vulnerability

Autogenerated API

argus_api.lib.assets.v2.vulnerability.add_vulnerability(customer: str = None, dataSource: str = None, asset: str = None, vulnerability: str = None, components: dict = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, observationReferences: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Creates a new vulnerability instance (PUBLIC)

param str customer

ID or short name of customer, if not specified then current user’s customer will be assigned.

param str dataSource

ID or short name of the Data Source

param str asset

ID or short name of asset. If short name is specified, then the asset is looked up from the customer.

param str vulnerability

Either vulnerability definition ID (UUID) or vulnerability identifier (e.g. CVE-2015-3429). First the value will be used to lookup vulnerability definition (UUID will only be supported for vulnerability definition lookup). If vulnerability definition exists, then associate this vulnerability instance to it, and require read permission on vulnerability source of the definition. Otherwise create vulnerability instance with vulnerability identifier. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

param list components

Specify components to be added with the vulnerability.

param float cvss

CVSS score of vulnerability (range from 0 to 10). Setting this field will overwrite

vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.

param str severity

Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.

Setting this field will overwrite vulnerability definition settings and the value will not be updated when CVSS or Severity in the definition changes.

param str rawOutput

Raw output from vulnerability scan. Will be sanitized as html.

param int ttl

Time to live duration of this vulnerability since last seen, 0 means won’t expire.

param str observationDescription

Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.

param list observationReferences

References specific to this vulnerability e.g. internal URLs. May contain customer specific data.

param bool forceIndex

Whether to force an Elasticsearch index refresh making the new vulnerability immediately searchable.

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationErrorException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.add_vulnerability_definition(vulnerabilitySource: str = None, vulnerabilityID: str = None, name: str = None, description: str = None, solution: str = None, conclusion: str = None, references: str = None, exploitAvailable: bool = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, cvss: float = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Creates a new vulnerability definition also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

Parameters

• vulnerabilitySource (str) – Define vulnerability source by source ID or short name.

• vulnerabilityID (str) – Identifier of vulnerability (e.g. plug-in ID from vulnerability scanner). Needs to be unique. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

• name (str) – Name of vulnerability. Will be sanitized as text.

• description (str) – Description of vulnerability. Will be sanitized as html.

• solution (str) – How to fix vulnerability. Will be sanitized as html.

• conclusion (str) – Short summary of vulnerability. Will be sanitized as html.

• references (list) – References to vulnerability (e.g. CVE number). Will be sanitized as html.

• exploitAvailable (bool) – Set if an exploit is available for the vulnerability.

• severity (str) – Severity level of vulnerability definition. If not provided, then severity will be calculated based on CVSS value.

• forceIndex (bool) – Whether to force an Elasticsearch index refresh making the new vulnerability definition immediately searchable.

• exploitAvailableTimestamp (int) – Set the timestamp when the exploit became available. Setting this value also expects setting exploitAvailable to ‘true’ with this request. Setting/leaving it to 0 will use current timestamp. (default 0)

• cvss (float) – CVSS score of vulnerability definition (range from 0 to 10). (default 0.0)

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.add_vulnerability_source(shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Creates a new VulnerabilitySource (INTERNAL)

Parameters

• shortName (str) – Vulnerability source short name, required and unique => [a-zA-Z0-9_:\-.]*

• name (str) – Name of source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

• readPermission (str) – Permission required to allow read access of source & vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*

• writePermission (str) – Permission required to allow write access (create/update/delete) source & of vulnerability definition belong to this source => [a-zA-Z0-9_:\-.]*

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.bulk_resolve_vulnerabilities(observations: str = None, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Bulk resolves a set of vulnerabilities. (PUBLIC)

Parameters

• observations (list) – The observations’ unique ids

• resolution (str) – Specify resolution reason.

• resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)

• comment (str) – Comment on why the vulnerability is resolved. If present will apply to all vulnerabilities in the request. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability(id: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Delete vulnerability (PUBLIC)

Parameters

• id (str) – vulnerability ID

• forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the Vulnerability are immediately searchable

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability_definition(idOrVulnerabilityID: str, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Delete Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

Parameters

• idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability

• forceIndex (bool) – Whether to force an Elasticsearch index refresh such that updates to the VulnerabilityDefinition are immediately searchable.

