Exploitable Vulnerability Scan
Get Exploitable Vulnerability Scan Information for a customer in PDF/JSON/CSV format
Get Attacks
GET https://k2io.net/centralmanager/api/v1/download/usercodevulnerabilityscan/ic/{K2_CUSTOMER_ID}
This endpoint allows you to get Exploitable vulnerability information in JSON/PDF/CSV. Note - In case you're using K2 On-Premises Portal then replace https://k2io.net in the API with elastic IP address of your K2 On-Premises Cluster.
Path Parameters
K2_CUSTOMER_ID
integer
customerId of customer For e.g. 533. It can be obtained by accessing customer profile on K2 Portal.
Query Parameters
vulnerability
string
Comma separated values for vulnerability For e.g. LDAP%2CSQL_DB_COMMAND
startTime
integer
startTime of the attacks(time duration field in milliseconds) For e.g. 1619503221323.
endTime
integer
endTime of the attacks(time duration field in milliseconds) For e.g. 1631691905000.
fileType
string
Specify download file type for e.g. csv,json,pdf For e.g. csv.
severityType
string
Filter field to get vulnerability info of particular severity level. This is comma separated values For e.g. CRITICAL%2CHIGH.
filtredApplicationPattern
string
Filter field to get vulnerability info of particular application For e.g. ForkExec-Demo.
traceId
string
Filter field to get vulnerability info of particular apiId For e.g. d4ca1bd2ae91e8ce9e66017c3a0 c64429a8f109970dd75e2ac5939b82d8b9908 .
scanId
string
Filter field to get vulnerability info of particular scanId(scanId uniquely identified by agent on each custom code scan of a particular application).to get attack info of particular IP for e.g. 192.168.5.149. For e.g. 44a8e555-6c12-4a48-bae7-806314561eb1
filtredURIPattern
string
Filter field Filter field to get vulnerability info of particular URI For e.g. /forkexec-demo.
Headers
K2_API_ACCESSOR_TOKEN
string
K2 API Accessor token obtained from Accounts sections of K2 Portal for e.g. 5b2bf1fa-f4e1-daf9-a787-bd5eXXXXXXXX
{
"draw": null,
"recordsFiltered": 133,
"recordsTotal": 133,
"data": [
{
"timestamp": 1618924239315,
"applicationSHA256": "7fa140d25fabc304aff4b76efdfabb6becb7b99dd3279ccb6fb450b01f745b6d",
"applicationUUID": "33e88a47-37a5-4743-8592-df38961ba7c1",
"apiId": "52cbb8fce91026511ac42e79647748faf30df19d67f639ea69aedfc49a0e06ae",
"vulnerabilityCaseType": "NOSQL_DB_COMMAND",
"sourceMethod": "com.mongodb.internal.connection.CommandMessage(com.mongodb.MongoNamespace,org.bson.BsonDocument,org.bson.FieldNameValidator,com.mongodb.ReadPreference,com.mongodb.internal.connection.MessageSettings,boolean,com.mongodb.connection.SplittablePayload,org.bson.FieldNameValidator,com.mongodb.connection.ClusterConnectionMode)",
"userFileName": "com.k2cybersecurity.dss.service.impl.PolicyService",
"userMethodName": "createSubnet",
"lineNumber": 633,
"url": "/k2dss/api/v1/policy/subnet/1001",
"method": "POST",
"status": "VULNERABLE",
"severityLevel": "CRITICAL",
"scanId": "9f1f69b6-b476-4bde-ad60-96839fbc3dc8",
"applicationName": "k2dss",
"applicationPath": "/tmp/k2cloud/tomcat/webappsmodule/k2dss"
}
]
}Query Param Possible Values
vulnerability
[ "CRYPTO", "FILE_INTEGRITY", "FILE_OPERATION", "HASH", "HTTP_REQUEST", "JAVASCRIPT_INJECTION", "LDAP", "NOSQL_DB_COMMAND", "RANDOM", "REFLECTED_XSS", "SQL_DB_COMMAND", "SYSTEM_COMMAND", "SYSTEM_EXIT", "TRUSTBOUNDARY", "XPATH", "XQUERY_INJECTION" ]
severityType
[ "CRITICAL", "HIGH", "MEDIUM" ]
cURL Example
curl --location --request GET 'https://k2io.net/centralmanager/api/v1/download/usercodevulnerabilityscan/ic/${K2_CUSTOMER_ID}?startTime=${START_TIME}&endTime=${END_TIME}&fileType=${DOWNLOAD_FILE_TYPE}' --header 'K2_API_ACCESSOR_TOKEN: ${YOUR_K2_API_ACCESSOR_TOKEN}'For e.g.
curl --location --request GET 'https://k2io.net/centralmanager/api/v1/download/usercodevulnerabilityscan/ic/533?startTime=0&endTime=1617297401705&fileType=pdf' --header 'K2_API_ACCESSOR_TOKEN: 5b2bf1fa-f4e1-daf9-a787-bd5eXXXXXXXX'Make sure to use --output flag in curl command and pass output pdf file name when you are using fileType=pdf option.
Responses
Here we will go through various kinds of response returned by Exploitable vulnerability scan API.
JSON
{
"draw": null,
"recordsFiltered": 133,
"recordsTotal": 133,
"data": [
{
"timestamp": 1618924239315,
"applicationSHA256": "7fa140d25fabc304aff4b76efdfabb6becb7b99dd3279ccb6fb450b01f745b6d",
"applicationUUID": "33e88a47-37a5-4743-8592-df38961ba7c1",
"apiId": "52cbb8fce91026511ac42e79647748faf30df19d67f639ea69aedfc49a0e06ae",
"vulnerabilityCaseType": "NOSQL_DB_COMMAND",
"sourceMethod": "com.mongodb.internal.connection.CommandMessage(com.mongodb.MongoNamespace,org.bson.BsonDocument,org.bson.FieldNameValidator,com.mongodb.ReadPreference,com.mongodb.internal.connection.MessageSettings,boolean,com.mongodb.connection.SplittablePayload,org.bson.FieldNameValidator,com.mongodb.connection.ClusterConnectionMode)",
"userFileName": "com.k2cybersecurity.dss.service.impl.PolicyService",
"userMethodName": "createSubnet",
"lineNumber": 633,
"url": "/k2dss/api/v1/policy/subnet/1001",
"method": "POST",
"status": "VULNERABLE",
"severityLevel": "CRITICAL",
"scanId": "9f1f69b6-b476-4bde-ad60-96839fbc3dc8",
"applicationName": "k2dss",
"applicationPath": "/tmp/k2cloud/tomcat/webappsmodule/k2dss"
}
]
}CSV
PDF
Accessing Exploitable Vulnerability Scan API Data On K2 Portal
You can access the data reported by Exploitable Vulnerability Scan API Data on K2 Portal by using below link.
Use Advanced Filter and get filtered data.
Last updated
Was this helpful?