| Parameter | Type | Default Value | Description |
|---|---|---|---|
query |
string | [no filter] | The TinyQ language filter that specifies a subset of all available records. |
field |
string | not present | The name or names of fields whose values are to be returned. The field item may appear zero or more times in the URI query parameters. A single value of "[none]" indicates return only metadata. The absence of any field parameter indicates return all field values, |
page |
integer | 1 | The 1-based offset into the total records based on page size. Actual offset is (page - 1) * pagesize. |
pagesize |
integer | [unlimited] | The maximum number of object records to return as a result of the request. |
| Object type: page | |
|---|---|
| A container for one or more objects in the result listing. There may be multiple pages in a listing if a page size is specified that is less than the total number of objects in the listing. | |
| Field | Description |
| next | A URL addressing the subsequent page of objects in the total set of available objects. |
| objects | The list of objects returned in the page of results. |
| prev | A URL addressing the previous page of objects in the total set of available objects. |
| Object type: vulnerability-container | |
|---|---|
| An Vulnerability Container object contains information about enterprise vulnerabilities. | |
| Field | Description |
| events | The list of VulnerabilityEventData objects used to locate vulnerabilities when executing an vulnerability report. Definition |
| id | Unique Identifier. |
| meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
| scanners | List of vulnerability scanners from an executed vulnerability report. Definition |
| useEventTime | Flag to use current time or event time to determine which scanner to use. |
| Object type: meta | |
|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | |
| Field | Description |
| @href | The URL reference to the object. |
| type | The name of the object type |
| Object type: vulnerability-event-data | |
|---|---|
| A Vulnerability Event Data object contains event information required to search for vulnerabilities in the system such as the customer name, IP address as well as event IDs and event times. | |
| Field | Description |
| customer-name | Search for vulnerabilities from a specific customer. |
| ip | Search for vulnerabilities from a specific IP address. |
| time | Used to find vulnerabilities associated with a given event ID and time. |
| uuid | Used to find vulnerabilities associated with a given event ID and time. |
| Object type: vulnerability-scanner | |
|---|---|
| Represents a scan of enterprise assets for vulnerabilities. | |
| Field | Description |
| product-name | Name of the product line of which this scanner is a member; if you don't set this, the Collector product name will be used. |
| product-version | The version of the scanner product. |
| resources | A list of vulnerability resources associated with this scan. Definition |
| scanner-instance | Needs description. |
| scanner-type | The type of scanner; currently hard-coded to 'VULN'. |
| vendor | Name of the vendor who manufactures this scanner; if you don't set this, the Collector vendor name will be used. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container?page=2&pagesize=1
{
"objects":[
{
"meta":{
"type":"vulnerability-container",
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container/Wildebeest"
},
"id":"Wildebeest",
"useEventTime":true,
"events":[
{
"time":"2012-04-25T13:33:44.531Z",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"customer-name":"Company A",
"ip":"137.65.2.12"
}
],
"scanners":[
{
"product-name":"Wildebeest",
"vendor":"Nessus",
"product-version":"Wildebeest",
"scanner-instance":"Wildebeest",
"scanner-type":"Wildebeest",
"resources":[
{
"criticality":1,
"location":"Building A",
"department":"HR",
"regulation":"Wildebeest",
"hostname":"hr1.company.com",
"op-env":"Wildebeest",
"scanner-id":"79600390-9B73-102E-A3E2-001676E4A757",
"regulation-rating":"Wildebeest",
"business-system":"Wildebeest",
"ip":"137.1.2.3",
"vulnerabilities":[
{
"summary":"Wildebeest",
"module":"Wildebeest",
"computed-severity":42,
"app-protocol":"Wildebeest",
"assigned-severity":42,
"scanned-app-ver":"Wildebeest",
"port-number":523,
"network-protocol":42,
"detected-os":"SLES 11.2",
"solution":"Block access to port 523.",
"user-name":"Wildebeest",
"rsrc-id":"79600390-9B73-102E-A3E2-001676E4A757",
"scanned-app":"Wildebeest",
"user-domain":"Wildebeest",
"port-name":"Wildebeest",
"detected-os-ver":"1.0.1",
"name":"SMTP Port Access",
"scanner-classification":"Wildebeest",
"end-effective-date":"2012-04-25T13:33:44.538Z",
"taxonomy":"Wildebeest",
"begin-effective-date":"2012-04-25T13:33:44.538Z",
"port-reference":{
"protocol-number":42,
"description":"Wildebeest",
"keyword":"Wildebeest",
"port-number":42,
"protocol-reference":{
"description":"Wildebeest",
"keyword":"Wildebeest",
"number":42
}
},
"vulnerability-info":[
{
"vuln-id":"79600390-9B73-102E-A3E2-001676E4A757",
"value":"Wildebeest",
"type":"Wildebeest"
}
],
"vulnerability-codes":[
{
"vuln-id":"79600390-9B73-102E-A3E2-001676E4A757",
"value":"Wildebeest",
"type":"Wildebeest",
"url":"Wildebeest"
}
],
"protocol-reference":{
"description":"Wildebeest",
"keyword":"Wildebeest",
"number":42
}
}
]
}
]
}
]
}
],
"prev":{
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container?pagesize=1&page=1"
},
"next":{
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container?pagesize=1&page=3"
}
}
| Object type: vulnerability-container | ||
|---|---|---|
| An Vulnerability Container object contains information about enterprise vulnerabilities. | ||
| Field | Required | Description |