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.delete_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Marks a VulnerabilitySource as deleted (INTERNAL)

Parameters

• source (str) – VulnerabilitySource ID or short name

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_by_id(id: str, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Get Vulnerability by ID. (PUBLIC)

Parameters

• id (str) – Vulnerability ID (UUID)

• includeRawOutput (bool) – Whether include raw output, default not include

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_definition(idOrVulnerabilityID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Get Vulnerability definition, also require to have read permission of vulnerability source that the definition is belonging to. (PUBLIC)

Parameters

• idOrVulnerabilityID (str) – Vulnerability definition ID or identifier of vulnerability

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_source(source: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Get VulnerabilitySource (INTERNAL)

Parameters

• source (str) – VulnerabilitySource ID or short name

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.get_vulnerability_statistics(keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, fieldAggregation: dict = None, rangeMetric: dict = None, statisticsMetric: dict = None, includeRawOutput: bool = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Generate the requested statistics for Vulnerabilities matching the provided search criteria. (DEV)

param list keywords

Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy

param list keywordFieldStrategy

Defines which fields will be queried for keywords (defaults to all observation fields) (default all)

param str keywordMatchStrategy

Defines how strict different keywords should be matched (default match all keywords) (default any)

param list references

Search for vulnerabilities by exact matches in their definition references

param list observationReferences

Search for vulnerabilities by exact matches in their references

param str startTimestamp

Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

param str endTimestamp

Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

param list timeFieldStrategy

Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)

param str timeMatchStrategy

Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

param list userFieldStrategy

Defines which user fields will be filtered with user ids or shortnames (default all)

param list user

Retrieve vulnerabilities by these users, identified by their id or username

param list asset

Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

param list assetGroup

Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

param list vulnerabilityID

Retrieve vulnerabilities by their external ID e.g. CVE-XXXX

param list vulnerabilityDefinition

Retrieve vulnerabilities by their vulnerability definition id or name

param list customer

Retrieve vulnerabilities by Customer id or name

param list severity

Retrieve vulnerabilities with these severities

param list resolution

Retrieve vulnerabilities with these resolutions

param list dataSource

Search for vulnerabilities detected and reported by these data sources, identified by id or shortName

param float minimumCvss

Retrieve Vulnerabilities with at least this CVSS score

param float maximumCvss

Retrieve Vulnerabilities with at most this CVSS score

param list component

Search for Vulnerabilities with these components

param list assetComponent

Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria

param list includeFlags

Explicitly retrieve Vulnerabilities that contain these flags

param list excludeFlags

Explicitly filter out Vulnerabilities that contain these flags

param list subCriteria

Set additional criteria that are applied with logical OR by default

param list fieldAggregation

The fields by which to group statistics.

The order of fieldAggregations in the request will determine the hierarchy of the aggregations and their buckets.

param list rangeMetric

The timestamp fields for which to generate statistics.

param list statisticsMetric

The numerical fields for which to generate metrics.

param bool includeRawOutput

Whether to include raw output in the result objects (default false)

param bool includeDeleted

Whether to include deleted Vulnerabilities (default false)

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationErrorException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.list_vulnerabilities(customer: str = None, asset: str = None, dataSource: str = None, vulnerabilityID: str = None, severity: str = None, resolution: str = None, timeFieldStrategy: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, includeRawOutput: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Basic Vulnerability search. Will not return vulnerabilities seen more than 31 days ago. Please use advanced search to return older vulnerabilities. If start/end timestamps are present, the range must be valid for at least one of the time stamp fields. Check the documentation for the TimestampFieldStrategy field for more details. (PUBLIC)

param list customer

Customer ids or short names

param list asset

Asset ids or short names. Will resolve with the provided customers, or those the current user has access to if none are provided

param list dataSource

Data source, identified by id or shortname, that detected the Vulnerability

param list vulnerabilityID

Vulnerability external ID

param list severity

Vulnerability Severity

param list resolution

Vulnerability Resolution

param list timeFieldStrategy

Which time field(s) to filter by timestamp start/end

param list sortBy

Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted

param int limit

Limit results. The sum of limit and offset must be <= 10’000 when not streaming

param str startTimestamp

Lower bound timestamp filter value

param str endTimestamp

Upper bound timestamp filter value

param int offset

Offset results. The sum of limit and offset must be <= 10’000 when not streaming

param bool includeDeleted

Include deleted

param bool includeRawOutput

Include raw output from scanner

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationErrorException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.list_vulnerability_definitions(vulnerabilityID: str = None, keywords: str = None, sortBy: str = None, limit: int = 25, startTimestamp: str = '0', endTimestamp: str = '0', offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Basic Vulnerability Definition search. (PUBLIC)

Parameters

• vulnerabilityID (list) – External Vulnerability ID

• keywords (list) – Keywords to search by. Will return matches in any field defined by the ‘all’ KeywordFieldStrategy

• sortBy (list) – Field(s) to sort by - refer to the search POST endpoint to see which fields are permitted

• limit (int) – Limit results. The sum of limit and offset must be <= 10’000 when not streaming

• startTimestamp (str) – Lower bound timestamp filter value

• endTimestamp (str) – Upper bound timestamp filter value

• offset (int) – Offset results. The sum of limit and offset must be <= 10’000 when not streaming

• includeDeleted (bool) – Include deleted

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.reopen_vulnerability(id: str, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Reopens a vulnerability, marking it as unresolved. (PUBLIC)

Parameters

• id (str) – Vulnerability ID

• comment (str) – Comment describing why the vulnerability should be reopened

• forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the reopened vulnerability is immediately searchable.

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.resolve_vulnerability(id: str, resolution: str = None, resolutionExpiryTimestamp: str = None, comment: str = None, forceIndex: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Resolves a vulnerability. (PUBLIC)

Parameters

• id (str) – Vulnerability ID

• resolution (str) – Specify resolution reason.

• resolutionExpiryTimestamp (str) – When will the current resolution expire (0 means no expiry). Allows unix timestamp (milliseconds), ISO timestamp, or relative time values. See https://docs.mnemonic.no/x/AQDXAQ (default 0)

• comment (str) – Comment on why the vulnerability is resolved. => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

• forceIndex (bool) – Whether to force an Elasticsearch index refresh such that the resolved vulnerability is immediately searchable.

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerabilities(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, references: str = None, observationReferences: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, asset: str = None, assetGroup: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, customer: str = None, severity: str = None, resolution: str = None, dataSource: str = None, minimumCvss: float = None, maximumCvss: float = None, component: dict = None, assetComponent: dict = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, order: str = None, indexStartTimestamp: str = None, indexEndTimestamp: str = None, includeRawOutput: bool = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Search Vulnerabilities (PUBLIC)

Parameters

• sortBy (list) –

• keywords (list) – Search for vulnerabilities by their definition keywords against definition text fields defined by a KeywordFieldStrategy

• keywordFieldStrategy (list) – Defines which fields will be queried for keywords (defaults to all observation fields) (default all)

• keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)

• references (list) – Search for vulnerabilities by exact matches in their definition references

• observationReferences (list) – Search for vulnerabilities by exact matches in their references

• startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

• endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

• timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastSeenTimestamp)

• timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

• userFieldStrategy (list) – Defines which user fields will be filtered with user ids or shortnames (default all)

• user (list) – Retrieve vulnerabilities by these users, identified by their id or username

• asset (list) – Retrieve vulnerabilities detected on these assets by asset id or shortNames. As assets are customer specific we will resolve the assets for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

• assetGroup (list) – Retrieve vulnerabilities detected on assets who are members or descendants of these groups identified by id or shortNames. As asset groups are customer specific we will resolve the groups for the customers provided in the criteria, if any. If none are provided, we attempt to use the customers the current user has access to.

• vulnerabilityID (list) – Retrieve vulnerabilities by their external ID e.g. CVE-XXXX

• vulnerabilityDefinition (list) – Retrieve vulnerabilities by their vulnerability definition id or name

• customer (list) – Retrieve vulnerabilities by Customer id or name

• severity (list) – Retrieve vulnerabilities with these severities

• resolution (list) – Retrieve vulnerabilities with these resolutions

• dataSource (list) – Search for vulnerabilities detected and reported by these data sources, identified by id or shortName

• minimumCvss (float) – Retrieve Vulnerabilities with at least this CVSS score

• maximumCvss (float) – Retrieve Vulnerabilities with at most this CVSS score

• component (list) – Search for Vulnerabilities with these components

• assetComponent (list) – Search for Vulnerabilities observed on Assets containing these components using AND search mode i.e. all criteria must match.<br />If you want different behaviour try using subcriteria

• includeFlags (list) – Explicitly retrieve Vulnerabilities that contain these flags

• excludeFlags (list) – Explicitly filter out Vulnerabilities that contain these flags

• subCriteria (list) – Set additional criteria that are applied with logical OR by default

• order (list) – Which field(s) by which to sort the results

• indexStartTimestamp (str) – Limit search to indices created on or after this timestamp. Must be in the range [12 months ago - today].

