Skip to content

Instantly share code, notes, and snippets.

@jfrantz1-r7

jfrantz1-r7/insightvm.yaml

Created September 24, 2020 14:19
Show Gist options
  • Save jfrantz1-r7/eb216f273bad6cc9c90e27510ba9b7aa to your computer and use it in GitHub Desktop.
Save jfrantz1-r7/eb216f273bad6cc9c90e27510ba9b7aa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
insightvm.yaml
This file has been truncated, but you can view the full file.
swagger: '2.0'
info:
description: |-
# Overview
This guide documents the InsightVM Application Programming Interface (API) Version 3. This API supports the
Representation State Transfer (REST) design pattern. Unless noted otherwise this API accepts and produces the
`application/json` media type. This API uses Hypermedia as the Engine of Application State (HATEOAS) and
is hypermedia friendly. All API connections must be made to the security console using HTTPS.
## Versioning
Versioning is specified in the URL and the base path of this API is: `https://<host>:<port>/api/3/`.
## Specification
An <a target="_blank" href="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md">OpenAPI v2</a> specification (also
known as Swagger 2) of this API is available. Tools such as <a target="_blank" href="https://github.com/swagger-api/swagger-codegen">swagger-codegen</a>
can be used to generate an API client in the language of your choosing using this specification document.
<p class="openapi">Download the specification: <a class="openapi-button" target="_blank" download="" href="api.json"> Download </a></p>
## Authentication
Authorization to the API uses HTTP Basic Authorization
(see <a target="_blank" href="https://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a> for more information). Requests must
supply authorization credentials in the `Authorization` header using a Base64 encoded hash of `"username:password"`.
<!-- ReDoc-Inject: <security-definitions> -->
### 2FA
This API supports two-factor authentication (2FA) by supplying an authentication token in addition to the Basic
Authorization. The token is specified using the `Token` request header. To leverage two-factor authentication, this
must be enabled on the console and be configured for the account accessing the API.
## Resources
### Naming
Resource names represent nouns and identify the entity being manipulated or accessed. All collection resources are
pluralized to indicate to the client they are interacting with a collection of multiple resources of the same type.
Singular resource names are used when there exists only one resource available to interact with.
The following naming conventions are used by this API:
| Type | Case |
| --------------------------------------------- | ------------------------ |
| Resource names | `lower_snake_case` |
| Header, body, and query parameters parameters | `camelCase` |
| JSON fields and property names | `camelCase` |
#### Collections
A collection resource is a parent resource for instance resources, but can itself be retrieved and operated on
independently. Collection resources use a pluralized resource name. The resource path for collection resources follow
the convention:
```
/api/3/{resource_name}
```
#### Instances
An instance resource is a "leaf" level resource that may be retrieved, optionally nested within a collection resource.
Instance resources are usually retrievable with opaque identifiers. The resource path for instance resources follows
the convention:
```
/api/3/{resource_name}/{instance_id}...
```
## Verbs
The following HTTP operations are supported throughout this API. The general usage of the operation and both
its failure and success status codes are outlined below.
| Verb | Usage | Success | Failure |
| --------- | ------------------------------------------------------------------------------------- | ----------- | -------------------------------------------------------------- |
| `GET` | Used to retrieve a resource by identifier, or a collection of resources by type. | `200` | `400`, `401`, `402`, `404`, `405`, `408`, `410`, `415`, `500` |
| `POST` | Creates a resource with an application-specified identifier. | `201` | `400`, `401`, `404`, `405`, `408`, `413`, `415`, `500` |
| `POST` | Performs a request to queue an asynchronous job. | `202` | `400`, `401`, `405`, `408`, `410`, `413`, `415`, `500` |
| `PUT` | Creates a resource with a client-specified identifier. | `200` | `400`, `401`, `403`, `405`, `408`, `410`, `413`, `415`, `500` |
| `PUT` | Performs a full update of a resource with a specified identifier. | `201` | `400`, `401`, `403`, `405`, `408`, `410`, `413`, `415`, `500` |
| `DELETE` | Deletes a resource by identifier or an entire collection of resources. | `204` | `400`, `401`, `405`, `408`, `410`, `413`, `415`, `500` |
| `OPTIONS` | Requests what operations are available on a resource. | `200` | `401`, `404`, `405`, `408`, `500` |
### Common Operations
#### OPTIONS
All resources respond to the `OPTIONS` request, which allows discoverability of available operations that are supported.
The `OPTIONS` response returns the acceptable HTTP operations on that resource within the `Allow` header. The response
is always a `200 OK` status.
### Collection Resources
Collection resources can support the `GET`, `POST`, `PUT`, and `DELETE` operations.
#### GET
The `GET` operation invoked on a collection resource indicates a request to retrieve all, or some, of the entities
contained within the collection. This also includes the optional capability to filter or search resources during
the request. The response from a collection listing is a paginated document. See
[hypermedia links](#section/Overview/Paging) for more information.
#### POST
The `POST` is a non-idempotent operation that allows for the creation of a new resource when the resource identifier
is not provided by the system during the creation operation (i.e. the Security Console generates the identifier). The
content of the `POST` request is sent in the request body. The response to a successful `POST` request should be a
`201 CREATED` with a valid `Location` header field set to the URI that can be used to access to the newly
created resource.
The `POST` to a collection resource can also be used to interact with asynchronous resources. In this situation,
instead of a `201 CREATED` response, the `202 ACCEPTED` response indicates that processing of the request is not fully
complete but has been accepted for future processing. This request will respond similarly with a `Location` header with
link to the job-oriented asynchronous resource that was created and/or queued.
#### PUT
The `PUT` is an idempotent operation that either performs a create with user-supplied identity, or a full replace
or update of a resource by a known identifier. The response to a `PUT` operation to create an entity is a `201 Created`
with a valid `Location` header field set to the URI that can be used to access to the newly created resource.
`PUT` on a collection resource replaces all values in the collection. The typical response to a `PUT` operation that
updates an entity is hypermedia links, which may link to related resources caused by the side-effects of the changes
performed.
#### DELETE
The `DELETE` is an idempotent operation that physically deletes a resource, or removes an association between resources.
The typical response to a `DELETE` operation is hypermedia links, which may link to related resources caused by the
side-effects of the changes performed.
### Instance Resources
Instance resources can support the `GET`, `PUT`, `POST`, `PATCH` and `DELETE` operations.
#### GET
Retrieves the details of a specific resource by its identifier. The details retrieved can be controlled through
property selection and property views. The content of the resource is returned within the body of the response in the
acceptable media type.
#### PUT
Allows for and idempotent "full update" (complete replacement) on a specific resource. If the resource does not exist,
it will be created; if it does exist, it is completely overwritten. Any omitted properties in the request are assumed to
be undefined/null. For "partial updates" use `POST` or `PATCH` instead.
The content of the `PUT` request is sent in the request body. The identifier of the resource is specified within the URL
(not the request body). The response to a successful `PUT` request is a `201 CREATED` to represent the created status,
with a valid `Location` header field set to the URI that can be used to access to the newly created (or fully replaced)
resource.
#### POST
Performs a non-idempotent creation of a new resource. The `POST` of an instance resource most commonly occurs with the
use of nested resources (e.g. searching on a parent collection resource). The response to a `POST` of an instance
resource is typically a `200 OK` if the resource is non-persistent, and a `201 CREATED` if there is a resource
created/persisted as a result of the operation. This varies by endpoint.
#### PATCH
The `PATCH` operation is used to perform a partial update of a resource. `PATCH` is a non-idempotent operation that
enforces an atomic mutation of a resource. Only the properties specified in the request are to be overwritten on the
resource it is applied to. If a property is missing, it is assumed to not have changed.
#### DELETE
Permanently removes the individual resource from the system. If the resource is an association between resources, only
the association is removed, not the resources themselves. A successful deletion of the resource should return
`204 NO CONTENT` with no response body. This operation is not fully idempotent, as follow-up requests to delete a
non-existent resource should return a `404 NOT FOUND`.
## Requests
Unless otherwise indicated, the default request body media type is `application/json`.
### Headers
Commonly used request headers include:
| Header | Example | Purpose |
| ------------------ | --------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| `Accept` | `application/json` | Defines what acceptable content types are allowed by the client. For all types, use `*/*`. |
| `Accept-Encoding` | `deflate, gzip` | Allows for the encoding to be specified (such as gzip). |
| `Accept-Language` | `en-US` | Indicates to the server the client's locale (defaults `en-US`). |
| `Authorization ` | `Basic Base64("username:password")` | Basic authentication |
| `Token ` | `123456` | Two-factor authentication token (if enabled) |
### Dates & Times
Dates and/or times are specified as strings in the ISO 8601 format(s). The following formats are supported as input:
| Value | Format | Notes |
| --------------------------- | ------------------------------------------------------ | ----------------------------------------------------- |
| Date | YYYY-MM-DD | Defaults to 12 am UTC (if used for a date & time |
| Date & time only | YYYY-MM-DD'T'hh:mm:ss[.nnn] | Defaults to UTC |
| Date & time in UTC | YYYY-MM-DD'T'hh:mm:ss[.nnn]Z | |
| Date & time w/ offset | YYYY-MM-DD'T'hh:mm:ss[.nnn][+&#124;-]hh:mm | |
| Date & time w/ zone-offset | YYYY-MM-DD'T'hh:mm:ss[.nnn][+&#124;-]hh:mm[<zone-id>] | |
### Timezones
Timezones are specified in the regional zone format, such as `"America/Los_Angeles"`, `"Asia/Tokyo"`, or `"GMT"`.
### Paging
Pagination is supported on certain collection resources using a combination of two query parameters, `page` and `size`.
As these are control parameters, they are prefixed with the underscore character. The page parameter dictates the
zero-based index of the page to retrieve, and the `size` indicates the size of the page.
For example, `/resources?page=2&size=10` will return page 3, with 10 records per page, giving results 21-30.
The maximum page size for a request is 500.
### Sorting
Sorting is supported on paginated resources with the `sort` query parameter(s). The sort query parameter(s) supports
identifying a single or multi-property sort with a single or multi-direction output. The format of the parameter is:
```
sort=property[,ASC|DESC]...
```
Therefore, the request `/resources?sort=name,title,DESC` would return the results sorted by the name and title
descending, in that order. The sort directions are either ascending `ASC` or descending `DESC`. With single-order
sorting, all properties are sorted in the same direction. To sort the results with varying orders by property,
multiple sort parameters are passed.
For example, the request `/resources?sort=name,ASC&sort=title,DESC` would sort by name ascending and title
descending, in that order.
## Responses
The following response statuses may be returned by this API.
| Status | Meaning | Usage |
| ------ | ------------------------ |------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `200` | OK | The operation performed without error according to the specification of the request, and no more specific 2xx code is suitable. |
| `201` | Created | A create request has been fulfilled and a resource has been created. The resource is available as the URI specified in the response, including the `Location` header. |
| `202` | Accepted | An asynchronous task has been accepted, but not guaranteed, to be processed in the future. |
| `400` | Bad Request | The request was invalid or cannot be otherwise served. The request is not likely to succeed in the future without modifications. |
| `401` | Unauthorized | The user is unauthorized to perform the operation requested, or does not maintain permissions to perform the operation on the resource specified. |
| `403` | Forbidden | The resource exists to which the user has access, but the operating requested is not permitted. |
| `404` | Not Found | The resource specified could not be located, does not exist, or an unauthenticated client does not have permissions to a resource. |
| `405` | Method Not Allowed | The operations may not be performed on the specific resource. Allowed operations are returned and may be performed on the resource. |
| `408` | Request Timeout | The client has failed to complete a request in a timely manner and the request has been discarded. |
| `413` | Request Entity Too Large | The request being provided is too large for the server to accept processing. |
| `415` | Unsupported Media Type | The media type is not supported for the requested resource. |
| `500` | Internal Server Error | An internal and unexpected error has occurred on the server at no fault of the client. |
### Security
The response statuses 401, 403 and 404 need special consideration for security purposes. As necessary,
error statuses and messages may be obscured to strengthen security and prevent information exposure. The following is a
guideline for privileged resource response statuses:
| Use Case | Access | Resource | Permission | Status |
| ------------------------------------------------------------------ | ------------------ |------------------- | ------------ | ------------ |
| Unauthenticated access to an unauthenticated resource. | Unauthenticated | Unauthenticated | Yes | `20x` |
| Unauthenticated access to an authenticated resource. | Unauthenticated | Authenticated | No | `401` |
| Unauthenticated access to an authenticated resource. | Unauthenticated | Non-existent | No | `401` |
| Authenticated access to a unauthenticated resource. | Authenticated | Unauthenticated | Yes | `20x` |
| Authenticated access to an authenticated, unprivileged resource. | Authenticated | Authenticated | No | `404` |
| Authenticated access to an authenticated, privileged resource. | Authenticated | Authenticated | Yes | `20x` |
| Authenticated access to an authenticated, non-existent resource | Authenticated | Non-existent | Yes | `404` |
### Headers
Commonly used response headers include:
| Header | Example | Purpose |
| -------------------------- | --------------------------------- | --------------------------------------------------------------- |
| `Allow` | `OPTIONS, GET` | Defines the allowable HTTP operations on a resource. |
| `Cache-Control` | `no-store, must-revalidate` | Disables caching of resources (as they are all dynamic). |
| `Content-Encoding` | `gzip` | The encoding of the response body (if any). |
| `Location` | | Refers to the URI of the resource created by a request. |
| `Transfer-Encoding` | `chunked` | Specified the encoding used to transform response. |
| `Retry-After` | 5000 | Indicates the time to wait before retrying a request. |
| `X-Content-Type-Options` | `nosniff` | Disables MIME type sniffing. |
| `X-XSS-Protection` | `1; mode=block` | Enables XSS filter protection. |
| `X-Frame-Options` | `SAMEORIGIN` | Prevents rendering in a frame from a different origin. |
| `X-UA-Compatible` | `IE=edge,chrome=1` | Specifies the browser mode to render in. |
### Format
When `application/json` is returned in the response body it is always pretty-printed (indented, human readable output).
Additionally, gzip compression/encoding is supported on all responses.
#### Dates & Times
Dates or times are returned as strings in the ISO 8601 'extended' format. When a date and time is returned (instant) the value is converted to UTC.
For example:
| Value | Format | Example |
| --------------- | ------------------------------ | --------------------- |
| Date | `YYYY-MM-DD` | 2017-12-03 |
| Date & Time | `YYYY-MM-DD'T'hh:mm:ss[.nnn]Z` | 2017-12-03T10:15:30Z |
#### Content
In some resources a Content data type is used. This allows for multiple formats of representation to be returned
within resource, specifically `"html"` and `"text"`. The `"text"` property returns a flattened representation suitable
for output in textual displays. The `"html"` property returns an HTML fragment suitable for display within an HTML
element. Note, the HTML returned is not a valid stand-alone HTML document.
#### Paging
The response to a paginated request follows the format:
```json
{
resources": [
...
],
"page": {
"number" : ...,
"size" : ...,
"totalResources" : ...,
"totalPages" : ...
},
"links": [
"first" : {
"href" : "..."
},
"prev" : {
"href" : "..."
},
"self" : {
"href" : "..."
},
"next" : {
"href" : "..."
},
"last" : {
"href" : "..."
}
]
}
```
The `resources` property is an array of the resources being retrieved from the endpoint, each which should contain at
minimum a "self" relation hypermedia link. The `page` property outlines the details of the current page and total
possible pages. The object for the page includes the following properties:
- number - The page number (zero-based) of the page returned.
- size - The size of the pages, which is less than or equal to the maximum page size.
- totalResources - The total amount of resources available across all pages.
- totalPages - The total amount of pages.
The last property of the paged response is the `links` array, which contains all available hypermedia links. For
paginated responses, the "self", "next", "previous", "first", and "last" links are returned. The "self" link must
always be returned and should contain a link to allow the client to replicate the original request against the
collection resource in an identical manner to that in which it was invoked.
The "next" and "previous" links are present if either or both there exists a previous or next page, respectively.
The "next" and "previous" links have hrefs that allow "natural movement" to the next page, that is all parameters
required to move the next page are provided in the link. The "first" and "last" links provide references to the first
and last pages respectively.
Requests outside the boundaries of the pageable will result in a `404 NOT FOUND`. Paginated requests do not provide a
"stateful cursor" to the client, nor does it need to provide a read consistent view. Records in adjacent pages may
change while pagination is being traversed, and the total number of pages and resources may change between requests
within the same filtered/queries resource collection.
#### Property Views
The "depth" of the response of a resource can be configured using a "view". All endpoints supports two views that can
tune the extent of the information returned in the resource. The supported views are `summary` and `details` (the default).
View are specified using a query parameter, in this format:
```bash
/<resource>?view={viewName}
```
#### Error
Any error responses can provide a response body with a message to the client indicating more information (if applicable)
to aid debugging of the error. All 40x and 50x responses will return an error response in the body. The format of the
response is as follows:
```json
{
"status": <statusCode>,
"message": <message>,
"links" : [ {
"rel" : "...",
"href" : "..."
} ]
}
```
The `status` property is the same as the HTTP status returned in the response, to ease client parsing. The message
property is a localized message in the request client's locale (if applicable) that articulates the nature of the
error. The last property is the `links` property. This may contain additional
[hypermedia links](#section/Overview/Authentication) to troubleshoot.
#### Search Criteria <a section="section/Responses/SearchCriteria"></a>
Multiple resources make use of search criteria to match assets. Search criteria is an array of search filters. Each
search filter has a generic format of:
```json
{
"field": "<field-name>",
"operator": "<operator>",
["value": "<value>",]
["lower": "<value>",]
["upper": "<value>"]
}
```
Every filter defines two required properties `field` and `operator`. The field is the name of an asset property that
is being filtered on. The operator is a type and property-specific operating performed on the filtered property. The
valid values for fields and operators are outlined in the table below.
Every filter also defines one or more values that are supplied to the operator. The valid values vary by operator
and are outlined below.
##### Fields
The following table outlines the search criteria fields and the available operators:
| Field | Operators |
| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| `alternate-address-type` | `in` |
| `container-image` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` ` is like` ` not like` |
| `container-status` | `is` ` is not` |
| `containers` | `are` |
| `criticality-tag` | `is` ` is not` ` is greater than` ` is less than` ` is applied` ` is not applied` |
| `custom-tag` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` ` is applied` ` is not applied` |
| `cve` | `is` ` is not` ` contains` ` does not contain` |
| `cvss-access-complexity` | `is` ` is not` |
| `cvss-authentication-required` | `is` ` is not` |
| `cvss-access-vector` | `is` ` is not` |
| `cvss-availability-impact` | `is` ` is not` |
| `cvss-confidentiality-impact` | `is` ` is not` |
| `cvss-integrity-impact` | `is` ` is not` |
| `cvss-v3-confidentiality-impact` | `is` ` is not` |
| `cvss-v3-integrity-impact` | `is` ` is not` |
| `cvss-v3-availability-impact` | `is` ` is not` |
| `cvss-v3-attack-vector` | `is` ` is not` |
| `cvss-v3-attack-complexity` | `is` ` is not` |
| `cvss-v3-user-interaction` | `is` ` is not` |
| `cvss-v3-privileges-required` | `is` ` is not` |
| `host-name` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` ` is empty` ` is not empty` ` is like` ` not like` |
| `host-type` | `in` ` not in` |
| `ip-address` | `is` ` is not` ` in range` ` not in range` ` is like` ` not like` |
| `ip-address-type` | `in` ` not in` |
| `last-scan-date` | `is-on-or-before` ` is on or after` ` is between` ` is earlier than` ` is within the last` |
| `location-tag` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` ` is applied` ` is not applied` |
| `mobile-device-last-sync-time` | `is-within-the-last` ` is earlier than` |
| `open-ports` | `is` ` is not` ` in range` |
| `operating-system` | `contains` ` does not contain` ` is empty` ` is not empty` |
| `owner-tag` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` ` is applied` ` is not applied` |
| `pci-compliance` | `is` |
| `risk-score` | `is` ` is not` ` in range` ` greater than` ` less than` |
| `service-name` | `contains` ` does not contain` |
| `site-id` | `in` ` not in` |
| `software` | `contains` ` does not contain` |
| `vAsset-cluster` | `is` ` is not` ` contains` ` does not contain` ` starts with` |
| `vAsset-datacenter` | `is` ` is not` |
| `vAsset-host-name` | `is` ` is not` ` contains` ` does not contain` ` starts with` |
| `vAsset-power-state` | `in` ` not in` |
| `vAsset-resource-pool-path` | `contains` ` does not contain` |
| `vulnerability-assessed` | `is-on-or-before` ` is on or after` ` is between` ` is earlier than` ` is within the last` |
| `vulnerability-category` | `is` ` is not` ` starts with` ` ends with` ` contains` ` does not contain` |
| `vulnerability-cvss-v3-score` | `is` ` is not` |
| `vulnerability-cvss-score` | `is` ` is not` ` in range` ` is greater than` ` is less than` |
| `vulnerability-exposures` | `includes` ` does not include` |
| `vulnerability-title` | `contains` ` does not contain` ` is` ` is not` ` starts with` ` ends with` |
| `vulnerability-validated-status` | `are` |
##### Enumerated Properties
The following fields have enumerated values:
| Field | Acceptable Values |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| `alternate-address-type` | 0=IPv4, 1=IPv6 |
| `containers` | 0=present, 1=not present |
| `container-status` | `created` `running` `paused` `restarting` `exited` `dead` `unknown` |
| `cvss-access-complexity` | <ul><li><code>L</code> = Low</li><li><code>M</code> = Medium</li><li><code>H</code> = High</li></ul> |
| `cvss-integrity-impact` | <ul><li><code>N</code> = None</li><li><code>P</code> = Partial</li><li><code>C</code> = Complete</li></ul> |
| `cvss-confidentiality-impact` | <ul><li><code>N</code> = None</li><li><code>P</code> = Partial</li><li><code>C</code> = Complete</li></ul> |
| `cvss-availability-impact` | <ul><li><code>N</code> = None</li><li><code>P</code> = Partial</li><li><code>C</code> = Complete</li></ul> |
| `cvss-access-vector` | <ul><li><code>L</code> = Local</li><li><code>A</code> = Adjacent</li><li><code>N</code> = Network</li></ul> |
| `cvss-authentication-required` | <ul><li><code>N</code> = None</li><li><code>S</code> = Single</li><li><code>M</code> = Multiple</li></ul> |
| `cvss-v3-confidentiality-impact` | <ul><li><code>L</code> = Local</li><li><code>L</code> = Low</li><li><code>N</code> = None</li><li><code>H</code> = High</li></ul> |
| `cvss-v3-integrity-impact` | <ul><li><code>L</code> = Local</li><li><code>L</code> = Low</li><li><code>N</code> = None</li><li><code>H</code> = High</li></ul> |
| `cvss-v3-availability-impact` | <ul><li><code>N</code> = None</li><li><code>L</code> = Low</li><li><code>H</code> = High</li></ul> |
| `cvss-v3-attack-vector` | <ul><li><code>N</code> = Network</li><li><code>A</code> = Adjacent</li><li><code>L</code> = Local</li><li><code>P</code> = Physical</li></ul> |
| `cvss-v3-attack-complexity` | <ul><li><code>L</code> = Low</li><li><code>H</code> = High</li></ul> |
| `cvss-v3-user-interaction` | <ul><li><code>N</code> = None</li><li><code>R</code> = Required</li></ul> |
| `cvss-v3-privileges-required` | <ul><li><code>N</code> = None</li><li><code>L</code> = Low</li><li><code>H</code> = High</li></ul> |
| `host-type` | 0=Unknown, 1=Guest, 2=Hypervisor, 3=Physical, 4=Mobile |
| `ip-address-type` | 0=IPv4, 1=IPv6 |
| `pci-compliance` | 0=fail, 1=pass |
| `vulnerability-validated-status` | 0=present, 1=not present |
##### Operator Properties <a section="section/Responses/SearchCriteria/OperatorProperties"></a>
The following table outlines which properties are required for each operator and the appropriate data type(s):
| Operator | `value` | `lower` | `upper` |
| ----------------------|-----------------------|-----------------------|-----------------------|
| `are` | `string` | | |
| `contains` | `string` | | |
| `does-not-contain` | `string` | | |
| `ends with` | `string` | | |
| `in` | `Array[ string ]` | | |
| `in-range` | | `numeric` | `numeric` |
| `includes` | `Array[ string ]` | | |
| `is` | `string` | | |
| `is-applied` | | | |
| `is-between` | | `numeric` | `numeric` |
| `is-earlier-than` | `numeric` | | |
| `is-empty` | | | |
| `is-greater-than` | `numeric` | | |
| `is-on-or-after` | `string` (yyyy-MM-dd) | | |
| `is-on-or-before` | `string` (yyyy-MM-dd) | | |
| `is-not` | `string` | | |
| `is-not-applied` | | | |
| `is-not-empty` | | | |
| `is-within-the-last` | `string` | | |
| `less-than` | `string` | | |
| `like` | `string` | | |
| `not-contains` | `string` | | |
| `not-in` | `Array[ string ]` | | |
| `not-in-range` | | `numeric` | `numeric` |
| `not-like` | `string` | | |
| `starts-with` | `string` | | |
#### Discovery Connection Search Criteria <a section="section/Responses/DiscoverySearchCriteria"></a>
Dynamic sites make use of search criteria to match assets from a discovery connection. Search criteria is an array of search filters.
Each search filter has a generic format of:
```json
{
"field": "<field-name>",
"operator": "<operator>",
["value": "<value>",]
["lower": "<value>",]
["upper": "<value>"]
}
```
Every filter defines two required properties `field` and `operator`. The field is the name of an asset property that
is being filtered on. The list of supported fields vary depending on the type of discovery connection configured
for the dynamic site (e.g vSphere, ActiveSync, etc.). The operator is a type and property-specific operating
performed on the filtered property. The valid values for fields outlined in the tables below and are grouped by the
type of connection.
Every filter also defines one or more values that are supplied to the operator. See
<a href="#section/Responses/SearchCriteria/OperatorProperties">Search Criteria Operator Properties</a> for more
information on the valid values for each operator.
##### Fields (ActiveSync)
This section documents search criteria information for ActiveSync discovery connections. The discovery connections
must be one of the following types: `"activesync-ldap"`, `"activesync-office365"`, or `"activesync-powershell"`.
The following table outlines the search criteria fields and the available operators for ActiveSync connections:
| Field | Operators |
| --------------------------------- | ------------------------------------------------------------- |
| `last-sync-time` | `is-within-the-last` ` is-earlier-than` |
| `operating-system` | `contains` ` does-not-contain` |
| `user` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
##### Fields (AWS)
This section documents search criteria information for AWS discovery connections. The discovery connections must be the type `"aws"`.
The following table outlines the search criteria fields and the available operators for AWS connections:
| Field | Operators |
| ----------------------- | ------------------------------------------------------------- |
| `availability-zone` | `contains` ` does-not-contain` |
| `guest-os-family` | `contains` ` does-not-contain` |
| `instance-id` | `contains` ` does-not-contain` |
| `instance-name` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
| `instance-state` | `in` ` not-in` |
| `instance-type` | `in` ` not-in` |
| `ip-address` | `in-range` ` not-in-range` ` is` ` is-not` |
| `region` | `in` ` not-in` |
| `vpc-id` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
##### Fields (DHCP)
This section documents search criteria information for DHCP discovery connections. The discovery connections must be the type `"dhcp"`.
The following table outlines the search criteria fields and the available operators for DHCP connections:
| Field | Operators |
| --------------- | ------------------------------------------------------------- |
| `host-name` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
| `ip-address` | `in-range` ` not-in-range` ` is` ` is-not` |
| `mac-address` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
##### Fields (Sonar)
This section documents search criteria information for Sonar discovery connections. The discovery connections must be the type `"sonar"`.
The following table outlines the search criteria fields and the available operators for Sonar connections:
| Field | Operators |
| ------------------- | -------------------- |
| `search-domain` | `contains` ` is` |
| `ip-address` | `in-range` ` is` |
| `sonar-scan-date` | `is-within-the-last` |
##### Fields (vSphere)
This section documents search criteria information for vSphere discovery connections. The discovery connections must be the type `"vsphere"`.
The following table outlines the search criteria fields and the available operators for vSphere connections:
| Field | Operators |
| -------------------- | ------------------------------------------------------------------------------------------ |
| `cluster` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
| `data-center` | `is` ` is-not` |
| `discovered-time` | `is-on-or-before` ` is-on-or-after` ` is-between` ` is-earlier-than` ` is-within-the-last` |
| `guest-os-family` | `contains` ` does-not-contain` |
| `host-name` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
| `ip-address` | `in-range` ` not-in-range` ` is` ` is-not` |
| `power-state` | `in` ` not-in` |
| `resource-pool-path` | `contains` ` does-not-contain` |
| `last-time-seen` | `is-on-or-before` ` is-on-or-after` ` is-between` ` is-earlier-than` ` is-within-the-last` |
| `vm` | `is` ` is-not` ` contains` ` does-not-contain` ` starts-with` |
##### Enumerated Properties (vSphere)
The following fields have enumerated values:
| Field | Acceptable Values |
| ------------- | ------------------------------------ |
| `power-state` | `poweredOn` `poweredOff` `suspended` |
## HATEOAS
This API follows Hypermedia as the Engine of Application State (HATEOAS) principals and is therefore hypermedia friendly.
Hyperlinks are returned in the `links` property of any given resource and contain a fully-qualified hyperlink to
the corresponding resource. The format of the hypermedia link adheres to both the
<a target="_blank" href="http://jsonapi.org">{json:api} v1</a>
<a target="_blank" href="http://jsonapi.org/format/#document-links">"Link Object"</a> and
<a target="_blank" href="http://json-schema.org/latest/json-schema-hypermedia.html">JSON Hyper-Schema</a>
<a target="_blank" href="http://json-schema.org/latest/json-schema-hypermedia.html#rfc.section.5.2">"Link Description Object"</a>
formats. For example:
```json
"links": [{
"rel": "<relation>",
"href": "<href>"
...
}]
```
Where appropriate link objects may also contain additional properties than the `rel` and `href` properties, such as `id`, `type`, etc.
See the [Root](#tag/Root) resources for the entry points into API discovery.
version: '3'
title: InsightVM API
contact:
name: Rapid7
email: support@rapid7.com
host: ''
basePath: /
tags:
- name: Root
description: Provides access to primary entry point for discovering the available resources in this API.
- name: Asset
description: 'Resources and operations for managing assets. Assets can be created under the <a href="#operation/createAssetUsingPOST">Site Assets</a> resource.'
- name: Asset Discovery
description: Resources for managing and viewing the mechanisms used to automatically discover assets.
- name: Asset Group
description: Asset Group Tag
- name: Credential
description: Resources and operations for managing shared credentials.
- name: Policy
description: Resources and operations for managing policies.
- name: Policy Override
description: Policy Override Resource Controller
- name: Remediation
description: Resources for determining the details required to remediate vulnerabilities.
- name: Report
description: 'Resources and operations for managing and generating reports. Reports are broadly categorized into `document`, `export`, and `file` types. `document` reports use section-based report templates to control the output and can be generated in several formats. `export` reports are designed to output their contents into a specific file format. `file` reports are templatized reports that output based on the format of a template file. Reports can be configured to generate on a schedule and be distributed via email to specific recipients.'
- name: Scan
description: Resources and operations for managing scans.
- name: Scan Engine
description: Resources and operations for managing scan engines.
- name: Scan Template
description: Scan Template Resource Controller
- name: Site
description: Resources and operations for managing sites.
- name: Tag
description: Resources and operations for managing tags.
- name: User
description: 'Resources and operations for managing users, permissions, and privileges.'
- name: Vulnerability
description: Resources and operations for viewing vulnerability content and managing exceptions.
- name: Vulnerability Check
description: Resources and operations for view vulnerability checks that can be run as a part of vulnerability content.
- name: Vulnerability Exception
description: Vulnerability Exception Resource Controller
- name: Vulnerability Result
description: Resources and operations for retrieving vulnerability results on assessed assets.
- name: Administration
description: Provides access administrative operations and procedures.
schemes: []
consumes: []
produces: []
paths:
/api/3:
get:
tags:
- Root
summary: Resources
description: Returns a listing of the resources (endpoints) that are available to be invoked in this API.
operationId: resources
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/administration/commands:
post:
tags:
- Administration
summary: Console Commands
description: Executes a console command against the Security Console. <span class="authorization">Global Administrator</span>
operationId: executeCommand
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The console command to execute.
required: false
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ConsoleCommandOutput'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Show Host Info
source: show host info
- lang: Help
source: help
/api/3/administration/info:
get:
tags:
- Administration
summary: Information
description: 'Returns system details, including host and version information.'
operationId: getInfo
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Info'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/administration/license:
get:
tags:
- Administration
summary: License
description: Returns the enabled features and limits of the current license. <span class="authorization">Global Administrator</span>
operationId: getLicense
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/License'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Administration
summary: License
description: 'Licenses the product with an activation key or a provided license file. If both are provided, the license file is preferred. <span class="authorization">Global Administrator</span>'
operationId: activateLicense
schemes: []
consumes:
- multipart/form-data
produces:
- application/json;charset=UTF-8
parameters:
- name: license
in: formData
description: The contents of a license (.lic) file.
required: false
type: file
- name: key
in: query
description: A license activation key.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/administration/properties:
get:
tags:
- Administration
summary: Properties
description: 'Returns system details, including host and version information.'
operationId: getProperties
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/EnvironmentProperties'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/administration/settings:
get:
tags:
- Administration
summary: Settings
description: Returns the current administration settings. <span class="authorization">Global Administrator</span>
operationId: getSettings
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Settings'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/asset_groups:
get:
tags:
- Asset Group
summary: Asset Groups
description: Returns all asset groups.
operationId: getAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: type
in: query
description: The type of asset group.
required: false
type: string
- name: name
in: query
description: A search pattern for the name of the asset group. Searches are case-insensitive contains.
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«AssetGroup»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Asset Group
summary: Asset Groups
description: |-
Creates a new asset group. The `searchCriteria` field can be passed no matter what the type of the asset group is. The asset group `type` changes when the assets are refreshed. Dynamic asset groups constantly refreshed their membership as assets are scanned whereas static asset groups do not change membership automatically.
