified amount (default 25)
offset (int) – Skip specified amount of results (default 0)
includeDeleted (bool) – Whether to include deleted Vulnerability Definitions (default false)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources(sortBy: str = None, source: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, subCriteria: dict = None, includeDeleted: bool = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search VulnerabilitySource with specified criteria (INTERNAL)
- Parameters
sortBy (list) –
source (list) – Restrict to specified Vulnerability source (ID or short name)
keywords (list) – Search for keywords against fields defined by keywordFieldStrategy
keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)
keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default all)
startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)
endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)
timeFieldStrategy (list) – Defines which timestamps will be included in the search (default lastUpdatedTimestamp) (default lastUpdatedTimestamp)
timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)
subCriteria (list) – Set additional criteria which are applied with logical OR by default
includeDeleted (bool) – Whether include deleted results (default false)
limit (int) – Limit maximum amount of results (default 25)
offset (int) – Skip specified amount of results (default 0)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources_simplified(keywords: str = None, keywordField: str = None, timeField: str = None, source: str = None, sortBy: str = None, limit: int = 25, keywordMatch: str = 'all', startTimestamp: str = '0', endTimestamp: str = '0', timeMatch: str = 'any', offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search VulnerabilitySources with specified query parameters (INTERNAL)
- Parameters
keywords (list) – Search by keywords
keywordField (list) – Set field strategy for keyword search
timeField (list) – Set field strategy for time range search
source (list) – Search by sources (ID or short name)
sortBy (list) – Sort search result
limit (int) – Maximum number of returned results
keywordMatch (str) – Set match strategy for keyword search
startTimestamp (str) – Start timestamp for time range search
endTimestamp (str) – End timestamp for time range search
timeMatch (str) – Set match strategy for time range search
offset (int) – Skip a number of results
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.update_vulnerability(id: str, vulnerabilityDefinition: str = None, addComponents: dict = None, deleteComponents: str = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, addObservationReferences: str = None, deleteObservationReferences: str = None, forceIndex: bool = None, updateLastSeen: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Updates an existing Vulnerability (PUBLIC)
- Parameters
id (str) – vulnerability ID
vulnerabilityDefinition (str) – Assign vulnerability definition. Only allowed when there was no vulnerability definition assigned.
addComponents (list) – Specify components to be added with the vulnerability.
deleteComponents (list) – Specify IDs of the components to be deleted from the vulnerability.
cvss (float) – Update CVSS score of vulnerability (range from 0 to 10).
severity (str) – Update severity level of vulnerability.
rawOutput (str) – Update raw output from vulnerability scan. Will be sanitized as html.
ttl (int) – Time to live duration of this vulnerability since last seen, 0 means won’t expire.
observationDescription (str) – Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.
addObservationReferences (list) – Add references specific to this vulnerability e.g. internal URLs. May contain customer specific data. Will be sanitized as HTML.
deleteObservationReferences (list) – Delete references specific to this vulnerability. Will be sanitized as HTML first before checking against existing references.
forceIndex (bool) – Whether to force an Elasticsearch index refresh such that changes to the vulnerability are immediately searchable.
updateLastSeen (bool) – Temporary field added to make updating lastSeenTimestamp/UserId easier.
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.update_vulnerability_definition(idOrVulnerabilityID: str, name: str = None, description: str = None, solution: str = None, conclusion: str = None, addReferences: str = None, deleteReferences: str = None, exploitAvailable: bool = None, cvss: float = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, updateObservations: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Updates an existing Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)
- param str idOrVulnerabilityID
Vulnerability definition ID or identifier of vulnerability
- param str name
Update name of the vulnerability definition. Will be sanitized as text.
- param str description
Update description of the vulnerability definition. Will be sanitized as html.
- param str solution
Update how to fix the vulnerability. Will be sanitized as html.
- param str conclusion
Update short summary of the vulnerability. Will be sanitized as html.
- param list addReferences
Add references to the vulnerability definition (e.g. CVE number). Will be sanitized as html.
- param list deleteReferences
Delete references from the vulnerability definition. Will be sanitized as html first before check against existing references.
- param bool exploitAvailable
Update whether an exploit is available for the vulnerability.
- param float cvss
CVSS score of vulnerability (range from 0 to 10).
- param str severity
Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.
- param bool forceIndex
Whether to force an Elasticsearch index refresh such that changes to the VulnerabilityDefinition are immediately searchable.
- param int exploitAvailableTimestamp
Set or update the timestamp when the exploit became available. Setting this value also expects having exploitAvailable as ‘true’ or setting it with this request. If it hasn’t been set before, then setting/leaving it to 0 will use current timestamp. (default 0)
- param bool updateObservations
If true this will trigger updating all active (non-deleted with resolution status: unresolved,
accepted or temp_accepted) Observations thus overwriting their current Severity/CVSS values. Unless the values were previously overwritten manually. (default false)
- param json
return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.- param verify
path to a certificate bundle or boolean indicating whether SSL verification should be performed.
- param apiKey
Argus API key.
- param authentication
authentication override
- param server_url
API base URL override
- param body
body of the request. other parameters will override keys defined in the body.
- param api_session
session to use for this request. If not set, the global session will be used.
- raises AuthenticationFailedException
on 401
- raises AccessDeniedException
on 403
- raises ObjectNotFoundException
on 404
- raises ValidationErrorException
on 412
- raises ArgusException
on other status codes
- returns
dictionary translated from JSON
- argus_api.lib.assets.v2.vulnerability.update_vulnerability_source(source: str, shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Updates an existing VulnerabilitySource (INTERNAL)
- Parameters
source (str) – VulnerabilitySource ID or short name
shortName (str) – Update short name of vulnerability source => [a-zA-Z0-9_:\-.]*
name (str) – Update name of vulnerability source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*
readPermission (str) – Update the permission required to allow read access of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*
writePermission (str) – Update the permission required to allow write access (create/update/delete) of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ObjectNotFoundException – on 404
ValidationErrorException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON