CreateVulnerabilityWithLibrary

This method can be used for the following: Create a vulnerability on a project you have access to, by project identifier (Id) and vulnerability library identifier (Id).
Parameters
The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.
Headers
POST /api/ss/vulnerability-with-library HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close
Query
projectId (string)
Identifier for the project.
Example:
{
   "projectId": "..."
}
vulnerabilityLibraryId (string)
Identifier for the issue in the Vulnerability Library. Must be 15-digit number e.g. 203858903055049.
Example:
{
   "vulnerabilityLibraryId": "..."
}
library (string) (optional)
Search this library when matching vulnerabilityLibraryId. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used). Default is Main Vulnerabilities Library.
Example:
{   
    "library": "Imported Vulnerabilities"
}
created (string) (optional)
Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.
Example:
{
   "created": "2021-06-03T23:15:33.008Z"
}
affected_asset_name (string)
Name of the affected asset.
Example:
{
   "affected_asset_name": "..."
}
priority (string)
Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info
Example:
{
   "priority": "Critical"
}
likelihood_of_exploitation (number)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
{
   "likelihood_of_exploitation": 10
}
steps_to_reproduce (string)
Steps to Reproduce the vulnerability (POC).
Example:
{
   "steps_to_reproduce": "..."
}
tags (array of strings) (optional)
Tags for the vulnerability.
Example:
{
   "tags": ["...", "...", "..."]
}
notes (array of strings) (optional)
Notes for the vulnerability.
Example:
{
   "notes": ["...", "...", "..."]
}
is_zeroday (boolean) (optional)
Whether vulnerability is a zeroday (0-day) or not.
Example:
{
   "is_zeroday": true
}
is_visible (boolean) (optional)
Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).
Example:
{
   "is_visible": true
}
custom_fields (array of objects) (optional)
Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only.
For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis​
Example:
{   "custom_fields": [{"key": "...", "value": "..."}]}
Example
The following example is a cURL request to create a vulnerability on a project by the project identifier (Id) and an issue from the Vulnerability Library by its identifier (Id).
Request
Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
curl -X POST 'https://demo.attackforge.com/api/ss/vulnerability-with-library' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
    "projectId": "5f9741cc06ef2708b4a0c4c5",
    "vulnerabilityLibraryId": "203858903055049",
    "library": "Imported Vulnerabilities",
    "affected_asset_name": "AttackForge.com",
    "priority": "Critical",
    "likelihood_of_exploitation": 10,
    "steps_to_reproduce": "Lorem Ipsum...",
    "tags": ["CWE-89", "Injection"],
    "notes": ["Lorem Ipsum...", "Lorem Ipsum..."],
    "is_zeroday": false,
    "is_visible": true,
    "custom_fields": [{"key": "vuln_external_id", "value": "VULN123"}]
}'
Response
Response contains a vulnerability object.
{
    "vulnerability": {
        "vulnerability_id": "...",
        "vulnerability_created": "...",
        "vulnerability_modified": "...",
        "vulnerability_title": "...",
        "vulnerability_priority": "...",
        "vulnerability_status": "...",
        "vulnerability_retest": "...",
        "vulnerability_likelihood_of_exploitation": 10,
        "vulnerability_steps_to_reproduce": "...",
        "vulnerability_tags": [
            "..."
        ],
        "vulnerability_is_zeroday": "...",
        "vulnerability_notes": [
            {
                "note":"..."
            }
        ],
        "vulnerability_description": "...",
        "vulnerability_attack_scenario": "...",
        "vulnerability_remediation_recommendation": "...",
        "vulnerability_affected_asset_name": "...",
        "vulnerability_affected_asset_id": "...",
        "vulnerability_project_name": "...",
        "vulnerability_project_id": "...",
        "vulnerability_custom_fields": [
            {
                "key": "...", 
                "value": "...", 
                "type": "Tag/Field"
            }
        ],
        "vulnerability_sla": "...",
        "vulnerability_release_date": "..."
    }
}
CreateVulnerabilityLibraryIssue
DeactivateUser
Last modified 10h ago