| events | false | The list of VulnerabilityEventData objects used to locate vulnerabilities when executing an vulnerability report. Definition |
| id | false | Unique Identifier. |
| scanners | false | List of vulnerability scanners from an executed vulnerability report. Definition |
| useEventTime | false | Flag to use current time or event time to determine which scanner to use. |
| Object type: meta | ||
|---|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | ||
| Field | Required | Description |
| @href | false | The URL reference to the object. |
| type | false | The name of the object type |
| Object type: vulnerability-event-data | ||
|---|---|---|
| A Vulnerability Event Data object contains event information required to search for vulnerabilities in the system such as the customer name, IP address as well as event IDs and event times. | ||
| Field | Required | Description |
| customer-name | false | Search for vulnerabilities from a specific customer. |
| ip | false | Search for vulnerabilities from a specific IP address. |
| time | false | Used to find vulnerabilities associated with a given event ID and time. |
| uuid | false | Used to find vulnerabilities associated with a given event ID and time. |
| Object type: vulnerability-scanner | ||
|---|---|---|
| Represents a scan of enterprise assets for vulnerabilities. | ||
| Field | Required | Description |
| product-name | false | Name of the product line of which this scanner is a member; if you don't set this, the Collector product name will be used. |
| product-version | false | The version of the scanner product. |
| resources | false | A list of vulnerability resources associated with this scan. Definition |
| scanner-instance | false | Needs description. |
| scanner-type | false | The type of scanner; currently hard-coded to 'VULN'. |
| vendor | false | Name of the vendor who manufactures this scanner; if you don't set this, the Collector vendor name will be used. |
| Object type: | |
|---|---|
| The metadata representation of the newly-created vulnerability-container object, including the URL reference to the new object. | |
| Field | Description |
| meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
| Object type: meta | |
|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | |
| Field | Description |
| @href | The URL reference to the object. |
| type | The name of the object type |
| Object type: vulnerability-event-data | |
|---|---|
| A Vulnerability Event Data object contains event information required to search for vulnerabilities in the system such as the customer name, IP address as well as event IDs and event times. | |
| Field | Description |
| customer-name | Search for vulnerabilities from a specific customer. |
| ip | Search for vulnerabilities from a specific IP address. |
| time | Used to find vulnerabilities associated with a given event ID and time. |
| uuid | Used to find vulnerabilities associated with a given event ID and time. |
| Object type: vulnerability-scanner | |
|---|---|
| Represents a scan of enterprise assets for vulnerabilities. | |
| Field | Description |
| product-name | Name of the product line of which this scanner is a member; if you don't set this, the Collector product name will be used. |
| product-version | The version of the scanner product. |
| resources | A list of vulnerability resources associated with this scan. Definition |
| scanner-instance | Needs description. |
| scanner-type | The type of scanner; currently hard-coded to 'VULN'. |
| vendor | Name of the vendor who manufactures this scanner; if you don't set this, the Collector vendor name will be used. |
POST https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container
{
"id":"Wildebeest",
"useEventTime":true,
"events":[
{
"time":"2012-04-25T13:33:44.546Z",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"customer-name":"Company A",
"ip":"137.65.2.12"
}
],
"scanners":[
{
"product-name":"Wildebeest",
"vendor":"Nessus",
"product-version":"Wildebeest",
"scanner-instance":"Wildebeest",
"scanner-type":"Wildebeest",
"resources":[
{
"criticality":1,
"location":"Building A",
"department":"HR",
"regulation":"Wildebeest",
"hostname":"hr1.company.com",
"op-env":"Wildebeest",
"scanner-id":"79600390-9B73-102E-A3E2-001676E4A757",
"regulation-rating":"Wildebeest",
"business-system":"Wildebeest",
"ip":"137.1.2.3",
"vulnerabilities":[
{
"summary":"Wildebeest",
"module":"Wildebeest",
"computed-severity":42,
"app-protocol":"Wildebeest",
"assigned-severity":42,
"scanned-app-ver":"Wildebeest",
"port-number":523,
"network-protocol":42,
"detected-os":"SLES 11.2",
"solution":"Block access to port 523.",
"user-name":"Wildebeest",
"rsrc-id":"79600390-9B73-102E-A3E2-001676E4A757",
"scanned-app":"Wildebeest",
"user-domain":"Wildebeest",
"port-name":"Wildebeest",
"detected-os-ver":"1.0.1",
"name":"SMTP Port Access",
"scanner-classification":"Wildebeest",
"end-effective-date":"2012-04-25T13:33:44.546Z",
"taxonomy":"Wildebeest",
"begin-effective-date":"2012-04-25T13:33:44.546Z",
"port-reference":{
"protocol-number":42,
"description":"Wildebeest",
"keyword":"Wildebeest",
"port-number":42,
"protocol-reference":{
"description":"Wildebeest",
"keyword":"Wildebeest",
"number":42
}
},
"vulnerability-info":[
{
"vuln-id":"79600390-9B73-102E-A3E2-001676E4A757",
"value":"Wildebeest",
"type":"Wildebeest"
}
],
"vulnerability-codes":[
{
"vuln-id":"79600390-9B73-102E-A3E2-001676E4A757",
"value":"Wildebeest",
"type":"Wildebeest",
"url":"Wildebeest"
}
],
"protocol-reference":{
"description":"Wildebeest",
"keyword":"Wildebeest",
"number":42
}
}
]
}
]
}
]
}
Location:https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container/Wildebeest
{
"meta":{
"type":"vulnerability-container",
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/vulnerability-container/Wildebeest"
}
}