AttackForge Enterprise & AttackForge Core
Powered By GitBook
CreateVulnerabilityBulk
This method can be used for the following: Create multiple vulnerabilities on a project you have access to, by project identifier (Id).

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

1
POST /api/ss/vulnerability/bulk HTTP/1.1
2
Host: demo.attackforge.com
3
X-SSAPI-KEY: APIKey
4
Content-Type: application/json
5
Connection: close
Copied!

Query

projectId (string)
Identifier for the project.
Example:
1
{
2
"projectId": "..."
3
}
Copied!
title (string)
Title for the vulnerability.
Example:
1
{
2
"title": "..."
3
}
Copied!
affected_asset_names (array of strings)
Names of the affected assets. A new vulnerability will be created for each asset name.
Example:
1
{
2
"affected_asset_names": ["...", "...", "..."]
3
}
Copied!
priority (string)
Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info
Example:
1
{
2
"priority": "Critical"
3
}
Copied!
likelihood_of_exploitation (number)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
1
{
2
"likelihood_of_exploitation": 10
3
}
Copied!
description (string)
Description of the vulnerability.
Example:
1
{
2
"description": "..."
3
}
Copied!
attack_scenario (string)
Attack Scenario for the vulnerability.
Example:
1
{
2
"attack_scenario": "..."
3
}
Copied!
remediation_recommendation (string)
Remediation Recommendation for the vulnerability.
Example:
1
{
2
"remediation_recommendation": "..."
3
}
Copied!
steps_to_reproduce (string)
Steps to Reproduce the vulnerability (POC).
Example:
1
{
2
"steps_to_reproduce": "..."
3
}
Copied!
tags (array of strings) (optional)
Tags for the vulnerability.
Example:
1
{
2
"tags": ["...", "...", "..."]
3
}
Copied!
notes (array of strings) (optional)
Notes for the vulnerability.
Example:
1
{
2
"notes": ["...", "...", "..."]
3
}
Copied!
is_zeroday (boolean) (optional)
Whether vulnerability is a zeroday (0-day) or not.
Example:
1
{
2
"is_zeroday": true
3
}
Copied!
is_visible (boolean) (optional)
Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).
Example:
1
{
2
"is_visible": true
3
}
Copied!
import_to_library (string) (optional)
Import vulnerabilities into the Imported Vulnerabilities Library (default), Main Vulnerabilities Library or Project Vulnerabilities Library. Must be either "Imported Vulnerabilities", "Main Vulnerabilities" or "Project Vulnerabilities".
Example:
1
"import_to_library": "Imported Vulnerabilities"
Copied!
import_source (string) (optional)
Vulnerability source e.g. Nessus, BURP, Custom Tool, etc.
Example:
1
"import_source": "Nessus"
Copied!
import_source_id (string) (optional)
Vulnerability source/plugin id. Unique Id from the source/tool vulnerability is imported from.
Example:
1
"import_source_id": "NessusPlugin123"
Copied!

Example

The following example is a cURL request to create multiple vulnerabilities on a project by the project identifier (Id).

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
1
curl -X POST 'https://demo.attackforge.com/api/ss/vulnerability/bulk' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
2
"projectId": "5efa890661ee7e0a11f90130",
3
"title": "SQL Injection",
4
"affected_asset_names": ["AttackForge.com", "app.attackforge.com", "support.attackforge.com"],
5
"priority": "Critical",
6
"likelihood_of_exploitation": 10,
7
"description": "Lorem Ipsum...",
8
"attack_scenario": "Lorem Ipsum...",
9
"remediation_recommendation": "Lorem Ipsum...",
10
"steps_to_reproduce": "Lorem Ipsum...",
11
"tags": ["CWE-89", "Injection"],
12
"notes": ["Lorem Ipsum...", "Lorem Ipsum..."],
13
"is_zeroday": false,
14
"is_visible": true,
15
"import_to_library": "Imported Vulnerabilities",
16
"import_source": "Nessus",
17
"import_source_id": "NessusPlugin123"
18
}'
Copied!

Response

Response contains a vulnerability object.
1
{
2
"count": 999,
3
"vulnerability": {
4
"vulnerability_id": "...",
5
"vulnerability_created": "...",
6
"vulnerability_modified": "...",
7
"vulnerability_title": "...",
8
"vulnerability_priority": "...",
9
"vulnerability_status": "...",
10
"vulnerability_retest": "...",
11
"vulnerability_likelihood_of_exploitation": 10,
12
"vulnerability_steps_to_reproduce": "...",
13
"vulnerability_tags": ["...","..."],
14
"vulnerability_is_zeroday": "...",
15
"vulnerability_notes": [{"note":"..."},{"note":"..."}],
16
"vulnerability_description": "...",
17
"vulnerability_attack_scenario": "...",
18
"vulnerability_remediation_recommendation": "...",
19
"vulnerability_affected_asset_name": "...",
20
"vulnerability_affected_asset_id": "...",
21
"vulnerability_project_name": "...",
22
"vulnerability_project_id": "..."
23
}
24
}
Copied!
Last modified 27d ago