CreateVulnerability
This method can be used for the following functionality: Create a vulnerability on a project you have access to using project identifier (Id).
Parameters
The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.
Headers
Query
projectId (string)
Identifier for the project.
Example:
created (string) (optional)
Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.
Example:
title (string)
Title for the vulnerability.
Example:
asset_library_ids (array of strings) (optional)
Asset libraries to map affected asset(s) against.
Example:
affected_asset_id (string) (optional)
Id of the affected asset.
Example:
affected_asset_name (string) (optional)
Name of the affected asset.
Example:
affected_assets (array of objects) (optional)
Assign multiple assets to vulnerability.
Example:
priority (string)
Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info
Example:
likelihood_of_exploitation (number)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
description (string)
Description of the vulnerability.
Example:
attack_scenario (string)
Attack Scenario for the vulnerability.
Example:
remediation_recommendation (string)
Remediation Recommendation for the vulnerability.
Example:
steps_to_reproduce (string)
Steps to Reproduce the vulnerability (POC).
Example:
tags (array of strings) (optional)
Tags for the vulnerability.
Example:
notes (array of objects) (optional)
Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT.
Example:
is_zeroday (boolean) (optional)
Whether vulnerability is a zeroday (0-day) or not.
Example:
is_visible (boolean) (optional)
Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).
Example:
import_to_library (string) (optional)
Import vulnerabilities into the Imported Vulnerabilities Library (default), Main Vulnerabilities Library or Project Vulnerabilities Library. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used).
Example:
import_source (string) (optional)
Vulnerability source e.g. Nessus, BURP, Custom Tool, etc.
Example:
import_source_id (string) (optional)
Vulnerability source/plugin id. Unique Id from the source/tool vulnerability is imported from.
Example:
linked_testcases (array of strings) (optional)
Test case Ids to link to the vulnerability.
Example:
custom_fields (array of objects) (optional)
Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only.
For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis
Example:
custom_tags (array of objects) (optional)
Custom tags. Must include a name and value. Name must be unique and letters, number and underscores only.
Example:
Example
The following example is a cURL request to create a vulnerability on a project by the project identifier (Id).
Request
Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
Response
Response contains a vulnerability object.
Last updated