• indexEndTimestamp (str) – Limit search to indices created on or before this timestamp. Must be in the range [12 months ago - today].

• includeRawOutput (bool) – Whether to include raw output in the result objects (default false)

• limit (int) – Limit the results to the specified amount. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 25)

• offset (int) – Skip specified amount of results. If the sum of offset and limit is greater than 10’000 the results will likely be incomplete as 10’000 exceeds the search engine’s maximum result window. (default 0)

• includeDeleted (bool) – Whether to include deleted Vulnerabilities (default false)

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

requests.Response object or dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_definitions(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, vulnerabilitySource: str = None, vulnerabilityID: str = None, vulnerabilityDefinition: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, userFieldStrategy: str = None, user: str = None, includeFlags: str = None, excludeFlags: str = None, severity: str = None, maximumCvss: float = None, minimumCvss: float = None, subCriteria: dict = None, limit: int = 25, offset: int = None, includeDeleted: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Search Vulnerability Definitions (PUBLIC)

Parameters

• sortBy (list) –

• keywords (list) – Search for keywords against fields defined by a KeywordFieldStrategy

• keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)

• keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default any)

• vulnerabilitySource (list) – Retrieve definitions by their source ID or shortname

• vulnerabilityID (list) – Retrieve definitions by their external ID e.g. CVE-XXXX

• vulnerabilityDefinition (list) – Retrieve definitions by their internal db ID or vulnerabilityID

• startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

• endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

• timeFieldStrategy (list) – Defines which timestamps fields will be filtered with start/endTimestamp (default lastUpdatedTimestamp)

• timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

• userFieldStrategy (list) – Defines which user fields to filter with the submitted user value(s) (default all)

• user (list) – Search for VulnerabilityDefinitions by associated user IDs or short names defined by the UserFieldStrategy

• includeFlags (list) – Explicitly search for VulnerabilityDefinitions that contain these flags

• excludeFlags (list) – Explicitly filter out VulnerabilityDefinitions that contain these flags

• severity (list) – Filter VulnerabilityDefinitions by Severity.

• maximumCvss (float) – Filter VulnerabilityDefinitions by CVSS lower or equal than.

• minimumCvss (float) – Filter VulnerabilityDefinitions by CVSS higher or equal than.

• subCriteria (list) – Set additional criteria that are applied with logical OR by default

• limit (int) – Limit the results to the specified amount (default 25)

• offset (int) – Skip specified amount of results (default 0)

• includeDeleted (bool) – Whether to include deleted Vulnerability Definitions (default false)

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources(sortBy: str = None, source: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, startTimestamp: str = None, endTimestamp: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, subCriteria: dict = None, includeDeleted: bool = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Search VulnerabilitySource with specified criteria (INTERNAL)

Parameters

• sortBy (list) –

• source (list) – Restrict to specified Vulnerability source (ID or short name)

• keywords (list) – Search for keywords against fields defined by keywordFieldStrategy

• keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)

• keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default all)

• startTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

• endTimestamp (str) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

• timeFieldStrategy (list) – Defines which timestamps will be included in the search (default lastUpdatedTimestamp) (default lastUpdatedTimestamp)

• timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

• subCriteria (list) – Set additional criteria which are applied with logical OR by default

• includeDeleted (bool) – Whether include deleted results (default false)

• limit (int) – Limit maximum amount of results (default 25)

• offset (int) – Skip specified amount of results (default 0)

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.search_vulnerability_sources_simplified(keywords: str = None, keywordField: str = None, timeField: str = None, source: str = None, sortBy: str = None, limit: int = 25, keywordMatch: str = 'all', startTimestamp: str = '0', endTimestamp: str = '0', timeMatch: str = 'any', offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Search VulnerabilitySources with specified query parameters (INTERNAL)

Parameters

• keywords (list) – Search by keywords

• keywordField (list) – Set field strategy for keyword search

• timeField (list) – Set field strategy for time range search

• source (list) – Search by sources (ID or short name)

• sortBy (list) – Sort search result

• limit (int) – Maximum number of returned results

• keywordMatch (str) – Set match strategy for keyword search

• startTimestamp (str) – Start timestamp for time range search

• endTimestamp (str) – End timestamp for time range search

• timeMatch (str) – Set match strategy for time range search

• offset (int) – Skip a number of results

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability(id: str, vulnerabilityDefinition: str = None, addComponents: dict = None, deleteComponents: str = None, cvss: float = None, severity: str = None, rawOutput: str = None, ttl: int = None, observationDescription: str = None, addObservationReferences: str = None, deleteObservationReferences: str = None, forceIndex: bool = None, updateLastSeen: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Updates an existing Vulnerability (PUBLIC)

Parameters

• id (str) – vulnerability ID

• vulnerabilityDefinition (str) – Assign vulnerability definition. Only allowed when there was no vulnerability definition assigned.

