The command above will produce a CSV titled filtered_vulns.csv in the working directory where you had run the command from.
The CSV will include the following details for each vulnerability:
Id
Title (e.g. Blind SQL Injection)
Created (time/date)
Priority (Critical/High/Medium/Low/Info)
Status (Open/Closed)
Status Updated (time/date)
Affected Asset Name (e.g. attackforge.com)
Affected Assets - if vulnerability is using Grouped Assets, show each asset name
Retest (Yes/No)
Project Name (e.g. Web App Pentest)
Description
Attack Scenario
Remediation Recommendation
Steps to Reproduce
Changing Fields & Re-Ordering Fields
If you would like to change the existing fields in the CSV, or re-order the fields in the CSV – adjust everything between [.vulnerability_created, ... , .vulnerability_id]:
Note the backslashes \" are necessary to escape the quotation marks for each CSV column title. If you do not include the backslashes, you may get a compilation error.
You can now use the JQ utility for any of the AttackForge Self-Service APIs, to extract any desired information for your reporting purposes.
Troubleshooting
1. Test jq utility is available
jq
This should result in info/help output in the terminal. This will test to confirm jq utility has been installed & configured successfully on your host.
2. Test cURL works + piping/passing JSON data to jq
This should create a file output.csv in the directory you are currently running commands from in command terminal, the contents of the file will be https://api.github.com/repos/stedolan/jq/commits/d18b2d078c2383d9472d0a0a226e07009025574f
5. Store AttackForge getVulnerabilities data in a JSON file
This should create a file vulns.json in the directory you are currently running commands from in terminal, the contents of this file will be vulnerabilities which match the query parameter.
This should create a file filtered_vulns.csv in the directory you are currently running commands from in terminal, the contents of this file will be vulnerabilities which match the specified fields in the JQ command.
If you get to Step 7 above and it is all working correctly, there should be no restrictions from running the original command (see below):
For this tutorial, we are going to focus on the API method. You can however use this approach for any of the Self-Service RESTful API methods.
Run the following command (replacing your tenant name & API Key). Make sure you have access to the getVulnerabilities API (see )
If you would like to add additional fields to the CSV, you can use any of the fields available in the API (see )
If you would like to filter the vulnerabilities, you can use any of the existing filters supported in the API (see )
For example, the command below will limit the vulnerabilities retrieved from the API to Open vulnerabilities only using the Advanced Query Filter () --data-urlencode "q={status:{$eq:\"Open\"}}":
You can check all the of the available APIs from our support site:
