Creates one or more vulnerability occurrences in the Risk module. Vulnerability occurrences are associations between assets and vulnerabilities. Before a vulnerability occurrence can be created, its asset must be previously registered in the Organization module, while its vulnerability must be registered in the catalogue of vulnerabilities in the Knowledge module. This feature supports the creation of up to 1,000 total vulnerability occurrences in a single request. This total can be applied to one or multiple vulnerabilities, as long as the total number of vulnerability occurrences does not exceed 1,000 per request.
URL
{RMUrl}/api/risk/collectjobs
REQUEST METHOD
POST
URL PARAMETERS
This feature does not have parameters.
FORM CONTENT
Source (Required): Source of the vulnerability for which one or more occurrences will be created. The source represents the name of the scanner that detected the vulreabilities in the assets. Note that the source must be the same for all vulnerabilities related to the occurrences to be created in a single request. Limit of 100 characters.
VulnerabilityID (Required): Unique identifier of the vulnerability for which one or more occurrences will be created. This field accepts only the identifiers of vulnerabilities already registered in the catalogue of vulnerabilities in the Knowledge module.
NetbiosName (Optional): NetBIOS name of the asset to be mapped to the vulnerability identified by a vulnerability scanner.
IPAddress (Optional): IP address of the asset to be mapped to the vulnerability identified by a vulnerability scanner.
DNSName (Optional): DNS name of the asset to be mapped to the vulnerability identified by a vulnerability scanner.
MacAddress (Optional): MAC address of the asset to be mapped to the vulnerability identified by a vulnerability scanner.
Protocol (Optional): Network protocol associated with the vulnerability occurrence. Example: TCP.
Port (Optional): TCP or UDP port where the vulnerability occurrence was identified. Limit between 0 and 65535.
Evidences (Optional): Evidence of the occurrence of the vulnerability in the asset. This field accepts free text.
Note: At least one of the "NetBIOS Name", "DNS Name", or "IP Address" fields must be completed for each vulnerability occurrence.
FORM CONTENT EXAMPLE
{
"Source": "Wireshark",
"Name": "Job01",
"CollectID": "Job01.1",
"CollectedOn": "2019-09-09",
"Occurrences": [
{
"VulnerabilityID": "VULN.01",
"NetBiosName": "SERVER1",
"DnsName": "www.example.com",
"IpAddress": "172.16.2.141",
"MacAddress": "00:0a:95:9d:68:16",
"Protocol": "HTTP",
"Port": 80,
"Evidences": "Version source : SSH-2.0-OpenSSH_5.3
Installed version : 5.3
Fixed version : 6.6"
},
{
"VulnerabilityID": "VULN.02",
"IpAddress": "172.16.2.200",
"MacAddress": "00:0d:83:b1:c0:8e",
"Evidences": "Source : Server: squid/3.1.23
Installed version : 3.1.23
End of support date : 2015/01/17
Announcement : http://www.nessus.org/u?b3f1e161
Supported versions : 3.5.x"
}]
}
SUCCESS RESPONSE
HTTP status code 201: Created and returns the identifier of the created vulnerability occurrence.