• addComponents (list) – Specify components to be added with the vulnerability.

• deleteComponents (list) – Specify IDs of the components to be deleted from the vulnerability.

• cvss (float) – Update CVSS score of vulnerability (range from 0 to 10).

• severity (str) – Update severity level of vulnerability.

• rawOutput (str) – Update raw output from vulnerability scan. Will be sanitized as html.

• ttl (int) – Time to live duration of this vulnerability since last seen, 0 means won’t expire.

• observationDescription (str) – Description specific to this vulnerability. May contain customer specific data. Will be sanitized as HTML.

• addObservationReferences (list) – Add references specific to this vulnerability e.g. internal URLs. May contain customer specific data. Will be sanitized as HTML.

• deleteObservationReferences (list) – Delete references specific to this vulnerability. Will be sanitized as HTML first before checking against existing references.

• forceIndex (bool) – Whether to force an Elasticsearch index refresh such that changes to the vulnerability are immediately searchable.

• updateLastSeen (bool) – Temporary field added to make updating lastSeenTimestamp/UserId easier.

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability_definition(idOrVulnerabilityID: str, name: str = None, description: str = None, solution: str = None, conclusion: str = None, addReferences: str = None, deleteReferences: str = None, exploitAvailable: bool = None, cvss: float = None, severity: str = None, forceIndex: bool = None, exploitAvailableTimestamp: int = None, updateObservations: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Updates an existing Vulnerability definition, also require to have read & write permission of vulnerability source that the definition is belonging to. (INTERNAL)

param str idOrVulnerabilityID

Vulnerability definition ID or identifier of vulnerability

param str name

Update name of the vulnerability definition. Will be sanitized as text.

param str description

Update description of the vulnerability definition. Will be sanitized as html.

param str solution

Update how to fix the vulnerability. Will be sanitized as html.

param str conclusion

Update short summary of the vulnerability. Will be sanitized as html.

param list addReferences

Add references to the vulnerability definition (e.g. CVE number). Will be sanitized as html.

param list deleteReferences

Delete references from the vulnerability definition. Will be sanitized as html first before check against existing references.

param bool exploitAvailable

Update whether an exploit is available for the vulnerability.

param float cvss

CVSS score of vulnerability (range from 0 to 10).

param str severity

Severity level of vulnerability. If not provided, then severity will be calculated based on CVSS value.

param bool forceIndex

Whether to force an Elasticsearch index refresh such that changes to the VulnerabilityDefinition are immediately searchable.

param int exploitAvailableTimestamp

Set or update the timestamp when the exploit became available. Setting this value also expects having exploitAvailable as ‘true’ or setting it with this request. If it hasn’t been set before, then setting/leaving it to 0 will use current timestamp. (default 0)

param bool updateObservations

If true this will trigger updating all active (non-deleted with resolution status: unresolved,

accepted or temp_accepted) Observations thus overwriting their current Severity/CVSS values. Unless the values were previously overwritten manually. (default false)

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ObjectNotFoundException

on 404

raises ValidationErrorException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.assets.v2.vulnerability.update_vulnerability_source(source: str, shortName: str = None, name: str = None, readPermission: str = None, writePermission: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) → dict

Updates an existing VulnerabilitySource (INTERNAL)

Parameters

• source (str) – VulnerabilitySource ID or short name

• shortName (str) – Update short name of vulnerability source => [a-zA-Z0-9_:\-.]*

• name (str) – Update name of vulnerability source => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

• readPermission (str) – Update the permission required to allow read access of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*

• writePermission (str) – Update the permission required to allow write access (create/update/delete) of source & vulnerability definition belong to the source => [a-zA-Z0-9_:\-.]*

• json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

• verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

• apiKey – Argus API key.

• authentication – authentication override

• server_url – API base URL override

• body – body of the request. other parameters will override keys defined in the body.

• api_session – session to use for this request. If not set, the global session will be used.

Raises

• AuthenticationFailedException – on 401

• AccessDeniedException – on 403

• ObjectNotFoundException – on 404

• ValidationErrorException – on 412

• ArgusException – on other status codes

Returns

dictionary translated from JSON