See the <a href="#section/Responses/SearchCriteria">Search Criteria</a> for more information on using dynamic criteria.
operationId: createAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the asset group.
required: false
schema:
$ref: '#/definitions/AssetGroup'
responses:
'201':
description: Created
schema:
$ref: '#/definitions/CreatedReference«AssetGroupID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: An Empty Static Asset Group
source: |-
{
"description": "A Static Asset Group With No Assets. In order to add assets to this group you can POST to the /assets endpoint or PUT to the /assets/{assetID} endpoint.",
"name": "Empty Static Asset Groups",
"type": "static"
}
- lang: A static asset group with assets defined by search criteria
source: |-
{
"description": "A Static Asset Group with Assets that are Linux Assets running Containers (With Low Access Complexity Vulnerabilities) for remediation purposes.",
"name": "Container Hosts - Linux",
"searchCriteria": {
"filters": [
{ "field": "operating-system", "operator": "contains", "value": "linux" },
{ "field": "containers", "operator": "are", "value": 0 },
{ "field": "cvss-access-complexity", "operator": "is", "value": "L" }
],
"match": "all"
},
"type": "static"
}
- lang: A dynamic asset group
source: |-
{
"description": "A Static Asset Group with Assets that are Linux Assets running Containers (With Low Access Complexity Vulnerabilities) for remediation purposes.",
"name": "Container Hosts - Linux",
"searchCriteria": {
"filters": [
{ "field": "operating-system", "operator": "contains", "value": "linux" },
{ "field": "containers", "operator": "are", "value": 0 },
{ "field": "cvss-access-complexity", "operator": "is", "value": "L" }
],
"match": "all"
},
"type": "dynamic"
}
'/api/3/asset_groups/{id}':
get:
tags:
- Asset Group
summary: Asset Group
description: Returns an asset group.
operationId: getAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/AssetGroup'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Group
summary: Asset Group
description: Updates the details of an asset group. See the search criteria endpoint (/search_criteria) for more information about building the search criteria and examples.
operationId: updateAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- in: body
name: param1
description: The details of the asset group.
required: false
schema:
$ref: '#/definitions/AssetGroup'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group
description: Deletes the asset group.
operationId: deleteAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/assets':
get:
tags:
- Asset Group
summary: Asset Group Assets
description: Returns hypermedia links for the assets that belong to an asset group.
operationId: getAssetGroupAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«AssetID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Group
summary: Asset Group Assets
description: Updates all the assets that belong to a static asset group.
operationId: updateAssetGroupAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- in: body
name: param1
description: 'The assets to place in the asset group. '
required: false
schema:
type: array
items:
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group Assets
description: Removes the assets from the given static asset group.
operationId: removeAllAssetsFromAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/assets/{assetId}':
put:
tags:
- Asset Group
summary: Asset Group Asset
description: Adds an asset to a static asset group.
operationId: addAssetToAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group Asset
description: Removes an asset from an asset group.
operationId: removeAssetFromAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/search_criteria':
get:
tags:
- Asset Group
summary: Asset Group Search Criteria
description: 'Returns the search criteria of a dynamic asset group.For a reference of valid search criteria input see the <a href="#operation/getAssetsSearchUsingPOST">Asset Search</a> resource.'
operationId: getAssetGroupSearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SearchCriteria'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Group
summary: Asset Group Search Criteria
description: 'Updates the search criteria of a dynamic asset group. For a reference of valid search criteria input see the <a href="#operation/getAssetsSearchUsingPOST">Asset Search</a> resource.'
operationId: setAssetGroupSearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- in: body
name: param1
description: The search criteria specification.
required: false
schema:
$ref: '#/definitions/SearchCriteria'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Unassigned PCI Incompliant Windows Assets
source: |-
{
"description": "This is an asset group that contains assets that have not been recently scanned in our Los Angeles Datacenter that are also high risk.",
"name": "Stale Los Angeles Assets (High Risk)",
"type": "dynamic",
"searchCriteria": {
"match": "all",
"filters": [
{ "field": "location-tag", "operator": "contains", "value": "Los Angeles Datacenter" },
{ "field": "risk-score", "operator": "is-greater-than", "value": 5000 },
{ "field": "last-scan-date", "operator": "is-on-or-before", "value": "2016-12-31" }
]
}
}
- lang: Stale Los Angeles Assets (High Risk)
source: |-
{
"description": "This is an asset group that contains Windows Assets that are not PCI compliant and not assigned to an owner.",
"name": "Unassigned PCI Incompliant Windows Assets",
"type": "dynamic",
"searchCriteria": {
"match": "all",
"filters": [
{ "field": "pci-compliance", "operator": "is", "value": "0" },
{ "field": "owner-tag", "operator": "is-not-applied" },
{ "field": "operating-system", "operator": "contains", "value": "windows" }
]
}
}
'/api/3/asset_groups/{id}/tags':
get:
tags:
- Asset Group
summary: Asset Group Tags
description: Returns the tags assigned to an asset group.
operationId: getAssetGroupTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«TagID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Group
summary: Asset Group Tags
description: Updates the tags of an asset group.
operationId: setAssetGroupTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- in: body
name: param1
description: The tags to associate to the asset group.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group Tags
description: Removes all tag associations from the asset group.
operationId: removeAllAssetGroupTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/tags/{tagId}':
put:
tags:
- Asset Group
summary: Asset Group Tag
description: Adds a tag to an asset group.
operationId: addAssetGroupTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group Tag
description: Removes a tag from an asset group.
operationId: removeAssetGroupTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/users':
get:
tags:
- Asset Group
summary: Asset Group Users
description: Returns hypermedia links for the users with access to this asset group.
operationId: getAssetGroupUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«UserID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Group
summary: Asset Group Users
description: Grants users with sufficient privileges access to an asset group.
operationId: setAssetGroupUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- in: body
name: param1
description: The users to grant access to the asset group.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/asset_groups/{id}/users/{userId}':
put:
tags:
- Asset Group
summary: Asset Group User
description: Grants a user with sufficient privileges access to the asset group.
operationId: addAssetGroupUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: userId
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset Group
summary: Asset Group User
description: Removes a user's access from an asset group.
operationId: removeAssetGroupUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
- name: userId
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/assets:
get:
tags:
- Asset
summary: Assets
description: Returns all assets for which you have access.
operationId: getAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Asset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/assets':
get:
tags:
- Site
summary: Site Assets
description: Retrieves a paged resource of assets linked with the specified site.
operationId: getSiteAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Asset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Asset
summary: Assets
description: Creates or updates an asset with the specified details.
operationId: createAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: |-
The details of the asset being added or updated.
The operating system can be specified in one of three ways, with the order of precedence: `"osFingerprint"`, `"os"`, `"cpe"`
required: false
schema:
$ref: '#/definitions/AssetCreate'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference'
examples: {}
headers: {}
'201':
description: Created
schema:
$ref: '#/definitions/CreatedOrUpdatedReference'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Assets
description: Removes all assets from the specified site. Assets will be deleted entirely from the Security Console if either Asset Linking is disabled or if Asset Linking is enabled and the asset only existed in this site.
operationId: removeSiteAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/assets/search:
post:
tags:
- Asset
summary: Asset Search
description: Returns all assets for which you have access that match the given search criteria.
operationId: findAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param1
description: param1
required: true
schema:
$ref: '#/definitions/SearchCriteria'
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Asset»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Assets Running SSH
source: |-
{
"match": "all",
"filters": [
{ "field": "service-name", "operator": "contains", "value": "ssh"}
]
}
- lang: High Risk Windows Assets Running SSH
source: |-
{
"match": "all",
"filters": [
{ "field": "risk-score", "operator": "is-greater-than", "value": 5000 },
{ "field": "operating-system", "operator": "contains", "value": "windows" },
{ "field": "service-name", "operator": "contains", "value": "ssh" }
]
}
- lang: Windows 10 Assets
source: |-
{
"match": "all",
"filters": [
{ "field": "operating-system", "operator": "contains", "value": "Microsoft Windows 10" }
]
}
- lang: Assets with High CVSS Scores assigned to Bob
source: |-
{
"match": "all",
"filters": [
{ "field": "owner-tag", "operator": "contains", "value": "Bob" },
{ "field": "vulnerability-cvss-score", "operator": "is-greater-than", "value": 8 }
]
}
- lang: Assets with SSH running containers in Los Angeles
source: |-
{
"match": "all",
"filters": [
{ "field": "location-tag", "operator": "contains", "value": "Los Angeles Datacenter" },
{ "field": "containers", "operator": "are", "value": "0" },
{ "field": "service-name", "operator": "contains", "value": "ssh" }
]
}
'/api/3/assets/{assetId}/policies':
get:
tags:
- Policy
summary: Policies For Asset
description: Retrieves the list of policies with compliance results for the specified asset.
operationId: getPoliciesForAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: applicableOnly
in: query
description: 'An optional boolean parameter indicating the policies retrieved should only include those with a policy compliance status of either a PASS of FAIL result. Default value is `false`, which will also include policies with a compliance status of NOT_APPLICABLE.'
required: false
type: boolean
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«AssetPolicy»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{assetId}/policies/{policyId}/children':
get:
tags:
- Policy
summary: Policy Rules or Groups Directly Under Policy For Asset
description: 'Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy with rule compliance results for the specified asset.'
operationId: getAssetPolicyChildren
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«AssetPolicyItem»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{assetId}/policies/{policyId}/groups/{groupId}/children':
get:
tags:
- Policy
summary: Policy Rules or Groups Directly Under Policy Group For Asset
description: 'Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy group with rule compliance results for the specified asset.'
operationId: getAssetPolicyGroupChildren
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«AssetPolicyItem»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{assetId}/policies/{policyId}/groups/{groupId}/rules':
get:
tags:
- Policy
summary: Policy Rules Under Policy Group For Asset
description: 'Retrieves the list of policy rules defined directly, or indirectly, underneath the specified policy group and the compliance results for the specified asset.'
operationId: getPolicyGroupRulesWithAssetAssessment
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyRule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{assetId}/policies/{policyId}/rules':
get:
tags:
- Policy
summary: Policy Rules For Asset
description: Retrieves the list of policy rules with compliance results for the specified asset and policy.
operationId: getAssetPolicyRulesSummary
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyRule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}':
get:
tags:
- Asset
summary: Asset
description: Returns the specified asset.
operationId: getAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Asset'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset
summary: Asset
description: Deletes the specified asset.
operationId: deleteAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/databases':
get:
tags:
- Asset
summary: Asset Databases
description: Returns the databases enumerated on an asset.
operationId: getAssetDatabases
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Database»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/files':
get:
tags:
- Asset
summary: Asset Files
description: Returns the files discovered on an asset.
operationId: getAssetFiles
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«File»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/policy_overrides':
get:
tags:
- Policy Override
summary: Asset Policy Overrides
description: Retrieves policy overrides defined on policy rules for the specified asset.
operationId: getAssetPolicyOverrides
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«PolicyOverride»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services':
get:
tags:
- Asset
summary: Asset Services
description: Returns the services discovered on an asset.
operationId: getAssetServices
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«ReferenceWithEndpointIDLink,ServiceLink»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}':
get:
tags:
- Asset
summary: Asset Service
description: Returns the service running a port and protocol on the asset.
operationId: getAssetService
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Service'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/configurations':
get:
tags:
- Asset
summary: Asset Service Configurations
description: Returns the configuration (properties) of a port and protocol on an asset.
operationId: getAssetServiceConfigurations
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Configuration»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/databases':
get:
tags:
- Asset
summary: Asset Service Databases
description: Returns the databases running on a port and protocol on an asset.
operationId: getAssetServiceDatabases
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Database»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/user_groups':
get:
tags:
- Asset
summary: Asset Service User Groups
description: Returns the user groups enumerated on a port and protocol on an asset.
operationId: getAssetServiceUserGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«GroupAccount»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/users':
get:
tags:
- Asset
summary: Asset Service Users
description: Returns the users enumerated on a port and protocol on an asset.
operationId: getAssetServiceUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«UserAccount»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities':
get:
tags:
- Vulnerability Result
summary: Asset Service Vulnerabilities
description: Retrieves the vulnerabilities present on a service running on an asset. A finding may be `invulnerable` if all instances on the service have exceptions applied.
operationId: getAssetServiceVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityFinding»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/web_applications':
get:
tags:
- Asset
summary: Asset Service Web Applications
description: Returns the web applications running on a port and protocol on an asset.
operationId: getAssetServiceWebApplications
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«WebApplicationID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/services/{protocol}/{port}/web_applications/{webApplicationId}':
get:
tags:
- Asset
summary: Asset Service Web Application
description: Returns a web application running on a port and protocol on an asset.
operationId: getAssetServiceWebApplication
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: protocol
in: path
description: The protocol of the service.
required: false
type: string
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
- name: port
in: path
description: The port of the service.
required: false
type: integer
format: int32
- name: webApplicationId
in: path
description: The identifier of the web application.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/WebApplication'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/software':
get:
tags:
- Asset
summary: Asset Software
description: Returns the software on an asset.
operationId: getAssetSoftware
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Software»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/tags':
get:
tags:
- Asset
summary: Asset Tags
description: Returns tags assigned to an asset.
operationId: getAssetTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«AssetTag»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/tags/{tagId}':
put:
tags:
- Asset
summary: Asset Tag
description: Assigns the specified tag to the asset.
operationId: addAssetTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Asset
summary: Asset Tag
description: Removes the specified tag from the asset's tags.
operationId: removeAssetTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/user_groups':
get:
tags:
- Asset
summary: Asset User Groups
description: Returns user groups enumerated on an asset.
operationId: getAssetUserGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«GroupAccount»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/users':
get:
tags:
- Asset
summary: Asset Users
description: Returns users enumerated on an asset.
operationId: getAssetUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«UserAccount»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/vulnerabilities':
get:
tags:
- Vulnerability Result
summary: Asset Vulnerabilities
description: Retrieves all vulnerability findings on an asset. A finding may be `invulnerable` if all instances have exceptions applied.
operationId: getAssetVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityFinding»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}':
get:
tags:
- Vulnerability Result
summary: Asset Vulnerability
description: Retrieves the details for a vulnerability finding on an asset.
operationId: getAssetVulnerability
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityFinding'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/solution':
get:
tags:
- Remediation
summary: Asset Vulnerability Solution
description: Returns the highest-superceding rollup solutions for a vulnerability on an asset. The solution(s) selected will be the most recent and cost-effective means by which the vulnerability can be remediated.
operationId: getAssetVulnerabilitySolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«MatchedSolution»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations':
get:
tags:
- Vulnerability Result
summary: Asset Vulnerability Validations
description: Returns all vulnerability validations for a vulnerability on an asset. The asset must be currently vulnerable to the validated vulnerable for the validation to be returned.
operationId: getVulnerabilityValidations
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«VulnerabilityValidationResource»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Vulnerability Result
summary: Asset Vulnerability Validations
description: 'Creates a vulnerability validation for a vulnerability on an asset. The validation signifies that the vulnerability has been confirmed exploitable by an external tool, such as <a target="_blank" href="https://www.metasploit.com">Metasploit</a>.'
operationId: createVulnerabilityValidation
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
- in: body
name: param2
description: 'A vulnerability validation for a vulnerability on an asset. The validation signifies that the vulnerability has been confirmed exploitable by an external tool, such as <a target="_blank" href="https://www.metasploit.com">Metasploit</a>.'
required: false
schema:
$ref: '#/definitions/VulnerabilityValidationResource'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«VulnerabilityValidationID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations/{validationId}':
get:
tags:
- Vulnerability Result
summary: Asset Vulnerability Validation
description: Returns a vulnerability validation for a vulnerability on an asset. The asset must be currently vulnerable to the validated vulnerable for the validation to be returned.
operationId: getVulnerabilityValidation
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
- name: validationId
in: path
description: The identifier of the vulnerability validation.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityValidationResource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Vulnerability Result
summary: Asset Vulnerability Validation
description: Removes a vulnerability validation for a vulnerability from an asset.
operationId: deleteVulnerabilityValidation
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
- name: vulnerabilityId
in: path
description: The identifier of the vulnerability.
required: false
type: string
- name: validationId
in: path
description: The identifier of the vulnerability validation.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/authentication_sources:
get:
tags:
- User
summary: Authentication Sources
description: Returns all available sources of authentication for users.
operationId: getAuthenticationSources
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«AuthenticationSource»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/authentication_sources/{id}':
get:
tags:
- User
summary: Authentication Source
description: Returns the details for an authentication source.
operationId: getAuthenticationSource
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the authentication source.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/AuthenticationSource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/authentication_sources/{id}/users':
get:
tags:
- User
summary: Authentication Source Users
description: Returns hypermedia links for the user accounts that use the authentication source to authenticate.
operationId: getAuthenticationSourceUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the authentication source.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«UserID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/discovery_connections:
get:
tags:
- Asset Discovery
summary: Discovery Connections
description: Returns all discovery connections.
operationId: getDiscoveryConnections
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«DiscoveryConnection»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/discovery_connections/{id}':
get:
tags:
- Asset Discovery
summary: Discovery Connection
description: Returns a discovery connection.
operationId: getDiscoveryConnection
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the discovery connection.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/DiscoveryConnection'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/discovery_connections/{id}/connect':
post:
tags:
- Asset Discovery
summary: Discovery Connection Reconnect
description: Attempts to reconnect the discovery connection.
operationId: reconnectDiscoveryConnection
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the discovery connection.
required: false
type: integer
format: int64
responses:
'200':
description: OK
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/exploits:
get:
tags:
- Vulnerability
summary: Exploits
description: Returns all known exploits.
operationId: getExploits
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Exploit»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/exploits/{id}':
get:
tags:
- Vulnerability
summary: Exploit
description: Returns the details for an exploit.
operationId: getExploit
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the exploit.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Exploit'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/exploits/{id}/vulnerabilities':
get:
tags:
- Vulnerability
summary: Exploitable Vulnerabilities
description: Returns the vulnerabilities exploitable to a exploit.
operationId: getExploitVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the exploit.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«VulnerabilityNaturalID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/malware_kits:
get:
tags:
- Vulnerability
summary: Malware Kits
description: Returns all known malware kits.
operationId: getMalwareKits
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«MalwareKit»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/malware_kits/{id}':
get:
tags:
- Vulnerability
summary: Malware Kit
description: Returns the details for a malware kit.
operationId: getMalwareKit
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the malware kit.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/MalwareKit'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/malware_kits/{id}/vulnerabilities':
get:
tags:
- Vulnerability
summary: Malware Kit Vulnerabilities
description: Returns the vulnerabilities that are susceptible to being attacked by a malware kit.
operationId: getMalwareKitVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the malware kit.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«VulnerabilityNaturalID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/operating_systems:
get:
tags:
- Asset
summary: Operating Systems
description: 'Returns all operating systems discovered across all assets. '
operationId: getOperatingSystems
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«OperatingSystem»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/operating_systems/{id}':
get:
tags:
- Asset
summary: Operating System
description: Returns the details for an operating system.
operationId: getOperatingSystem
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the operating system.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/OperatingSystem'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/policies:
get:
tags:
- Policy
summary: Policies
description: Retrieves a paged resource of policies.
operationId: getPolicies
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: filter
in: query
description: Filters the retrieved policies with those whose titles that match the parameter.
required: false
type: string
- name: scannedOnly
in: query
description: Flag indicating the policies retrieved should only include those with Pass or Fail compliance results. The list of scanned policies is based on the user's list of accessible assets.
required: false
type: boolean
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Policy»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{id}/children':
get:
tags:
- Policy
summary: Policy Rules or Groups Directly Under Policy
description: 'Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy.'
operationId: getPolicyChildren
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyItem»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}':
get:
tags:
- Policy
summary: Policy
description: Retrieves the specified policy.
operationId: getPolicy
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Policy'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/assets':
get:
tags:
- Policy
summary: Policy Asset Results
description: Retrieves asset resources with rule compliance results for the specified policy.
operationId: getPolicyAssetResults
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: applicableOnly
in: query
description: 'An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is `false`, which will also include assets with a compliance status of NOT_APPLICABLE.'
required: false
type: boolean
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyAsset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/assets/{assetId}':
get:
tags:
- Policy
summary: Policy Asset Result
description: Retrieves an asset resource with rule compliance results for the specified asset and policy.
operationId: getPolicyAssetResult
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyAsset'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups':
get:
tags:
- Policy
summary: Policy Groups
description: Retrieves a paged resource of policy groups for the specified policy.
operationId: getPolicyGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyGroup»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups/{groupId}':
get:
tags:
- Policy
summary: Policy Group
description: Retrieves the specified policy group.
operationId: getPolicyGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyGroup'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups/{groupId}/assets':
get:
tags:
- Policy
summary: Assets Compliance For Policy Rules Under Policy Group
description: Retrieves asset resources with rule compliance status against all rules under the specified policy group.
operationId: getPolicyGroupAssetResults
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
- name: applicableOnly
in: query
description: 'An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is `false`, which will also include assets with a compliance status of NOT_APPLICABLE.'
required: false
type: boolean
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyAsset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups/{groupId}/assets/{assetId}':
get:
tags:
- Policy
summary: Asset Compliance For Policy Rules Under Policy Group
description: Retrieves an asset resource with rule compliance status against all rules under the specified policy group.
operationId: getPolicyGroupAssetResult
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyAsset'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups/{groupId}/children':
get:
tags:
- Policy
summary: Policy Rules or Groups Directly Under Policy Group
description: 'Retrieves a paged resource of either policy rules, or groups, that are defined directly underneath the specified policy group.'
operationId: getPolicyGroupChildren
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyItem»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/groups/{groupId}/rules':
get:
tags:
- Policy
summary: Policy Rules Under Policy Group
description: 'Retrieves the list of policy rules defined directly, or indirectly, underneath the specified policy group.'
operationId: getDescendantPolicyRules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: groupId
in: path
description: The identifier of the policy group.
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyRule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules':
get:
tags:
- Policy
summary: Policy Rules
description: Retrieves a paged resource of policy rules for the specified policy.
operationId: getPolicyRules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyRule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/disabled':
get:
tags:
- Policy
summary: Disabled Policy Rules
description: Retrieves a paged resource of disabled policy rules for the specified policy.
operationId: getDisabledPolicyRules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyRule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}':
get:
tags:
- Policy
summary: Policy Rule
description: Retrieves the specified policy rule.
operationId: getPolicyRule
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyRule'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/assets':
get:
tags:
- Policy
summary: Assets Compliance For Policy Rule
description: Retrieves asset resources with rule compliance results for the specified policy policy rule.
operationId: getPolicyRuleAssetResults
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
- name: applicableOnly
in: query
description: 'An optional boolean parameter indicating the assets retrieved should only include those with rule results of either PASS or FAIL. Default value is `false`, which will also include assets with a compliance status of NOT_APPLICABLE.'
required: false
type: boolean
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyAsset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/assets/{assetId}':
get:
tags:
- Policy
summary: Asset Compliance For Policy Rule
description: Retrieves an asset resource with rule compliance results for the specified policy policy rule.
operationId: getPolicyRuleAssetResult
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyAsset'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/assets/{assetId}/proof':
get:
tags:
- Policy
summary: Policy Rule Proof For Asset
description: Retrieves the policy rule proof captured during evaluation against the specified asset.
operationId: getPolicyRuleAssetResultProof
schemes: []
consumes:
- application/json
produces:
- text/html
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
type: string
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/controls':
get:
tags:
- Policy
summary: Policy Rule Controls
description: Retrieves all NIST SP 800-53 controls mappings for each CCE within the specified policy rule.
operationId: getPolicyRuleControls
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyControl»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/rationale':
get:
tags:
- Policy
summary: Policy Rule Rationale
description: Retrieves the policy rule rationale for the specified policy.
operationId: getPolicyRuleRationale
schemes: []
consumes:
- application/json
produces:
- text/html
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
type: string
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policies/{policyId}/rules/{ruleId}/remediation':
get:
tags:
- Policy
summary: Policy Rule Remediation
description: Retrieves the policy rule remediation for the specified policy.
operationId: getPolicyRuleRemediation
schemes: []
consumes:
- application/json
produces:
- text/html
parameters:
- name: policyId
in: path
description: The identifier of the policy
required: false
type: integer
format: int64
- name: ruleId
in: path
description: The identifier of the policy rule.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
type: string
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/policy/summary:
get:
tags:
- Policy
summary: Policy Compliance Summaries
description: Retrieves a compliance summary of all policies.
operationId: getPolicySummary
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicySummaryResource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/policy_overrides:
get:
tags:
- Policy Override
summary: Policy Overrides
description: Retrieves policy overrides defined on policy rules.
operationId: getPolicyOverrides
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«PolicyOverride»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Policy Override
summary: Policy Overrides
description: Submit a policy override. The policy override can be submitted or it can be submitted and approved in a single request.
operationId: createPolicyOverride
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The specification of a policy override. Allows users to override the compliance result of a policy rule.
required: false
schema:
$ref: '#/definitions/PolicyOverride'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«PolicyOverrideID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policy_overrides/{id}':
get:
tags:
- Policy Override
summary: Policy Override
description: Retrieve the specified policy override.
operationId: getPolicyOverride
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy override.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PolicyOverride'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Policy Override
summary: Policy Override
description: Removes a policy override created for a policy rule.
operationId: deletePolicyOverride
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy override.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policy_overrides/{id}/expires':
get:
tags:
- Policy Override
summary: Policy Override Expiration
description: Get the expiration date for a policy override.
operationId: getPolicyOverrideExpiration
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy override.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
type: string
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Policy Override
summary: Policy Override Expiration
description: Set the expiration date for a policy override. This must be a valid date in the future.
operationId: setPolicyOverrideExpiration
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy override.
required: false
type: integer
format: int64
- in: body
name: param1
description: The date the policy override is set to expire. Date is represented in ISO 8601 format.
required: false
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/policy_overrides/{id}/{status}':
post:
tags:
- Policy Override
summary: Policy Override Status
description: 'Update the status of the specified policy override. The status can be one of the following: `"recall"`, `"approve"`, or `"reject"`.'
operationId: setPolicyOverrideStatus
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the policy override.
required: false
type: integer
format: int64
- name: status
in: path
description: Policy Override Status
required: false
type: string
enum:
- recall
- approve
- reject
- in: body
name: param2
description: A comment describing the change of the policy override status.
required: false
schema:
type: string
responses:
'200':
description: OK
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/privileges:
get:
tags:
- User
summary: Privileges
description: Returns all privileges that may be granted to a role.
operationId: getPrivileges
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Privileges'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/privileges/{id}':
get:
tags:
- User
summary: Privilege
description: Returns the details for a privilege.
operationId: getPrivilege
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the privilege.
required: false
type: string
enum:
- all-permissions
- create-reports
- configure-global-settings
- manage-sites
- manage-tags
- manage-static-asset-groups
- manage-dynamic-asset-groups
- manage-scan-templates
- manage-report-templates
- manage-scan-engines
- submit-vulnerability-exceptions
- approve-vulnerability-exceptions
- delete-vulnerability-exceptions
- create-tickets
- close-tickets
- assign-ticket-assignee
- manage-site-access
- manage-asset-group-access
- manage-report-access
- use-restricted-report-sections
- manage-policies
- view-asset-group-asset-data
- manage-asset-group-assets
- view-site-asset-data
- specify-site-metadata
- purge-site-asset-data
- specify-scan-targets
- assign-scan-engine
- assign-scan-template
- manage-site-credentials
- manage-scan-alerts
- schedule-automatic-scans
- start-unscheduled-scans
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/privileges/{id}/users':
get:
tags:
- User
summary: Users With Privilege
description: Returns hypermedia links for all users granted the specified privilege by their role.
operationId: getUsersWithPrivilege
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the privilege.
required: false
type: string
enum:
- all-permissions
- create-reports
- configure-global-settings
- manage-sites
- manage-tags
- manage-static-asset-groups
- manage-dynamic-asset-groups
- manage-scan-templates
- manage-report-templates
- manage-scan-engines
- submit-vulnerability-exceptions
- approve-vulnerability-exceptions
- delete-vulnerability-exceptions
- create-tickets
- close-tickets
- assign-ticket-assignee
- manage-site-access
- manage-asset-group-access
- manage-report-access
- use-restricted-report-sections
- manage-policies
- view-asset-group-asset-data
- manage-asset-group-assets
- view-site-asset-data
- specify-site-metadata
- purge-site-asset-data
- specify-scan-targets
- assign-scan-engine
- assign-scan-template
- manage-site-credentials
- manage-scan-alerts
- schedule-automatic-scans
- start-unscheduled-scans
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«UserID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/report_formats:
get:
tags:
- Report
summary: Report Formats
description: 'Returns all available report formats. A report format indicates an output file format specification (e.g. PDF, XML, etc). Some printable formats may be templated, and others may not. The supported templates for each formated are provided.'
operationId: getReportFormats
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«AvailableReportFormat»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/report_templates:
get:
tags:
- Report
summary: Report Templates
description: Returns all available report templates.
operationId: getReportTemplates
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«ReportTemplate»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/report_templates/{id}':
get:
tags:
- Report
summary: Report Template
description: 'Returns the details of a report template. Report templates govern the contents generated within a report. '
operationId: getReportTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report template;
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReportTemplate'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/reports:
get:
tags:
- Report
summary: Reports
description: Returns all defined report configurations.
operationId: getReports
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Report»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Report
summary: Reports
description: Configures a new report for generation. Report types are controlled through either or both a format and template. Non-templatized (`export`) report formats do not require a template and have their output format preset. Templatized (`document` and `file`) report formats support a report template that governs the content of the output and the output format can be chosen from a list of supported formats.
operationId: createReport
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The specification of a report configuration.
required: false
schema:
$ref: '#/definitions/Report'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«int,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Nexpose™ Simple XML
source: |-
{
"format": "nexpose-simple-xml",
"name": "Scan Report for February scan",
"filters": {
"statuses": [ "vulnerable", "vulnerable-version" ]
},
"scope": {
"scan": 2
}
}
- lang: Qualys XML
source: |-
{
"format": "qualys-xml",
"name": "Qualys Export",
"filters": {
"severity": "critical-and-severe",
"categories": {
"included": [ "Adobe" ]
}
},
"scope": {
"sites": [ 3 ]
}
}
- lang: OVAL XML
source: |-
{
"format": "oval-xml",
"name": "OVAL XML",
"policy": 32,
"scope": {
"sites": [ 17 ]
}
}
- lang: XCCDF CSV
source: |-
{
"format": "xccdf-csv",
"name": "XCDDF CSV Report",
"policy": 89,
"scope": {
"assets": [ 4, 7, 9, 22 ]
},
"filters": {
"severity": "critical"
},
"frequency": {
"start": "2017-11-30",
"repeat": {
"every": "week",
"interval": 2
}
}
}
- lang: XCCDF XML
source: |-
{
"format": "xccdf-xml",
"name": "XCCDF XML",
"policy": 12,
"organization": "Acme Organization",
"scope": {
"tags": [ 4 ]
},
"filters": {
"severity": "critical"
},
"frequency": {
"start": "2018-11-30",
"repeat": {
"every": "date-of-month",
"interval": 3,
"dateOfMonth": "last"
}
}
}
'/api/3/reports/{id}':
get:
tags:
- Report
summary: Report
description: Returns the configuration details of a report.
operationId: getReport
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Report'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Report
summary: Report
description: Updates the configuration details of a report.
operationId: updateReport
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
- in: body
name: param1
description: The specification of a report configuration.
required: false
schema:
$ref: '#/definitions/Report'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Report
summary: Report
description: Deletes the configuration of a report.
operationId: deleteReport
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/reports/{id}/generate':
post:
tags:
- Report
summary: Report Generation
description: Generates a configured report and returns the instance identifier of the report.
operationId: generateReport
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferenceWithReportIDLink'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/reports/{id}/history':
get:
tags:
- Report
summary: Report Histories
description: Returns all historical details for generation of the report over time.
operationId: getReportInstances
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«ReportInstance»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/reports/{id}/history/{instance}':
get:
tags:
- Report
summary: Report History
description: Returns the details for a generation of the report.
operationId: getReportInstance
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
- name: instance
in: path
description: The identifier of the report instance.
required: false
type: string
enum:
- latest
- integer <<int32>>
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReportInstance'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Report
summary: Report History
description: Returns the details for a generation of the report.
operationId: deleteReportInstance
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
- name: instance
in: path
description: The identifier of the report instance.
required: false
type: string
enum:
- latest
- integer <<int32>>
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/reports/{id}/history/{instance}/output':
get:
tags:
- Report
summary: Report Download
description: Returns the contents of a generated report. The report content is usually returned in a GZip compressed format.
operationId: downloadReport
schemes: []
consumes:
- application/json
produces:
- application/octet-stream
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the report.
required: false
type: integer
format: int32
- name: instance
in: path
description: The identifier of the report instance.
required: false
type: string
enum:
- latest
- integer <<int32>>
responses:
'200':
description: OK
schema:
type: string
format: byte
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/roles:
get:
tags:
- User
summary: Roles
description: Returns all roles for which users may be assigned.
operationId: getRoles
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Role»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/roles/{id}':
get:
tags:
- User
summary: Role
description: Retrieves the details of a role.
operationId: getRole
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the role.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Role'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- User
summary: Role
description: Updates the details of a role.
operationId: updateRole
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the role.
required: false
schema:
$ref: '#/definitions/Role'
- name: id
in: path
description: The identifier of the role.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- User
summary: Role
description: Removes a role with the specified identifier. The role must not be built-in and cannot be currently assigned to any users.
operationId: deleteRole
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the role.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/roles/{id}/users':
get:
tags:
- User
summary: Users With Role
description: Returns hypermedia links for the the users currently assigned a role.
operationId: getRoleUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the role.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«UserID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/scan_engine_pools:
get:
tags:
- Scan Engine
summary: Engine Pools
description: Returns engine pools available to use for scanning.
operationId: getScanEnginePools
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«EnginePool»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Scan Engine
summary: Engine Pools
description: Creates a new engine pool.
operationId: createScanEnginePool
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details for the scan engine to update.
required: false
schema:
$ref: '#/definitions/EnginePool'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«EngineID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engine_pools/{id}':
get:
tags:
- Scan Engine
summary: Engine Pool
description: Retrieves the details for an engine pool.
operationId: getEnginePool
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/EnginePool'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Scan Engine
summary: Engine Pool
description: Updates the specified engine pool.
operationId: updateScanEnginePool
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
- in: body
name: param1
description: The details for the scan engine to update.
required: false
schema:
$ref: '#/definitions/EnginePool'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Scan Engine
summary: Engine Pool
description: Deletes the specified engine pool.
operationId: removeScanEnginePool
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engine_pools/{id}/engines':
get:
tags:
- Scan Engine
summary: Engine Pool Engines
description: Get the engines in the engine pool.
operationId: getScanEnginePoolScanEngines
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«EngineID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Scan Engine
summary: Engine Pool Engines
description: Set the engines in the engine pool.
