CreateVulnerability

This method can be used for the following functionality: Create a vulnerability on a project you have access to using project identifier (Id).

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/vulnerability HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

projectId (string)

Identifier for the project.

Example:

{
   "projectId": "..."
}

created (string) (optional)

Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

title (string)

Title for the vulnerability.

Example:

asset_library_ids (array of strings) (optional)

Asset libraries to map affected asset(s) against.

Example:

affected_asset_id (string) (optional)

Id of the affected asset.

Example:

affected_asset_name (string) (optional)

Name of the affected asset.

Example:

affected_assets (array of objects) (optional)

Assign multiple assets to vulnerability.

Example:

priority (string)

Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info

Example:

likelihood_of_exploitation (number)

Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.

Example:

description (string)

Description of the vulnerability.

Example:

attack_scenario (string)

Attack Scenario for the vulnerability.

Example:

remediation_recommendation (string)

Remediation Recommendation for the vulnerability.

Example:

steps_to_reproduce (string)

Steps to Reproduce the vulnerability (POC).

Example:

tags (array of strings) (optional)

Tags for the vulnerability.

Example:

notes (array of objects) (optional)

Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT.

Example:

is_zeroday (boolean) (optional)

Whether vulnerability is a zeroday (0-day) or not.

Example:

is_visible (boolean) (optional)

Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).

Example:

import_to_library (string) (optional)

Import vulnerabilities into the Imported Vulnerabilities Library (default), Main Vulnerabilities Library or Project Vulnerabilities Library. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used).

Example:

import_source (string) (optional)

Vulnerability source e.g. Nessus, BURP, Custom Tool, etc.

Example:

import_source_id (string) (optional)

Vulnerability source/plugin id. Unique Id from the source/tool vulnerability is imported from.

Example:

linked_testcases (array of strings) (optional)

Test case Ids to link to the vulnerability.

Example:

custom_fields (array of objects) (optional)

Custom fields. Must include a key and value. Key must be unique and letters, number and underscores only.

For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis

Example:

custom_tags (array of objects) (optional)

Custom tags. Must include a name and value. Name must be unique and letters, number and underscores only.

Example:

Example

The following example is a cURL request to create a vulnerability on a project by the project identifier (Id).

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

Response

Response contains a vulnerability object.

PreviousCreateUsersNextCreateVulnerabilityBulk

Last updated