# CreateVulnerability ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory. ### Headers ``` POST /api/ss/vulnerability HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **projectId (string)** Identifier for the project. Example: ``` { "projectId": "..." } ``` **created (string) (optional)** Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "created": "2021-06-03T23:15:33.008Z" } ``` **title (string)** Title for the vulnerability. Example: ``` { "title": "..." } ``` **asset\_library\_ids (*****array of strings*****) (*****optional*****)** Asset libraries to map affected asset(s) against. Example: ``` { "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."] } ``` **affected\_asset\_id (string) (*****optional*****)** Id of the affected asset. Example: ``` { "affected_asset_id": "..." } ``` **affected\_asset\_name (string) (*****optional*****)** Name of the affected asset. Example: ``` { "affected_asset_name": "..." } ``` **affected\_assets (array of objects) (optional)** Assign multiple assets to vulnerability. Example: ``` [ { "assetId": "...", "assetName": "...", "notes": [ "..." ], "tags": [ "..." ], "actioned": false, "components": [ { "name": "...", "notes": [ "..." ], "actioned": false, "tags": [ "..." ] } ] } ] ``` **priority (string)** Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info Example: ``` { "priority": "Critical" } ``` **likelihood\_of\_exploitation (number)** Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10. Example: ``` { "likelihood_of_exploitation": 10 } ``` **description (string)** Description of the vulnerability. Example: ``` { "description": "..." } ``` **attack\_scenario (string)** Attack Scenario for the vulnerability. Example: ``` { "attack_scenario": "..." } ``` **remediation\_recommendation (string)** Remediation Recommendation for the vulnerability. Example: ``` { "remediation_recommendation": "..." } ``` **steps\_to\_reproduce (string)** Steps to Reproduce the vulnerability (POC). Example: ``` { "steps_to_reproduce": "..." } ``` **cvssv4\_vector (string) (optional)** CVSS Version 4 vector string. Example: ``` { "cvssv4_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" } ``` **tags (array of strings) (optional)** Tags for the vulnerability. Example: ``` { "tags": ["...", "...", "..."] } ``` **notes (array of objects) (optional)** Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT. Example: ``` { "notes": [ { "note": "Lorem ipsum..", "type": "PLAINTEXT" } ] } ``` **is\_zeroday (boolean) (optional)** Whether vulnerability is a zeroday (0-day) or not. Example: ``` { "is_zeroday": true } ``` **is\_visible (boolean) (optional)** Whether vulnerability is visible to the project team (true) or only team members with Edit access (false). Example: ``` { "is_visible": true } ``` **import\_to\_library (string) (optional)** Import vulnerabilities into the Imported Vulnerabilities Library (default), Main Vulnerabilities Library or Project Vulnerabilities Library. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used). Example: ``` { "import_to_library": "Imported Vulnerabilities" } ``` **import\_source (string) (optional)** Vulnerability source e.g. Nessus, BURP, Custom Tool, etc. Example: ``` { "import_source": "Nessus" } ``` **import\_source\_id (string) (optional)** Vulnerability source/plugin id. Unique Id from the source/tool vulnerability is imported from. Example: ``` { "import_source_id": "NessusPlugin123" } ``` **linked\_testcases (array of strings) (optional)** Test case Ids to link to the vulnerability. Example: ``` { "linked_testcases": ["..."] } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only. For more information visit Example: ``` { "custom_fields": [{"key": "...", "value": "..."}] } ``` **custom\_tags (*****array of objects*****) (*****optional*****)** Custom tags. Must include a name and value. Name must be unique and letters, number and underscores only. Example: ``` { "custom_tags": [{"name": "...", "value": "..."}] } ``` ## Example The following example is a cURL request to create a vulnerability on a project by the project identifier (Id). ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X POST 'https://demo.attackforge.com/api/ss/vulnerability' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "projectId": "5dbe74944a04ce0abffc1a91", "title": "SQL Injection", "affected_asset_name": "AttackForge.com", "priority": "Critical", "likelihood_of_exploitation": 10, "description": "Lorem Ipsum...", "attack_scenario": "Lorem Ipsum...", "remediation_recommendation": "Lorem Ipsum...", "steps_to_reproduce": "Lorem Ipsum...", "tags": ["CWE-89", "Injection"], "notes": [ { "note": "Lorem ipsum..", "type": "PLAINTEXT" } ], "is_zeroday": false, "is_visible": true, "import_to_library": "Imported Vulnerabilities", "import_source": "Nessus", "import_source_id": "NessusPlugin123", "custom_fields": [{"key": "vuln_external_id", "value": "VULN123"}], "linked_testcases": ["66845d85d427ba0010d0681b"], "custom_tags": [{"name": "ext_vuln_score", "value": "HIGH"}] }' ``` ### Response Response contains a vulnerability object. ``` { "vulnerability": { "vulnerability_id": "...", "vulnerability_created": "...", "vulnerability_modified": "...", "vulnerability_title": "...", "vulnerability_priority": "...", "vulnerability_status": "...", "vulnerability_retest": "...", "vulnerability_likelihood_of_exploitation": 10, "vulnerability_steps_to_reproduce": "...", "vulnerability_cvssv4_vector": "...", "vulnerability_tags": [ "..." ], "vulnerability_is_zeroday": "...", "vulnerability_notes": [ { "note": "...", "note_html": "...", "type": "PLAINTEXT/RICHTEXT" } ], "vulnerability_description": "...", "vulnerability_attack_scenario": "...", "vulnerability_remediation_recommendation": "...", "vulnerability_affected_asset_name": "...", "vulnerability_affected_asset_id": "...", "vulnerability_affected_assets": [ { "asset": { "id": "...", "name": "...", "library_id": "...", "library_external_id": "...", "custom_fields": [ { "key": "...", "value": "...", "type": "Field" } ], }, "notes": [ "..." ], "tags": [ "..." ], "actioned": true, "components": [ { "name": "...", "notes": [ "..." ], "actioned": true, "tags": [ "..." ] } ] } ], "vulnerability_project_name": "...", "vulnerability_project_id": "...", "vulnerability_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ], "vulnerability_sla": "...", "vulnerability_release_date": "..." } } ```