operationId: setScanEnginePoolScanEngines
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
- in: body
name: param1
description: The identifiers of the scan engines to place into the engine pool.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engine_pools/{id}/engines/{engineId}':
put:
tags:
- Scan Engine
summary: Engine Pool Engines
description: Add an engine to the engine pool.
operationId: addScanEnginePoolScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
- name: engineId
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Scan Engine
summary: Engine Pool Engines
description: Remove the specified engine from the engine pool.
operationId: removeScanEnginePoolScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
- name: engineId
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engine_pools/{id}/sites':
get:
tags:
- Scan Engine
summary: Engine Pool Sites
description: Returns links to the sites associated with this engine pool.
operationId: getScanEnginePoolSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the engine pool.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«SiteID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/scan_engines:
get:
tags:
- Scan Engine
summary: Scan Engines
description: Returns scan engines available to use for scanning.
operationId: getScanEngines
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«ScanEngine»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Scan Engine
summary: Scan Engines
description: Creates a new scan engine.
operationId: createScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The specification of a scan engine.
required: false
schema:
$ref: '#/definitions/ScanEngine'
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«EngineID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engines/{id}':
get:
tags:
- Scan Engine
summary: Scan Engine
description: Retrieves the details for a scan engine.
operationId: getScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanEngine'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Scan Engine
summary: Scan Engine
description: Updates the specified scan engine.
operationId: updateScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
- in: body
name: param1
description: The specification of the scan engine to update.
required: false
schema:
$ref: '#/definitions/ScanEngine'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Scan Engine
summary: Scan Engine
description: Deletes the specified scan engine.
operationId: deleteScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engines/{id}/scan_engine_pools':
get:
tags:
- Scan Engine
summary: Assigned Engine Pools
description: Retrieves the list of engine pools the scan engine is currently assigned to.
operationId: getAssignedEnginePools
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«EnginePool»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engines/{id}/scans':
get:
tags:
- Scan Engine
summary: Scan Engine Scans
description: Returns the scans that have been run on a scan engine.
operationId: getScanEngineScans
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Scan»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_engines/{id}/sites':
get:
tags:
- Scan Engine
summary: Scan Engine Sites
description: Retrieves the list of sites the specified scan engine is assigned to.
operationId: getScanEngineSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan engine.
required: false
type: integer
format: int32
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Site»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/scan_templates:
get:
tags:
- Scan Template
summary: Scan Templates
description: Returns all scan templates.
operationId: getScanTemplates
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«ScanTemplate»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Scan Template
summary: Scan Templates
description: Creates a new scan template.
operationId: createScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the scan template.
required: false
schema:
$ref: '#/definitions/ScanTemplate'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«ScanTemplateID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scan_templates/{id}':
get:
tags:
- Scan Template
summary: Scan Template
description: Returns a scan template.
operationId: getScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan template
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanTemplate'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Scan Template
summary: Scan Template
description: Updates a scan template.
operationId: updateScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan template
required: false
type: string
- in: body
name: param1
description: The details of the scan template.
required: false
schema:
$ref: '#/definitions/ScanTemplate'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Scan Template
summary: Scan Template
description: Deletes a scan template.
operationId: deleteScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan template
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/scans:
get:
tags:
- Scan
summary: Scans
description: Returns all scans.
operationId: getScans
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: active
in: query
description: Return running scans or past scans (true/false value).
required: false
type: boolean
default: false
enum:
- 'true'
- 'false'
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«GlobalScan»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scans/{id}':
get:
tags:
- Scan
summary: Scan
description: Returns the specified scan.
operationId: getScan
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Scan'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/scans/{id}/{status}':
post:
tags:
- Scan
summary: Scan Status
description: 'Updates the scan status. Can pause, resume, and stop scans using this resource. In order to stop a scan the scan must be running or paused. In order to resume a scan the scan must be paused. In order to pause a scan the scan must be running.'
operationId: setScanStatus
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the scan.
required: false
type: integer
format: int64
- name: status
in: path
description: The status of the scan.
required: false
type: string
enum:
- pause
- stop
- resume
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/shared_credentials:
get:
tags:
- Credential
summary: Shared Credentials
description: Retrieves all defined shared credential resources.
operationId: getSharedCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SharedCredential»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Credential
summary: Shared Credentials
description: Creates a new shared credential.
operationId: createSharedCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The specification of a shared credential.
required: false
schema:
$ref: '#/definitions/SharedCredential'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«CredentialID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: A CIFS credential
source: |-
{
"name": "CIFS Administrator",
"description": "This is a cifs credential for an administrator",
"account": {
"service": "cifs",
"username": "joe_smith@acme.com",
"password": "******",
"domain": "acme"
},
"siteAssignment": "all-sites"
}
- lang: A Microsoft SQL Server credential
source: |
{
"name": "MS SQL Administrator",
"description": "This is an administrator credential for a Microsoft SQL Server database. Configured to use windows authentication. Credential is not assigned to any sites by default.",
"account": {
"service": "ms-sql",
"database": "usersdb",
"useWindowsAuthentication": true,
"domain": "acme",
"username": "admin",
"password": "******"
},
"siteAssignment": "specific-sites",
"hostRestriction": "machine1.acme.com"
}
- lang: An Oracle database credential
source: |
{
"name": "Oracle DB Administrator",
"description": "This is an administrator credential for an Oracle database. Credential is assigned to a single site.",
"account": {
"service": "oracle",
"sid": "usersdb",
"username": "admin",
"password": "******",
"enumerateSids": true,
"oracleListenerPassword": "******"
},
"siteAssignment": "specific-sites",
"sites": [1],
"hostRestriction": "192.168.1.1"
}
- lang: An SNMPv3 credential
source: |
{
"name": "SNMP v3 Administator",
"account": {
"service": "snmpv3",
"authenticationType": "md5",
"username": "admin",
"password": "******",
"privacyType": "aes-256",
"privacyPassword": "******"
},
"siteAssignment": "all-sites"
}
- lang: An SSH credential
source: |
{
"name": "SSH Administrator",
"description": "This is an SSH credential for an administrator. Credential is assigned to all sites.",
"account": {
"service": "ssh",
"username": "admin",
"password": "******"
},
"siteAssignment": "all-sites"
}
- lang: An SSH credential using sudo+su permission elevation
source: |
{
"name": "SSH User (permission elevation with sudo+su)",
"description": "This is an SSH credential for an non-administrative user. Credential is configured to perform permission elevation using sudo+su for additional access.",
"account": {
"service": "ssh",
"username": "jsmith",
"password": "******",
"permissionElevation": "sudosu",
"permissionElevationUserName": "root",
"permissionElevationPassword": "******"
},
"siteAssignment": "all-sites"
}
- lang: An SSH public key credential
source: |
{
"name": "SSH Public Key credential (permission elevation with sudo)",
"description": "This is an SSH credential for a non-administrative user using a PEM-format private key. Credential is also configured to elevate permissions using sudo.",
"account": {
"service": "ssh-key",
"username": "admin",
"privateKeyPassword": "*******",
"pemKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,0D364155CB54D4B485BDB3B11B76BF59\n\nGLH7n9qeWzZ43g8d5ZNo9BcSWGXo7i8yd3ig9SLKXJd9GoxOrI4OepxZbhOJFDC9\nXer799R8M4+ZGUwIC14R4lfzgKjcqEBCzya/c99MxK9Haz8pt5BjTMtUQRWO5y+/\nyySosHRVebB05TuMhmLnJkNnDfTYwT+Hnvdhu/2ArEm2FN9Rr+guumwhQeGxUha5\n7zjjSimLYjuU2uayjgFLfnh9g/Fe24qmHCw80z+nuHsm9WMWeoeOdmMrMmxhLxUb\nb+zYZs/xRYjKgBMTRiXNSK9UIy21t2+7TUzeyDwfvHq0f5KpinhD1vzYSL+N0k/H\ndg6vqM1gD/DLb+eKoAGpXTE0gpHWcXLg526ivlyZEpAxbuyGPVQ+7IIGytjxN7lG\nJyvbk3fpKDwIJLDOFN4eb9DUaUoqyarqVl44BZhcs7mM0Cvn49IA7PfhcznLv4rJ\netAoZ2Tjt0AiM774+4X29EaYBGXKGC3SYKfiznoEEy1Jpi6Akwxz4FKCEazH1wce\nUaUS/N8VbquMPTqcLjCfoztdOgk65j4FczGt22CtGz4Ns8XB0KRM9fcVQFD4ZmRQ\ni9Sr2onZUAMuvg3R6ZNdpm7FtQhNEpqV432TJdNZEMbXlDmG61P2vgILugKmu56r\ngZfgI1QMUSUzZrnH+DXn0GY9KycRKTpY6L8PSUeTVyhDUFlTrTchvbnFf7LpVRRj\n0+99EUxQFIogXt2rNuj6qioEpabh6rGtIPjICEkue75n2Y4Eu+pdPpSFAPNXLuMB\nCcvoydmxWkBcq/wrCWcTKdKbGKXEj1xvHXAdUwcmlhXpn1igxcwRtcpwrN8cyRRB\nddc1dDX6X/6iEnnWdDDWHZYjaMLUWVO0pPXzSEsZMFhS3wPvY1lg1Ertiag6DD0Q\nwnJq19fJ5M8ehu9qMBdHgPIWdcZBMXSvaQqZ8gBtMO5UyuLA5BTP0yb6Jh3foXCq\nCPihqYSCGUtXzupJCr/oE+jOaYNWjL5icEU0llA6lr71WWdj3b1OwrUTlrmgA0nK\nxZu6LrqRT+nxbd4phYbkqmhXccq9H/d8pcZwKwPtF+z8HoZXSddaACYFAqY4eaxa\nNRk2Zt1JJ+tUsNT9LLV1tUrQ+q1JsKlJp7LW60loljiex8uadsvzwnKIdoom8q0I\nroXHdrwwqyubf4yYApRckbgzW9gLPbclKSqsVFGsDB+KysDYmg3QlTpkrgGl2555\naQ7Z2TWWvcVL3y7z1l1F238m11LxKUY8Uvu7enpQ/gTrqQ1qqIi2/yv+LvZmAXWV\nCFO2lMafpmmHjHEAI5ifXYzZlHCXYBHGHYJdGALFuhODiQqF4pOJI8CX/00msnlJ\nbMH0+dGnk2AviiaLXb7eCZ7mELCX+Ah+00UU75Vdv7O3vhGHpjuMULvbLW2uo+cw\n6rogJ4SfUBb0t+yS970Xty650DgpHYxCzDwZZzrQqPuX6SeOD8AnXuJL3cl3B5YU\n60IPVJPsONIwvJlvZuiij4V8L95usGtvDVsexBKQlj3sSVZ5egICMBjkduEyDl3O\nxOZtdnqktsWNF5XYUfa/8/HUYnN35g0UktpmKlg0yxhAxUAn4lENAY8xvhMGsSCO\n-----END RSA PRIVATE KEY-----",
"permissionElevation": "sudo",
"permissionElevationUserName": "root",
"permissionElevationPassword": "*******"
},
"siteAssignment": "all-sites"
}
delete:
tags:
- Credential
summary: Shared Credentials
description: Deletes all shared credentials.
operationId: deleteAllSharedCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/shared_credentials/{id}':
get:
tags:
- Credential
summary: Shared Credential
description: Retrieves the specified shared credential.
operationId: getSharedCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SharedCredential'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Credential
summary: Shared Credential
description: Updates the specified shared credential.
operationId: updateSharedCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the credential.
required: false
type: integer
format: int32
- in: body
name: param1
description: The specification of the shared credential to update.
required: false
schema:
$ref: '#/definitions/SharedCredential'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Credential
summary: Shared Credential
description: Deletes the specified shared scan credential.
operationId: deleteSharedCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/sites:
get:
tags:
- Site
summary: Sites
description: Retrieves a paged resource of accessible sites.
operationId: getSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Site»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Sites
description: Creates a new site with the specified configuration.
operationId: createSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for creating a site configuration.
required: false
schema:
$ref: '#/definitions/SiteCreateResource'
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«SiteID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}':
get:
tags:
- Site
summary: Site
description: Retrieves the site with the specified identifier.
operationId: getSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Site'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site
description: Updates the configuration of the site with the specified identifier.
operationId: updateSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating a site configuration.
required: false
schema:
$ref: '#/definitions/SiteUpdateResource'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site
description: site.delete.description
operationId: deleteSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts':
get:
tags:
- Site
summary: Site Alerts
description: Retrieve all alerts defined in the site.
operationId: getSiteAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Alert»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Alerts
description: Deletes all alerts from the site.
operationId: deleteAllSiteAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/smtp':
get:
tags:
- Site
summary: Site SMTP Alerts
description: Retrieves all SMTP alerts defined in the site.
operationId: getSiteSmtpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SmtpAlert»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site SMTP Alerts
description: Creates a new SMTP alert for the specified site.
operationId: createSiteSmtpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for creating a new SMTP alert.
required: false
schema:
$ref: '#/definitions/SmtpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«AlertID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site SMTP Alerts
description: Updates all SMTP alerts for the specified site in a single request using the array of resources defined in the request body.
operationId: setSiteSmtpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of resources for updating all SMTP alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
required: false
schema:
type: array
items:
$ref: '#/definitions/SmtpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site SMTP Alerts
description: Deletes all SMTP alerts from the site.
operationId: deleteAllSiteSmtpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/smtp/{alertId}':
get:
tags:
- Site
summary: Site SMTP Alert
description: Retrieves the specified SMTP alert.
operationId: getSiteSmtpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SmtpAlert'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site SMTP Alert
description: Updates the specified SMTP alert.
operationId: updateSiteSmtpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating the specified SMTP alert.
required: false
schema:
$ref: '#/definitions/SmtpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site SMTP Alert
description: Deletes the specified SMTP alert from the site.
operationId: deleteSiteSmtpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/snmp':
get:
tags:
- Site
summary: Site SNMP Alerts
description: Retrieves all SNMP alerts defined in the site.
operationId: getSiteSnmpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SnmpAlert»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site SNMP Alerts
description: Creates a new SNMP alert for the specified site.
operationId: createSiteSnmpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for creating a new SNMP alert.
required: false
schema:
$ref: '#/definitions/SnmpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«AlertID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site SNMP Alerts
description: Updates all SNMP alerts for the specified site in a single request using the array of resources defined in the request body.
operationId: setSiteSnmpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of resources for updating all SNMP alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
required: false
schema:
type: array
items:
$ref: '#/definitions/SnmpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site SNMP Alerts
description: Deletes all SNMP alerts from the site.
operationId: deleteAllSiteSnmpAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/snmp/{alertId}':
get:
tags:
- Site
summary: Site SNMP Alert
description: Retrieves the specified SNMP alert.
operationId: getSiteSnmpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SnmpAlert'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site SNMP Alert
description: Updates the specified SNMP alert.
operationId: updateSiteSnmpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating the specified SNMP alert.
required: false
schema:
$ref: '#/definitions/SnmpAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site SNMP Alert
description: Deletes the specified SNMP alert from the site.
operationId: deleteSiteSnmpAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/syslog':
get:
tags:
- Site
summary: Site Syslog Alerts
description: Retrieves all Syslog alerts defined in the site.
operationId: getSiteSyslogAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SyslogAlert»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site Syslog Alerts
description: Creates a new Syslog alert for the specified site.
operationId: createSiteSyslogAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for creating a new Syslog alert.
required: false
schema:
$ref: '#/definitions/SyslogAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«AlertID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Syslog Alerts
description: Updates all Syslog alerts for the specified site in a single request using the array of resources defined in the request body.
operationId: setSiteSyslogAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of resources for updating all Syslog alerts defined in the site. Alerts defined in the site that are omitted from this request will be deleted from the site.
required: false
schema:
type: array
items:
$ref: '#/definitions/SyslogAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Syslog Alerts
description: Deletes all Syslog alerts from the site.
operationId: deleteAllSiteSyslogAlerts
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/alerts/syslog/{alertId}':
get:
tags:
- Site
summary: Site Syslog Alert
description: Retrieves the specified Syslog alert.
operationId: getSiteSyslogAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SyslogAlert'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Syslog Alert
description: Updates the specified Syslog alert.
operationId: updateSiteSyslogAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating the specified Syslog alert.
required: false
schema:
$ref: '#/definitions/SyslogAlert'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Syslog Alert
description: Deletes the specified Syslog alert from the site.
operationId: deleteSiteSyslogAlert
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: alertId
in: path
description: The identifier of the alert.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/assets/{assetId}':
delete:
tags:
- Site
summary: Site Asset
description: Removes an asset from a site. The asset will only be deleted if it belongs to no other sites.
operationId: removeAssetFromSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/discovery_connection':
get:
tags:
- Site
summary: Site Discovery Connection
description: Retrieves the discovery connection assigned to the site.
operationId: getSiteDiscoveryConnection
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SiteDiscoveryConnection'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Discovery Connection
description: Updates the discovery connection assigned to the site.
operationId: setSiteDiscoveryConnection
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The identifier of the discovery connection.
required: false
schema:
type: integer
format: int64
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/discovery_search_criteria':
get:
tags:
- Site
summary: Site Discovery Search Criteria
description: Retrieve the search criteria of the dynamic site.
operationId: getSiteDiscoverySearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/DiscoverySearchCriteria'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Discovery Search Criteria
description: Update the search criteria of the dynamic site.
operationId: setSiteDiscoverySearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: param1
required: true
schema:
$ref: '#/definitions/DiscoverySearchCriteria'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/excluded_asset_groups':
get:
tags:
- Site
summary: Site Excluded Asset Groups
description: Retrieves the excluded asset groups in a static site.
operationId: getExcludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«AssetGroup»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Excluded Asset Groups
description: Updates the excluded asset groups in a static site.
operationId: updateExcludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of asset group identifiers.
required: false
schema:
type: array
items:
type: integer
format: int32
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Excluded Asset Groups
description: Removes all excluded asset groups from the specified static site.
operationId: removeAllExcludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/excluded_asset_groups/{assetGroupId}':
delete:
tags:
- Site
summary: Site Excluded Asset Group
description: Removes the specified asset group from the excluded asset groups configured in the static site.
operationId: removeExcludedAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/excluded_targets':
get:
tags:
- Site
summary: Site Excluded Targets
description: Retrieves the excluded targets in a static site.
operationId: getExcludedTargets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanTargetsResource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Excluded Targets
description: Updates the excluded targets in a static site.
operationId: updateExcludedTargets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: 'List of addresses to be the site''s new excluded scan targets. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
required: false
schema:
type: array
items:
type: string
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/included_asset_groups':
get:
tags:
- Site
summary: Site Included Asset Groups
description: Retrieves the included asset groups in a static site.
operationId: getIncludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«AssetGroup»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Included Asset Groups
description: Updates the included asset groups in a static site.
operationId: updateIncludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of asset group identifiers.
required: false
schema:
type: array
items:
type: integer
format: int32
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Included Asset Groups
description: Removes all included asset groups from the specified static site.
operationId: removeAllIncludedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/included_asset_groups/{assetGroupId}':
delete:
tags:
- Site
summary: Site Included Asset Group
description: Removes the specified asset group from the included asset groups configured in the static site.
operationId: removeIncludedAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/included_targets':
get:
tags:
- Site
summary: Site Included Targets
description: Retrieves the included targets in a static site.
operationId: getIncludedTargets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanTargetsResource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Included Targets
description: Updates the included targets in a static site.
operationId: updateIncludedTargets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: 'List of addresses to be the site''s new included scan targets. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
required: false
schema:
type: array
items:
type: string
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/organization':
get:
tags:
- Site
summary: Site Organization Information
description: Retrieves the site organization information.
operationId: getSiteOrganization
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SiteOrganization'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Organization Information
description: Updates the site organization information.
operationId: updateSiteOrganization
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating the specified site's organization information.
required: false
schema:
$ref: '#/definitions/SiteOrganization'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/scan_engine':
get:
tags:
- Site
summary: Site Scan Engine
description: Retrieves the resource of the scan engine assigned to the site.
operationId: getSiteScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanEngine'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Scan Engine
description: Updates the assigned scan engine to the site.
operationId: setSiteScanEngine
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The identifier of the scan engine.
required: false
schema:
type: integer
format: int32
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/scan_schedules':
get:
tags:
- Site
summary: Site Scan Schedules
description: Returns all scan schedules for the site.
operationId: getSiteScanSchedules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«ScanSchedule»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site Scan Schedules
description: Creates a new scan schedule for the specified site.
operationId: createSiteScanSchedule
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for a scan schedule.
required: false
schema:
$ref: '#/definitions/ScanSchedule'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«ScanScheduleID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Scan Schedules
description: Updates all scan schedules for the specified site in a single request using the array of resources defined in the request body.
operationId: setSiteScanSchedules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Array of resources for updating all scan schedules defined in the site. Scan schedules defined in the site that are omitted from this request will be deleted from the site.
required: false
schema:
type: array
items:
$ref: '#/definitions/ScanSchedule'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Scan Schedules
description: Deletes all scan schedules from the site.
operationId: deleteAllSiteScanSchedules
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/scan_schedules/{scheduleId}':
get:
tags:
- Site
summary: Site Scan Schedule
description: Retrieves the specified scan schedule.
operationId: getSiteScanSchedule
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: scheduleId
in: path
description: The identifier of the scan schedule.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanSchedule'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Scan Schedule
description: Updates the specified scan schedule.
operationId: updateSiteScanSchedule
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Resource for updating the specified scan schedule.
required: false
schema:
$ref: '#/definitions/ScanSchedule'
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: scheduleId
in: path
description: The identifier of the scan schedule.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Scan Schedule
description: Deletes the specified scan schedule from the site.
operationId: deleteSiteScanSchedule
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: scheduleId
in: path
description: The identifier of the scan schedule.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/scan_template':
get:
tags:
- Site
summary: Site Scan Template
description: Retrieves the resource of the scan template assigned to the site.
operationId: getSiteScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ScanTemplate'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Scan Template
description: Updates the assigned scan template to the site.
operationId: setSiteScanTemplate
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The identifier of the scan template.
required: false
schema:
type: string
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/scans':
get:
tags:
- Scan
summary: Site Scans
description: Returns the scans for the specified site.
operationId: getSiteScans
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: active
in: query
description: Return running scans or past scans (true/false value).
required: false
type: boolean
default: false
enum:
- 'true'
- 'false'
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Scan»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Scan
summary: Site Scans
description: Starts a scan for the specified site.
operationId: startScan
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: The details for the scan.
required: false
schema:
$ref: '#/definitions/AdhocScan'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«ScanID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/shared_credentials':
get:
tags:
- Site
summary: Assigned Shared Credentials
description: Retrieve all of the shared credentials assigned to the site. These shared credentials can be enabled/disabled for the site's scan.
operationId: getSiteSharedCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SiteSharedCredential»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/shared_credentials/{credentialId}/enabled':
put:
tags:
- Site
summary: Assigned Shared Credential Enablement
description: Enable or disable the shared credential for the site's scans.
operationId: enableSharedCredentialOnSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Flag indicating whether the shared credential is enabled for the site's scans.
required: false
schema:
type: boolean
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: credentialId
in: path
description: The identifier of the shared credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/site_credentials':
get:
tags:
- Site
summary: Site Scan Credentials
description: Retrieves all defined site credential resources.
operationId: getSiteCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SiteCredential»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site Scan Credentials
description: Creates a new site credential.
operationId: createSiteCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: The specification of a site credential.
required: false
schema:
$ref: '#/definitions/SiteCredential'
responses:
'201':
description: Created
schema:
$ref: '#/definitions/CreatedReference«CredentialID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: A CIFS credential
source: |-
{
"name": "CIFS Administrator",
"description": "This is a cifs credential for an administrator. Credential is disabled for use in site scans and restricted to a single host for authentication.",
"enabled": false,
"account": {
"service": "cifs",
"username": "joe_smith@acme.com",
"password": "******",
"domain": "acme"
},
"hostRestriction": "machine1.acme.com"
}
- lang: A Microsoft SQL Server credential
source: |
{
"name": "MS SQL Administrator",
"description": "This is an administrator credential for a Microsoft SQL Server database. Configured to use windows authentication. Credential is disabled for use in site scans.",
"enabled": false,
"account": {
"service": "ms-sql",
"database": "usersdb",
"useWindowsAuthentication": true,
"domain": "acme",
"username": "admin",
"password": "******"
},
"hostRestriction": "machine1.acme.com"
}
- lang: An Oracle database credential
source: |
{
"name": "Oracle DB Administrator",
"description": "This is an administrator credential for an Oracle database. Credential is restricted to a single host and port for authentication.",
"enabled": true,
"account": {
"service": "oracle",
"sid": "usersdb",
"username": "admin",
"password": "******",
"enumerateSids": true,
"oracleListenerPassword": "******"
},
"hostRestriction": "192.168.1.1",
"portRestriction": 1521
}
- lang: An SNMPv3 credential
source: |
{
"name": "SNMP v3 Administator",
"enabled": true,
"account": {
"service": "snmpv3",
"authenticationType": "md5",
"username": "admin",
"password": "******",
"privacyType": "aes-256",
"privacyPassword": "******"
}
}
- lang: An SSH credential
source: |
{
"name": "SSH Administrator",
"description": "This is an SSH credential for an administrator. Credential is enabled for use in site scans.",
"enabled": true,
"account": {
"service": "ssh",
"username": "admin",
"password": "******"
}
}
- lang: An SSH credential using sudo+su permission elevation
source: |
{
"name": "SSH User (permission elevation with sudo+su)",
"description": "This is an SSH credential for an non-administrative user. Credential is configured to perform permission elevation using sudo+su for additional access.",
"enabled": true,
"account": {
"service": "ssh",
"username": "jsmith",
"password": "******",
"permissionElevation": "sudosu",
"permissionElevationUserName": "root",
"permissionElevationPassword": "******"
}
}
- lang: An SSH public key credential
source: |
{
"name": "SSH Public Key credential (permission elevation with sudo)",
"description": "This is an SSH credential for a non-administrative user using a PEM-format private key. Credential is also configured to elevate permissions using sudo.",
"enabled": true,
"account": {
"service": "ssh-key",
"username": "admin",
"privateKeyPassword": "*******",
"pemKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,0D364155CB54D4B485BDB3B11B76BF59\n\nGLH7n9qeWzZ43g8d5ZNo9BcSWGXo7i8yd3ig9SLKXJd9GoxOrI4OepxZbhOJFDC9\nXer799R8M4+ZGUwIC14R4lfzgKjcqEBCzya/c99MxK9Haz8pt5BjTMtUQRWO5y+/\nyySosHRVebB05TuMhmLnJkNnDfTYwT+Hnvdhu/2ArEm2FN9Rr+guumwhQeGxUha5\n7zjjSimLYjuU2uayjgFLfnh9g/Fe24qmHCw80z+nuHsm9WMWeoeOdmMrMmxhLxUb\nb+zYZs/xRYjKgBMTRiXNSK9UIy21t2+7TUzeyDwfvHq0f5KpinhD1vzYSL+N0k/H\ndg6vqM1gD/DLb+eKoAGpXTE0gpHWcXLg526ivlyZEpAxbuyGPVQ+7IIGytjxN7lG\nJyvbk3fpKDwIJLDOFN4eb9DUaUoqyarqVl44BZhcs7mM0Cvn49IA7PfhcznLv4rJ\netAoZ2Tjt0AiM774+4X29EaYBGXKGC3SYKfiznoEEy1Jpi6Akwxz4FKCEazH1wce\nUaUS/N8VbquMPTqcLjCfoztdOgk65j4FczGt22CtGz4Ns8XB0KRM9fcVQFD4ZmRQ\ni9Sr2onZUAMuvg3R6ZNdpm7FtQhNEpqV432TJdNZEMbXlDmG61P2vgILugKmu56r\ngZfgI1QMUSUzZrnH+DXn0GY9KycRKTpY6L8PSUeTVyhDUFlTrTchvbnFf7LpVRRj\n0+99EUxQFIogXt2rNuj6qioEpabh6rGtIPjICEkue75n2Y4Eu+pdPpSFAPNXLuMB\nCcvoydmxWkBcq/wrCWcTKdKbGKXEj1xvHXAdUwcmlhXpn1igxcwRtcpwrN8cyRRB\nddc1dDX6X/6iEnnWdDDWHZYjaMLUWVO0pPXzSEsZMFhS3wPvY1lg1Ertiag6DD0Q\nwnJq19fJ5M8ehu9qMBdHgPIWdcZBMXSvaQqZ8gBtMO5UyuLA5BTP0yb6Jh3foXCq\nCPihqYSCGUtXzupJCr/oE+jOaYNWjL5icEU0llA6lr71WWdj3b1OwrUTlrmgA0nK\nxZu6LrqRT+nxbd4phYbkqmhXccq9H/d8pcZwKwPtF+z8HoZXSddaACYFAqY4eaxa\nNRk2Zt1JJ+tUsNT9LLV1tUrQ+q1JsKlJp7LW60loljiex8uadsvzwnKIdoom8q0I\nroXHdrwwqyubf4yYApRckbgzW9gLPbclKSqsVFGsDB+KysDYmg3QlTpkrgGl2555\naQ7Z2TWWvcVL3y7z1l1F238m11LxKUY8Uvu7enpQ/gTrqQ1qqIi2/yv+LvZmAXWV\nCFO2lMafpmmHjHEAI5ifXYzZlHCXYBHGHYJdGALFuhODiQqF4pOJI8CX/00msnlJ\nbMH0+dGnk2AviiaLXb7eCZ7mELCX+Ah+00UU75Vdv7O3vhGHpjuMULvbLW2uo+cw\n6rogJ4SfUBb0t+yS970Xty650DgpHYxCzDwZZzrQqPuX6SeOD8AnXuJL3cl3B5YU\n60IPVJPsONIwvJlvZuiij4V8L95usGtvDVsexBKQlj3sSVZ5egICMBjkduEyDl3O\nxOZtdnqktsWNF5XYUfa/8/HUYnN35g0UktpmKlg0yxhAxUAn4lENAY8xvhMGsSCO\n-----END RSA PRIVATE KEY-----",
"permissionElevation": "sudo",
"permissionElevationUserName": "root",
"permissionElevationPassword": "*******"
}
}
put:
tags:
- Site
summary: Site Scan Credentials
description: Updates multiple site credentials.
operationId: setSiteCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: A list of site credentials resources.
required: false
schema:
type: array
items:
$ref: '#/definitions/SiteCredential'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Scan Credentials
description: Deletes all site credentials from the site.
operationId: deleteAllSiteCredentials
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/site_credentials/{credentialId}':
get:
tags:
- Site
summary: Site Scan Credential
description: Retrieves the specified site credential.
operationId: getSiteCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: credentialId
in: path
description: The identifier of the site credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SiteCredential'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Scan Credential
description: Updates the specified site credential.
operationId: updateSiteCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: credentialId
in: path
description: The identifier of the site credential.
required: false
type: integer
format: int32
- in: body
name: param2
description: The specification of the site credential to update.
required: false
schema:
$ref: '#/definitions/SiteCredential'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Scan Credential
description: Deletes the specified site credential.
operationId: deleteSiteCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: credentialId
in: path
description: The identifier of the site credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/site_credentials/{credentialId}/enabled':
put:
tags:
- Site
summary: Site Credential Enablement
description: Enable or disable the site credential for scans.
operationId: enableSiteCredential
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: Flag indicating whether the credential is enabled for use during the scan.
required: false
schema:
type: boolean
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: credentialId
in: path
description: The identifier of the site credential.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/tags':
get:
tags:
- Site
summary: Site Tags
description: Retrieves the list of tags added to the sites.
operationId: getSiteTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Tag»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Tags
description: Updates the site's list of tags.
operationId: setSiteTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- in: body
name: param1
description: A list of tag identifiers to replace the site's tags.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/tags/{tagId}':
put:
tags:
- Site
summary: Site Tag
description: Adds a tag to the site.
operationId: addSiteTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Site
summary: Site Tag
description: Removes the specified tag from the site's tags.
operationId: removeSiteTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: tagId
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/users':
get:
tags:
- Site
summary: Site Users Access
description: Retrieve the list of non-administrator users that have access to the site.
operationId: getSiteUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«User»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Site
summary: Site Users Access
description: Grants a non-administrator user access to the specified site.
operationId: addSiteUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The identifier of the user.
required: false
schema:
type: integer
format: int32
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«UserID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Site
summary: Site Users Access
description: Updates the site's access list.
operationId: setSiteUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: A list of user identifiers to replace the site's access list.
required: false
schema:
type: array
items:
type: integer
format: int32
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/users/{userId}':
delete:
tags:
- Site
summary: Site User Access
description: Removes the specified user from the site's access list.
operationId: removeSiteUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
- name: userId
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/web_authentication/html_forms':
get:
tags:
- Site
summary: Web Authentication HTML Forms
description: Retrieves all HTML form authentications configured in the site.
operationId: getWebAuthHtmlForms
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«WebFormAuthentication»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sites/{id}/web_authentication/http_headers':
get:
tags:
- Site
summary: Web Authentication HTTP Headers
description: Retrieves all HTTP header authentications configured in the site.
operationId: getWebAuthHTTPHeaders
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«WebHeaderAuthentication»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/software:
get:
tags:
- Asset
summary: Software
description: Returns all software enumerated on any asset.
operationId: getSoftwares
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Software»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/software/{id}':
get:
tags:
- Asset
summary: Software
description: Returns the details for software.
operationId: getSoftware
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the software.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Software'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/solutions:
get:
tags:
- Vulnerability
summary: Solutions
description: Returns the details for all solutions.
operationId: getSolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Solution»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/solutions/{id}':
get:
tags:
- Vulnerability
summary: Solution
description: Returns the details for a solution that can remediate one or more vulnerabilities.
operationId: getSolution
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the solution.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Solution'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/solutions/{id}/prerequisites':
get:
tags:
- Vulnerability
summary: Solution Prerequisites
description: Returns the solutions that must be executed in order for a solution to resolve a vulnerability.
operationId: getPrerequisiteSolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the solution.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«SolutionNaturalID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/solutions/{id}/supersedes':
get:
tags:
- Vulnerability
summary: Superseded Solutions
description: Returns the solutions that are superseded by this solution.
operationId: getSupersededSolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the solution.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Solution»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/solutions/{id}/superseding':
get:
tags:
- Vulnerability
summary: Superseding Solutions
description: Returns the solutions that supersede this solution.
operationId: getSupersedingSolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the solution.
required: false
type: string
- name: rollup
in: query
description: Whether to return only highest-level "rollup" superseding solutions.
required: false
type: boolean
default: true
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«Solution»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/sonar_queries:
get:
tags:
- Asset Discovery
summary: Sonar Queries
description: Returns all sonar queries.
