UpdateVulnerabilityById
This method can be used for the following functionality: Update a vulnerability this user has access to, by vulnerability identifier (Id).
Parameters
The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.
Headers
PUT /api/ss/vulnerability/:id HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close
Query
id (string)
Identifier for the vulnerability.
Example:
PUT /api/ss/vulnerability/5e7afb0be7aa1b0f20eb62fe HTTP/1.1
projectId (string)
Identifier for the project.
Example:
{
"projectId": "656158c0965172000f9119e8"
}
asset_library_ids (array of strings) (optional)
Asset libraries to map affected asset(s) against.
Example:
{
"asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."]
}
affected_asset (object) (optional)
Id or Name of the affected asset.
Example:
{
"affected_asset": {
"assetId": "...",
"assetName": "..."
}
}
affected_assets (array of objects) (optional)
Assign multiple assets to vulnerability.
Example:
[
{
"assetId": "...",
"assetName": "...",
"notes": [
"..."
],
"tags": [
"..."
],
"actioned": false,
"components": [
{
"name": "...",
"notes": [
"..."
],
"tags": [
"..."
]
}
]
}
]
created (string) (optional)
Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.
Example:
{
"created": "2021-06-03T23:15:33.008Z"
}
title (string) (optional)
Title for the vulnerability.
Example:
{
"title": "..."
}
priority (string) (optional)
Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info
Example:
{
"priority": "Critical"
}
status (string) (optional)
Status for the vulnerability. Must be one of the following: Open, Closed, Retest
Example:
{
"status": "Closed"
}
likelihood_of_exploitation (number) (optional)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
{
"likelihood_of_exploitation": 10
}
description (string) (optional)
Description of the vulnerability.
Example:
{
"description": "..."
}
attack_scenario (string) (optional)
Attack Scenario for the vulnerability.
Example:
{
"attack_scenario": "..."
}
remediation_recommendation (string) (optional)
Remediation Recommendation for the vulnerability.
Example:
{
"remediation_recommendation": "..."
}
steps_to_reproduce (string) (optional)
Steps to Reproduce the vulnerability (POC).
Example:
{
"steps_to_reproduce": "..."
}
tags (array of strings) (optional)
Tags for the vulnerability.
Example:
{
"tags": ["...", "...", "..."]
}
notes (array of objects) (optional)
Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT.
Example:
{
"notes": [
{
"note": "Lorem ipsum..",
"type": "PLAINTEXT"
}
]
}
is_zeroday (boolean) (optional)
Whether vulnerability is a zeroday (0-day) or not.
Example:
{
"is_zeroday": true
}
is_visible (boolean) (optional)
Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).
Example:
{
"is_visible": true
}
is_deleted (boolean) (optional)
Whether vulnerability is deleted or not.
Example:
{
"is_deleted": false
}
custom_tags (array of objects) (optional)
Custom tags. Must include a name and value. Name must be unique and letters, numbers and underscores only.
Example:
{
"custom_tags": [{"name": "...", "value": "..."}]
}
linked_testcases (array of strings) (optional)
Test case Ids to link to the vulnerability.
Example:
{
"linked_testcases": ["..."]
}
custom_fields (array of objects) (optional)
Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only.
For more information visit https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis
Example:
{
"custom_fields": [{"key": "...", "value": "..."}]
}
Example
The following example is a cURL request to update a vulnerability by its identifier (Id).
Request
Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
curl -X PUT 'https://demo.attackforge.com/api/ss/vulnerability/5e7afb0be7aa1b0f20eb62fe' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
"title": "SQL Injection",
"priority": "Critical",
"status": "Open",
"likelihood_of_exploitation": 10,
"description": "Lorem Ipsum...",
"attack_scenario": "Lorem Ipsum...",
"remediation_recommendation": "Lorem Ipsum...",
"steps_to_reproduce": "Lorem Ipsum...",
"tags": ["CWE-89", "Injection"],
"notes": [
{
"note": "Lorem ipsum..",
"type": "PLAINTEXT"
}
],
"is_zeroday": false,
"is_visible": true,
"is_deleted": false,
"custom_tags": [{"name": "ext_vuln_score", "value": "123"}],
"custom_fields": [{"key": "af_sys_affected_endpoint", "value": "https://batportal.attackforge.com"}],
"linked_testcases": ["66845d85d427ba0010d0681b"]
}'
Response
Response contains a result object.
{
"result": {
"result": "Vulnerability Updated"
}
}
Last updated