Editing vulnerabilities

/api/2.0/fo/knowledge_base/vuln/

[POST] for actions edit and reset

[GET]  [POST] for action list

Edit vulnerability properties (severity, disabled flag, descriptions) for QIDs in the KnolwedgeBase, and reset properties as needed. You can also list customized vulnerabilities to view details..

Permissions - Managers have permissions to edit vulnerabilities, reset a vulnerability and list customized vulnerabilities.

Input Parameters

Parameter

Description

action={value}

(Required) The action can be one of:

edit - to edit a vulnerability (POST)

reset - to reset vulnerability settings to the default (POST)

custom - to list edited (custom) vulnerabilities (GET, POST)

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

qid={value}

(Required for action "edit" and "reset", not valid for action "custom")

severity={value}

(Optional for action "edit") Severity level between 1 to 5.

Changing the severity level of a vulnerability impacts how the vulnerability appears in reports and how it is  eventually prioritized for remediation.

For example, by changing a vulnerability from a severity 2 to a severity 5, remediation tickets for the vulnerability could have a higher priority and shorter deadline for resolution.

disable={0|1}

(Optional for action "edit") Specify 1 to disable the vulnerability. Default is 0.

When you disable a vulnerability it is globally filtered out from all hosts in all scan reports. The vulnerability is also filtered from host information, asset search results and your dashboard. You may include disabled vulnerabilities in scan reports by changing report filter settings.

threat_comment={value}

(Optional for action "edit") Threat comments in plain text. Comments added are appended to service provided comments.

impact_comment={value}

(Optional for action "edit") Impact comments in plain text. Comments added are appended to service provided comments.

solution_comment ={value}

(Optional for action "edit") Solution comments in plain text. Comments added are appended to service provided comments.

 

Sample - Edit a vulnerability

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST "action=edit&impact_comment=testimpact&qid=27014" "https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

    <RESPONSE>

        <DATETIME>2017-03-02T08:51:59Z</DATETIME>

        <TEXT>Custom Vuln Data has been updated successfully</TEXT>

        <ITEM_LIST>

            <ITEM>

                <KEY>qid</KEY>

                <VALUE>27014</VALUE>

            </ITEM>

        </ITEM_LIST>

    </RESPONSE>

</SIMPLE_RETURN>

Sample - Reset a vulnerability

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST "action=reset&qid=27014"

"https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/"

XML output

?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

    <RESPONSE>

        <DATETIME>2017-03-02T08:55:11Z</DATETIME>

        <TEXT>Custom Vuln Data has been reset successfully</TEXT>

    </RESPONSE>

</SIMPLE_RETURN>

Sample - List customized vulnerabilities

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST "action=custom" "https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE KB_CUSTOM_VULN_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/kb_custom_vuln_list_output.dtd">

<KB_CUSTOM_VULN_LIST_OUTPUT>

    <RESPONSE>

        <DATETIME>2017-03-02T08:47:52Z</DATETIME>

        <CUSTOM_VULN_LIST>

            <CUSTOM_VULN_DATA>

                <QID>

                    <![CDATA[27014]]>

                </QID>

                <SEVERITY_LEVEL>5</SEVERITY_LEVEL>

                <ORIGINAL_SEVERITY_LEVEL>5</ORIGINAL_SEVERITY_LEVEL>

                <IS_DISABLED>1</IS_DISABLED>

                <UPDATED_DATETIME>

                    <![CDATA[2017-03-02T05:58:40Z]]>

                </UPDATED_DATETIME>

                <UPDATED_BY>

                    <![CDATA[mr_md]]>

                </UPDATED_BY>

                <THREAT_COMMENT>

                    <![CDATA[threat123]]>

                </THREAT_COMMENT>

                <IMPACT_COMMENT>

                    <![CDATA[impact123]]>

                </IMPACT_COMMENT>

                <SOLUTION_COMMENT>

                    <![CDATA[solution123]]>

                </SOLUTION_COMMENT>

            </CUSTOM_VULN_DATA>

        </CUSTOM_VULN_LIST>

    </RESPONSE>

</KB_CUSTOM_VULN_LIST_OUTPUT>

 

DTD

<platform API server>/api/2.0/fo/knowledge_base/vuln/kb_custom_vuln_list_output.dtd