operationId: getSonarQueries
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«SonarQuery»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Asset Discovery
summary: Sonar Queries
description: Creates a sonar query.
operationId: createSonarQuery
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: param0
required: true
schema:
$ref: '#/definitions/SonarQuery'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«DiscoveryQueryID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Assets in IP Range
source: |-
{
"criteria": {
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }
]
},
"name": "Assets In IP Range"
}
- lang: Recently Scanned Rapid7 Assets
source: |-
{
"criteria": {
"filters": [
{ "type": "domain-contains", "domain": "acme.com" },
{ "type": "scan-date-within-the-last", "days": "30" }
]
},
"name": "Recently Scanned ACME Assets"
}
- lang: Recently Scanned Assets in IP Range
source: |-
{
"criteria": {
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" },
{ "type": "scan-date-within-the-last", "days": "30" }
]
},
"name": "Recently Scanned Assets in IP Range"
}
/api/3/sonar_queries/search:
post:
tags:
- Asset Discovery
summary: Sonar Query Search
description: Executes a Sonar query to discover assets with the given search criteria.
operationId: sonarQuerySearch
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: param0
required: true
schema:
$ref: '#/definitions/SonarCriteria'
responses:
'200':
description: OK
schema:
type: array
items:
$ref: '#/definitions/DiscoveryAsset'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Assets in IP Range
source: |-
{
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }
]
}
- lang: Recently Scanned Rapid7 Assets
source: |-
{
"filters": [
{ "type": "domain-contains", "domain": "acme.com"},
{ "type": "scan-date-within-the-last", "days": "30"}
]
}
- lang: Recently Scanned Assets in IP Range
source: |-
{
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" },
{ "type": "scan-date-within-the-last", "days": "30" }
]
}
'/api/3/sonar_queries/{id}':
get:
tags:
- Asset Discovery
summary: Sonar Query
description: Returns a sonar query.
operationId: getSonarQuery
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the Sonar query.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SonarQuery'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Asset Discovery
summary: Sonar Query
description: Updates a sonar query.
operationId: updateSonarQuery
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the Sonar query.
required: false
type: integer
format: int64
- in: body
name: param1
description: param1
required: true
schema:
$ref: '#/definitions/SonarQuery'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
x-code-samples:
- lang: Assets in IP Range
source: |-
{
"criteria": {
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" }
]
},
"name": "Assets In IP Range"
}
- lang: Recently Scanned Rapid7 Assets
source: |-
{
"criteria": {
"filters": [
{ "type": "domain-contains", "domain": "acme.com" },
{ "type": "scan-date-within-the-last", "days": "30" }
]
},
"name": "Recently Scanned ACME Assets"
}
- lang: Recently Scanned Assets in IP Range
source: |-
{
"criteria": {
"filters": [
{ "type": "ip-address-range", "lower": "192.168.1.1", "upper": "192.168.1.254" },
{ "type": "scan-date-within-the-last", "days": "30" }
]
},
"name": "Recently Scanned Assets in IP Range"
}
delete:
tags:
- Asset Discovery
summary: Sonar Query
description: Removes a sonar query.
operationId: deleteSonarQuery
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the Sonar query.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/sonar_queries/{id}/assets':
get:
tags:
- Asset Discovery
summary: Sonar Query Assets
description: Returns the assets that are discovered by a Sonar query.
operationId: getSonarQueryAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the Sonar query.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Resources«DiscoveryAsset»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/tags:
get:
tags:
- Tag
summary: Tags
description: Returns all tags.
operationId: getTags
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: name
in: query
description: name
required: false
type: string
- name: type
in: query
description: type
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Tag»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Tag
summary: Tags
description: Creates a new tag.
operationId: createTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the tag.
required: false
schema:
$ref: '#/definitions/Tag'
responses:
'201':
description: Created
schema:
$ref: '#/definitions/ReferenceWith«TagID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}':
get:
tags:
- Tag
summary: Tag
description: Returns a tag.
operationId: getTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Tag'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Tag
summary: Tag
description: Updates the details of a tag. For more information about accepted fields for the tag search criteria see the PUT /search_criteria documentation.
operationId: updateTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the tag.
required: false
schema:
$ref: '#/definitions/Tag'
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag
description: Deletes the tag.
operationId: deleteTag
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/asset_groups':
get:
tags:
- Tag
summary: Tag Asset Groups
description: Returns the asset groups associated with the tag.
operationId: getTagAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«AssetGroupID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Tag
summary: Tag Asset Groups
description: Sets the asset groups associated with the tag.
operationId: setTaggedAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- in: body
name: param1
description: The asset groups to add to the tag.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Asset Groups
description: Removes the associations between the tag and all asset groups.
operationId: untagAllAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/asset_groups/{assetGroupId}':
put:
tags:
- Tag
summary: Tag Asset Group
description: Adds an asset group to this tag.
operationId: tagAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The asset group identifier.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Asset Group
description: Removes an asset group from this tag.
operationId: untagAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The asset group identifier.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/assets':
get:
tags:
- Tag
summary: Tag Assets
description: Returns the assets tagged with a tag.
operationId: getTaggedAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/TaggedAssetReferences'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/assets/{assetId}':
put:
tags:
- Tag
summary: Tag Asset
description: Adds an asset to the tag.
operationId: tagAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Asset
description: 'Removes an asset from the tag. Note: The asset must be added through the asset or tag, if the asset is added using a site, asset group, or search criteria this will not remove the asset.'
operationId: untagAsset
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: assetId
in: path
description: The identifier of the asset.
required: false
type: integer
format: int64
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/search_criteria':
get:
tags:
- Tag
summary: Tag Search Criteria
description: Returns the search criteria associated with the tag.
operationId: getTagSearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SearchCriteria'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Tag
summary: Tag Search Criteria
description: |
Updates the search criteria associated with the tag.
The following table outlines the search criteria fields and the available operators:
| Field | Operators |
| ---------- | ---------------- |
| asset name | is,is not,starts with,ends with,contains,does not contain,is empty,is not empty,is like,not like |
| asset risk score | is,is not,in range,greater than,less than |
| container image | is,is not,starts with,ends with,contains,does not contain,is like,not like |
| container status | is,is not |
| containers | are |
| CVE IDs | is,is not,contains,does not contain |
| CVSS Access Complexity | is,is not |
| CVSS Authentication Required | is,is not |
| CVSS Access Vector | is,is not |
| CVSS Availability Impact | is,is not |
| CVSS Confidentiality Impact | is,is not |
| CVSS Integrity Impact | is,is not |
| CVSS Access Complexity | is,is not |
| host type | in,not in |
| asset IP Address | is,is not,in range,not in range,is like,not like |
| asset IP Address Type | in,not in |
| asset last scan date | is on or before,is on or after,is between,is earlier than,is within the last |
| mobile device last sync time | is within the last,is earlier than |
| open ports | is,is not,in range |
| asset operating system | contains,does not contain,is empty,is not empty |
| asset alternate address type | in |
| asset PCI compliance | is |
| asset service name | contains,does not contain |
| asset site ID | in,not in |
| asset software | contains,does not contain|
| asset Criticality tag | is,is not,is greater than,is less than,is applied,is not applied |
| asset Custom tag | is,is not,starts with, ends with,contains,does not contain,is applied,is not applied |
| asset Location tag | is,is not,starts with,ends with,contains,does not contain,is applied,is not applied |
| asset Owner tag | is,is not,starts with,ends with,contains,does not contain,is applied,is not applied |
| asset vulnerability validated status | are |
| asset VAsset cluster | is,is not,contains,does not contain,starts with |
| asset VAsset datacenter | is,is not |
| asset VAsset host name | is,is not,contains,does not contain,starts with |
| asset VAsset power state | in,not in |
| asset VAsset resource pool path | contains,does not contain |
| asset vulnerability assessed | is on or before,is on or after,is between,is earlier than,is within the last |
| asset vulnerability category | is,is not,starts with,ends with,contains,does not contain|
| asset vulnerability CVSS score | is,is not,in range,is greater than,is less than |
| asset vulnerability exposures | includes,does not include |
| asset vulnerability title | contains,does not contain,is,is not,starts with,ends with |
The following table outlines the operators and the values associated with them:
| Operator | Values |
| -------- | ------ |
| are | A single string property named "value" |
| is between | A number property named "lower" and a number property named "upper" |
| contains | A single string property named "value" |
| does not contain | A single string property named "value" |
| is earlier than | A single number property named "value" |
| ends with | A single string property named "value" |
| is greater than | A single number property named "value" |
| in | An array property named "values" |
| not in | An array property named "values" |
| in range | A number property named "lower" and a number property named "upper" |
| includes | An array property named "values" |
| is | A single string property named "value" |
| is not | A single string property named "value" |
| is applied | No value |
| is not applied | No value |
| is empty | No value |
| is not empty | No value |
| less than | A single number property named "value" |
| like | A single string property named "value" |
| not contains | A single string property named "value" |
| not in range | A number property named "lower" and a number property named "upper" |
| not like | A single string property named "value" |
| is on or after | A single string property named "value", which is the date in ISO8601 format (yyyy-MM-dd) |
| is on or before | A single string property named "value", which is the date in ISO8601 format (yyyy-MM-dd) |
| starts with | A single string property named "value" |
| is within the last | A single number property named "value" |
The following fields have enumerated values:
| Field | Acceptable Values |
| ----- | ----------------- |
| containers | 0=present, 1=not present |
| asset vulnerability validated status | 0=present, 1=not present |
| asset PCI compliance | 0=fail, 1=pass |
| asset alternate address type | 0=IPv4, 1=IPv6 |
| asset IP Address Type | 0=IPv4, 1=IPv6 |
| host type | 0=Unknown, 1=Guest, 2=Hypervisor, 3=Physical, 4=Mobile |
| CVSS Access Complexity | L=Low, M=Medium, H=High |
| CVSS Integrity Impact | N=None, P=Partial, C=Complete |
| CVSS Confidentiality Impact | N=None, P=Partial, C=Complete |
| CVSS Availability Impact | N=None, P=Partial, C=Complete |
| CVSS Access Vector | L=Local, A=Adjacent, N=Network |
| CVSS Authentication Required | N=None, S=Single, M=Multiple |
| CVSS Access Complexity | L=Low, M=Medium, H=High |
| container status | created, running, paused, restarting, exited, dead, unknown |
operationId: updateTagSearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- in: body
name: param1
description: The details of the search criteria.
required: false
schema:
$ref: '#/definitions/SearchCriteria'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Search Criteria
description: Removes the search criteria associated with the tag.
operationId: removeTagSearchCriteria
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/sites':
get:
tags:
- Tag
summary: Tag Sites
description: Returns the sites associated with the tag.
operationId: getTaggedSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«SiteID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Tag
summary: Tag Sites
description: Sets the sites associated with the tag.
operationId: setTaggedSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- in: body
name: param1
description: The sites to add to the tag.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Sites
description: Removes the associations between the tag and the sites.
operationId: removeTaggedSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/tags/{id}/sites/{siteId}':
put:
tags:
- Tag
summary: Tag Site
description: Adds a site to this tag.
operationId: tagSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: siteId
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Tag
summary: Tag Site
description: Removes a site from this tag.
operationId: untagSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the tag.
required: false
type: integer
format: int32
- name: siteId
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/users:
get:
tags:
- User
summary: Users
description: Returns all defined users. <span class="authorization">Global Administrator</span>
operationId: getUsers
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«User»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- User
summary: Users
description: Creates a new user. <span class="authorization">Global Administrator</span>
operationId: createUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The details of the user.
required: false
schema:
$ref: '#/definitions/User'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«UserID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}':
get:
tags:
- User
summary: User
description: 'Returns the details for a user.<span class="authorization">Global Administrator, Current User</span>'
operationId: getUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/User'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- User
summary: User
description: Updates the details of a user. <span class="authorization">Global Administrator</span>
operationId: updateUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- in: body
name: param1
description: The details of the user.
required: false
schema:
$ref: '#/definitions/User'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/2FA':
get:
tags:
- User
summary: Two-Factor Authentication
description: 'Retrieves the current authentication token seed (key) for the user, if configured.'
operationId: getTwoFactorAuthenticationKey
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/TokenResource'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- User
summary: Two-Factor Authentication
description: Regenerates a new authentication token seed (key) and updates it for the user. This key may be then be used in the appropriate 2FA authenticator.
operationId: regenerateTwoFactorAuthentication
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/TokenResource'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- User
summary: Two-Factor Authentication
description: Sets the authentication token seed (key) for the user. This key may be then be used in the appropriate 2FA authenticator.
operationId: setTwoFactorAuthentication
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- in: body
name: param1
description: The authentication token seed (key) to use for the user.
required: false
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/asset_groups':
get:
tags:
- User
summary: Asset Groups Access
description: Returns the asset groups to which the user has access.
operationId: getUserAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«AssetGroupID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- User
summary: Asset Groups Access
description: Updates the asset groups to which the user has access. Individual asset group access cannot be granted to users with the `allAssetGroups` permission. <span class="authorization">Global Administrator</span>
operationId: setUserAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- in: body
name: param1
description: The identifiers of the asset groups to grant the user access to. Ignored if user has access to `allAssetGroups`.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- User
summary: Asset Groups Access
description: Revokes access to all asset groups from the user.
operationId: removeAllUserAssetGroups
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/asset_groups/{assetGroupId}':
put:
tags:
- User
summary: Asset Group Access
description: Grants the user access to the asset group. Individual asset group access cannot be granted to users with the `allAssetGroups` permission. <span class="authorization">Global Administrator</span>
operationId: addUserAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- User
summary: Asset Group Access
description: Grants the user access to the asset group. Individual asset group access cannot be granted to users with the `allAssetGroups` permission. <span class="authorization">Global Administrator</span>
operationId: removeUserAssetGroup
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- name: assetGroupId
in: path
description: The identifier of the asset group.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/lock':
delete:
tags:
- User
summary: Unlock Account
description: Unlocks a locked user account that has too many failed authentication attempts. Disabled accounts may not be unlocked.
operationId: unlockUser
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/password':
put:
tags:
- User
summary: Password Reset
description: Changes the password for the user. Users may only change their own password.
operationId: resetPassword
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- in: body
name: param1
description: The new password to set.
required: false
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/privileges':
get:
tags:
- User
summary: User Privileges
description: Returns the privileges granted to the user by their role. <span class="authorization">Global Administrator</span>
operationId: getUserPrivileges
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Privileges'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/sites':
get:
tags:
- User
summary: Sites Access
description: Returns the sites to which the user has access.
operationId: getUserSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«SiteID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- User
summary: Sites Access
description: Updates the sites to which the user has access. Individual site access cannot be granted to users with the `allSites` permission. <span class="authorization">Global Administrator</span>
operationId: setUserSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- in: body
name: param1
description: The identifiers of the sites to grant the user access to. Ignored if the user has access to `allSites`.
required: false
schema:
type: array
items:
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- User
summary: Sites Access
description: Revokes access to all sites from the user.
operationId: removeAllUserSites
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/users/{id}/sites/{siteId}':
put:
tags:
- User
summary: Site Access
description: Grants the user access to the site. Individual site access cannot be granted to users with the `allSites` permission. <span class="authorization">Global Administrator</span>
operationId: addUserSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- name: siteId
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- User
summary: Site Access
description: Grants the user access to the site. Individual site access cannot be granted to users with the `allSites` permission. <span class="authorization">Global Administrator</span>
operationId: removeUserSite
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the user.
required: false
type: integer
format: int32
- name: siteId
in: path
description: The identifier of the site.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerabilities:
get:
tags:
- Vulnerability
summary: Vulnerabilities
description: Returns all vulnerabilities that can be assessed during a scan.
operationId: getVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Vulnerability»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}':
get:
tags:
- Vulnerability
summary: Vulnerability
description: Returns the details for a vulnerability.
operationId: getVulnerability
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Vulnerability'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/assets':
get:
tags:
- Vulnerability
summary: Vulnerability Affected Assets
description: Get the assets affected by the vulnerability.
operationId: getAffectedAssets
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«AssetID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/checks':
get:
tags:
- Vulnerability Check
summary: Vulnerability Checks
description: Returns the vulnerability checks that assess for a specific vulnerability during a scan.
operationId: getVulnerabilityChecksForVulnerability
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«VulnerabilityCheckID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/exploits':
get:
tags:
- Vulnerability
summary: Vulnerability Exploits
description: Returns the exploits that can be used to exploit a vulnerability.
operationId: getVulnerabilityExploits
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Exploit»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/malware_kits':
get:
tags:
- Vulnerability
summary: Vulnerability Malware Kits
description: Returns the malware kits that are known to be used to exploit the vulnerability.
operationId: getVulnerabilityMalwareKits
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«MalwareKit»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/references':
get:
tags:
- Vulnerability
summary: Vulnerability References
description: Returns the external references that may be associated to a vulnerability.
operationId: getVulnerabilityReferences_1
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityReference»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerabilities/{id}/solutions':
get:
tags:
- Vulnerability
summary: Vulnerability Solutions
description: Returns all solutions (across all platforms) that may be used to remediate this vulnerability.
operationId: getVulnerabilitySolutions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«SolutionNaturalID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerability_categories:
get:
tags:
- Vulnerability
summary: Categories
description: 'Returns all vulnerabilities categories that can be assigned to a vulnerability. These categories group and label vulnerabilities by general purpose, affected systems, vendor, etc.'
operationId: getVulnerabilityCategories
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityCategory»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_categories/{id}':
get:
tags:
- Vulnerability
summary: Category
description: Returns the details for a vulnerability category.
operationId: getVulnerabilityCategory
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability category.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityCategory'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_categories/{id}/vulnerabilities':
get:
tags:
- Vulnerability
summary: Category Vulnerabilities
description: Returns hypermedia links to the vulnerabilities that are in a vulnerability category.
operationId: getVulnerabilityCategoryVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability category.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«VulnerabilityNaturalID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerability_checks:
get:
tags:
- Vulnerability Check
summary: Checks
description: Returns vulnerability checks. Optional search and filtering parameters may be supplied to refine the results. Searching allows full text search of the vulnerability details a check is related to.
operationId: getVulnerabilityChecks
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: search
in: query
description: Vulnerability search term to find vulnerability checks for. e.g. `"ssh"`.
required: false
type: string
- name: safe
in: query
description: Whether to return vulnerability checks that are considered "safe" to run. Defaults to return safe and unsafe checks.
required: false
type: boolean
- name: potential
in: query
description: Whether to only return checks that result in potentially vulnerable results. Defaults to return all checks.
required: false
type: boolean
- name: requiresCredentials
in: query
description: Whether to only return checks that require credentials in order to successfully execute. Defaults to return all checks.
required: false
type: boolean
- name: unique
in: query
description: Whether to only return checks that guarantee to be executed once-and-only once on a host resulting in a unique result. False returns checks that can result in multiple occurrences of the same vulnerability on a host.
required: false
type: boolean
- name: type
in: query
description: 'The type of vulnerability checks to return. See <a href="#operation/vulnerabilityCheckTypesUsingGET">Check Types</a> for all available types.'
required: false
type: string
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityCheck»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_checks/{id}':
get:
tags:
- Vulnerability Check
summary: Check
description: Returns the vulnerability check.
operationId: vulnerabilityCheck
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability check.
required: false
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityCheck'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerability_checks_types:
get:
tags:
- Vulnerability Check
summary: Check Types
description: 'Returns the vulnerability check types. The type groups related vulnerability checks by their purpose, property, or related characteristic.'
operationId: getVulnerabilityCheckTypes
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters: []
responses:
'200':
description: OK
schema:
$ref: '#/definitions/ReferencesWith«VulnerabilityCheckTypeID,Link»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerability_exceptions:
get:
tags:
- Vulnerability Exception
summary: Exceptions
description: Returns all exceptions defined on vulnerabilities.
operationId: getVulnerabilityExceptions
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityException»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
post:
tags:
- Vulnerability Exception
summary: Exceptions
description: Creates a vulnerability exception.
operationId: createVulnerabilityException
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- in: body
name: param0
description: The vulnerability exception to create.
required: false
schema:
$ref: '#/definitions/VulnerabilityException'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/CreatedReference«VulnerabilityExceptionID,Link»'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_exceptions/{id}':
get:
tags:
- Vulnerability Exception
summary: Exception
description: Returns an exception made on a vulnerability.
operationId: getVulnerabilityException
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability exception.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityException'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
delete:
tags:
- Vulnerability Exception
summary: Exception
description: Removes an exception made on a vulnerability.
operationId: removeVulnerabilityException
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: id
required: true
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_exceptions/{id}/expires':
get:
tags:
- Vulnerability Exception
summary: Exception Expiration
description: Get the expiration date for a vulnerability exception.
operationId: getVulnerabilityExceptionExpiration
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: id
required: true
type: integer
format: int32
responses:
'200':
description: OK
schema:
type: string
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
put:
tags:
- Vulnerability Exception
summary: Exception Expiration
description: Set the expiration date for a vulnerability exception. This must be a valid date in the future.
operationId: updateVulnerabilityExceptionExpiration
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: id
required: true
type: integer
format: int32
- in: body
name: param1
description: param1
required: true
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_exceptions/{id}/{status}':
post:
tags:
- Vulnerability Exception
summary: Exception Status
description: 'Update the status of the vulnerability exception. The status can be one of: `"recall"`, `"approve"`, or `"reject"`.'
operationId: updateVulnerabilityExceptionStatus
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: id
required: true
type: integer
format: int32
- name: status
in: path
description: Exception Status
required: false
type: string
enum:
- recall
- approve
- reject
- in: body
name: param2
description: param2
required: false
schema:
type: string
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Links'
examples: {}
headers: {}
'400':
description: Bad Request
schema:
$ref: '#/definitions/BadRequestError'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
/api/3/vulnerability_references:
get:
tags:
- Vulnerability
summary: References
description: Returns the external references that may be associated to a vulnerability.
operationId: getVulnerabilityReferences
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«VulnerabilityReference»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_references/{id}':
get:
tags:
- Vulnerability
summary: Reference
description: Returns an external vulnerability reference.
operationId: getVulnerabilityReference
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: The identifier of the vulnerability reference.
required: false
type: integer
format: int32
responses:
'200':
description: OK
schema:
$ref: '#/definitions/VulnerabilityReference'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
'/api/3/vulnerability_references/{id}/vulnerabilities':
get:
tags:
- Vulnerability
summary: Reference Vulnerabilities
description: Returns the vulnerabilities that are referenced by an external reference.
operationId: getVulnerabilityReferenceVulnerabilities
schemes: []
consumes:
- application/json
produces:
- application/json;charset=UTF-8
parameters:
- name: id
in: path
description: id
required: true
type: integer
format: int32
- name: page
in: query
description: The index of the page (zero-based) to retrieve.
required: false
type: integer
default: 0
format: int32
- name: size
in: query
description: The number of records per page to retrieve.
required: false
type: integer
default: 10
format: int32
- name: sort
in: query
description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
required: false
type: array
items:
type: string
collectionFormat: multi
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PageOf«Vulnerability»'
examples: {}
headers: {}
'401':
description: Unauthorized
schema:
$ref: '#/definitions/UnauthorizedError'
examples: {}
headers: {}
'404':
description: Not Found
schema:
$ref: '#/definitions/NotFoundError'
examples: {}
headers: {}
'500':
description: Internal Server Error
schema:
$ref: '#/definitions/InternalServerError'
examples: {}
headers: {}
'503':
description: Service Unavailable
schema:
$ref: '#/definitions/ServiceUnavailableError'
examples: {}
headers: {}
security: []
securityDefinitions:
Basic:
type: basic
definitions:
Account:
type: object
discriminator: ''
properties:
service:
type: string
description: ''
AdditionalInformation:
type: object
discriminator: ''
properties:
html:
type: string
example: ''
description: Hypertext Markup Language (HTML) representation of the content.
text:
type: string
example: ''
description: Textual representation of the content.
description: ''
Address:
type: object
discriminator: ''
properties:
ip:
type: string
example: 123.245.34.235
description: The IPv4 or IPv6 address.
mac:
type: string
example: '12:34:56:78:90:AB'
description: The Media Access Control (MAC) address. The format is six groups of two hexadecimal digits separated by colons.
description: ''
AdhocScan:
type: object
discriminator: ''
properties:
engineId:
type: integer
format: int32
example: ''
description: The identifier of the scan engine.
hosts:
type: array
description: The hosts that should be included as a part of the scan. This should be a mixture of IP Addresses and Hostnames as a String array.
items:
type: string
name:
type: string
example: ''
description: The user-driven scan name for the scan.
templateId:
type: string
example: ''
description: The identifier of the scan template
description: ''
AdvisoryLink:
type: object
discriminator: ''
properties:
href:
type: string
example: 'https://support.microsoft.com/en-us/kb/4041689'
description: The hypertext reference for the vulnerability reference.
rel:
type: string
example: Advisory
description: 'The relation of the hypermedia link, `"Advisory"`.'
description: ''
Alert:
type: object
required:
- enabled
- name
- notification
discriminator: ''
properties:
enabled:
type: boolean
example: false
description: Flag indicating the alert is enabled.
enabledScanEvents:
example: ''
description: Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledScanEvents`.
$ref: '#/definitions/ScanEvents'
enabledVulnerabilityEvents:
example: ''
description: Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledVulnerabilityEvents`.
$ref: '#/definitions/VulnerabilityEvents'
id:
type: integer
format: int32
example: ''
description: The identifier of the alert.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
maximumAlerts:
type: integer
format: int32
example: ''
description: 'The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of `null`.'
minimum: 1
name:
type: string
example: ''
description: The name of the alert.
notification:
type: string
example: ''
description: The type of alert.
enum:
- SMTP
- SNMP
- Syslog
description: ''
AssessmentResult:
type: object
required:
- status
discriminator: ''
properties:
checkId:
type: string
example: ssh-openssh-x11uselocalhost-x11-forwarding-session-hijack
description: The identifier of the vulnerability check.
exceptions:
type: array
description: 'If the result is vulnerable with exceptions applied, the identifier(s) of the exceptions actively applied to the result.'
items:
type: integer
format: int32
key:
type: string
example: ''
description: An additional discriminating key used to uniquely identify between multiple instances of results on the same finding.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
port:
type: integer
format: int32
example: 22
description: The port of the service the result was discovered on.
proof:
type: string
example: <p><p>OpenBSD OpenSSH 4.3 on Linux</p></p>
description: The proof explaining why the result was found vulnerable. The proof may container embedded HTML formatting markup.
protocol:
type: string
example: tcp
description: The protocol of the service the result was discovered on.
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
status:
type: string
example: vulnerable-version
description: The status of the vulnerability check result.
enum:
- unknown
- not-vulnerable
- vulnerable
- vulnerable-version
- vulnerable-potential
- vulnerable-with-exception-applied
- vulnerable-version-with-exception-applied
- vulnerable-potential-with-exception-applied
description: ''
Asset:
type: object
discriminator: ''
properties:
addresses:
type: array
description: All addresses discovered on the asset.
items:
$ref: '#/definitions/Address'
assessedForPolicies:
type: boolean
example: false
description: Whether the asset has been assessed for policies at least once.
readOnly: true
assessedForVulnerabilities:
type: boolean
example: true
description: Whether the asset has been assessed for vulnerabilities at least once.
readOnly: true
configurations:
type: array
description: Configuration key-values pairs enumerated on the asset.
items:
$ref: '#/definitions/Configuration'
databases:
type: array
description: The databases enumerated on the asset.
items:
$ref: '#/definitions/Database'
files:
type: array
description: The files discovered with searching on the asset.
items:
$ref: '#/definitions/File'
history:
type: array
description: The history of changes to the asset over time.
readOnly: true
items:
$ref: '#/definitions/AssetHistory'
hostName:
type: string
example: corporate-workstation-1102DC.acme.com
description: The primary host name (local or FQDN) of the asset.
hostNames:
type: array
description: All host names or aliases discovered on the asset.
items:
$ref: '#/definitions/HostName'
id:
type: integer
format: int64
example: 282
description: The identifier of the asset.
ids:
type: array
description: 'Unique identifiers found on the asset, such as hardware or operating system identifiers.'
items:
$ref: '#/definitions/UniqueId'
ip:
type: string
example: 182.34.74.202
description: The primary IPv4 or IPv6 address of the asset.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
mac:
type: string
example: 'AB:12:CD:34:EF:56'
description: The primary Media Access Control (MAC) address of the asset. The format is six groups of two hexadecimal digits separated by colons.
os:
type: string
example: Microsoft Windows Server 2008 Enterprise Edition SP1
description: The full description of the operating system of the asset.
osFingerprint:
example: ''
description: The details of the operating system of the asset.
$ref: '#/definitions/OperatingSystem'
rawRiskScore:
type: number
format: double
example: 31214.3
description: The base risk score of the asset.
readOnly: true
riskScore:
type: number
format: double
example: 37457.16
description: The risk score (with criticality adjustments) of the asset.
readOnly: true
services:
type: array
description: The services discovered on the asset.
items:
$ref: '#/definitions/Service'
software:
type: array
description: The software discovered on the asset.
items:
$ref: '#/definitions/Software'
type:
type: string
example: ''
description: The type of asset.
enum:
- unknown
- guest
- hypervisor
- physical
- mobile
userGroups:
type: array
description: The group accounts enumerated on the asset.
items:
$ref: '#/definitions/GroupAccount'
users:
type: array
description: The user accounts enumerated on the asset.
items:
$ref: '#/definitions/UserAccount'
vulnerabilities:
example: ''
description: Summary information for vulnerabilities on the asset.
readOnly: true
$ref: '#/definitions/AssetVulnerabilities'
description: ''
AssetCreate:
type: object
required:
- date
discriminator: ''
properties:
addresses:
type: array
description: All addresses discovered on the asset.
items:
$ref: '#/definitions/Address'
assessedForPolicies:
type: boolean
example: false
description: Whether the asset has been assessed for policies at least once.
readOnly: true
assessedForVulnerabilities:
type: boolean
example: true
description: Whether the asset has been assessed for vulnerabilities at least once.
readOnly: true
configurations:
type: array
description: Configuration key-values pairs enumerated on the asset.
items:
$ref: '#/definitions/Configuration'
cpe:
type: string
example: ''
description: The Common Platform Enumeration (CPE) of the operating system. This is the tertiary means of specifying the operating system fingerprint. Use `"osFingerprint"` or `"os"` as a more accurate means of defining the operating system.
databases:
type: array
description: The databases enumerated on the asset.
items:
$ref: '#/definitions/Database'
date:
type: string
example: ''
description: The date the data was collected on the asset.
description:
type: string
example: ''
description: The description of the source or collection of information on the asset. This description will appear in the history of the asset for future auditing purposes.
files:
type: array
description: The files discovered with searching on the asset.
items:
$ref: '#/definitions/File'
history:
type: array
description: The history of changes to the asset over time.
readOnly: true
items:
$ref: '#/definitions/AssetHistory'
hostName:
example: corporate-workstation-1102DC.acme.com
description: The primary host name (local or FQDN) of the asset.
$ref: '#/definitions/HostName'
hostNames:
type: array
description: Additional host names for the asset.
items:
$ref: '#/definitions/HostName'
id:
type: integer
format: int64
example: 282
description: The identifier of the asset.
ids:
type: array
description: 'Unique identifiers found on the asset, such as hardware or operating system identifiers.'
items:
$ref: '#/definitions/UniqueId'
ip:
type: string
example: 182.34.74.202
description: The primary IPv4 or IPv6 address of the asset.
links:
type: array
items:
$ref: '#/definitions/Link'
mac:
type: string
example: 'AB:12:CD:34:EF:56'
description: The primary Media Access Control (MAC) address of the asset. The format is six groups of two hexadecimal digits separated by colons.
os:
type: string
example: ''
description: 'Free-form textual description of the operating system of the asset, typically from a fingerprinting source. This input will be parsed to produce a full fingerprint. This is the secondary means of specifying the operating system. Use `osFingerprint` for a more accurate definition.'
osFingerprint:
example: ''
description: 'The details of the operating system of the asset. At least one of `vendor`, `family`, or `product` must be supplied. This is the preferred means of defining the operating system.'
