# CreateVulnerabilityLibraryIssue ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory. ### Headers ``` POST /api/ss/library/vulnerability HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **title (string)** Title for the vulnerability. Example: ``` { "title": "..." } ``` **projectId (string) (optional)** Project Id. Required if creating writeup in Project Vulnerabilities library. Example: ``` { "projectId": "66b46bcc35e410ad5dd5420c" } ``` **severity (number) (optional)** Severity of the vulnerability. Must be a number between 1 to 10. Example: ``` { "severity": 10 } ``` **likelihood\_of\_exploitation (number) (optional)** Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10. Example: ``` { "likelihood_of_exploitation": 10 } ``` **impact\_on\_confidentiality (string) (optional)** Impact on Confidentiality. Must be one of the following: High, Medium, Low, None Example: ``` { "impact_on_confidentiality": "High" } ``` **impact\_on\_integrity (string) (optional)** Impact on Integrity. Must be one of the following: High, Medium, Low, None Example: ``` { "impact_on_integrity": "High" } ``` **impact\_on\_availability (string) (optional)** Impact on Availability. Must be one of the following: High, Medium, Low, None Example: ``` { "impact_on_availability": "High" } ``` **description (string)** Description of the vulnerability. Example: ``` { "description": "..." } ``` **attack\_scenario (string)** Attack Scenario for the vulnerability. Example: ``` { "attack_scenario": "..." } ``` **remediation\_recommendation (string)** Remediation Recommendation for the vulnerability. Example: ``` { "remediation_recommendation": "..." } ``` **tags (array of strings) (optional)** Tags for the vulnerability. Example: ``` { "tags": ["...", "...", "..."] } ``` **import\_to\_library (string) (optional)** Add writeup to the Imported Vulnerabilities library (default), Project Vulnerabilities library or Main Vulnerabilities library. Must be either "Imported Vulnerabilities", "Project Vulnerabilities" or "Main Vulnerabilities" or key for a custom library (if custom libraries are used). Example: ``` { "import_to_library": "Imported Vulnerabilities" } ``` **import\_source (string) (optional)** Vulnerability source e.g. Nessus, BURP, Custom Tool, etc. Example: ``` { "import_source": "Nessus" } ``` **import\_source\_id (string) (optional)** Vulnerability source/plugin id. Unique Id from the source/tool vulnerability is imported from. Example: ``` { "import_source_id": "NessusPlugin123" } ``` **custom\_tags (*****array of objects*****) (*****optional*****)** Custom tags. Must include a name and value. Name must be unique and letters, numbers and underscores only. Example: ``` { "custom_tags": [{"name": "...", "value": "..."}] } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only. For more information visit Example: ``` { "custom_fields": [{"key": "...", "value": "..."}] } ``` ## Example The following example is a cURL request to create a vulnerability in the library. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X POST 'https://demo.attackforge.com/api/ss/library/vulnerability' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "title": "SQL Injection", "severity": 10, "likelihood_of_exploitation": 10, "impact_on_confidentiality": "High", "impact_on_integrity": "High", "impact_on_availability": "High", "description": "Lorem Ipsum...", "attack_scenario": "Lorem Ipsum...", "remediation_recommendation": "Lorem Ipsum...", "tags": ["CWE-89", "Injection"], "import_to_library": "Imported Vulnerabilities", "import_source": "Nessus", "import_source_id": "NessusPlugin123", "custom_tags": [{"name": "ext_vuln_score", "value": "123"}], "custom_fields": [{"key": "custom_tool", "value": "A77@cKF0rgeParser"}] }' ``` ### Response Response contains a vulnerability object. ``` { "vulnerability": { "vulnerability_id": "...", "vulnerability_created": "...", "vulnerability_modified": "...", "vulnerability_title": "...", "vulnerability_severity": 10, "vulnerability_likelihood_of_exploitation": 10, "vulnerability_impact_on_confidentiality": "High", "vulnerability_impact_on_integrity": "High", "vulnerability_impact_on_availability": "High", "vulnerability_description": "...", "vulnerability_attack_scenario": "...", "vulnerability_remediation_recommendation": "...", "vulnerability_tags": [ "..." ] "vulnerability_library_id": "...", "vulnerability_custom_fields": [ { "key": "...", "value": "...", "type": "Tag/Field" } ] } } ```