search

Third Party Vulnerability

Get Third Party Vulnerability Information for a customer in PDF/JSON/CSV format

hashtag
Get Third Party Vulnerability Information

GET https://k2io.net/centralmanager/api/v1/download/application/vulnerability/{K2_CUSTOMER_ID}

This endpoint allows you to get third party vulnerability information in JSON/PDF/CSV. Note - In case you're using K2 On-Premises Portal then replace https://k2io.net in the API with elastic IP address of your K2 On-Premises Cluster.

hashtag
Path Parameters

Name
Type
Description

K2_CUSTOMER_ID

integer

customerId of customer For e.g. 533. It can be obtained by accessing customer profile on K2 Portal.

hashtag
Query Parameters

Name
Type
Description

startTime

integer

startTime of the attacks(time duration field in milliseconds) For e.g. 1619503221323.

endTime

integer

endTime of the attacks(time duration field in milliseconds) For e.g. 1631691905000.

fileType

string

Specify download file type for e.g. csv,json,pdf For e.g. csv.

severityType

string

Filter field to get vulnerability info of particular severity level. This is comma separate values. For e.g. CRITICAL%2CHIGH.

filtredApplicationPattern

string

Filter field to get vulnerability info of particular application For e.g. ForkExec-Demo.

applicationUUID

string

Filter field to get vulnerability info of particular server on the basis of unique serverId For e.g. 74138551-d12f-40db-ac03-c25c98ee92f3.

applicationSha256

string

Filter field to get vulnerability info of particular application on the basis of application's sha256 For e.g. 8939b01b7ea6994eb456d853 7cbe2dc192cc4b8b989b033c26cbf836b1f528ea.

cve

string

Filter field to get vulnerability info of particular cve For This is comma separated values. e.g. CVE-2017-13098%2CCVE-2018-1000613.

hashtag
Headers

Name
Type
Description

K2_API_ACCESSOR_TOKEN

string

K2 API Accessor token obtained from Accounts sections of K2 Portal for e.g. 5b2bf1fa-f4e1-daf9-a787-bd5eXXXXXXXX 

{
    "draw": null,
    "recordsFiltered": 1,
    "recordsTotal": 1,
    "data": [
        {
            "severity": "HIGH",
            "cve": "CVE-2017-5637",
            "componentSha256": "d47d35b9a10af53b7967ff4851bff832778539eed1e43fae6bfcb1f13576bdf5",
            "packageId": "",
            "description": "Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.",
            "timestamp": 1618843675319,
            "applicationSHA": "f0e4dfc6049ec500647b0f8de067e568136652bcc9509cb377048f26c89023c3",
            "applicationUUID": "2bf85fc2-cd1f-458e-87ac-0d756b99f4f2",
            "component": "zookeeper-3.4.8.jar"
        }
      ]
 }

hashtag
Query Param Possible Values

hashtag
severityType

[ "CRITICAL", "HIGH", "LOW", "MEDIUM", "NEGLIGIBLE", "UNKNOWN", "MODERATE" ]

hashtag
cve

[ "CVE-2017-13098", "CVE-2018-1000613", "CVE-2014-9356" ]

hashtag
cURL Example

For e.g.

circle-exclamation

Make sure to use --output flag in curl command and pass output pdf file name when you are using fileType=pdf option.

hashtag
Responses

Here we will go through various kinds of response returned by Third Party Vulnerability API

hashtag
JSON

hashtag
CSV

CSV Response Returned By the Third Party Vulnerability API

hashtag
PDF

PDF Response Returned by the Third Party Vulnerability API

hashtag
Accessing Third Party Vulnerability Scan API Data On K2 Portal

You can access the data reported by Third Party Vulnerability Scan API Data on K2 Portal by using below link.

Use Advanced Filter and get filtered data.

Third Party Vulnerability Scan | K2 Portalarrow-up-right

PreviousExploitable Vulnerability ScanNextResources

Last updated

Was this helpful?