$ref: '#/definitions/OperatingSystem'
rawRiskScore:
type: number
format: double
example: 31214.3
description: The base risk score of the asset.
readOnly: true
riskScore:
type: number
format: double
example: 37457.16
description: The risk score (with criticality adjustments) of the asset.
readOnly: true
services:
type: array
description: The services discovered on the asset.
items:
$ref: '#/definitions/Service'
software:
type: array
description: The software discovered on the asset.
items:
$ref: '#/definitions/Software'
type:
type: string
example: ''
description: The type of asset.
userGroups:
type: array
description: The group accounts enumerated on the asset.
items:
$ref: '#/definitions/GroupAccount'
users:
type: array
description: The user accounts enumerated on the asset.
items:
$ref: '#/definitions/UserAccount'
vulnerabilities:
example: ''
description: Summary information for vulnerabilities on the asset.
readOnly: true
$ref: '#/definitions/AssetVulnerabilities'
description: ''
AssetCreatedOrUpdatedReference:
type: object
discriminator: ''
properties:
body:
$ref: '#/definitions/ReferenceWith«AssetID,Link»'
statusCode:
type: string
enum:
- '100'
- '101'
- '102'
- '103'
- '200'
- '201'
- '202'
- '203'
- '204'
- '205'
- '206'
- '207'
- '208'
- '226'
- '300'
- '301'
- '302'
- '303'
- '304'
- '305'
- '307'
- '308'
- '400'
- '401'
- '402'
- '403'
- '404'
- '405'
- '406'
- '407'
- '408'
- '409'
- '410'
- '411'
- '412'
- '413'
- '414'
- '415'
- '416'
- '417'
- '418'
- '419'
- '420'
- '421'
- '422'
- '423'
- '424'
- '426'
- '428'
- '429'
- '431'
- '500'
- '501'
- '502'
- '503'
- '504'
- '505'
- '506'
- '507'
- '508'
- '509'
- '510'
- '511'
description: ''
AssetGroup:
type: object
required:
- name
- type
discriminator: ''
properties:
assets:
type: integer
format: int32
example: 768
description: The number of assets that belong to the asset group.
readOnly: true
description:
type: string
example: Assets with unacceptable high risk required immediate remediation.
description: The description of the asset group.
id:
type: integer
format: int32
example: 61
description: The identifier of the asset group.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: High Risk Assets
description: The name of the asset group.
riskScore:
type: number
format: double
example: 4457823.78
description: The total risk score of all assets that belong to the asset group.
readOnly: true
searchCriteria:
example: ''
description: 'Search criteria used to determine dynamic membership, if `type` is `"dynamic"`. '
$ref: '#/definitions/SearchCriteria'
type:
type: string
example: dynamic
description: The type of the asset group.
enum:
- static
- dynamic
vulnerabilities:
example: ''
description: Summary information for distinct vulnerabilities found on the assets.
readOnly: true
$ref: '#/definitions/Vulnerabilities'
description: ''
AssetHistory:
type: object
discriminator: ''
properties:
date:
type: string
example: '2018-04-09T06:23:49Z'
description: The date the asset information was collected or changed.
description:
type: string
example: ''
description: Additional information describing the change.
scanId:
type: integer
format: int64
example: 12
description: 'If a scan-oriented change, the identifier of the corresponding scan the asset was scanned in.'
type:
type: string
example: SCAN
description: |-
The type of change. May be one of:
| Type | Source of Data |
| ----------------------------------- | ----------------------------------------------------------- |
| `ASSET-IMPORT`, `EXTERNAL-IMPORT` | External source such as the API |
| `EXTERNAL-IMPORT-APPSPIDER` | Rapid7 InsightAppSec (previously known as AppSpider) |
| `SCAN` | Scan engine scan |
| `ACTIVE-SYNC` | ActiveSync |
| `SCAN-LOG-IMPORT` | Manual import of a scan log |
| `VULNERABILITY_EXCEPTION_APPLIED` | Vulnerability exception applied |
| `VULNERABILITY_EXCEPTION_UNAPPLIED` | Vulnerability exception unapplied |
user:
type: string
example: ''
description: 'If a vulnerability exception change, the login name of the user that performed the operation.'
version:
type: integer
format: int32
example: 8
description: 'The version number of the change (a chronological incrementing number starting from 1). '
vulnerabilityExceptionId:
type: integer
format: int32
example: ''
description: 'If a vulnerability exception change, the identifier of the vulnerability exception that caused the change.'
description: ''
AssetPolicy:
type: object
discriminator: ''
properties:
benchmarkName:
type: string
example: ''
description: The name of the policy's benchmark.
benchmarkVersion:
type: string
example: ''
description: The version number of the benchmark that includes the policy.
category:
type: string
example: ''
description: 'A grouping of similar benchmarks based on their source, purpose, or other criteria. Examples include FDCC, USGCB, and CIS.'
description:
type: string
example: ''
description: The description of the policy.
failedAssetsCount:
type: integer
format: int32
example: ''
description: The number of assets that are not compliant with the policy. The assets considered in the calculation are based on the user's list of accessible assets.
failedRulesCount:
type: integer
format: int32
example: ''
description: The number of rules in the policy that are not compliant with any scanned assets. The assets considered in the calculation are based on the user's list of accessible assets.
id:
type: string
example: ''
description: The textual representation of the policy identifier.
isCustom:
type: boolean
example: false
description: A flag indicating whether the policy is custom.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
notApplicableAssetsCount:
type: integer
format: int32
example: ''
description: 'The number of assets that were attempted to be scanned, but are not applicable to the policy. The assets considered in the calculation are based on the user''s list of accessible assets.'
notApplicableRulesCount:
type: integer
format: int32
example: ''
description: The number of rules in the policy that are not applicable with any scanned assets. The assets considered in the calculation are based on the user's list of accessible assets.
passedAssetsCount:
type: integer
format: int32
example: ''
description: The number of assets that are compliant with the policy. The assets considered in the calculation are based on the user's list of accessible assets.
passedRulesCount:
type: integer
format: int32
example: ''
description: The number of rules in the policy that are compliant with all scanned assets. The assets considered in the calculation are based on the user's list of accessible assets.
policyName:
type: string
example: ''
description: The name of the policy.
ruleCompliance:
type: number
format: double
example: ''
description: The ratio of PASS results for the rules to the total number of rules in each policy.
ruleComplianceDelta:
type: number
format: double
example: ''
description: The change in rule compliance between the last two scans of all assets. The list of scanned policies is based on the user's list of accessible assets.
scope:
type: string
example: ''
description: 'The textual representation of the policy scope. Policies that are automatically available have `"Built-in"` scope, whereas policies created by users have scope as `"Custom"`.'
status:
type: string
example: ''
description: The overall compliance status of the policy.
enum:
- PASS
- FAIL
- NOT_APPLICABLE
surrogateId:
type: integer
format: int64
example: ''
description: The identifier of the policy
title:
type: string
example: ''
description: The title of the policy as visible to the user.
unscoredRules:
type: integer
format: int32
example: ''
description: The number of rules defined in the policy with a role of "unscored". These rules will not affect rule compliance scoring for the policy.
description: ''
AssetPolicyAssessment:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
total:
type: integer
format: int32
example: ''
description: The total number of assets.
totalFailed:
type: integer
format: int32
example: ''
description: The total number of assets that are not compliant.
totalNotApplicable:
type: integer
format: int32
example: ''
description: The total number of assets that are not applicable.
totalPassed:
type: integer
format: int32
description: ''
AssetPolicyItem:
type: object
discriminator: ''
properties:
assets:
example: ''
description: A summary of asset compliance.
$ref: '#/definitions/AssetPolicyAssessment'
description:
type: string
example: ''
description: A description of the policy rule or group.
hasOverride:
type: boolean
example: false
description: 'A flag indicating whether the policy rule has an active override applied to it. This field only applies to resources representing policy rules. '
id:
type: integer
format: int64
example: ''
description: The identifier of the policy rule or group.
isUnscored:
type: boolean
example: false
description: A flag indicating whether the policy rule has a role of `"unscored"`. This field only applies to resources representing policy rules.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the policy rule or group.
policy:
example: ''
description: Information about the policy.
$ref: '#/definitions/PolicyMetadataResource'
rules:
example: ''
description: A summary of rule compliance for multiple policy rules. This field only applies to resources representing policy groups.
$ref: '#/definitions/PolicyRuleAssessmentResource'
scope:
type: string
example: ''
description: 'The textual representation of the policy rule/group scope. Policy rules or groups that are automatically available have `"Built-in"` scope, whereas policy rules or groups created by users have scope as `"Custom"`.'
status:
type: string
example: ''
description: The asset's rule compliance status.
enum:
- PASS
- FAIL
- NOT_APPLICABLE
title:
type: string
example: ''
description: 'The title of the policy rule, or group, as visible to the user.'
type:
type: string
example: ''
description: Indicates whether the resource represents either a policy rule or group.
enum:
- rule
- group
description: ''
AssetTag:
type: object
required:
- name
- type
discriminator: ''
properties:
color:
type: string
example: default
description: The color to use when rendering the tag in a user interface.
enum:
- default
- blue
- green
- orange
- red
- purple
created:
type: string
example: '2017-10-07T23:50:01.205Z'
description: The date and time the tag was created.
id:
type: integer
format: int32
example: 6
description: The identifier of the tag.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Very High
description: The name (label) of the tab.
riskModifier:
type: object
example: '2.0'
description: 'The amount to adjust risk of an asset tagged with this tag. '
searchCriteria:
$ref: '#/definitions/SearchCriteria'
source:
type: string
example: built-in
description: The source of the tag.
readOnly: true
enum:
- built-in
- custom
sources:
type: array
description: The source(s) by which a tag is applied to an asset.
items:
$ref: '#/definitions/TagAssetSource'
type:
type: string
example: criticality
description: The type of the tag.
enum:
- custom
- location
- owner
- criticality
description: ''
AssetVulnerabilities:
type: object
discriminator: ''
properties:
critical:
type: integer
format: int64
example: 16
description: The number of critical vulnerabilities.
readOnly: true
exploits:
type: integer
format: int64
example: 4
description: The number of distinct exploits that can exploit any of the vulnerabilities on the asset.
readOnly: true
malwareKits:
type: integer
format: int64
example: 0
description: The number of distinct malware kits that vulnerabilities on the asset are susceptible to.
readOnly: true
moderate:
type: integer
format: int64
example: 3
description: The number of moderate vulnerabilities.
readOnly: true
severe:
type: integer
format: int64
example: 76
description: The number of severe vulnerabilities.
readOnly: true
total:
type: integer
format: int64
example: 95
description: The total number of vulnerabilities.
readOnly: true
description: ''
AuthenticationSettings:
type: object
discriminator: ''
properties:
2fa:
type: boolean
example: false
description: Whether two-factor authentication is enabled.
loginLockThreshold:
type: integer
format: int32
example: 'true'
description: The maximum number of failed login attempts for an account becomes locked.
description: ''
AuthenticationSource:
type: object
discriminator: ''
properties:
external:
type: boolean
example: false
description: Whether the authentication source is external (true) or internal (false).
id:
type: integer
format: int32
example: ''
description: The identifier of the authentication source.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the authentication source.
type:
type: string
example: ''
description: The type of the authentication source.
enum:
- normal
- kerberos
- ldap
- admin
description: ''
AvailableReportFormat:
type: object
discriminator: ''
properties:
format:
type: string
example: pdf
description: The output file-format of a report.
enum:
- arf-xml
- csv-export
- cyberscope-xml
- database-export
- pdf
- html
- nexpose-simple-xml
- oval-xml
- qualys-xml
- rtf
- scap-xml
- sql-query
- text
- xccdf-xml
- xccdf-csv
- xml
- xml-export
- xml-export-v2
templates:
type: array
description: The report template identifiers that can be used within a report format.
items:
type: string
description: ''
BackupsSize:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 0
description: The raw value in bytes.
formatted:
type: string
example: 0 bytes
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
BadRequestError:
type: object
required:
- status
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
message:
type: string
example: An error has occurred.
description: The messages indicating the cause or reason for failure.
status:
type: string
example: '400'
description: The HTTP status code for the error (same as in the HTTP response).
enum:
- '400'
description: ''
CPUInfo:
type: object
discriminator: ''
properties:
clockSpeed:
type: integer
format: int32
example: 2600
description: 'The clock speed of the host, in MHz.'
count:
type: integer
format: int32
example: 8
description: The number of CPUs.
description: ''
Configuration:
type: object
required:
- name
discriminator: ''
properties:
name:
type: string
example: <name>
description: The name of the configuration value.
value:
type: string
example: <value>
description: The configuration value.
description: ''
ConsoleCommandOutput:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
output:
type: string
example: ''
description: The output of the command that was executed.
description: ''
ContentDescription:
type: object
discriminator: ''
properties:
html:
type: string
example: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...
description: Hypertext Markup Language (HTML) representation of the content.
text:
type: string
example: <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...</p>
description: Textual representation of the content.
description: ''
CreateAuthenticationSource:
type: object
discriminator: ''
properties:
type:
type: string
example: ''
description: The type of the authentication source to use to authenticate the user. Defaults to `normal`.
description: ''
CreatedOrUpdatedReference:
type: object
discriminator: ''
properties:
id:
type: object
example: '3'
description: The identifier of the resource created or updated.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
CreatedReference:
type: object
discriminator: ''
properties:
id:
type: object
example: '1'
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«AssetGroupID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«CredentialID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«DiscoveryQueryID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«EngineID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«PolicyOverrideID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«ScanID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«ScanTemplateID,Link»':
type: object
discriminator: ''
properties:
id:
type: string
example: '1'
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«UserID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«VulnerabilityExceptionID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«VulnerabilityValidationID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'CreatedReference«int,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the resource created.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
Criterion:
type: object
discriminator: ''
properties:
extras:
type: object
metaData:
$ref: '#/definitions/IMetaData'
metadata:
$ref: '#/definitions/MetadataContainer'
operator:
type: string
enum:
- IS
- IS_NOT
- IS_APPLIED
- IS_NOT_APPLIED
- IN
- NOT_IN
- STARTS_WITH
- ENDS_WITH
- CONTAINS
- NOT_CONTAINS
- LESS_THAN
- GREATER_THAN
- IN_RANGE
- NOT_IN_RANGE
- INCLUDE
- DO_NOT_INCLUDE
- ON_OR_BEFORE
- ON_OR_AFTER
- BETWEEN
- EARLIER_THAN
- WITHIN_THE_LAST
- IS_EMPTY
- IS_NOT_EMPTY
- ARE
- LIKE
- NOT_LIKE
values:
type: array
items:
type: string
description: ''
Database:
type: object
required:
- name
discriminator: ''
properties:
description:
type: string
example: Microsoft SQL Server
description: The description of the database instance.
id:
type: integer
format: int32
example: 13
description: The identifier of the database.
name:
type: string
example: MSSQL
description: The name of the database instance.
description: ''
DatabaseConnectionSettings:
type: object
discriminator: ''
properties:
maximumAdministrationPoolSize:
type: integer
format: int32
example: -1
description: The maximum number of administrative connections in the connection pool. -1 means unlimited.
maximumPoolSize:
type: integer
format: int32
example: -1
description: '${settings.database.connection.max}'
maximumPreparedStatementPoolSize:
type: integer
format: int32
example: 256
description: The maximum number of prepared statements in the prepared statement pool. -1 means unlimited.
description: ''
DatabaseSettings:
type: object
discriminator: ''
properties:
connection:
example: ''
description: Details connection settings for the database.
$ref: '#/definitions/DatabaseConnectionSettings'
host:
type: string
example: 127.0.0.1
description: The database host.
maintenanceThreadPoolSize:
type: integer
format: int32
example: 20
description: The maximum number of parallel tasks when executing maintenance tasks.
port:
type: integer
format: int32
example: 5432
description: The database port.
url:
type: string
example: '//127.0.0.1:5432/nexpose'
description: The database connection URL.
user:
type: string
example: nxpgsql
description: The database user.
vendor:
type: string
example: postgresql
description: The database vendor.
description: ''
DatabaseSize:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 5364047843
description: The raw value in bytes.
formatted:
type: string
example: 5 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
DiscoveryAsset:
type: object
discriminator: ''
properties:
address:
type: string
example: 12.83.99.203
description: The IP address of a discovered asset.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: desktop-27.acme.com
description: The host name of a discovered asset.
readOnly: true
description: ''
DiscoveryConnection:
type: object
discriminator: ''
properties:
accessKeyId:
type: string
example: ''
description: The AWS credential access key identifier (only used for the AWS connection).
address:
type: string
example: ''
description: '${discovery.connection.address}'
arn:
type: string
example: ''
description: The AWS credential ARN (only used for the AWS connection).
awsSessionName:
type: string
example: ''
description: The AWS credential session name (only used for the AWS connection).
connectionType:
type: string
example: ''
description: The type of the discovery connection.
eventSource:
type: string
example: ''
description: The event source type to use.
exchangeServerHostname:
type: string
example: ''
description: The hostname of the exchange server to connect to.
exchangeUser:
type: string
example: ''
description: The username used to connect to the exchange server.
folderPath:
type: string
example: ''
description: The folder path to pull logs from.
id:
type: integer
format: int64
example: ''
description: The identifier of the discovery connection.
readOnly: true
ldapServer:
type: string
example: ''
description: The LDAP server to connect to.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Connection 1
description: The discovery connection name.
port:
type: integer
format: int32
example: ''
description: The address used to connect to the discovery connection source.
protocol:
type: string
example: ''
description: The protocol used to connect to the discovery connection source.
region:
type: string
example: ''
description: The AWS region (only used for the AWS connection).
scanEngineIsInsideAWS:
type: boolean
example: false
description: 'Flag denoting whether the scan engine is in AWS, this is used for AWS discovery connections for scanning purposes (only used for the AWS connection).'
secretAccessKey:
type: string
example: ''
description: The AWS credential secret access key (only used for the AWS connection).
status:
type: string
example: ''
description: The status of the discovery connection.
username:
type: string
example: ''
description: The username used to authenticate to the discovery connection source.
winRMServer:
type: string
example: ''
description: 'The WinRM server to connect to. '
description: ''
DiscoverySearchCriteria:
type: object
discriminator: ''
properties:
connectionType:
type: string
example: ''
description: The type of discovery connection configured for the site. This property only applies to dynamic sites.
enum:
- activesync-ldap
- activesync-office365
- activesync-powershell
- aws
- dhcp
- sonar
- vsphere
filters:
type: array
description: 'Filters used to match assets from a discovery connection. See <a href="#section/Responses/DiscoverySearchCriteria">Discovery Connection Search Criteria</a> for more information on the structure and format.'
items:
$ref: '#/definitions/SwaggerDiscoverySearchCriteriaFilter'
match:
type: string
example: all
description: Operator to determine how to match filters. `all` requires that all filters match for an asset to be included. `any` requires only one filter to match for an asset to be included.
enum:
- any
- all
description: ''
DiskFree:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 166532222976
description: The raw value in bytes.
formatted:
type: string
example: 155.1 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
DiskInfo:
type: object
discriminator: ''
properties:
free:
example: ''
description: Available disk space.
$ref: '#/definitions/DiskFree'
installation:
example: ''
description: Details regarding the size of disk used by the console installation.
$ref: '#/definitions/InstallSize'
total:
example: ''
description: Total disk space.
$ref: '#/definitions/DiskTotal'
description: ''
DiskTotal:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 499004735488
description: The raw value in bytes.
formatted:
type: string
example: 464.7 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
DynamicSite:
type: object
required:
- id
discriminator: ''
properties:
id:
type: integer
format: int64
example: ''
description: The identifier of the discovery connection.
description: ''
EnginePool:
type: object
required:
- id
- name
discriminator: ''
properties:
engines:
type: array
description: The identifiers of the scan engines in the engine pool.
items:
type: integer
format: int32
id:
type: integer
format: int32
example: 6
description: The identifier of the scan engine.
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: Corporate Scan Engine 001
description: The name of the scan engine.
description: ''
EnvironmentProperties:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
properties:
type: object
example: ''
description: Key-value pairs for system and environment properties that are currently defined.
description: ''
Error:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
message:
type: string
example: An error has occurred.
description: The messages indicating the cause or reason for failure.
status:
type: string
example: ''
description: The HTTP status code for the error (same as in the HTTP response).
enum:
- '100'
- '101'
- '102'
- '103'
- '200'
- '201'
- '202'
- '203'
- '204'
- '205'
- '206'
- '207'
- '208'
- '226'
- '300'
- '301'
- '302'
- '303'
- '304'
- '305'
- '307'
- '308'
- '400'
- '401'
- '402'
- '403'
- '404'
- '405'
- '406'
- '407'
- '408'
- '409'
- '410'
- '411'
- '412'
- '413'
- '414'
- '415'
- '416'
- '417'
- '418'
- '419'
- '420'
- '421'
- '422'
- '423'
- '424'
- '426'
- '428'
- '429'
- '431'
- '500'
- '501'
- '502'
- '503'
- '504'
- '505'
- '506'
- '507'
- '508'
- '509'
- '510'
- '511'
description: ''
ExceptionScope:
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: ''
description: The identifier of the vulnerability to which the exception applies.
key:
type: string
example: ''
description: 'If the scope type is `"Instance"`, an optional key to discriminate the instance the exception applies to.'
links:
type: array
items:
$ref: '#/definitions/Link'
port:
type: integer
format: int32
example: ''
description: 'If the scope type is `"Instance"` and the vulnerability is detected on a service, the port on which the exception applies.'
type:
type: string
example: ''
description: 'The type of the exception scope. One of: `"Global"`, `"Site"`, `"Asset"`, `"Asset Group"`, `"Instance"`'
vulnerability:
type: string
example: ''
description: The identifier of the vulnerability to which the exception applies.
description: ''
ExcludedAssetGroups:
type: object
discriminator: ''
properties:
assetGroupIDs:
type: array
description: List of asset group identifiers. Each element is an integer.
items:
type: integer
format: int32
links:
type: array
items:
$ref: '#/definitions/Link'
description: ''
ExcludedScanTargets:
type: object
discriminator: ''
properties:
addresses:
type: array
description: 'List of addresses. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
items:
type: string
links:
type: array
items:
$ref: '#/definitions/Link'
description: ''
Exploit:
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 4924
description: The identifier of the exploit.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
skillLevel:
type: string
example: expert
description: The level of skill required to use the exploit.
enum:
- novice
- intermediate
- expert
source:
example: ''
description: Details about where the exploit is defined.
$ref: '#/definitions/ExploitSource'
title:
type: string
example: Microsoft IIS WebDav ScStoragePathFromUrl Overflow
description: The title (short summary) of the exploit.
description: ''
ExploitSource:
type: object
discriminator: ''
properties:
key:
type: string
example: exploit/windows/iis/iis_webdav_scstoragepathfromurl
description: The identifier of the exploit in the source library.
link:
example: ''
description: '${exploit.source.link.description}'
$ref: '#/definitions/ExploitSourceLink'
name:
type: string
example: metasploit
description: 'The source library of the exploit, typically the name of the vendor that maintains and/or defined the exploit.'
enum:
- metasploit
- exploitdb
description: ''
ExploitSourceLink:
type: object
discriminator: ''
properties:
href:
type: string
example: 'http://www.metasploit.com/modules/exploit/windows/iis/iis_webdav_scstoragepathfromurl'
description: The hypertext reference for the exploit source.
id:
type: string
example: exploit/windows/iis/iis_webdav_scstoragepathfromurl
description: Hypermedia link to the destination of the exploit source.
rel:
type: string
example: Source
description: 'The relation of the hypermedia link, `"Source"`.'
description: ''
Features:
type: object
discriminator: ''
properties:
adaptiveSecurity:
type: boolean
example: false
description: Whether Adaptive Security features are available.
agents:
type: boolean
example: true
description: Whether the use of agents is allowed.
dynamicDiscovery:
type: boolean
example: true
description: Whether dynamic discovery sources may be used.
earlyAccess:
type: boolean
example: false
description: Whether early-access features are available prior to general availability.
enginePool:
type: boolean
example: true
description: Whether scan engine pools may be used.
insightPlatform:
type: boolean
example: true
description: Whether the usage of the Insight Platform is allowed.
mobile:
type: boolean
example: true
description: Whether mobile features are allowed.
multitenancy:
type: boolean
example: false
description: Whether multitenancy is allowed.
policyEditor:
type: boolean
example: true
description: Whether the editing of policies is allowed.
policyManager:
type: boolean
example: true
description: Whether the policy manager is allowed.
remediationAnalytics:
type: boolean
example: true
description: Whether Remediation Analytics features are available.
reporting:
example: ''
description: The reporting features available in the license.
$ref: '#/definitions/LicenseReporting'
scanning:
example: ''
description: The scanning features available in the license.
$ref: '#/definitions/LicenseScanning'
description: ''
File:
type: object
required:
- name
- type
discriminator: ''
properties:
attributes:
type: array
description: Attributes detected on the file.
items:
$ref: '#/definitions/Configuration'
name:
type: string
example: ADMIN$
description: The name of the file.
size:
type: integer
format: int64
example: -1
description: 'The size of the regular file (in bytes). If the file is a directory, no value is returned.'
type:
type: string
example: directory
description: The type of the file.
enum:
- file
- directory
description: ''
Fingerprint:
type: object
discriminator: ''
properties:
description:
type: string
example: Ubuntu libexpat1 2.1.0-4ubuntu1.2
description: The description of the matched fingerprint.
family:
type: string
example: ''
description: The family of the matched fingerprint.
product:
type: string
example: libexpat1
description: The product of the matched fingerprint.
vendor:
type: string
example: Ubuntu
description: The description of the matched fingerprint.
version:
type: string
example: 2.1.0-4ubuntu1.2
description: The version of the matched fingerprint.
description: ''
GlobalScan:
type: object
discriminator: ''
properties:
assets:
type: integer
format: int32
example: ''
description: The number of assets found in the scan.
duration:
type: string
example: ''
description: The duration of the scan in ISO8601 format.
endTime:
type: string
example: ''
description: The end time of the scan in ISO8601 format.
engineId:
type: integer
format: int32
example: ''
description: The identifier of the scan engine.
engineName:
type: string
example: ''
description: The name of the scan engine.
id:
type: integer
format: int64
example: ''
description: The identifier of the scan.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
message:
type: string
example: ''
description: The reason for the scan status.
scanName:
type: string
example: ''
description: The user-driven scan name for the scan.
scanType:
type: string
example: ''
description: 'The scan type (automated, manual, scheduled). '
siteId:
type: integer
format: int32
siteName:
type: string
startTime:
type: string
example: ''
description: The start time of the scan in ISO8601 format.
startedBy:
type: string
example: ''
description: The name of the user that started the scan.
status:
type: string
example: ''
description: The scan status.
enum:
- aborted
- unknown
- running
- finished
- stopped
- error
- paused
- dispatched
- integrating
vulnerabilities:
example: ''
description: The vulnerability synopsis of the scan.
$ref: '#/definitions/Vulnerabilities'
description: ''
GroupAccount:
type: object
required:
- name
discriminator: ''
properties:
id:
type: integer
format: int32
example: 972
description: The identifier of the user group.
name:
type: string
example: Administrators
description: The name of the user group.
description: ''
HostName:
type: object
required:
- name
discriminator: ''
properties:
name:
type: string
example: corporate-workstation-1102DC.acme.com
description: The host name (local or FQDN).
source:
type: string
example: DNS
description: The source used to detect the host name. `user` indicates the host name source is user-supplied (e.g. in a site target definition).
enum:
- user
- dns
- netbios
- dce
- epsec
- ldap
- other
description: ''
IMetaData:
type: object
discriminator: ''
properties:
fieldName:
type: string
supportedOperators:
type: array
items:
type: string
enum:
- IS
- IS_NOT
- IS_APPLIED
- IS_NOT_APPLIED
- IN
- NOT_IN
- STARTS_WITH
- ENDS_WITH
- CONTAINS
- NOT_CONTAINS
- LESS_THAN
- GREATER_THAN
- IN_RANGE
- NOT_IN_RANGE
- INCLUDE
- DO_NOT_INCLUDE
- ON_OR_BEFORE
- ON_OR_AFTER
- BETWEEN
- EARLIER_THAN
- WITHIN_THE_LAST
- IS_EMPTY
- IS_NOT_EMPTY
- ARE
- LIKE
- NOT_LIKE
type:
type: string
enum:
- NUMERIC
- STRING
- SET
- SET_STRING
- SINGLE
- DATE
description: ''
IncludedAssetGroups:
type: object
discriminator: ''
properties:
assetGroupIDs:
type: array
description: List of asset group identifiers. Each element is an integer.
items:
type: integer
format: int32
links:
type: array
items:
$ref: '#/definitions/Link'
description: ''
IncludedScanTargets:
type: object
discriminator: ''
properties:
addresses:
type: array
description: 'List of addresses. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
items:
type: string
links:
type: array
items:
$ref: '#/definitions/Link'
description: ''
Info:
type: object
discriminator: ''
properties:
cpu:
example: ''
description: Details regarding the host CPU.
$ref: '#/definitions/CPUInfo'
disk:
example: ''
description: Details regarding host disk usage.
$ref: '#/definitions/DiskInfo'
distinguishedName:
type: string
example: CN=Rapid7 Security Console/ O=Rapid7
description: The distinguished name of the console.
fqdn:
type: string
example: server.acme.com
description: The fully-qualified domain name of the local host the service is running on.
host:
type: string
example: SERVER
description: The name of the local host the service is running on.
ip:
type: string
example: 192.168.1.99
description: The IP address of the local host the service is running on.
jvm:
example: ''
description: Details regarding the Java Virtual Machine.
$ref: '#/definitions/JVMInfo'
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
memory:
example: ''
description: Details regarding host memory usage.
$ref: '#/definitions/MemoryInfo'
operatingSystem:
type: string
example: Ubuntu Linux 16.04
description: The operating system of the host the service is running on.
serial:
type: string
example: 729F31B1C92F3C91DFA8A649F4D5C883C269BD45
description: The serial number of the console.
superuser:
type: boolean
example: true
description: Whether the service is running a super-user.
user:
type: string
example: root
description: The user running the service.
version:
example: ''
description: Details regarding the version of the installation.
$ref: '#/definitions/VersionInfo'
description: ''
InstallSize:
type: object
discriminator: ''
properties:
backups:
example: ''
description: The disk space used by backups.
$ref: '#/definitions/BackupsSize'
database:
example: ''
description: The disk space used by the database.
$ref: '#/definitions/DatabaseSize'
directory:
example: ''
description: The installation directory.
$ref: '#/definitions/File'
reports:
example: ''
description: The disk space used by reports.
$ref: '#/definitions/ReportSize'
scans:
example: ''
description: The disk space used by scans.
$ref: '#/definitions/ScanSize'
total:
example: ''
description: Total disk space used by the installation.
$ref: '#/definitions/InstallationTotalSize'
description: ''
InstallationTotalSize:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 12125933077
description: The raw value in bytes.
formatted:
type: string
example: 11.3 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
InternalServerError:
type: object
required:
- status
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
message:
type: string
example: An error has occurred.
description: The messages indicating the cause or reason for failure.
status:
type: string
example: '500'
description: The HTTP status code for the error (same as in the HTTP response).
enum:
- '500'
description: ''
JVMInfo:
type: object
discriminator: ''
properties:
name:
type: string
example: OpenJDK 64-Bit Server VM
description: The name of the Java Virtual Machine.
startTime:
type: string
example: '2018-02-13T20:35:35.076Z'
description: The date and time the Java Virtual Machine last started.
uptime:
type: string
example: PT8H21M7.978S
description: 'Total up-time of the Java Virtual Machine, in ISO 8601 format. For example: `"PT1H4M24.214S"`.'
vendor:
type: string
example: 'Azul Systems, Inc.'
description: The vendor of the Java Virtual Machine.
version:
type: string
example: 25.102-b14
description: The version of the Java Virtual Machine.
description: ''
JsonNode:
type: object
discriminator: ''
properties:
array:
type: boolean
bigDecimal:
type: boolean
bigInteger:
type: boolean
binary:
type: boolean
boolean:
type: boolean
containerNode:
type: boolean
double:
type: boolean
float:
type: boolean
floatingPointNumber:
type: boolean
int:
type: boolean
integralNumber:
type: boolean
long:
type: boolean
missingNode:
type: boolean
nodeType:
type: string
enum:
- ARRAY
- BINARY
- BOOLEAN
- MISSING
- 'NULL'
- NUMBER
- OBJECT
- POJO
- STRING
'null':
type: boolean
number:
type: boolean
object:
type: boolean
pojo:
type: boolean
short:
type: boolean
textual:
type: boolean
valueNode:
type: boolean
description: ''
License:
type: object
discriminator: ''
properties:
edition:
type: string
example: InsightVM
description: The edition of the product.
evaluation:
type: boolean
example: false
description: Whether the license is a time-restricted evaluation.
expires:
type: string
example: '2018-12-31T23:59:59.999Z'
description: The date and time the license expires.
features:
example: ''
description: The features available in the license.
$ref: '#/definitions/Features'
limits:
example: ''
description: The limits of the license.
$ref: '#/definitions/LicenseLimits'
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
perpetual:
type: boolean
example: false
description: Whether the license is perpetual.
status:
type: string
example: Activated
description: The status of the license.
enum:
- Activated
- Unlicensed
- Expired
- Evaluation Mode
- Revoked
- Unknown
description: ''
LicenseLimits:
type: object
discriminator: ''
properties:
assets:
type: integer
format: int32
example: 100000
description: The maximum number of assets that can be assessed.
assetsWithHostedEngine:
type: integer
format: int32
example: 1000
description: The maximum number of assets that may be scanned with the hosted scan engine.
scanEngines:
type: integer
format: int32
example: 100
description: The maximum number of scan engines that may be used.
users:
type: integer
format: int32
example: 1000
description: The maximum number of users allowed.
description: ''
LicensePolicyScanning:
type: object
discriminator: ''
properties:
benchmarks:
example: ''
description: The benchmarks available to policy scan.
$ref: '#/definitions/LicensePolicyScanningBenchmarks'
scanning:
type: boolean
example: true
description: Whether policy scanning is allowed.
description: ''
LicensePolicyScanningBenchmarks:
type: object
discriminator: ''
properties:
cis:
type: boolean
example: true
description: Whether policy scanning for CIS benchmarks is allowed.
custom:
type: boolean
example: true
description: Whether custom benchmarks can be used during scanning.
disa:
type: boolean
example: true
description: Whether policy scanning for DISA benchmarks is allowed.
fdcc:
type: boolean
example: true
description: Whether policy scanning for FDCC benchmarks is allowed.
usgcb:
type: boolean
example: true
description: Whether policy scanning for USGCB benchmarks is allowed.
description: ''
LicenseReporting:
type: object
discriminator: ''
properties:
advanced:
type: boolean
example: true
description: Whether advanced reporting is available.
customizableCSVExport:
type: boolean
example: true
description: Whether customizable CSV Export is available.
pci:
type: boolean
example: true
description: Whether PCI reporting is available.
description: ''
LicenseScanning:
type: object
discriminator: ''
properties:
discovery:
type: boolean
example: true
description: Whether discovery scanning may be used.
policy:
example: 'true'
description: Details as to whether policy scanning and what benchmarks are available.
$ref: '#/definitions/LicensePolicyScanning'
scada:
type: boolean
example: true
description: Whether SCADA scanning may be used.
virtual:
type: boolean
example: true
description: Whether virtual scanning may be used.
webApplication:
type: boolean
example: true
description: Whether web scanning may be used.
description: ''
Link:
type: object
discriminator: ''
properties:
href:
type: string
example: 'https://hostname:3780/api/3/...'
description: 'A hypertext reference, which is either a URI (see <a target="_blank" href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>) or URI template (see <a target="_blank" href="https://tools.ietf.org/html/rfc6570">RFC 6570</a>). '
rel:
type: string
example: self
description: 'The link relation type. This value is one from the <a target="_blank" href="https://tools.ietf.org/html/rfc5988#section-6.2">Link Relation Type Registry</a> or is the type of resource being linked to.'
description: ''
Links:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
LocalePreferences:
type: object
discriminator: ''
properties:
default:
type: string
example: ''
description: 'The default language to use. The format is a <a target="_blank" href="https://tools.ietf.org/html/bcp47">IETF BCP 47</a> language tag.'
links:
type: array
items:
$ref: '#/definitions/Link'
reports:
type: string
example: ''
description: 'The language to use to generate reports. The format is a <a target="_blank" href="https://tools.ietf.org/html/bcp47">IETF BCP 47</a> language tag.'
description: ''
MalwareKit:
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 152
description: The identifier of the malware kit.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Alpha Pack
description: The name of the malware kit.
popularity:
type: string
example: Rare
description: 'The name of the malware kit. One of: `"Rare"`, `"Uncommon"`, `"Occasional"`, `"Common"`, `"Popular"`, `"Favored"`, `"Unknown"`'
description: ''
MatchedSolution:
type: object
discriminator: ''
properties:
additionalInformation:
example: ''
description: Additional information or resources that can assist in applying the remediation.
$ref: '#/definitions/AdditionalInformation'
appliesTo:
type: string
example: libexpat1 on Ubuntu Linux
description: The systems or software the solution applies to.
confidence:
type: string
example: ''
description: The confidence of the matching process for the solution.
enum:
- exact
- partial
- none
estimate:
type: string
example: PT10M
description: 'The estimated duration to apply the solution, in ISO 8601 format. For example: `"PT5M"`.'
id:
type: string
example: ubuntu-upgrade-libexpat1
description: The identifier of the solution.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
matches:
type: array
description: The raw matches that were performed in order to select the best solution(s).
items:
$ref: '#/definitions/SolutionMatch'
steps:
example: ''
description: The steps required to remediate the vulnerability.
$ref: '#/definitions/Steps'
summary:
example: ''
description: The summary of the solution.
$ref: '#/definitions/Summary'
type:
type: string
example: configuration
description: 'The type of the solution. One of: `"Configuration"`, `"Rollup patch"`, `"Patch"`'
enum:
- configuration
- rollup-patch
- patch
- unknown
description: ''
MemoryFree:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 45006848
description: The raw value in bytes.
formatted:
type: string
example: 42.9 MB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
MemoryInfo:
type: object
discriminator: ''
properties:
free:
example: ''
description: Free memory.
$ref: '#/definitions/MemoryFree'
total:
example: ''
description: Total memory usage.
$ref: '#/definitions/MemoryTotal'
description: ''
MemoryTotal:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 17179869184
description: The raw value in bytes.
formatted:
type: string
example: 16 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
MetadataContainer:
type: object
discriminator: ''
properties:
fieldName:
$ref: '#/definitions/IMetaData'
description: ''
NotFoundError:
type: object
required:
- status
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
message:
type: string
example: An error has occurred.
description: The messages indicating the cause or reason for failure.
status:
type: string
example: '404'
description: The HTTP status code for the error (same as in the HTTP response).
enum:
- '404'
description: ''
OperatingSystem:
type: object
discriminator: ''
properties:
architecture:
type: string
example: x86
description: The architecture of the operating system.
configurations:
type: array
description: Configuration key-values pairs enumerated on the operating system.
items:
$ref: '#/definitions/Configuration'
cpe:
example: ''
description: The Common Platform Enumeration (CPE) of the operating system.
$ref: '#/definitions/OperatingSystemCpe'
description:
type: string
example: Microsoft Windows Server 2008 Enterprise Edition SP1
description: 'The description of the operating system (containing vendor, family, product, version and architecture in a single string).'
family:
type: string
example: Windows
description: The family of the operating system.
id:
type: integer
format: int64
example: 35
description: The identifier of the operating system.
product:
type: string
example: Windows Server 2008 Enterprise Edition
description: The name of the operating system.
systemName:
type: string
example: Microsoft Windows
description: 'A combination of vendor and family (with redundancies removed), suitable for grouping.'
type:
type: string
example: Workstation
description: The type of operating system.
vendor:
type: string
example: Microsoft
description: The vendor of the operating system.
version:
type: string
example: SP1
description: The version of the operating system.
description: ''
OperatingSystemCpe:
type: object
required:
- part
discriminator: ''
properties:
edition:
type: string
example: enterprise
description: 'Edition-related terms applied by the vendor to the product. '
language:
type: string
example: ''
description: 'Defines the language supported in the user interface of the product being described. The format is of the language tag adheres to <a target="_blank" href="https://tools.ietf.org/html/rfc5646">RFC5646</a>.'
other:
type: string
example: ''
description: 'Captures any other general descriptive or identifying information which is vendor- or product-specific and which does not logically fit in any other attribute value. '
part:
type: string
example: o
description: A single letter code that designates the particular platform part that is being identified.
enum:
- o
- a
- h
product:
type: string
example: windows_server_2008
description: the most common and recognizable title or name of the product.
swEdition:
type: string
example: ''
description: 'Characterizes how the product is tailored to a particular market or class of end users. '
targetHW:
type: string
example: ''
description: 'Characterize the instruction set architecture on which the product operates. '
targetSW:
type: string
example: ''
description: Characterize the software computing environment within which the product operates.
update:
type: string
example: sp1
description: 'Vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.'
v2.2:
type: string
example: 'cpe:/o:microsoft:windows_server_2008:-:sp1:enterprise'
description: 'The full CPE string in the <a target="_blank" href="https://cpe.mitre.org/files/cpe-specification_2.2.pdf">CPE 2.2</a> format.'
v2.3:
type: string
example: 'cpe:2.3:o:microsoft:windows_server_2008:-:sp1:enterprise:*:*:*:*:*'
description: 'The full CPE string in the <a target="_blank" href="http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf">CPE 2.3</a> format.'
vendor:
type: string
example: microsoft
description: The person or organization that manufactured or created the product.
version:
type: string
example: '-'
description: Vendor-specific alphanumeric strings characterizing the particular release version of the product.
description: ''
PCI:
type: object
discriminator: ''
properties:
adjustedCVSSScore:
type: integer
format: int32
example: 4
description: 'The CVSS score of the vulnerability, adjusted for PCI rules and exceptions, on a scale of 0-10.'
adjustedSeverityScore:
type: integer
format: int32
example: 3
description: 'The severity score of the vulnerability, adjusted for PCI rules and exceptions, on a scale of 0-10.'
fail:
type: boolean
example: true
description: 'Whether if present on a host this vulnerability would cause a PCI failure. `true` if "status" is `"Fail"`, `false` otherwise.'
specialNotes:
type: string
example: ''
description: Any special notes or remarks about the vulnerability that pertain to PCI compliance.
status:
type: string
example: Fail
description: 'The PCI compliance status of the vulnerability. One of: `"Pass"`, `"Fail"`.'
description: ''
PageInfo:
type: object
discriminator: ''
properties:
number:
type: integer
format: int64
example: 6
description: The index (zero-based) of the current page returned.
size:
type: integer
format: int64
example: 10
description: The maximum size of the page returned.
totalPages:
type: integer
format: int64
example: 13
description: The total number of pages available.
totalResources:
type: integer
format: int64
example: 123
description: The total number of resources available across all pages.
description: ''
PageOf«AssetGroup»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/AssetGroup'
description: ''
PageOf«AssetPolicyItem»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/AssetPolicyItem'
description: ''
PageOf«AssetPolicy»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/AssetPolicy'
description: ''
PageOf«Asset»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Asset'
description: ''
PageOf«DiscoveryConnection»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/DiscoveryConnection'
description: ''
PageOf«Exploit»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Exploit'
description: ''
PageOf«GlobalScan»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/GlobalScan'
description: ''
PageOf«MalwareKit»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/MalwareKit'
description: ''
PageOf«OperatingSystem»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/OperatingSystem'
description: ''
PageOf«PolicyAsset»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyAsset'
description: ''
PageOf«PolicyControl»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyControl'
description: ''
PageOf«PolicyGroup»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyGroup'
description: ''
PageOf«PolicyItem»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyItem'
description: ''
PageOf«PolicyOverride»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyOverride'
description: ''
PageOf«PolicyRule»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/PolicyRule'
description: ''
PageOf«Policy»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Policy'
description: ''
PageOf«Report»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Report'
description: ''
PageOf«Scan»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Scan'
description: ''
PageOf«Site»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Site'
description: ''
PageOf«Software»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Software'
description: ''
PageOf«Tag»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Tag'
description: ''
PageOf«User»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/User'
description: ''
PageOf«VulnerabilityCategory»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/VulnerabilityCategory'
description: ''
PageOf«VulnerabilityCheck»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/VulnerabilityCheck'
description: ''
PageOf«VulnerabilityException»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/VulnerabilityException'
description: ''
PageOf«VulnerabilityFinding»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/VulnerabilityFinding'
description: ''
PageOf«VulnerabilityReference»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/VulnerabilityReference'
description: ''
PageOf«Vulnerability»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
page:
example: ''
description: 'The details of pagination indicating which page was returned, and how the remaining pages can be retrieved.'
$ref: '#/definitions/PageInfo'
resources:
type: array
description: The page of resources returned.
items:
$ref: '#/definitions/Vulnerability'
description: ''
Policy:
type: object
discriminator: ''
properties:
enabled:
type: array
description: The identifiers of the policies enabled to be checked during a scan. No policies are enabled by default.
items:
type: integer
format: int64
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
recursiveWindowsFSSearch:
type: boolean
example: false
description: 'Whether recursive windows file searches are enabled, if your internal security practices require this capability. Recursive file searches can increase scan times by several hours, depending on the number of files and other factors, so this setting is disabled for Windows systems by default. Defaults to `false`.'
storeSCAP:
type: boolean
example: false
description: 'Whether Asset Reporting Format (ARF) results are stored. If you are required to submit reports of your policy scan results to the U.S. government in ARF for SCAP certification, you will need to store SCAP data so that it can be exported in this format. Note that stored SCAP data can accumulate rapidly, which can have a significant impact on file storage. Defaults to `false`.'
description: ''
PolicyAsset:
type: object
discriminator: ''
properties:
hostname:
type: string
example: ''
description: The primary host name (local or FQDN) of the asset.
id:
type: integer
format: int64
example: ''
description: The identifier of the asset.
ip:
type: string
example: ''
description: The primary IPv4 or IPv6 address of the asset.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
os:
example: ''
description: The full description of the operating system of the asset.
$ref: '#/definitions/OperatingSystem'
status:
type: string
example: ''
description: 'The overall compliance status of the asset. '
enum:
- PASS
- FAIL
- NOT_APPLICABLE
description: ''
PolicyBenchmark:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the policy's benchmark.
title:
type: string
example: ''
description: The title of the policy benchmark.
version:
type: string
example: ''
description: The version number of the benchmark that includes the policy.
description: ''
PolicyControl:
type: object
discriminator: ''
properties:
cceItemId:
type: string
example: ''
description: The identifier of the CCE item.
ccePlatform:
type: string
example: ''
description: The platform of the CCE.
controlName:
type: string
example: ''
description: The name of the control mapping.
id:
type: string
example: ''
description: The textual representation of the control identifier.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
publishedDate:
type: integer
format: int64
example: ''
description: The published date of the control mapping.
description: ''
PolicyGroup:
type: object
discriminator: ''
properties:
assets:
example: ''
description: A summary of asset compliance.
$ref: '#/definitions/AssetPolicyAssessment'
benchmark:
example: ''
description: Information about the policy benchmark.
$ref: '#/definitions/PolicyBenchmark'
description:
type: string
example: ''
description: A description of the policy group.
id:
type: string
example: ''
description: The textual representation of the policy group identifier.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the policy group.
policy:
example: ''
description: Information about the policy.
$ref: '#/definitions/PolicyMetadataResource'
scope:
type: string
example: ''
description: 'The textual representation of the policy group scope. Policy groups that are automatically available have `"Built-in"` scope, whereas policy groups created by users have scope as `"Custom"`.'
status:
type: string
example: ''
description: The overall compliance status of the policy group.
enum:
- PASS
- FAIL
- NOT_APPLICABLE
surrogateId:
type: integer
format: int64
example: ''
description: The identifier of the policy group.
title:
type: string
example: ''
description: The title of the policy group as visible to the user.
description: ''
PolicyItem:
type: object
discriminator: ''
properties:
assets:
example: ''
description: A summary of asset compliance.
$ref: '#/definitions/AssetPolicyAssessment'
description:
type: string
example: ''
description: A description of the policy rule or group.
hasOverride:
type: boolean
example: false
description: 'A flag indicating whether the policy rule has an active override applied to it. This field only applies to resources representing policy rules. '
id:
type: integer
format: int64
example: ''
description: The identifier of the policy rule or group.
isUnscored:
type: boolean
example: false
description: A flag indicating whether the policy rule has a role of `"unscored"`. This field only applies to resources representing policy rules.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the policy rule or group.
policy:
example: ''
description: Information about the policy.
$ref: '#/definitions/PolicyMetadataResource'
rules:
example: ''
description: A summary of rule compliance for multiple policy rules. This field only applies to resources representing policy groups.
$ref: '#/definitions/PolicyRuleAssessmentResource'
scope:
type: string
example: ''
description: 'The textual representation of the policy rule/group scope. Policy rules or groups that are automatically available have `"Built-in"` scope, whereas policy rules or groups created by users have scope as `"Custom"`.'
status:
type: string
example: ''
description: The overall compliance status of the policy rule or group.
enum:
- PASS
- FAIL
- NOT_APPLICABLE
title:
type: string
example: ''
description: 'The title of the policy rule, or group, as visible to the user.'
type:
type: string
example: ''
description: Indicates whether the resource represents either a policy rule or group.
enum:
- rule
- group
description: ''
PolicyMetadataResource:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the policy.
title:
type: string
example: ''
description: The title of the policy as visible to the user.
version:
type: string
example: ''
description: The version of the policy.
description: ''
PolicyOverride:
type: object
required:
- scope
- state
- submit
discriminator: ''
properties:
expires:
type: string
example: ''
description: The date the policy override is set to expire. Date is represented in ISO 8601 format.
id:
type: integer
format: int64
example: ''
description: The identifier of the policy override.
readOnly: true
links:
type: array
items:
$ref: '#/definitions/Link'
review:
example: ''
description: Details regarding the review and/or approval of the policy override.
readOnly: true
$ref: '#/definitions/PolicyOverrideReviewer'
scope:
example: ''
description: The scope of the policy override. Indicates which assets' policy compliance results are to be affected by the override.
$ref: '#/definitions/PolicyOverrideScope'
state:
type: string
example: ''
description: |
The state of the policy override. Can be one of the following values:
| Value | Description | Affects Compliance Results |
| ---------------- | ----------------------------------------------------------------------------------- |:--------------------------:|
| `"deleted"` | The policy override has been deleted. | |
| `"expired"` | The policy override had an expiration date and it has expired. | |
| `"approved"` | The policy override was submitted and approved. | &check; |
| `"rejected"` | The policy override was rejected by the reviewer. | |
| `"under-review"` | The policy override was submitted but not yet approved or rejected by the reviewer. | |
submit:
example: ''
description: Details regarding the submission of the policy override.
$ref: '#/definitions/PolicyOverrideSubmitter'
description: ''
PolicyOverrideReviewer:
type: object
discriminator: ''
properties:
comment:
type: string
example: ''
description: A comment from the reviewer detailing the review. Cannot exceed 1024 characters.
readOnly: true
date:
type: string
example: ''
description: The date the review took place.
readOnly: true
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The identifier of the user that reviewed the policy override.
readOnly: true
user:
type: integer
format: int32
example: ''
description: The login name of the user that reviewed the policy override.
readOnly: true
description: ''
PolicyOverrideScope:
type: object
required:
- newResult
- rule
- type
discriminator: ''
properties:
asset:
type: integer
format: int64
example: ''
description: The identifier of the asset whose compliance results are to be overridden. Property is required if the property `scope` is set to either `"specific-asset"` or `"specific-asset-until-next-scan"`.
links:
type: array
items:
$ref: '#/definitions/Link'
newResult:
type: string
example: ''
description: The new policy rule result after the override is applied.
enum:
- pass
- fail
- not-applicable
- fixed
originalResult:
type: string
example: ''
description: The original policy rule result before the override was applied. This property only applies to overrides with a scope of either `"specific-asset"` or `"specific-asset-until-next-scan"`.
readOnly: true
enum:
- pass
- fail
- error
- unknown
- not-applicable
- not-checked
- not-selected
- informational
- fixed
rule:
type: integer
format: int64
example: ''
description: The identifier of the policy rule whose compliance results are to be overridden.
type:
type: string
example: ''
description: |
The scope of assets affected by the policy override. Can be one of the following values:
| Value | Description |
| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `"all-assets"` | Overrides the compliance result of all assets evaluated with the specified policy rule. |
| `"specific-asset"` | Overrides the compliance result of a single asset evaluated with the specified policy rule. |
| `"specific-asset-until-next-scan"` | Overrides the compliance result of a single asset evaluated with the specified policy rule until the next time asset is evaluated against that policy rule. |
description: ''
PolicyOverrideSubmitter:
type: object
required:
- comment
discriminator: ''
properties:
comment:
type: string
example: ''
description: A comment from the submitter as to why the policy override was submitted. Cannot exceed 1024 characters.
date:
type: string
example: ''
description: The date the policy override was submitted.
readOnly: true
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The login name of the user that submitted the policy override.
readOnly: true
user:
type: integer
format: int32
example: ''
description: The identifier of the user that submitted the policy override.
readOnly: true
description: ''
PolicyRule:
type: object
discriminator: ''
properties:
assets:
example: ''
description: A summary of asset compliance.
$ref: '#/definitions/AssetPolicyAssessment'
benchmark:
example: ''
description: Information about the policy benchmark.
$ref: '#/definitions/PolicyBenchmark'
description:
type: string
example: ''
description: A description of the rule.
id:
type: string
example: ''
description: The textual representation of the policy rule identifier.
isCustom:
type: boolean
example: false
description: A flag indicating whether the policy rule is custom.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the rule.
role:
type: string
example: ''
description: The role of the policy rule. It's value determines how it's results affect compliance.
enum:
- full
- unscored
- unchecked
scope:
type: string
example: ''
description: 'The textual representation of the policy rule scope. Policy rules that are automatically available have `"Built-in"` scope, whereas policy rules created by users have scope as `"Custom"`.'
status:
type: string
example: ''
description: The overall compliance status of the policy rule.
enum:
- PASS
- FAIL
- NOT_APPLICABLE
surrogateId:
type: integer
format: int64
example: ''
description: The identifier of the policy rule.
title:
type: string
example: ''
description: The title of the policy rule as visible to the user.
description: ''
PolicyRuleAssessmentResource:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
total:
type: integer
format: int32
example: ''
description: The total number of policy rules.
totalFailed:
type: integer
format: int32
example: ''
description: The total number of policy rules that are not compliant against all assets.
totalNotApplicable:
type: integer
format: int32
example: ''
description: The total number of policy rules that are not applicable against all assets.
totalPassed:
type: integer
format: int32
example: ''
description: The total number of policy rules that are compliant against all assets.
unscored:
type: integer
format: int32
example: ''
description: The total number of policy rules that have a role of `"unscored"`.
description: ''
PolicySummaryResource:
type: object
discriminator: ''
properties:
decreasedCompliance:
type: integer
format: int32
example: ''
description: The total number of policies whose overall compliance has decreased between the last two scans of all assets. The list of scanned policies is based on the user's list of accessible assets.
increasedCompliance:
type: integer
format: int32
example: ''
description: The total number of policies whose overall compliance has increased between the last two scans of all assets. The list of scanned policies is based on the user's list of accessible assets.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
numberOfPolicies:
type: integer
format: int32
example: ''
description: The total number of policies available in the Security Console.
overallCompliance:
type: number
format: float
example: ''
description: The ratio of compliant rules to the total number of rules across all policies.
scannedPolicies:
type: integer
format: int32
example: ''
description: The total number of policies that were evaluated against assets and have applicable results. The assets considered in the calculation are based on the user's list of accessible assets.
description: ''
Privileges:
type: object
discriminator: ''
properties:
links:
type: array
items:
$ref: '#/definitions/Link'
resources:
type: array
items:
type: string
enum:
- all-permissions
- create-reports
- configure-global-settings
- manage-sites
- manage-tags
- manage-static-asset-groups
- manage-dynamic-asset-groups
- manage-scan-templates
- manage-report-templates
- manage-scan-engines
- submit-vulnerability-exceptions
- approve-vulnerability-exceptions
- delete-vulnerability-exceptions
- create-tickets
- close-tickets
- assign-ticket-assignee
- manage-site-access
- manage-asset-group-access
- manage-report-access
- use-restricted-report-sections
- manage-policies
- view-asset-group-asset-data
- manage-asset-group-assets
- view-site-asset-data
- specify-site-metadata
- purge-site-asset-data
- specify-scan-targets
- assign-scan-engine
- assign-scan-template
- manage-site-credentials
- manage-scan-alerts
- schedule-automatic-scans
- start-unscheduled-scans
description: ''
ReferenceWithEndpointIDLink:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
port:
type: integer
format: int32
example: 22
description: The port of the service.
protocol:
type: string
example: tcp
description: The protocol of the service.
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
description: ''
ReferenceWithReportIDLink:
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: 1
description: The identifier of the report instance.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«AlertID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«AssetID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«EngineID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«ScanScheduleID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«SiteID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«TagID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferenceWith«UserID,Link»':
type: object
discriminator: ''
properties:
id:
type: integer
format: int32
example: <id>
description: The identifier of the resource.
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
description: ''
'ReferencesWith«AssetGroupID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int32
description: ''
'ReferencesWith«AssetID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int64
description: ''
'ReferencesWith«EngineID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int32
description: ''
'ReferencesWith«ReferenceWithEndpointIDLink,ServiceLink»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/ServiceLink'
resources:
type: array
description: The identifiers of the associated resources.
items:
$ref: '#/definitions/ReferenceWithEndpointIDLink'
description: ''
'ReferencesWith«SiteID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int32
description: ''
'ReferencesWith«SolutionNaturalID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: string
description: ''
'ReferencesWith«TagID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int32
description: ''
'ReferencesWith«UserID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int32
description: ''
'ReferencesWith«VulnerabilityCheckID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: string
description: ''
'ReferencesWith«VulnerabilityCheckTypeID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: string
description: ''
'ReferencesWith«VulnerabilityNaturalID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: string
description: ''
'ReferencesWith«WebApplicationID,Link»':
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The identifiers of the associated resources.
items:
type: integer
format: int64
description: ''
RepeatResource:
type: object
required:
- every
- interval
discriminator: ''
properties:
dayOfWeek:
type: string
example: ''
description: The day of the week the scheduled task should repeat. This property only applies to schedules with a `every` value of `"day-of-month"`.
every:
type: string
example: date-of-month
description: |
The frequency schedule repeats. Each value represents a different unit of time and is used in conjunction with the property `interval`. For example, a schedule can repeat hourly, daily, monthly, etc. The following table describes each supported value:
| Value | Description |
| ---------- | ---------------- |
| hour | Specifies the schedule repeats in hourly increments. |
| day | Specifies the schedule repeats in daily increments. |
| week | Specifies the schedule repeats in weekly increments. |
| date-of-month | Specifies the schedule repeats nth day of the `interval` month. Requires the property `dateOfMonth` to be specified. For example, if `dateOfMonth` is `17` and the `interval` is `2`, then the schedule will repeat every 2 months on the 17th day of the month. |
| day-of-month | Specifies the schedule repeats on a monthly interval but instead of a specific date being specified, the day of the week and week of the month are specified. Requires the properties `dayOfWeek` and `weekOfMonth` to be specified. For example, if `dayOfWeek` is `"friday"`, `weekOfMonth` is `3`, and the `interval` is `4`, then the schedule will repeat every 4 months on the 3rd Friday of the month. |
interval:
type: integer
format: int32
example: 1
description: 'The interval time the schedule should repeat. The is depends on the value set in `every`. For example, if the value in property `every` is set to `"day"` and `interval` is set to `2`, then the schedule will repeat every 2 days.'
minimum: 1
lastDayOfMonth:
type: boolean
example: false
description: '${schedule.repeat.last.day.of.month}'
weekOfMonth:
type: integer
format: int32
example: ''
description: 'The week of the month the scheduled task should repeat. For This property only applies to schedules with a `every` value of `"day-of-month"`. Each week of the month is counted in 7-day increments. For example, week 1 consists of days 1-7 of the month while week 2 consists of days 8-14 of the month and so forth.'
minimum: 1
maximum: 6
description: ''
RepeatSchedule:
type: object
required:
- every
- interval
discriminator: ''
properties:
dayOfWeek:
type: string
example: ''
description: The day of the week the scheduled task should repeat. This property only applies to schedules with a `every` value of `"day-of-month"`.
every:
type: string
example: date-of-month
description: |
The frequency schedule repeats. Each value represents a different unit of time and is used in conjunction with the property `interval`. For example, a schedule can repeat hourly, daily, monthly, etc. The following table describes each supported value:
| Value | Description |
| ---------- | ---------------- |
| hour | Specifies the schedule repeats in hourly increments. |
| day | Specifies the schedule repeats in daily increments. |
| week | Specifies the schedule repeats in weekly increments. |
| date-of-month | Specifies the schedule repeats nth day of the `interval` month. Requires the property `dateOfMonth` to be specified. For example, if `dateOfMonth` is `17` and the `interval` is `2`, then the schedule will repeat every 2 months on the 17th day of the month. |
| day-of-month | Specifies the schedule repeats on a monthly interval but instead of a specific date being specified, the day of the week and week of the month are specified. Requires the properties `dayOfWeek` and `weekOfMonth` to be specified. For example, if `dayOfWeek` is `"friday"`, `weekOfMonth` is `3`, and the `interval` is `4`, then the schedule will repeat every 4 months on the 3rd Friday of the month. |
interval:
type: integer
format: int32
example: 1
description: 'The interval time the schedule should repeat. The is depends on the value set in `every`. For example, if the value in property `every` is set to `"day"` and `interval` is set to `2`, then the schedule will repeat every 2 days.'
minimum: 1
lastDayOfMonth:
type: boolean
weekOfMonth:
type: integer
format: int32
example: ''
description: 'The week of the month the scheduled task should repeat. For This property only applies to schedules with a `every` value of `"day-of-month"`. Each week of the month is counted in 7-day increments. For example, week 1 consists of days 1-7 of the month while week 2 consists of days 8-14 of the month and so forth.'
minimum: 1
maximum: 6
description: ''
Report:
type: object
discriminator: ''
properties:
bureau:
type: string
example: Bureau
description: The name of the bureau for a CyberScope report. Only used when the format is `"cyberscope-xml"`.
component:
type: string
example: Component
description: The name of the component for a CyberScope report. Only used when the format is `"cyberscope-xml"`.
database:
example: ''
description: Configuration for database export. Only used when the format is `"database-export"`.
$ref: '#/definitions/ReportConfigDatabaseResource'
email:
example: ''
description: Email distribution settings for the report.
readOnly: true
$ref: '#/definitions/ReportEmail'
enclave:
type: string
example: Enclave
description: The name of the enclave for a CyberScope report. Only used when the format is `"cyberscope-xml"`.
filters:
example: ''
description: |
Filters applied to the contents of the report. The supported filters for a report vary
by format and template.
<div class="properties">
<div class="property-info">
<span class="property-name">categories</span> <span class="param-type complex">Object</span>
<div class="redoc-markdown-block">The vulnerability categories to include or exclude in the report. Only included or excluded may be specified, not both.</div>
</div>
<div class="properties nested">
<div class="property-info">
<span class="property-name">included</span> <span class="param-type param-array-format integer">Array[string]</span>
<div class="redoc-markdown-block">The identifiers of the vulnerability categories to included in the report.</div>
</div>
<div class="property-info">
<span class="property-name">excluded</span> <span class="param-type param-array-format integer">Array[string]</span>
<div class="redoc-markdown-block">The identifiers of the vulnerability categories to exclude in the report.</div>
</div>
</div>
<div class="property-info">
<span class="property-name">severity</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"all"</span>
<span class="param-enum-value string">"critical"</span>
<span class="param-enum-value string">"critical-and-severe"</span>
</div>
<div class="redoc-markdown-block">The vulnerability severities to include in the report.</div>
</div>
<div class="property-info">
<span class="property-name">statuses</span> <span class="param-type param-array-format integer">Array[string]</span>
<div class="param-enum">
<span class="param-enum-value string">"vulnerable"</span>
<span class="param-enum-value string">"vulnerable-version"</span>
<span class="param-enum-value string">"potentially-vulnerable"</span>
<span class="param-enum-value string">"vulnerable-and-validated"</span>
</div>
<div class="redoc-markdown-block">The vulnerability statuses to include in the report. If <code>"vulnerable-and-validated"</code> is selected
no other values can be specified.
</div>
</div>
</div>
The following filter elements may be defined for non-templatized report formats:
| Format | Categories | Severity | Statuses |
| ------------------------------------- |:--------------:|:----------:|:----------:|
| `arf-xml` | | | |
| `csv-export` | &check; | &check; | &check; |
| `cyberscope-xml` | | | |
| `database-export` | | | |
| `nexpose-simple-xml` | &check; | &check; | |
| `oval-xml` | | | |
| `qualys-xml` | &check; | &check; | |
| `scap-xml` | &check; | &check; | |
| `sql-query` | &check; | &check; | &check; |
| `xccdf-csv` | | | |
| `xccdf-xml` | &check; | &check; | |
| `xml-export` | &check; | &check; | &check; |
| `xml-export-v2` | &check; | &check; | &check; |
The following filter elements may be defined for templatized report formats:
| Template | Categories | Severity | Statuses |
| --------------------------------------- |:--------------:|:----------:|:----------:|
| `audit-report` | &check; | &check; | |
| `baseline-comparison` | | | |
| `basic-vulnerability-check-results` | &check; | &check; | &check; |
| `executive-overview` | | | |
| `highest-risk-vulns` | | | |
| `pci-attestation-v12` | | | |
| `pci-executive-summary-v12` | | | |
| `pci-vuln-details-v12` | | | |
| `policy-details` | &check; | &check; | &check; |
| `policy-eval` | | | |
| `policy-summary` | &check; | &check; | &check; |
| `prioritized-remediations` | &check; | &check; | &check; |
| `prioritized-remediations-with-details` | &check; | &check; | &check; |
| `r7-discovered-assets` | &check; | &check; | &check; |
| `r7-vulnerability-exceptions` | &check; | &check; | &check; |
| `remediation-plan` | &check; | &check; | |
| `report-card` | &check; | &check; | |
| `risk-scorecard` | &check; | &check; | &check; |
| `rule-breakdown-summary` | &check; | &check; | &check; |
| `top-policy-remediations` | &check; | &check; | &check; |
| `top-policy-remediations-with-details` | &check; | &check; | &check; |
| `top-riskiest-assets` | &check; | &check; | &check; |
| `top-vulnerable-assets` | &check; | &check; | &check; |
| `vulnerability-trends` | &check; | &check; | &check; |
$ref: '#/definitions/ReportConfigFiltersResource'
format:
type: string
example: pdf
description: The output format of the report. The format will restrict the available templates and parameters that can be specified.
frequency:
example: ''
description: The recurring frequency with which to generate the report.
$ref: '#/definitions/ReportFrequency'
id:
type: integer
format: int32
example: 17
description: The identifier of the report.
readOnly: true
language:
type: string
example: en-US
description: The locale (language) in which the report is generated
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Monthly Corporate Site Summary
description: The name of the report.
organization:
type: string
example: 'Acme, Inc.'
description: The organization used for a XCCDF XML report. Only used when the format is `"xccdf-xml"`.
owner:
type: integer
format: int32
example: 1
description: The identifier of the report owner.
policy:
type: integer
format: int64
example: 789
description: 'The policy to report on. Only used when the format is `"oval-xml"`, `""xccdf-csv"`, or `"xccdf-xml"`.'
query:
type: string
example: SELECT * FROM dim_asset ORDER BY ip_address ASC
description: SQL query to run against the Reporting Data Model. Only used when the format is `"sql-query"`.
scope:
example: ''
description: |
The scope of the report. Scope is an object that has the following properties that vary by format and template:
<div class="properties">
<div class="property-info">
<span class="property-name">assets</span> <span class="param-type param-array-format integer">Array[integer &lt;int32&gt;]</span>
<div class="redoc-markdown-block">The identifiers of the assets to report on.</div>
</div>
<div class="property-info">
<span class="property-name">sites</span> <span class="param-type param-array-format integer">Array[integer &lt;int32&gt;]</span>
<div class="redoc-markdown-block">The identifiers of the sites to report on.</div>
</div>
<div class="property-info">
<span class="property-name">assetGroups</span> <span class="param-type param-array-format integer">Array[integer &lt;int32&gt;]</span>
<div class="redoc-markdown-block">The identifiers of the asset to report on.</div>
</div>
<div class="property-info">
<span class="property-name">tags</span> <span class="param-type param-array-format integer">Array[integer &lt;int32&gt;]</span>
<div class="redoc-markdown-block">The identifiers of the tag to report on.</div>
</div>
<div class="property-info">
<span class="property-name">scan</span> <span class="param-type param-array-format integer">integer &lt;int32&gt;</span>
<div class="redoc-markdown-block">The identifier of the scan to report on.</div>
</div>
</div>
The following scope elements may be defined for non-templatized report formats:
| Format | Assets | Sites | Asset Groups | Tags | Scan |
| ------------------------------------- |:----------:|:-------:|:------------:|:-------:|:---------:|
| `arf-xml` | &check; | &check; | &check; | &check; | |
| `csv-export` | &check; | &check; | &check; | &check; | &check; |
| `cyberscope-xml` | &check; | &check; | &check; | &check; | &check; |
| `database-export` | | &check; | | | |
| `nexpose-simple-xml` | &check; | &check; | &check; | &check; | &check; |
| `oval-xml` | &check; | &check; | &check; | &check; | |
| `qualys-xml` | &check; | &check; | &check; | &check; | &check; |
| `scap-xml` | &check; | &check; | &check; | &check; | &check; |
| `sql-query` | &check; | &check; | &check; | &check; | &check; |
| `xccdf-csv` | &check; | | | | |
| `xccdf-xml` | &check; | &check; | &check; | &check; | &check; |
| `xml-export` | &check; | &check; | &check; | &check; | &check; |
| `xml-export-v2` | &check; | &check; | &check; | &check; | &check; |
The following scope elements may be defined for templatized report formats:
| Template | Assets | Sites | Asset Groups | Tags | Scan |
| -----------------------------------------|:----------:|:-------:|:------------:|:-------:|:-------:|
| `audit-report` | &check; | &check; | &check; | &check; | &check; |
| `baseline-comparison` | &check; | &check; | &check; | &check; | |
| `basic-vulnerability-check-results` | &check; | &check; | &check; | &check; | &check; |
| `executive-overview` | &check; | &check; | &check; | &check; | |
| `highest-risk-vulns` | &check; | &check; | &check; | &check; | |
| `pci-attestation-v12` | &check; | &check; | &check; | &check; | &check; |
| `pci-executive-summary-v12` | &check; | &check; | &check; | &check; | &check; |
| `pci-vuln-details-v12` | &check; | &check; | &check; | &check; | &check; |
| `policy-details` | &check; | &check; | &check; | &check; | |
| `policy-eval` | &check; | &check; | &check; | &check; | |
| `policy-summary` | &check; | &check; | &check; | &check; | &check; |
| `prioritized-remediations` | &check; | &check; | &check; | &check; | &check; |
| `prioritized-remediations-with-details` | &check; | &check; | &check; | &check; | &check; |
| `r7-discovered-assets` | &check; | &check; | &check; | &check; | &check; |
| `r7-vulnerability-exceptions` | &check; | &check; | &check; | &check; | &check; |
| `remediation-plan` | &check; | &check; | &check; | &check; | &check; |
| `report-card` | &check; | &check; | &check; | &check; | &check; |
| `risk-scorecard` | &check; | &check; | &check; | &check; | |
| `rule-breakdown-summary` | &check; | &check; | &check; | &check; | |
| `top-policy-remediations` | &check; | &check; | &check; | &check; | |
| `top-policy-remediations-with-details` | &check; | &check; | &check; | &check; | |
| `top-riskiest-assets` | &check; | &check; | &check; | &check; | &check; |
| `top-vulnerable-assets` | &check; | &check; | &check; | &check; | &check; |
| `vulnerability-trends` | &check; | &check; | &check; | &check; | |
If a report supports specifying a scan as the scope and a scan is specified, no other scope elements may be defined.
In all other cases as many different types of supported scope elements can be specified in any combination. All
reports except the `sql-query` format require at least one element to be specified as the scope.
$ref: '#/definitions/ReportConfigScopeResource'
storage:
example: ''
description: The additional storage location and path.
$ref: '#/definitions/ReportStorage'
template:
type: string
example: executive-overview
description: The template for the report (only required if the format is templatized).
timezone:
type: string
example: America/Los_Angeles
description: 'The timezone the report generates in, such as `"America/Los_Angeles"`.'
users:
type: array
example: '7'
description: The identifiers of the users granted explicit access to the report.
items:
type: integer
format: int32
version:
type: string
example: 2.3.0
description: The version of the report Data Model to report against. Only used when the format is `"sql-query"`.
description: ''
ReportConfigCategoryFilters:
type: object
discriminator: ''
properties:
excluded:
type: array
description: The vulnerability categories to exclude. Defaults to no categories.
items:
type: string
included:
type: array
description: The vulnerability categories to include. Defaults to all categories.
items:
type: string
links:
type: array
items:
$ref: '#/definitions/Link'
description: ''
ReportConfigDatabaseCredentialsResource:
type: object
discriminator: ''
properties:
password:
type: string
example: '******'
description: '${report.config.database.credential.password.description}'
readOnly: true
username:
type: string
example: admin
description: '${report.config.database.credential.username.description}'
description: ''
ReportConfigDatabaseResource:
type: object
discriminator: ''
properties:
credentials:
example: ''
description: '${report.config.database.credentials.description}'
readOnly: true
$ref: '#/definitions/ReportConfigDatabaseCredentialsResource'
host:
type: string
example: database.acme.com
description: The database server host to export to.
name:
type: string
example: database
description: The name of the database to export to.
port:
type: integer
format: int32
example: 3306
description: The database server port to export to.
vendor:
type: string
example: mysql
description: The type of the database server.
enum:
- oracle
- mssql
- mysql
description: ''
ReportConfigFiltersResource:
type: object
discriminator: ''
properties:
categories:
example: ''
description: 'Vulnerability categories to include or exclude. Only `included` or `excluded` may be specified, but not both.'
$ref: '#/definitions/ReportConfigCategoryFilters'
severity:
type: string
example: ''
description: The vulnerability severities to include. Defaults to `all`.
enum:
- all
- critical
- critical-and-severe
statuses:
type: array
description: 'The vulnerability statuses to include. Defaults to [ `vulnerable`, `vulnerable-version`, `potentially-vulnerable` ].'
items:
type: string
enum:
- vulnerable
- vulnerable-version
- potentially-vulnerable
- vulnerable-and-validated
description: ''
ReportConfigScopeResource:
type: object
discriminator: ''
properties:
assetGroups:
type: array
description: '${report.config.asset.groups.description}'
items:
type: integer
format: int32
assets:
type: array
description: '${report.config.assets.description}'
items:
type: integer
format: int64
scan:
type: integer
format: int64
example: 68
description: '${report.config.scans.description}'
sites:
type: array
description: '${report.config.sites.description}'
items:
type: integer
format: int32
tags:
type: array
description: '${report.config.tags.description}'
items:
type: integer
format: int32
description: ''
ReportEmail:
type: object
discriminator: ''
properties:
access:
type: string
example: zip
description: The format to distribute the report in when sending to users who have explicit access to the report.
enum:
- file
- zip
- url
- none
additional:
type: string
example: file
description: The format to distribute the report to additional recipients.
enum:
- file
- zip
- none
additionalRecipients:
type: array
description: The email address of additional recipients to distribute the report to.
items:
type: string
assetAccess:
type: boolean
example: true
description: '${report.config.email.additional.asset.access.description}'
owner:
type: string
example: file
description: The format to distribute the report to the owner.
enum:
- file
- url
- zip
- none
smtp:
example: ''
description: SMTP delivery settings.
$ref: '#/definitions/ReportEmailSmtp'
description: ''
ReportEmailSmtp:
type: object
discriminator: ''
properties:
global:
type: boolean
example: true
description: 'Whether to use global SMTP settings. If enabled, `sender` and `relay` may not be specified.'
relay:
type: string
example: mail.acme.com
description: SMTP relay host or IP address.
sender:
type: string
example: john_smith@acme.com
description: SMTP sender address.
description: ''
ReportFilters:
type: object
discriminator: ''
description: ''
ReportFrequency:
type: object
required:
- repeat
- start
discriminator: ''
properties:
nextRuntimes:
type: array
description: 'List the next 10 dates in the future the schedule will launch. '
readOnly: true
items:
type: string
repeat:
example: ''
description: Settings for repeating a scheduled task.
$ref: '#/definitions/RepeatSchedule'
start:
type: string
example: '2018-03-01T04:31:56Z'
description: The scheduled start date and time. Date is represented in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time.
description: ''
ReportInstance:
type: object
discriminator: ''
properties:
generated:
type: string
example: '2018-06-01T18:56:03Z'
description: The date the report finished generation.
id:
type: integer
format: int32
example: 5
description: The identifier of the report instance.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
size:
example: ''
description: 'The size of the report, uncompressed.'
$ref: '#/definitions/ReportSize'
status:
type: string
example: complete
description: The status of the report generation process.
enum:
- aborted
- failed
- complete
- running
- unknown
uri:
type: string
example: 'https://hostname:3780/reports/...'
description: The URI of the report accessible through the web console. Refer to the `Download` relation hyperlink for a download URI.
description: ''
ReportScope:
type: object
discriminator: ''
description: ''
ReportSize:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 24789050
description: The raw value in bytes.
formatted:
type: string
example: 23.6 MB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
ReportStorage:
type: object
discriminator: ''
properties:
location:
type: string
example: monthly_reports/site/corporate
description: The location to storage an additional copy of the report. This is a sub-path post-fixed to `$(install_dir)/nsc/reports/$(user)/`.
path:
type: string
example: $(install_dir)/nsc/reports/$(user)/monthly_reports/site/corporate
description: The full path to the additional copy storage location.
readOnly: true
description: ''
ReportTemplate:
type: object
discriminator: ''
properties:
builtin:
type: boolean
example: true
description: Whether the report template is builtin.
description:
type: string
example: 'Provides comprehensive details about discovered assets, vulnerabilities, and users.'
description: The description of the report template.
id:
type: string
example: audit-report
description: The identifier of the report template;
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Audit Report
description: The name of the report template.
sections:
type: array
description: The sections that comprise the `document` report template.
items:
type: string
type:
type: string
example: document
description: 'The type of the report template. `document` is a templatized, typically printable, report that has various sections of content. `export` is data-oriented output, typically CSV. `file` is a printable report template using a report template file.'
enum:
- document
- export
- file
description: ''
Resources«Alert»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Alert'
description: ''
Resources«AssetGroup»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/AssetGroup'
description: ''
Resources«AssetTag»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/AssetTag'
description: ''
Resources«AuthenticationSource»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/AuthenticationSource'
description: ''
Resources«AvailableReportFormat»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/AvailableReportFormat'
description: ''
Resources«Configuration»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Configuration'
description: ''
Resources«Database»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Database'
description: ''
Resources«DiscoveryAsset»:
type: object
discriminator: ''
properties:
links:
type: array
items:
$ref: '#/definitions/Link'
resources:
type: array
items:
$ref: '#/definitions/DiscoveryAsset'
description: ''
Resources«EnginePool»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/EnginePool'
description: ''
Resources«File»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/File'
description: ''
Resources«GroupAccount»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/GroupAccount'
description: ''
Resources«MatchedSolution»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/MatchedSolution'
description: ''
Resources«PolicyOverride»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/PolicyOverride'
description: ''
Resources«ReportInstance»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/ReportInstance'
description: ''
Resources«ReportTemplate»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/ReportTemplate'
description: ''
Resources«Role»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Role'
description: ''
Resources«ScanEngine»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/ScanEngine'
description: ''
Resources«ScanSchedule»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/ScanSchedule'
description: ''
Resources«ScanTemplate»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/ScanTemplate'
description: ''
Resources«SharedCredential»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SharedCredential'
description: ''
Resources«SiteCredential»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SiteCredential'
description: ''
Resources«SiteSharedCredential»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SiteSharedCredential'
description: ''
Resources«SmtpAlert»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SmtpAlert'
description: ''
Resources«SnmpAlert»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SnmpAlert'
description: ''
Resources«Software»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Software'
description: ''
Resources«Solution»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Solution'
description: ''
Resources«SonarQuery»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SonarQuery'
description: ''
Resources«SyslogAlert»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/SyslogAlert'
description: ''
Resources«Tag»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/Tag'
description: ''
Resources«UserAccount»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/UserAccount'
description: ''
Resources«User»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/User'
description: ''
Resources«VulnerabilityValidationResource»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/VulnerabilityValidationResource'
description: ''
Resources«WebFormAuthentication»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/WebFormAuthentication'
description: ''
Resources«WebHeaderAuthentication»:
type: object
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
resources:
type: array
description: The resources returned.
items:
$ref: '#/definitions/WebHeaderAuthentication'
description: ''
Review:
type: object
discriminator: ''
properties:
comment:
type: string
example: ''
description: 'A comment from the reviewer detailing the review. '
readOnly: true
date:
type: string
example: ''
description: The date and time the review took place.
readOnly: true
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The identifier of the user that reviewed the vulnerability exception.
readOnly: true
user:
type: integer
format: int32
example: ''
description: The login name of the user that reviewed the vulnerability exception.
readOnly: true
description: ''
RiskModifierSettings:
type: object
discriminator: ''
properties:
high:
type: number
format: double
example: 1.5
description: '${settings.risk.modifier.high}'
low:
type: number
format: double
example: 0.75
description: '${settings.risk.modifier.low}'
medium:
type: number
format: double
example: 1
description: '${settings.risk.modifier.medium}'
veryHigh:
type: number
format: double
example: 2
description: '${settings.risk.modifier.veryHigh}'
veryLow:
type: number
format: double
example: 0.5
description: '${settings.risk.modifier.veryLow}'
description: ''
RiskSettings:
type: object
discriminator: ''
properties:
adjustWithCriticality:
type: boolean
example: true
description: Whether risk is adjusted using criticality tags.
criticalityModifiers:
example: ''
description: 'If `adjustWithCriticality` is enabled, details the risk modifiers by criticality tag.'
$ref: '#/definitions/RiskModifierSettings'
model:
type: string
example: real_risk
description: The risk model used to compute risk.
description: ''
Role:
type: object
required:
- description
- id
- name
discriminator: ''
properties:
description:
type: string
example: ''
description: The description of the role.
id:
type: string
example: ''
description: The identifier of the role.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The human readable name of the role.
privileges:
type: array
description: The privileges granted to the role.
items:
type: string
enum:
- all-permissions
- create-reports
- configure-global-settings
- manage-sites
- manage-tags
- manage-static-asset-groups
- manage-dynamic-asset-groups
- manage-scan-templates
- manage-report-templates
- manage-scan-engines
- submit-vulnerability-exceptions
- approve-vulnerability-exceptions
- delete-vulnerability-exceptions
- create-tickets
- close-tickets
- assign-ticket-assignee
- manage-site-access
- manage-asset-group-access
- manage-report-access
- use-restricted-report-sections
- manage-policies
- view-asset-group-asset-data
- manage-asset-group-assets
- view-site-asset-data
- specify-site-metadata
- purge-site-asset-data
- specify-scan-targets
- assign-scan-engine
- assign-scan-template
- manage-site-credentials
- manage-scan-alerts
- schedule-automatic-scans
- start-unscheduled-scans
description: ''
Scan:
type: object
discriminator: ''
properties:
assets:
type: integer
format: int32
example: ''
description: The number of assets found in the scan.
duration:
type: string
example: ''
description: The duration of the scan in ISO8601 format.
endTime:
type: string
example: ''
description: The end time of the scan in ISO8601 format.
engineId:
type: integer
format: int32
example: ''
description: The identifier of the scan engine.
engineName:
type: string
example: ''
description: The name of the scan engine.
id:
type: integer
format: int64
example: ''
description: The identifier of the scan.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
message:
type: string
example: ''
description: The reason for the scan status.
scanName:
type: string
example: ''
description: The user-driven scan name for the scan.
scanType:
type: string
example: ''
description: 'The scan type (automated, manual, scheduled). '
startTime:
type: string
example: ''
description: The start time of the scan in ISO8601 format.
startedBy:
type: string
example: ''
description: The name of the user that started the scan.
status:
type: string
example: ''
description: The scan status.
enum:
- aborted
- unknown
- running
- finished
- stopped
- error
- paused
- dispatched
- integrating
vulnerabilities:
example: ''
description: The vulnerability synopsis of the scan.
$ref: '#/definitions/Vulnerabilities'
description: ''
ScanEngine:
type: object
required:
- address
- id
- name
- port
discriminator: ''
properties:
address:
type: string
example: corporate-scan-engine-001.acme.com
description: The address the scan engine is hosted.
contentVersion:
type: string
example: ''
description: The content version of the scan engine.
readOnly: true
enginePools:
type: array
description: A list of identifiers of engine pools this engine is included in.
readOnly: true
items:
type: integer
format: int32
id:
type: integer
format: int32
example: 6
description: The identifier of the scan engine.
lastRefreshedDate:
type: string
example: ''
description: The date the engine was last refreshed. Date format is in ISO 8601.
readOnly: true
lastUpdatedDate:
type: string
example: ''
description: The date the engine was last updated. Date format is in ISO 8601.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: Corporate Scan Engine 001
description: The name of the scan engine.
port:
type: integer
format: int32
example: 40894
description: The port used by the scan engine to communicate with the Security Console.
productVersion:
type: string
example: ''
description: The product version of the scan engine.
readOnly: true
sites:
type: array
description: A list of identifiers of each site the scan engine is assigned to.
items:
type: integer
format: int32
description: ''
ScanEvents:
type: object
required:
- failed
- paused
- started
- stopped
discriminator: ''
properties:
failed:
type: boolean
example: false
description: Generates an alert when a scan fails. Default value is `false`.
paused:
type: boolean
example: false
description: Generates an alert when a scan pauses. Default value is `false`.
resumed:
type: boolean
example: false
description: Generates an alert when a scan resumes. Default value is `false`.
started:
type: boolean
example: false
description: Generates an alert when a scan starts. Default value is `false`.
stopped:
type: boolean
example: false
description: Generates an alert when a scan stops. Default value is `false`.
description: ''
ScanSchedule:
type: object
required:
- enabled
- onScanRepeat
- start
discriminator: ''
properties:
assets:
example: ''
description: 'Allows one or more assets defined within the site to be scanned for this scan schedule. This property is only supported for static sites. When this property is `null`, or not defined in schedule, then all assets defined in the static site will be scanned.'
$ref: '#/definitions/ScheduledScanTargets'
duration:
type: string
example: ''
description: |
Specifies the maximum duration the scheduled scan is allowed to run. Scheduled scans that do not complete within specified duration will be paused. The scan duration are represented by the format `"P[n]DT[n]H[n]M"`. In these representations, the [n] is replaced by a value for each of the date and time elements that follow the [n].The following table describes each supported value:
| Value | Description |
| ---------- | ---------------- |
| P | The duration designator. It must be placed at the start of the duration representation. |
| D | The day designator that follows the value for the number of days. |
| T | The time designator that precedes the time portion of the representation. |
| H | The hour designator that follows the value for the number of hours. |
| M | The minute designator that follows the value for the number of minutes. |
For example, `"P5DT10H30M"` represents a duration of "5 days, 10 hours, and 30 minutes". Each duration designator is optional; however, at least one must be specified and it must be preceded by the `"P"` designator.
enabled:
type: boolean
example: false
description: Flag indicating whether the scan schedule is enabled.
id:
type: integer
format: int32
example: ''
description: The identifier of the scan schedule.
links:
type: array
items:
$ref: '#/definitions/Link'
nextRuntimes:
type: array
description: 'List the next 10 dates in the future the schedule will launch. '
readOnly: true
items:
type: string
onScanRepeat:
type: string
example: ''
description: |
Specifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. The following table describes each supported value:
| Value | Description |
| ---------- | ---------------- |
| restart-scan | Stops the previously-paused scan and launches a new scan if the previous scan did not complete within the specified duration. If the previous scheduled scan was not paused, then a new scan is launched. |
| resume-scan | Resumes the previously-paused scan if the previous scan did not complete within the specified duration. If the previous scheduled scan was not paused, then a new scan is launched. |
repeat:
example: ''
description: Settings for repeating a scheduled task.
$ref: '#/definitions/RepeatResource'
scanEngineId:
type: integer
format: int32
example: ''
description: 'The identifier of the scan engine to be used for this scan schedule. If not set, the site''s assigned scan engine will be used.'
scanName:
type: string
example: ''
description: 'A user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching. Names must be unique.'
scanTemplateId:
type: string
example: ''
description: 'The identifier of the scan template to be used for this scan schedule. If not set, the site''s assigned scan template will be used.'
start:
type: string
example: '2018-03-01T04:31:56Z'
description: The scheduled start date and time. Date is represented in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time.
description: ''
ScanScope:
type: object
discriminator: ''
properties:
assets:
example: ''
description: 'Specify assets to be included in site scans as well as assets to be excluded from site scans. If the property is defined, then at least one address or asset group must be specified for scanning. Property is required when creating a static site.'
$ref: '#/definitions/StaticSite'
connection:
example: ''
description: Specify discovery connection settings for a dynamic site. Property is required when creating a dynamic site.
$ref: '#/definitions/DynamicSite'
description: ''
ScanSettings:
type: object
discriminator: ''
properties:
connectionTimeout:
type: string
example: PT15S
description: 'The connection timeout when establishing connections to remote scan engines, in ISO 8601 format. For example: `"PT15S"`.'
incremental:
type: boolean
example: true
description: Whether incremental scan results is enabled.
maximumThreads:
type: integer
format: int32
example: -1
description: The maximum number of scan threads to use in any scan. -1 means this is set by the scan template.
readTimeout:
type: string
example: PT15M
description: 'The read timeout when establishing connections to remote scan engines, in ISO 8601 format. For example: `"PT15M"`.'
statusIdleTimeout:
type: string
example: PT3M
description: 'The idle timeout when checking the status of running scans, in ISO 8601 format. For example: `"PT3M"`.'
statusThreads:
type: integer
format: int32
example: 3
description: The number of threads to use when checking the status of running scans.
description: ''
ScanSize:
type: object
discriminator: ''
properties:
bytes:
type: integer
format: int64
example: 1370433223
description: The raw value in bytes.
formatted:
type: string
example: 1.3 GB
description: 'The value formatted in human-readable notation (e.g. GB, MB, KB, bytes).'
description: ''
ScanTargetsResource:
type: object
discriminator: ''
properties:
addresses:
type: array
description: 'List of addresses. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
items:
type: string
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
description: ''
ScanTemplate:
type: object
discriminator: ''
properties:
checks:
example: ''
description: |-
Settings for which vulnerability checks to run during a scan. <br/>
The rules for inclusion of checks is as follows:
<ul>
<li>Enabled checks by category and by check type are included</li>
<li>Disabled checks in by category and by check type are removed</li>
<li>Enabled checks in by individual check are added (even if they are disabled in by category or check type)</li>
<li>Disabled checks in by individual check are removed</li>
<li>If unsafe is disabled, unsafe checks are removed</li>
<li>If potential is disabled, potential checks are removed</li>
<ul>
$ref: '#/definitions/ScanTemplateVulnerabilityChecks'
database:
example: ''
description: Settings for discovery databases.
$ref: '#/definitions/ScanTemplateDatabase'
description:
type: string
example: Performs a full network audit of all systems using only safe checks...
description: A verbose description of the scan template..
discovery:
example: ''
description: Discovery settings used during a scan.
$ref: '#/definitions/ScanTemplateDiscovery'
discoveryOnly:
type: boolean
example: false
description: Whether only discovery is performed during a scan.
enableWindowsServices:
type: boolean
example: false
description: 'Whether Windows services are enabled during a scan. Windows services will be temporarily reconfigured when this option is selected. Original settings will be restored after the scan completes, unless it is interrupted.'
enhancedLogging:
type: boolean
example: false
description: Whether enhanced logging is gathered during scanning. Collection of enhanced logs may greatly increase the disk space used by a scan.
id:
type: string
example: full-audit-without-web-spider
description: The identifier of the scan template
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
maxParallelAssets:
type: integer
format: int32
example: 10
description: The maximum number of assets scanned simultaneously per scan engine during a scan.
maxScanProcesses:
type: integer
format: int32
example: 10
description: The maximum number of scan processes simultaneously allowed against each asset during a scan.
name:
type: string
example: Full audit
description: A concise name for the scan template.
policy:
example: ''
description: Policy configuration settings used during a scan.
$ref: '#/definitions/Policy'
policyEnabled:
type: boolean
example: true
description: Whether policy assessment is performed during a scan.
telnet:
example: ''
description: Settings for interacting with the Telnet protocol.
$ref: '#/definitions/Telnet'
vulnerabilityEnabled:
type: boolean
example: true
description: Whether vulnerability assessment is performed during a scan.
web:
example: ''
description: Web spider settings used during a scan.
$ref: '#/definitions/ScanTemplateWebSpider'
webEnabled:
type: boolean
example: true
description: Whether web spidering and assessment are performed during a scan.
description: ''
ScanTemplateAssetDiscovery:
type: object
discriminator: ''
properties:
collectWhoisInformation:
type: boolean
example: false
description: Whether to query Whois during discovery. Defaults to `false`.
fingerprintMinimumCertainty:
type: number
format: double
example: 0.16
description: The minimum certainty required for a fingerprint to be considered valid during a scan. Defaults to `0.16`.
minimum: 0
maximum: 1
fingerprintRetries:
type: integer
format: int32
example: 0
description: The number of fingerprinting attempts made to determine the operating system fingerprint. Defaults to `4`.
minimum: 0
maximum: 1000
ipFingerprintingEnabled:
type: boolean
example: true
description: 'Whether to fingerprint TCP/IP stacks for hardware, operating system and software information.'
sendArpPings:
type: boolean
example: true
description: Whether ARP pings are sent during asset discovery. Defaults to `true`.
sendIcmpPings:
type: boolean
example: true
description: Whether ICMP pings are sent during asset discovery. Defaults to `false`.
tcpPorts:
type: array
description: TCP ports to send packets and perform discovery. Defaults to no ports.
items:
type: integer
format: int32
treatTcpResetAsAsset:
type: boolean
example: true
description: Whether TCP reset responses are treated as live assets. Defaults to `true`.
udpPorts:
type: array
description: UDP ports to send packets and perform discovery. Defaults to no ports.
items:
type: integer
format: int32
description: ''
ScanTemplateDatabase:
type: object
discriminator: ''
properties:
db2:
type: string
example: database
description: Database name for DB2 database instance.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
oracle:
type: array
example: default
description: Database name (SID) for an Oracle database instance.
items:
type: string
postgres:
type: string
example: postgres
description: Database name for PostgesSQL database instance.
description: ''
ScanTemplateDiscovery:
type: object
discriminator: ''
properties:
asset:
example: ''
description: Asset discovery settings used during a scan.
$ref: '#/definitions/ScanTemplateAssetDiscovery'
perfomance:
example: ''
description: Discovery performance settings used during a scan.
$ref: '#/definitions/ScanTemplateDiscoveryPerformance'
service:
example: ''
description: Service discovery settings used during a scan.
$ref: '#/definitions/ScanTemplateServiceDiscovery'
description: ''
ScanTemplateDiscoveryPerformance:
type: object
discriminator: ''
properties:
packetRate:
example: ''
description: The number of packets to send per second during scanning.
$ref: '#/definitions/ScanTemplateDiscoveryPerformancePacketsRate'
parallelism:
example: ''
description: The number of discovery connection requests to be sent to target host simultaneously. These settings has no effect if values have been set for `scanDelay`.
$ref: '#/definitions/ScanTemplateDiscoveryPerformanceParallelism'
retryLimit:
type: integer
format: int32
example: 3
description: 'The maximum number of attempts to contact target assets. If the limit is exceeded with no response, the given asset is not scanned. Defaults to `3`.'
minimum: 1
maximum: 15
scanDelay:
example: ''
description: The duration to wait between sending packets to each target host during a scan.
$ref: '#/definitions/ScanTemplateDiscoveryPerformanceScanDelay'
timeout:
example: ''
description: The duration to wait between retry attempts.
$ref: '#/definitions/ScanTemplateDiscoveryPerformanceTimeout'
description: ''
ScanTemplateDiscoveryPerformancePacketsRate:
type: object
discriminator: ''
properties:
defeatRateLimit:
type: boolean
example: true
description: 'Whether defeat rate limit (defeat-rst-ratelimit) is enforced on the minimum packet setting, which can improve scan speed. If it is disabled, the minimum packet rate setting may be ignored when a target limits its rate of RST (reset) responses to a port scan. This can increase scan accuracy by preventing the scan from missing ports. Defaults to `true`.'
maximum:
type: integer
format: int32
example: 15000
description: The minimum number of packets to send each second during discovery attempts. Defaults to `0`.
minimum: 0
maximum: 15000
minimum:
type: integer
format: int32
example: 450
description: The minimum number of packets to send each second during discovery attempts. Defaults to `0`.
minimum: 0
maximum: 15000
description: ''
ScanTemplateDiscoveryPerformanceParallelism:
type: object
discriminator: ''
properties:
maximum:
type: integer
format: int32
example: 0
description: The maximum number of discovery connection requests send in parallel. Defaults to `0`.
minimum: 0
maximum: 1000
minimum:
type: integer
format: int32
example: 0
description: The minimum number of discovery connection requests send in parallel. Defaults to `0`.
minimum: 0
maximum: 1000
description: ''
ScanTemplateDiscoveryPerformanceScanDelay:
type: object
discriminator: ''
properties:
maximum:
type: string
example: PT0S
description: The minimum duration to wait between sending packets to each target host. The value is specified as a ISO8601 duration and can range from `PT0S` (0ms) to `P30S` (30s). Defaults to `PT0S`.
minimum:
type: string
example: PT0S
description: The maximum duration to wait between sending packets to each target host. The value is specified as a ISO8601 duration and can range from `PT0S` (0ms) to `P30S` (30s). Defaults to `PT0S`.
description: ''
ScanTemplateDiscoveryPerformanceTimeout:
type: object
discriminator: ''
properties:
initial:
type: string
example: PT0.5S
description: The initial timeout to wait between retry attempts. The value is specified as a ISO8601 duration and can range from `PT0.5S` (500ms) to `P30S` (30s). Defaults to `PT0.5S`.
maximum:
type: string
example: PT3S
description: The maximum time to wait between retries. The value is specified as a ISO8601 duration and can range from `PT0.5S` (500ms) to `P30S` (30s). Defaults to `PT3S`.
minimum:
type: string
example: PT0S
description: The minimum time to wait between retries. The value is specified as a ISO8601 duration and can range from `PT0.5S` (500ms) to `P30S` (30s). Defaults to `PT0.5S`.
description: ''
ScanTemplateServiceDiscovery:
type: object
discriminator: ''
properties:
serviceNameFile:
type: string
example: ''
description: 'An optional file that lists each port and the service that commonly resides on it. If scans cannot identify actual services on ports, service names will be derived from this file in scan results. Defaults to empty.'
tcp:
example: ''
description: TCP service discovery settings.
$ref: '#/definitions/ScanTemplateServiceDiscoveryTcp'
udp:
example: ''
description: UDP service discovery settings.
$ref: '#/definitions/ScanTemplateServiceDiscoveryUdp'
description: ''
ScanTemplateServiceDiscoveryTcp:
type: object
discriminator: ''
properties:
additionalPorts:
type: array
example: '3078,8000-8080'
description: 'Additional TCP ports to scan. Individual ports can be specified as numbers or a string, but port ranges must be strings (e.g. `"7892-7898"`). Defaults to empty.'
items:
type: object
excludedPorts:
type: array
example: '1024'
description: 'TCP ports to exclude from scanning. Individual ports can be specified as numbers or a string, but port ranges must be strings (e.g. `"7892-7898"`). Defaults to empty.'
items:
type: object
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
method:
type: string
example: SYN
description: The method of TCP discovery. Defaults to `SYN`.
enum:
- SYN
- SYN+RST
- SYN+FIN
- SYN+ECE
- Full
ports:
type: string
example: well-known
description: The TCP ports to scan. Defaults to `well-known`.
enum:
- all
- well-known
- custom
- none
description: ''
ScanTemplateServiceDiscoveryUdp:
type: object
discriminator: ''
properties:
additionalPorts:
type: array
example: 4020-4032
description: 'Additional UDP ports to scan. Individual ports can be specified as numbers or a string, but port ranges must be strings (e.g. `"7892-7898"`). Defaults to empty.'
items:
type: object
excludedPorts:
type: array
example: '9899'
description: 'UDP ports to exclude from scanning. Individual ports can be specified as numbers or a string, but port ranges must be strings (e.g. `"7892-7898"`). Defaults to empty.'
items:
type: object
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
ports:
type: string
example: well-known
description: The UDP ports to scan. Defaults to `well-known`.
enum:
- all
- well-known
- custom
- none
description: ''
ScanTemplateVulnerabilityCheckCategories:
type: object
discriminator: ''
properties:
disabled:
type: array
description: The categories of vulnerability checks to disable during a scan.
items:
type: string
enabled:
type: array
description: The categories of vulnerability checks to enable during a scan.
items:
type: string
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
description: ''
ScanTemplateVulnerabilityCheckIndividual:
type: object
discriminator: ''
properties:
disabled:
type: array
description: The individual vulnerability checks to disable during a scan.
items:
type: string
enabled:
type: array
description: The individual vulnerability checks to enable during a scan.
items:
type: string
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
description: ''
ScanTemplateVulnerabilityChecks:
type: object
discriminator: ''
properties:
categories:
example: ''
description: The vulnerability check categories enabled or disabled during a scan.
$ref: '#/definitions/ScanTemplateVulnerabilityCheckCategories'
correlate:
type: boolean
example: false
description: Whether an extra step is performed at the end of the scan where more trust is put in OS patch checks to attempt to override the results of other checks which could be less reliable.
individual:
example: ''
description: The individual vulnerability checks enabled or disabled during a scan.
$ref: '#/definitions/ScanTemplateVulnerabilityCheckIndividual'
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
potential:
type: boolean
example: false
description: Whether checks that result in potential vulnerabilities are assessed during a scan.
types:
example: ''
description: The vulnerability check types enabled or disabled during a scan.
$ref: '#/definitions/VulnerabilityCheckType'
unsafe:
type: boolean
example: false
description: Whether checks considered "unsafe" are assessed during a scan.
description: ''
ScanTemplateWebSpider:
type: object
discriminator: ''
properties:
dontScanMultiUseDevices:
type: boolean
example: true
description: 'Whether scanning of multi-use devices, such as printers or print servers should be avoided.'
includeQueryStrings:
type: boolean
example: false
description: Whether query strings are using in URLs when web spidering. This causes the web spider to make many more requests to the Web server. This will increase overall scan time and possibly affect the Web server's performance for legitimate users.
paths:
example: ''
description: Paths to use when web spidering.
$ref: '#/definitions/ScanTemplateWebSpiderPaths'
patterns:
example: ''
description: Patterns to match responses during web spidering.
$ref: '#/definitions/ScanTemplateWebSpiderPatterns'
performance:
example: ''
description: Performance settings used during web spidering.
$ref: '#/definitions/ScanTemplateWebSpiderPerformance'
testCommonUsernamesAndPasswords:
type: boolean
example: false
description: Whether to determine if discovered logon forms accept commonly used user names or passwords. The process may cause authentication services with certain security policies to lock out accounts with these credentials.
testXssInSingleScan:
type: boolean
example: false
description: Whether to test for persistent cross-site scripting during a single scan. This test helps to reduce the risk of dangerous attacks via malicious code stored on Web servers. Enabling it may increase Web spider scan times.
userAgent:
type: string
example: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
description: The `User-Agent` to use when web spidering. Defaults to `"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"`.
description: ''
ScanTemplateWebSpiderPaths:
type: object
discriminator: ''
properties:
boostrap:
type: string
example: /root
description: Paths to bootstrap spidering with.
excluded:
type: string
example: /root/sensitive.html
description: Paths excluded from spidering.
honorRobotDirectives:
type: boolean
example: false
description: '${scan.template.web.spider.paths.robot.directives.description}'
description: ''
ScanTemplateWebSpiderPatterns:
type: object
discriminator: ''
properties:
sensitiveContent:
type: string
example: ''
description: A regular expression that is used to find sensitive content on a page.
sensitiveField:
type: string
example: (p|pass)(word|phrase|wd|code)
description: A regular expression that is used to find fields that may contain sensitive input. Defaults to `"(p|pass)(word|phrase|wd|code)"`.
description: ''
ScanTemplateWebSpiderPerformance:
type: object
discriminator: ''
properties:
httpDaemonsToSkip:
type: array
description: 'The names of HTTP Daemons (HTTPd) to skip when spidering. For example, `"CUPS"`.'
items:
type: string
maximumDirectoryLevels:
type: integer
format: int32
example: 6
description: 'The directory depth limit for web spidering. Limiting directory depth can save significant time, especially with large sites. A value of `0` signifies unlimited directory traversal. Defaults to `6`.'
minimum: 1
maximum: 100
maximumForeignHosts:
type: integer
format: int32
example: 100
description: 'The maximum number of unique host names that the spider may resolve. This function adds substantial time to the spidering process, especially with large Web sites, because of frequent cross-link checking involved. Defaults to `100`.'
maximumLinkDepth:
type: integer
format: int32
example: 6
description: The maximum depth of links to traverse when spidering. Defaults to `6`.
minimum: 0
maximum: 100
maximumPages:
type: integer
format: int32
example: 3000
description: The maximum the number of pages that are spidered. This is a time-saving measure for large sites. Defaults to `3000`.
minimum: 0
maximum: 1000000
maximumRetries:
type: integer
format: int32
example: 2
description: The maximum the number of times to retry a request after a failure. A value of `0` means no retry attempts are made. Defaults to `2`.
minimum: 0
maximum: 999
maximumTime:
type: string
example: PT0S
description: The maximum length of time to web spider. This limit prevents scans from taking longer than the allotted scan schedule. A value of `PT0S` means no limit is applied. The acceptable range is `PT1M` to `PT16666.6667H`.
responseTimeout:
type: string
example: PT2M
description: The duration to wait for a response from a target web server. The value is specified as a ISO8601 duration and can range from `PT0S` (0ms) to `P1H` (1 hour). Defaults to `PT2M`.
threadsPerServer:
type: integer
format: int32
example: 3
description: The number of threads to use per web server being spidered. Defaults to `3`.
minimum: 0
maximum: 999
description: ''
ScheduledScanTargets:
type: object
discriminator: ''
properties:
excludedAssetGroups:
example: ''
description: Assets associated with these asset groups will be excluded from the site's scan.
$ref: '#/definitions/ExcludedAssetGroups'
excludedTargets:
example: ''
description: 'Addresses to be excluded from the site''s scan. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.'
$ref: '#/definitions/ExcludedScanTargets'
includedAssetGroups:
example: ''
description: 'Allows users to specify a subset of the site''s included asset groups to be included in the scan. If the property is defined, then at least one valid already defined as an included asset group must be specified.'
$ref: '#/definitions/IncludedAssetGroups'
includedTargets:
example: ''
description: 'Allows users to specify a subset of the site''s scan targets to be included in the scan. If the property is defined, then at least one address must be specified.'
$ref: '#/definitions/IncludedScanTargets'
description: ''
SearchCriteria:
type: object
discriminator: ''
properties:
filters:
type: array
description: 'Filters used to match assets. See <a href="#section/Responses/SearchCriteria">Search Criteria</a> for more information on the structure and format.'
items:
$ref: '#/definitions/SwaggerSearchCriteriaFilter'
match:
type: string
example: all
description: Operator to determine how to match filters. `all` requires that all filters match for an asset to be included. `any` requires only one filter to match for an asset to be included.
enum:
- any
- all
description: ''
Service:
type: object
required:
- port
- protocol
discriminator: ''
properties:
configurations:
type: array
description: Configuration key-values pairs enumerated on the service.
items:
$ref: '#/definitions/Configuration'
databases:
type: array
description: The databases enumerated on the service.
items:
$ref: '#/definitions/Database'
family:
type: string
example: ''
description: The family of the service.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: CIFS Name Service
description: The name of the service.
port:
type: integer
format: int32
example: 139
description: The port of the service.
product:
type: string
example: Samba
description: The product running the service.
protocol:
type: string
example: tcp
description: The protocol of the service.
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
userGroups:
type: array
description: The group accounts enumerated on the service.
items:
$ref: '#/definitions/GroupAccount'
users:
type: array
description: The user accounts enumerated on the service.
items:
$ref: '#/definitions/UserAccount'
vendor:
type: string
example: ''
description: The vendor of the service.
version:
type: string
example: 3.5.11
description: The version of the service.
webApplications:
type: array
description: The web applications found on the service.
items:
$ref: '#/definitions/WebApplication'
description: ''
ServiceLink:
type: object
discriminator: ''
properties:
href:
type: string
example: 'https://hostname:3780/api/3/...'
description: 'A hypertext reference, which is either a URI (see <a target="_blank" href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>) or URI template (see <a target="_blank" href="https://tools.ietf.org/html/rfc6570">RFC 6570</a>). '
port:
type: integer
format: int32
example: 22
description: The port of the service.
protocol:
type: string
example: tcp
description: The protocol of the service.
enum:
- ip
- icmp
- igmp
- ggp
- tcp
- pup
- udp
- idp
- esp
- nd
- raw
rel:
type: string
example: Service
description: 'The link relation type. This value is one from the <a target="_blank" href="https://tools.ietf.org/html/rfc5988#section-6.2">Link Relation Type Registry</a> or is the type of resource being linked to.'
description: ''
ServiceUnavailableError:
type: object
required:
- status
discriminator: ''
properties:
links:
type: array
description: Hypermedia links to corresponding or related resources.
items:
$ref: '#/definitions/Link'
message:
type: string
example: An error has occurred.
description: The messages indicating the cause or reason for failure.
status:
type: string
example: '503'
description: The HTTP status code for the error (same as in the HTTP response).
enum:
- '503'
description: ''
Settings:
type: object
discriminator: ''
properties:
assetLinking:
type: boolean
example: true
description: Whether asset linking is enabled.
authentication:
example: ''
description: Details the authentication settings.
$ref: '#/definitions/AuthenticationSettings'
database:
example: ''
description: Details the database settings.
$ref: '#/definitions/DatabaseSettings'
directory:
type: string
example: /opt/rapid7/nexpose
description: The root directory of the console.
insightPlatform:
type: boolean
example: true
description: Whether the usage of the Insight Platform is enabled.
insightPlatformRegion:
type: string
example: us-east-1
description: 'The region used for the Insight Platform, if enabled.'
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
risk:
example: ''
description: Details risk configuration and settings.
$ref: '#/definitions/RiskSettings'
scan:
example: ''
description: Details the global settings for scanning.
$ref: '#/definitions/ScanSettings'
serialNumber:
type: string
example: 729F31B1C92F3C91DFA8A649F4D5C883C269BD45
description: The console serial number.
smtp:
example: ''
description: Global SMTP distribution settings.
$ref: '#/definitions/SmtpSettings'
updates:
example: ''
description: Details the update settings.
$ref: '#/definitions/UpdateSettings'
uuid:
type: string
example: 7231036a-e052-11e7-80c1-9a214cf093ae
description: The universally unique identifier (UUID) of the console.
web:
example: ''
description: Details the web server settings.
$ref: '#/definitions/WebSettings'
description: ''
SharedCredential:
type: object
required:
- account
- name
- siteAssignment
discriminator: ''
properties:
account:
example: ''
description: |+
Specify the type of service to authenticate as well as all of the information required by that service. <div class="properties">
<div class="property-info">
<span class="property-name">service</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"as400"</span>
<span class="param-enum-value string">"cifs"</span>
<span class="param-enum-value string">"cifshash"</span>
<span class="param-enum-value string">"cvs"</span>
<span class="param-enum-value string">"db2"</span>
<span class="param-enum-value string">"ftp"</span>
<span class="param-enum-value string">"http"</span>
<span class="param-enum-value string">"ms-sql"</span>
<span class="param-enum-value string">"mysql"</span>
<span class="param-enum-value string">"notes"</span>
<span class="param-enum-value string">"oracle"</span>
<span class="param-enum-value string">"pop"</span>
<span class="param-enum-value string">"postgresql"</span>
<span class="param-enum-value string">"remote-exec"</span>
<span class="param-enum-value string">"snmp"</span>
<span class="param-enum-value string">"snmpv3"</span>
<span class="param-enum-value string">"ssh"</span>
<span class="param-enum-value string">"ssh-key"</span>
<span class="param-enum-value string">"sybase"</span>
<span class="param-enum-value string">"telnet"</span>
</div>
<div class="redoc-markdown-block">The type of service to authenticate with.</div>
</div>
</div>
The following are the names of the valid values for service:
| Value | Service |
| ------------- | ----------------------------------------------- |
| `as400` | IBM AS/400 |
| `cifs` | Microsoft Windows/Samba (SMB/CIFS) |
| `cifshash` | Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) |
| `cvs` | Concurrent Versioning System (CVS) |
| `db2` | DB2 |
| `ftp` | File Transfer Protocol (FTP) |
| `http` | Web Site HTTP Authentication |
| `ms-sql` | Microsoft SQL Server |
| `mysql` | MySQL Server |
| `notes` | Lotus Notes/Domino |
| `oracle` | Oracle |
| `pop` | Post Office Protocol (POP) |
| `postgresql` | PostgreSQL |
| `remote-exec` | Remote Execution |
| `snmp` | Simple Network Management Protocol v1/v2c |
| `snmpv3` | Simple Network Management Protocol v3 |
| `ssh` | Secure Shell (SSH) |
| `ssh-key` | Secure Shell (SSH) Public Key |
| `sybase` | Sybase SQL Server |
| `telnet` | Telnet |
<p>The following is a specification of supported credential properties for each type of service. These properties are to be specified within the <code>account</code> object.</p>
`as400` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cifs` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cifshash` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">ntlmHash</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The NTLM password hash. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cvs` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`db2` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`ftp` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`http` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">realm</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The realm.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`ms-sql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">useWindowsAuthentication</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag signaling whether to connect to the database using Windows authentication. When set to <code>true</code>, Windows authentication is attempted; when set to <code>false</code>, SQL authentication is attempted.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain. This property cannot be specified unless property <code>useWindowsAuthentication</code> is set to <code>true</code>.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`mysql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The Notes ID password. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`notes` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">notesIDPassword</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`oracle` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">sid</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">enumerateSids</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to <code>true</code>, set the Oracle Net Listener password in property <code>oracleListenerPassword</code>.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">oracleListenerPassword</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The Oracle Net Listener password. Used to enumerate SIDs from your environment.</p></div>
</div>
</div>
`pop` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`postgresql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`remote-exec` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`snmp` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">communityName</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The community name that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`snmpv3` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">authenticationType</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="param-enum">
<span class="param-enum-value string">"no-authentication"</span>
<span class="param-enum-value string">"md5"</span>
<span class="param-enum-value string">"sha"</span>
</div>
<div class="redoc-markdown-block"><p>The authentication protocols available to use in SNMP v3.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account that will be used for authenticating. Is required when the property <code>authenticationType</code> is set to valid value other than <code>"no-authentication"</code>. <strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
<div class="property-info">
<span class="property-name">privacyType</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"no-privacy"</span>
<span class="param-enum-value string">"des"</span>
<span class="param-enum-value string">"aes-128"</span>
<span class="param-enum-value string">"aes-192"</span>
<span class="param-enum-value string">"aes-192-with-3-des-key-extension"</span>
<span class="param-enum-value string">"aes-256"</span>
<span class="param-enum-value string">"aes-265-with-3-des-key-extension"</span>
</div>
<div class="redoc-markdown-block"><p>The privacy protocols available to use in SNMP v3.</p></div>
</div>
<div class="property-info">
<span class="property-name">privacyPassword</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The privacy password for the account that will be used for authenticating. Is required when the property <code>authenticationType</code> is set to valid value other than <code>"no-authentication"</code> and when the <code>privacyType</code> is set to a valid value other than code>"no-privacy"</code>. <strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`ssh` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">permissionElevation</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"none"</span>
<span class="param-enum-value string">"sudo"</span>
<span class="param-enum-value string">"sudosu"</span>
<span class="param-enum-value string">"su"</span>
<span class="param-enum-value string">"pbrun"</span>
<span class="param-enum-value string">"privileged-exec"</span>
</div>
<div class="redoc-markdown-block">
<p>
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to <code>"none"</code> if not specified. </p>
</div>
</div>
<div class="property-info">
<span class="property-name">permissionElevationUsername</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The user name for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.<strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`ssh-key` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">privateKeyPassword</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for private key. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">pemKey</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The PEM-format private key. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">permissionElevation</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"none"</span>
<span class="param-enum-value string">"sudo"</span>
<span class="param-enum-value string">"sudosu"</span>
<span class="param-enum-value string">"su"</span>
<span class="param-enum-value string">"pbrun"</span>
<span class="param-enum-value string">"privileged-exec"</span>
</div>
<div class="redoc-markdown-block">
<p>
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to <code>"none"</code> if not specified. </p>
</div>
</div>
<div class="property-info">
<span class="property-name">permissionElevationUsername</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The user name for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.<strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`sybase` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">useWindowsAuthentication</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag signaling whether to connect to the database using Windows authentication. When set to <code>true</code>, Windows authentication is attempted; when set to <code>false</code>, SQL authentication is attempted.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain. This property cannot be specified unless property <code>useWindowsAuthentication</code> is set to <code>true</code>.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`telnet` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
$ref: '#/definitions/SharedCredentialAccount'
description:
type: string
example: ''
description: The description of the credential.
hostRestriction:
type: string
example: ''
description: The host name or IP address that you want to restrict the credentials to.
id:
type: integer
format: int32
example: ''
description: The identifier of the credential.
name:
type: string
example: ''
description: The name of the credential.
portRestriction:
type: integer
format: int32
example: ''
description: Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property `hostRestriction` is specified.
minimum: 1
maximum: 65535
siteAssignment:
type: string
example: ''
description: |-
Assigns the shared scan credential either to be available to all sites or to a specific list of sites.
The following table describes each supported value:
| Value | Description |
| ---------- | ---------------- |
| `"all-sites"` | The shared scan credential is assigned to all current and future sites. |
| `"specific-sites"` | The shared scan credential is assigned to zero sites by default. Administrators must explicitly assign sites to the shared credential. |
Shared scan credentials assigned to a site can disabled within the site configuration, if needed.
sites:
type: array
description: 'List of site identifiers. These sites are explicitly assigned access to the shared scan credential, allowing the site to use the credential for authentication during a scan. This property can only be set if the value of property `siteAssignment` is set to `"specific-sites"`. When the property `siteAssignment` is set to `"all-sites"`, this property will be `null`.'
items:
type: integer
format: int32
description: ''
SharedCredentialAccount:
type: object
discriminator: ''
properties:
authenticationType:
type: string
communityName:
type: string
database:
type: string
domain:
type: string
enumerateSids:
type: boolean
notesIDPassword:
type: string
ntlmHash:
type: string
oracleListenerPassword:
type: string
password:
type: string
pemKey:
type: string
permissionElevation:
type: string
permissionElevationPassword:
type: string
permissionElevationUserName:
type: string
privacyPassword:
type: string
privacyType:
type: string
privateKeyPassword:
type: string
realm:
type: string
service:
type: string
sid:
type: string
useWindowsAuthentication:
type: boolean
username:
type: string
description: ''
Site:
type: object
discriminator: ''
properties:
assets:
type: integer
format: int32
example: 768
description: The number of assets that belong to the site.
readOnly: true
connectionType:
type: string
example: ''
description: The type of discovery connection configured for the site. This property only applies to dynamic sites.
readOnly: true
enum:
- activesync-ldap
- activesync-office365
- activesync-powershell
- aws
- dhcp
- sonar
- vsphere
description:
type: string
example: ''
description: The site description.
id:
type: integer
format: int32
example: ''
description: The identifier of the site.
importance:
type: string
example: ''
description: The site importance.
lastScanTime:
type: string
example: ''
description: The date and time of the site's last scan.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The site name.
riskScore:
type: number
format: double
example: 4457823.78
description: The risk score (with criticality adjustments) of the site.
readOnly: true
scanEngine:
type: integer
format: int32
example: ''
description: The identifier of the scan engine configured in the site.
scanTemplate:
type: string
example: ''
description: The identifier of the scan template configured in the site.
type:
type: string
example: ''
description: The type of the site.
readOnly: true
enum:
- agent
- dynamic
- static
vulnerabilities:
example: ''
description: Summary information for distinct vulnerabilities found on the assets.
readOnly: true
$ref: '#/definitions/Vulnerabilities'
description: ''
SiteCreateResource:
type: object
required:
- name
discriminator: ''
properties:
description:
type: string
example: ''
description: The site's description.
engineId:
type: integer
format: int32
example: ''
description: The identifier of a scan engine. Default scan engine is selected when not specified.
importance:
type: string
example: ''
description: The site importance. Defaults to `"normal"` if not specified.
enum:
- very_low
- low
- normal
- high
- very_high
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The site name. Name must be unique.
scan:
example: ''
description: 'Defines the scope of scan targets for the site, which can be addresses, or asset groups, for static sites and a discovery configuration for dynamic sites. Only one property must be set by the user when saving a site.'
$ref: '#/definitions/ScanScope'
scanTemplateId:
type: string
example: ''
description: The identifier of a scan template. Default scan template is selected when not specified.
description: ''
SiteCredential:
type: object
required:
- account
- name
discriminator: ''
properties:
account:
example: ''
description: |+
Specify the type of service to authenticate as well as all of the information required by that service. <div class="properties">
<div class="property-info">
<span class="property-name">service</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"as400"</span>
<span class="param-enum-value string">"cifs"</span>
<span class="param-enum-value string">"cifshash"</span>
<span class="param-enum-value string">"cvs"</span>
<span class="param-enum-value string">"db2"</span>
<span class="param-enum-value string">"ftp"</span>
<span class="param-enum-value string">"http"</span>
<span class="param-enum-value string">"ms-sql"</span>
<span class="param-enum-value string">"mysql"</span>
<span class="param-enum-value string">"notes"</span>
<span class="param-enum-value string">"oracle"</span>
<span class="param-enum-value string">"pop"</span>
<span class="param-enum-value string">"postgresql"</span>
<span class="param-enum-value string">"remote-exec"</span>
<span class="param-enum-value string">"snmp"</span>
<span class="param-enum-value string">"snmpv3"</span>
<span class="param-enum-value string">"ssh"</span>
<span class="param-enum-value string">"ssh-key"</span>
<span class="param-enum-value string">"sybase"</span>
<span class="param-enum-value string">"telnet"</span>
</div>
<div class="redoc-markdown-block">The type of service to authenticate with.</div>
</div>
</div>
The following are the names of the valid values for service:
| Value | Service |
| ------------- | ----------------------------------------------- |
| `as400` | IBM AS/400 |
| `cifs` | Microsoft Windows/Samba (SMB/CIFS) |
| `cifshash` | Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) |
| `cvs` | Concurrent Versioning System (CVS) |
| `db2` | DB2 |
| `ftp` | File Transfer Protocol (FTP) |
| `http` | Web Site HTTP Authentication |
| `ms-sql` | Microsoft SQL Server |
| `mysql` | MySQL Server |
| `notes` | Lotus Notes/Domino |
| `oracle` | Oracle |
| `pop` | Post Office Protocol (POP) |
| `postgresql` | PostgreSQL |
| `remote-exec` | Remote Execution |
| `snmp` | Simple Network Management Protocol v1/v2c |
| `snmpv3` | Simple Network Management Protocol v3 |
| `ssh` | Secure Shell (SSH) |
| `ssh-key` | Secure Shell (SSH) Public Key |
| `sybase` | Sybase SQL Server |
| `telnet` | Telnet |
<p>The following is a specification of supported credential properties for each type of service. These properties are to be specified within the <code>account</code> object.</p>
`as400` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cifs` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cifshash` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">ntlmHash</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The NTLM password hash. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`cvs` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`db2` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`ftp` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`http` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">realm</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The realm.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`ms-sql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">useWindowsAuthentication</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag signaling whether to connect to the database using Windows authentication. When set to <code>true</code>, Windows authentication is attempted; when set to <code>false</code>, SQL authentication is attempted.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain. This property cannot be specified unless property <code>useWindowsAuthentication</code> is set to <code>true</code>.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`mysql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The Notes ID password. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`notes` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">notesIDPassword</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`oracle` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">sid</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">enumerateSids</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag instructing the scan engine to attempt to enumerate SIDs from your environment. If set to <code>true</code>, set the Oracle Net Listener password in property <code>oracleListenerPassword</code>.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">oracleListenerPassword</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The Oracle Net Listener password. Used to enumerate SIDs from your environment.</p></div>
</div>
</div>
`pop` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`postgresql` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`remote-exec` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`snmp` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">communityName</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The community name that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`snmpv3` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">authenticationType</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="param-enum">
<span class="param-enum-value string">"no-authentication"</span>
<span class="param-enum-value string">"md5"</span>
<span class="param-enum-value string">"sha"</span>
</div>
<div class="redoc-markdown-block"><p>The authentication protocols available to use in SNMP v3.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account that will be used for authenticating. Is required when the property <code>authenticationType</code> is set to valid value other than <code>"no-authentication"</code>. <strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
<div class="property-info">
<span class="property-name">privacyType</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"no-privacy"</span>
<span class="param-enum-value string">"des"</span>
<span class="param-enum-value string">"aes-128"</span>
<span class="param-enum-value string">"aes-192"</span>
<span class="param-enum-value string">"aes-192-with-3-des-key-extension"</span>
<span class="param-enum-value string">"aes-256"</span>
<span class="param-enum-value string">"aes-265-with-3-des-key-extension"</span>
</div>
<div class="redoc-markdown-block"><p>The privacy protocols available to use in SNMP v3.</p></div>
</div>
<div class="property-info">
<span class="property-name">privacyPassword</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The privacy password for the account that will be used for authenticating. Is required when the property <code>authenticationType</code> is set to valid value other than <code>"no-authentication"</code> and when the <code>privacyType</code> is set to a valid value other than code>"no-privacy"</code>. <strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`ssh` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">permissionElevation</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"none"</span>
<span class="param-enum-value string">"sudo"</span>
<span class="param-enum-value string">"sudosu"</span>
<span class="param-enum-value string">"su"</span>
<span class="param-enum-value string">"pbrun"</span>
<span class="param-enum-value string">"privileged-exec"</span>
</div>
<div class="redoc-markdown-block">
<p>
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to <code>"none"</code> if not specified. </p>
</div>
</div>
<div class="property-info">
<span class="property-name">permissionElevationUsername</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The user name for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.<strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`ssh-key` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">privateKeyPassword</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for private key. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">pemKey</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The PEM-format private key. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
<div class="property-info">
<span class="property-name">permissionElevation</span> <span class="param-type">string</span>
<div class="param-enum">
<span class="param-enum-value string">"none"</span>
<span class="param-enum-value string">"sudo"</span>
<span class="param-enum-value string">"sudosu"</span>
<span class="param-enum-value string">"su"</span>
<span class="param-enum-value string">"pbrun"</span>
<span class="param-enum-value string">"privileged-exec"</span>
</div>
<div class="redoc-markdown-block">
<p>
Elevate scan engine permissions to administrative or root access, which is necessary to obtain certain data during the scan. Defaults to <code>"none"</code> if not specified. </p>
</div>
</div>
<div class="property-info">
<span class="property-name">permissionElevationUsername</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The user name for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span>
<div class="redoc-markdown-block">
<p>
The password for the account with elevated permissions. This property must not be specified when the property <code>permissionElevation</code> is set to either <code>"none"</code> or <code>"pbrun"</code>; otherwise the property is required.<strong>Note: This property is not returned in responses for security.</strong></p>
</div>
</div>
</div>
`sybase` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">database</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The name of the database. If not specified, a default database name will be used during authentication.</p></div>
</div>
<div class="property-info">
<span class="property-name">useWindowsAuthentication</span> <span class="param-type">boolean</span>
<div class="redoc-markdown-block">
<p>
Boolean flag signaling whether to connect to the database using Windows authentication. When set to <code>true</code>, Windows authentication is attempted; when set to <code>false</code>, SQL authentication is attempted.</p>
</div>
</div>
<div class="property-info">
<span class="property-name">domain</span> <span class="param-type">string</span>
<div class="redoc-markdown-block"><p>The address of the domain. This property cannot be specified unless property <code>useWindowsAuthentication</code> is set to <code>true</code>.</p></div>
</div>
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
`telnet` supported properties:
<div class="properties">
<div class="property-info">
<span class="property-name">username</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The user name for the account that will be used for authenticating.</p></div>
</div>
<div class="property-info">
<span class="property-name">password</span> <span class="param-type">string</span> <span _ngcontent-c21 class="param-required">Required</span>
<div class="redoc-markdown-block"><p>The password for the account that will be used for authenticating. <strong>Note: This property is not returned in responses for security.</strong></p></div>
</div>
</div>
$ref: '#/definitions/Account'
description:
type: string
example: ''
description: The description of the credential.
enabled:
type: boolean
example: false
description: Flag indicating whether the credential is enabled for use during the scan.
hostRestriction:
type: string
example: ''
description: The host name or IP address that you want to restrict the credentials to.
id:
type: integer
format: int32
example: ''
description: The identifier of the credential.
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the credential.
portRestriction:
type: integer
format: int32
example: ''
description: Further restricts the credential to attempt to authenticate on a specific port. The port can only be restricted if the property `hostRestriction` is specified.
minimum: 1
maximum: 65535
description: ''
SiteDiscoveryConnection:
type: object
discriminator: ''
properties:
id:
type: integer
format: int64
example: ''
description: The identifier of the discovery connection.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the discovery connection.
readOnly: true
type:
type: string
example: ''
description: The type of discovery connection configured for the site. This property only applies to dynamic sites.
readOnly: true
enum:
- activesync-ldap
- activesync-office365
- activesync-powershell
- aws
- dhcp
- sonar
- vsphere
description: ''
SiteOrganization:
type: object
discriminator: ''
properties:
address:
type: string
example: ''
description: The address.
city:
type: string
example: ''
description: The city.
contact:
type: string
example: ''
description: The contact person name.
country:
type: string
example: ''
description: The country.
email:
type: string
example: ''
description: The e-mail address.
jobTitle:
type: string
example: ''
description: The job title.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The organization name.
phone:
type: string
example: ''
description: The phone number.
state:
type: string
example: ''
description: The state.
url:
type: string
example: ''
description: The organization URL.
zipCode:
type: string
example: ''
description: The zip or region code.
description: ''
SiteSharedCredential:
type: object
discriminator: ''
properties:
enabled:
type: boolean
example: false
description: Flag indicating whether the shared credential is enabled for the site's scans.
readOnly: true
id:
type: integer
format: int32
example: ''
description: The identifier of the shared credential.
readOnly: true
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The name of the shared credential.
readOnly: true
service:
type: string
example: ''
description: The type of service the credential is configured to authenticate with.
readOnly: true
enum:
- as400
- cifs
- cifshash
- cvs
- db2
- ftp
- http
- ms-sql
- mysql
- notes
- oracle
- pop
- postgresql
- remote-exec
- snmp
- snmpv3
- ssh
- ssh-key
- sybase
- telnet
description: ''
SiteUpdateResource:
type: object
required:
- engineId
- importance
- name
- scanTemplateId
discriminator: ''
properties:
description:
type: string
example: ''
description: The site's description.
engineId:
type: integer
format: int32
example: ''
description: The identifier of a scan engine.
importance:
type: string
example: ''
description: The site importance.
enum:
- very_low
- low
- normal
- high
- very_high
links:
type: array
items:
$ref: '#/definitions/Link'
name:
type: string
example: ''
description: The site name. Name must be unique.
scanTemplateId:
type: string
example: ''
description: The identifier of a scan template.
description: ''
SmtpAlert:
type: object
required:
- enabled
- name
- notification
- recipients
- relayServer
discriminator: ''
properties:
enabled:
type: boolean
example: false
description: Flag indicating the alert is enabled.
enabledScanEvents:
example: ''
description: Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledScanEvents`.
$ref: '#/definitions/ScanEvents'
enabledVulnerabilityEvents:
example: ''
description: Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledVulnerabilityEvents`.
$ref: '#/definitions/VulnerabilityEvents'
id:
type: integer
format: int32
example: ''
description: The identifier of the alert.
limitAlertText:
type: boolean
example: false
description: 'Reports basic information in the alert, if enabled.'
links:
type: array
items:
$ref: '#/definitions/Link'
maximumAlerts:
type: integer
format: int32
example: ''
description: 'The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of `null`.'
minimum: 1
name:
type: string
example: ''
description: The name of the alert.
notification:
type: string
example: ''
description: The type of alert.
enum:
- SMTP
- SNMP
- Syslog
recipients:
type: array
description: The recipient list. At least one recipient must be specified. Each recipient must be a valid e-mail address.
items:
type: string
relayServer:
type: string
example: ''
description: The SMTP server/relay to send messages through.
senderEmailAddress:
type: string
example: ''
description: The sender e-mail address that will appear in the from field.
description: ''
SmtpSettings:
type: object
discriminator: ''
properties:
host:
type: string
example: mail@acme.com
description: The host to send to.
port:
type: integer
format: int32
example: 25
description: The port to send to.
sender:
type: string
example: security@acme.com
description: The sender to send from.
description: ''
SnmpAlert:
type: object
required:
- community
- enabled
- name
- notification
- server
discriminator: ''
properties:
community:
type: string
example: ''
description: The SNMP community name.
enabled:
type: boolean
example: false
description: Flag indicating the alert is enabled.
enabledScanEvents:
example: ''
description: Allows the user to specify which scan events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledScanEvents`.
$ref: '#/definitions/ScanEvents'
enabledVulnerabilityEvents:
example: ''
description: Allows the user to specify which vulnerability result events generate an alert. Default values will be chosen if property is not specified as apart of the request. The default values are documented in the properties of `enabledVulnerabilityEvents`.
$ref: '#/definitions/VulnerabilityEvents'
id:
type: integer
format: int32
example: ''
description: The identifier of the alert.
links:
type: array
items:
$ref: '#/definitions/Link'
maximumAlerts:
type: integer
format: int32
example: ''
description: 'The maximum number of alerts that will be issued. To disable maximum alerts, omit the property in the request or specify the property with a value of `null`.'
minimum: 1
name:
type: string
example: ''
description: The name of the alert.
notification:
type: string
example: ''
description: The type of alert.
enum:
- SMTP
- SNMP
- Syslog
server:
type: string
example: ''
description: The SNMP management server.
description: ''
Software:
type: object
discriminator: ''
properties:
configurations:
type: array
description: '${software.attributes.description}'
items:
$ref: '#/definitions/Configuration'
cpe:
example: ''
description: The Common Platform Enumeration (CPE) of the software.
$ref: '#/definitions/SoftwareCpe'
description:
type: string
example: Microsoft Outlook 2013 15.0.4867.1000
description: The description of the software.
family:
type: string
example: Office 2013
description: The family of the software.
id:
type: integer
format: int64
product:
type: string
example: Outlook 2013
description: The product of the software.
type:
type: string
example: Productivity
description: The version of the software.
vendor:
type: string
example: Microsoft
description: The vendor of the software.
version:
type: string
example: 15.0.4867.1000
description: The version of the software.
description: ''
SoftwareCpe:
type: object
required:
- part
discriminator: ''
properties:
edition:
type: string
example: enterprise
description: 'Edition-related terms applied by the vendor to the product. '
language:
type: string
example: ''
description: 'Defines the language supported in the user interface of the product being described. The format is of the language tag adheres to <a target="_blank" href="https://tools.ietf.org/html/rfc5646">RFC5646</a>.'
other:
type: string
example: ''
description: 'Captures any other general descriptive or identifying information which is vendor- or product-specific and which does not logically fit in any other attribute value. '
part:
type: string
example: o
description: A single letter code that designates the particular platform part that is being identified.
enum:
- o
- a
- h
product:
type: string
example: windows_server_2008
description: the most common and recognizable title or name of the product.
swEdition:
type: string
example: ''
description: 'Characterizes how the product is tailored to a particular market or class of end users. '
targetHW:
type: string
example: ''
description: 'Characterize the instruction set architecture on which the product operates. '
targetSW:
type: string
example: ''
description: Characterize the software computing environment within which the product operates.
update:
type: string
example: sp1
description: 'Vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.'
v2.2:
type: string
example: 'cpe:/o:microsoft:windows_server_2008:-:sp1:enterprise'
description: 'The full CPE string in the <a target="_blank" href="https://cpe.mitre.org/files/cpe-specification_2.2.pdf">CPE 2.2</a> format.'
v2.3:
type: string
example: 'cpe:2.3:o:microsoft:windows_server_2008:-:sp1:enterprise:*:*:*:*:*'
description: 'The full CPE string in the <a target="_blank" href="http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf">CPE 2.3</a> format.'
vendor:
type: string
example: microsoft
description: The person or organization that manufactured or created the product.
version:
type: string
example: '-'
description: Vendor-specific alphanumeric strings characterizing the particular release version of the product.
description: ''
Solution:
type: object
discriminator: ''
properties:
additionalInformation:
example: ''
description: Additional information or resources that can assist in applying the remediation.
$ref: '#/definitions/AdditionalInformation'
appliesTo:
type: string
example: libexpat1 on Ubuntu Linux
description: The systems or software the solution applies to.
estimate:
type: string
example: PT10M
description: 'The estimated duration to apply the solution, in ISO 8601 format. For example: `"PT5M"`.'
id:
type: string
example: ubuntu-upgrade-libexpat1
description: The identifier of the solution.
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
steps:
example: ''
description: The steps required to remediate the vulnerability.
$ref: '#/definitions/Steps'
summary:
example: ''
description: The summary of the solution.
$ref: '#/definitions/Summary'
type:
type: string
example: configuration
description: 'The type of the solution. One of: `"Configuration"`, `"Rollup patch"`, `"Patch"`'
enum:
- configuration
- rollup-patch
- patch
- unknown
description: ''
SolutionMatch:
type: object
discriminator: ''
properties:
check:
type: string
example: ''
description: 'The identifier of the vulnerability check used to match the solution, if type is `check`.'
confidence:
type: string
example: ''
description: The confidence of the matching process for the solution.
enum:
- exact
- partial
- none
fingerprint:
example: ''
description: 'The fingerprint used to perform solution matching, if type is `operating-system`, `service`, or `software`.'
$ref: '#/definitions/Fingerprint'
links:
type: array
description: Hypermedia links to corresponding or related resources.
readOnly: true
items:
$ref: '#/definitions/Link'
solution:
type: string
example: ubuntu-upgrade-libexpat1
description: The identifier of the matched solution.
type:
type: string
example: software
description: The means by which a solution was matched.
enum:
- none
- check
- operating-system
- service
- software
description: ''
SonarCriteria:
type: object
discriminator: ''
properties:
filters:
type: array
description: The filters in the Sonar query.
items:
$ref: '#/definitions/SonarCriterion'
description: ''
SonarCriterion:
type: object
discriminator: ''
properties:
days:
type: integer
format: int32
example: ''
description: 'If the field is `scan-date-within-the-last`, the number of days to search against.'
lower:
type: string
example: ''
description: 'If the field is `ip-address-range`, the lower limit of the search.'
searchDomain:
type: string
example: acme.com
description: 'If the field is `domain-contains`, the domain to search against.'
type:
type: string
example: domain-contains
description: The type of query to perform.
enum:
- domain-contains
- scan-date-within-the-last
- ip-address-range
upper:
type: string
example: ''
description: 'If the field is `ip-address-range`, the upper limit of the search.'
description: ''
SonarQuery:
type: object
discriminator: ''
properties:
criteria:
example: ''
description: The search criteria used to search
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment