Application Finding

This documentation is currently outdated and in the process of being updated. This documentation is provided as a temporary reference to various API endpoints and output. This warning will be at the top of each outdated page. As the documentation is updated, this warning will be removed.

Creating an Application Finding

Create a new application finding on the client.

API Call: POST/client/{clientId}/applicationFinding

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user role that can create an application finding is:

  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample create_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"applicationId\": <APPLICATIONID>,  \"assessmentId\": <ASSESSMENTID>,  \"applicationUrl\": \"<APPLICATIONURL>\",  \"severity\": <SEVERITY>,  \"scannerUuid\": \"<SCANNERUUID>\",  \"sourceId\": \"<SOURCEID>\",  \"title\": \"<TITLE>\",  \"description\": \"<DESCRIPTION>\",  \"solution\": \"<SOLUTION>\",,  \"synopsis\": \"<SYNOPSIS>\",  \"notes\": \"<NOTES>\",  \"cweId\": <CWEID>,  \"request\": \"<REQUEST>\",  \"response\": \"<RESPONSE>\",  \"parameter\": \"<PARAMETER>\",  \"payload\": \"<PAYLOAD>\"}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
HOSTID Host ID number.
APPLICATIONID Application ID number.
ASSESSMENTID Assessment ID number.
APPLICATIONURL Application URL.
SEVERITY Host finding severity.
SCANNERUUID Scanner UUID.
SOURCEID Source ID.
TITLE Host finding title.
DESCRIPTION Host finding description.
SOLUTION Host finding solution.
SYNOPSIS Host finding synopsis.
NOTES Notes.
CWEID CWE ID.
REQUEST Request.
RESPONSE Response.
PARAMETER Parameter.
PAYLOAD Payload.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
201 Job Created

201 Sample Response

Copy

{
  "id": 0,
  "created": "2019-09-17T09:41:54.870Z"
}

Code Description
400 Bad Request
401 Unauthorized

Updating an Application Finding

API Call: PUT/client/{clientId}/applicationFinding/{applicationFindingId}

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<APPLICATIONFINDINGID>

URL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
APPLICATIONFINDINGID Application Finding ID number.

User Roles

The user role that can update an application finding is:

  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample update_applicationFinding Snippet

Copy

curl -X PUT "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<APPLICATIONFINDINGID>"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"applicationId\": <APPLICATIONID>,  \"assessmentId\": <ASSESSMENTID>,  \"applicationUrl\": \"<APPLICATIONURL>\",  \"severity\": <SEVERITY>,  \"<SYNOPSIS>\",  \"notes\": \"<NOTES>\",  \"cweId\": <CWEID>,  \"request\": \"<REQUEST>\",  \"response\": \"<RESPONSE>\",  \"parameter\": \"<PARAMETER>\",  \"payload\": \"<PAYLOAD>\"}"

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
APPLICATIONID Application ID number. integer
ASSESSMENTID Assessment ID number. integer
APPLICATIONURL Application URL.
SEVERITY Application severity.
SYNOPSIS Application finding synopsis.
NOTES Application finding notes.
CWEID Application finding CWE ID.
REQUEST Application finding request
RESPONSE Application finding response.
PARAMETER Application finding parameter.
PAYLOAD Application finding synopsis.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
201 Job Created

201 Sample Response

Copy
 
{
  "id": 0,
  "created": "2019-09-23T19:12:41.243Z"
}

Code Description
400 Bad Request
401 User Error
403 Forbidden
404 Not Found

Listing Application Finding Projections and Their Models

API Call: GET/client/{clientId}/applicationFinding/model

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/model

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user role that can update an application finding is:

  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample applicationFinding_projection Snippet

Copy

curl -X GET "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/model"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

Response Parameters

Sample Response

Copy

{
  "subject": "applicationFinding",
  "projections": [
    {
      "name": "basic",
      "fields": [
        {
          "field": "id",
          "type": "int",
          "nested": []
        },
        {
          "field": "hiddenId",
          "type": "int",
          "nested": []
        },
        {
          "field": "networkId",
          "type": "int",
          "nested": []
        },
        {
          "field": "network",
          "type": "EmbeddedNetwork",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            },
            {
              "field": "type",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "groupId",
          "type": "int",
          "nested": []
        },
        {
          "field": "group",
          "type": "EmbeddedGroup",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "discoveredOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "lastFoundOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "resolvedOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "clientId",
          "type": "int",
          "nested": []
        },
        {
          "field": "applicationId",
          "type": "int",
          "nested": []
        },
        {
          "field": "applicationName",
          "type": "string",
          "nested": []
        },
        {
          "field": "scanner",
          "type": "string",
          "nested": []
        },
        {
          "field": "scannerPlugin",
          "type": "string",
          "nested": []
        },
        {
          "field": "state",
          "type": "string",
          "nested": []
        },
        {
          "field": "statusEmbedded",
          "type": "EmbeddedStatus",
          "nested": [
            {
              "field": "state",
              "type": "string",
              "nested": []
            },
            {
              "field": "stateName",
              "type": "string",
              "nested": []
            },
            {
              "field": "stateDescription",
              "type": "string",
              "nested": []
            },
            {
              "field": "status",
              "type": "boolean",
              "nested": []
            },
            {
              "field": "userIds",
              "type": "int[]",
              "nested": []
            },
            {
              "field": "durationInDays",
              "type": "string",
              "nested": []
            },
            {
              "field": "dueDate",
              "type": "string",
              "nested": []
            },
            {
              "field": "expirationDate",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "title",
          "type": "string",
          "nested": []
        },
        {
          "field": "url",
          "type": "string",
          "nested": []
        },
        {
          "field": "assignments",
          "type": "EmbeddedUserDetail[]",
          "nested": []
        },
        {
          "field": "tagAssetCount",
          "type": "int",
          "nested": []
        },
        {
          "field": "tags",
          "type": "EmbeddedTag[]",
          "nested": []
        },
        {
          "field": "tagCount",
          "type": "int",
          "nested": []
        },
        {
          "field": "ticketCount",
          "type": "int",
          "nested": []
        },
        {
          "field": "description",
          "type": "string",
          "nested": []
        },
        {
          "field": "threats",
          "type": "EmbeddedThreats",
          "nested": [
            {
              "field": "manualExploits",
              "type": "EmbeddedManualExploit",
              "nested": [
                {
                  "field": "id",
                  "type": "int",
                  "nested": []
                },
                {
                  "field": "title",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "label",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "pii",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "description",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "source",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "isManualExploit",
                  "type": "boolean",
                  "nested": []
                },
                {
                  "field": "easeOfExploit",
                  "type": "string",
                  "nested": []
                }
              ]
            },
            {
              "field": "paramsAndPayloads",
              "type": "EmbeddedParamsAndPayloads",
              "nested": [
                {
                  "field": "parameter",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "attack",
                  "type": "string",
                  "nested": []
                }
              ]
            }
          ]
        },
        {
          "field": "manualFindingReports",
          "type": "EmbeddedManualExploit",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "title",
              "type": "string",
              "nested": []
            },
            {
              "field": "label",
              "type": "string",
              "nested": []
            },
            {
              "field": "pii",
              "type": "string",
              "nested": []
            },
            {
              "field": "description",
              "type": "string",
              "nested": []
            },
            {
              "field": "source",
              "type": "string",
              "nested": []
            },
            {
              "field": "isManualExploit",
              "type": "boolean",
              "nested": []
            },
            {
              "field": "easeOfExploit",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "acceptanceDates",
          "type": "LocalDateTime[]",
          "nested": []
        },
        {
          "field": "severity",
          "type": "double",
          "nested": []
        },
        {
          "field": "severityEmbedded",
          "type": "EmbeddedSeverity",
          "nested": [
            {
              "field": "combined",
              "type": "double",
              "nested": []
            },
            {
              "field": "overridden",
              "type": "boolean",
              "nested": []
            },
            {
              "field": "aggregated",
              "type": "double",
              "nested": []
            },
            {
              "field": "state",
              "type": "string",
              "nested": []
            },
            {
              "field": "stateName",
              "type": "string",
              "nested": []
            },
            {
              "field": "expirationDate",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "noteCount",
          "type": "int",
          "nested": []
        },
        {
          "field": "scannerName",
          "type": "string",
          "nested": []
        },
        {
          "field": "moduleName",
          "type": "string",
          "nested": []
        },
        {
          "field": "compiler",
          "type": "string",
          "nested": []
        },
        {
          "field": "os",
          "type": "string",
          "nested": []
        },
        {
          "field": "architecture",
          "type": "string",
          "nested": []
        },
        {
          "field": "sourceOrigin",
          "type": "string",
          "nested": []
        },
        {
          "field": "visibility",
          "type": "string",
          "nested": []
        },
        {
          "field": "remediationEffort",
          "type": "int",
          "nested": []
        },
        {
          "field": "exploitLevel",
          "type": "int",
          "nested": []
        },
        {
          "field": "ciaImpact",
          "type": "string",
          "nested": []
        },
        {
          "field": "pciRelated",
          "type": "string",
          "nested": []
        },
        {
          "field": "line",
          "type": "int",
          "nested": []
        },
        {
          "field": "scope",
          "type": "string",
          "nested": []
        },
        {
          "field": "functionProtoype",
          "type": "string",
          "nested": []
        },
        {
          "field": "functionRelativeLocation",
          "type": "int",
          "nested": []
        },
        {
          "field": "scannerVersion",
          "type": "string",
          "nested": []
        }
      ]
    },
    {
      "name": "detail",
      "fields": [
        {
          "field": "id",
          "type": "int",
          "nested": []
        },
        {
          "field": "hiddenId",
          "type": "int",
          "nested": []
        },
        {
          "field": "network",
          "type": "EmbeddedNetwork",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            },
            {
              "field": "type",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "group",
          "type": "EmbeddedGroup",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "discoveredOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "lastFoundOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "resolvedOn",
          "type": "string",
          "nested": []
        },
        {
          "field": "clientId",
          "type": "int",
          "nested": []
        },
        {
          "field": "application",
          "type": "EmbeddedApplication",
          "nested": [
            {
              "field": "applicationId",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "assessments",
          "type": "EmbeddedAssessment",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            },
            {
              "field": "date",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "scanner",
          "type": "string",
          "nested": []
        },
        {
          "field": "scannerPlugin",
          "type": "string",
          "nested": []
        },
        {
          "field": "severity",
          "type": "double",
          "nested": []
        },
        {
          "field": "state",
          "type": "string",
          "nested": []
        },
        {
          "field": "statusEmbedded",
          "type": "EmbeddedStatus",
          "nested": [
            {
              "field": "state",
              "type": "string",
              "nested": []
            },
            {
              "field": "stateName",
              "type": "string",
              "nested": []
            },
            {
              "field": "stateDescription",
              "type": "string",
              "nested": []
            },
            {
              "field": "status",
              "type": "boolean",
              "nested": []
            },
            {
              "field": "userIds",
              "type": "int[]",
              "nested": []
            },
            {
              "field": "durationInDays",
              "type": "string",
              "nested": []
            },
            {
              "field": "dueDate",
              "type": "string",
              "nested": []
            },
            {
              "field": "expirationDate",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "title",
          "type": "string",
          "nested": []
        },
        {
          "field": "url",
          "type": "string",
          "nested": []
        },
        {
          "field": "assignments",
          "type": "EmbeddedUserDetail[]",
          "nested": []
        },
        {
          "field": "description",
          "type": "string",
          "nested": []
        },
        {
          "field": "threats",
          "type": "EmbeddedThreats",
          "nested": [
            {
              "field": "manualExploits",
              "type": "EmbeddedManualExploit",
              "nested": [
                {
                  "field": "id",
                  "type": "int",
                  "nested": []
                },
                {
                  "field": "title",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "label",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "pii",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "description",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "source",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "isManualExploit",
                  "type": "boolean",
                  "nested": []
                },
                {
                  "field": "easeOfExploit",
                  "type": "string",
                  "nested": []
                }
              ]
            },
            {
              "field": "paramsAndPayloads",
              "type": "EmbeddedParamsAndPayloads",
              "nested": [
                {
                  "field": "parameter",
                  "type": "string",
                  "nested": []
                },
                {
                  "field": "attack",
                  "type": "string",
                  "nested": []
                }
              ]
            }
          ]
        },
        {
          "field": "manualFindingReports",
          "type": "EmbeddedManualExploit",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "title",
              "type": "string",
              "nested": []
            },
            {
              "field": "label",
              "type": "string",
              "nested": []
            },
            {
              "field": "pii",
              "type": "string",
              "nested": []
            },
            {
              "field": "description",
              "type": "string",
              "nested": []
            },
            {
              "field": "source",
              "type": "string",
              "nested": []
            },
            {
              "field": "isManualExploit",
              "type": "boolean",
              "nested": []
            },
            {
              "field": "easeOfExploit",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "solutions",
          "type": "string",
          "nested": []
        },
        {
          "field": "output",
          "type": "string",
          "nested": []
        },
        {
          "field": "notes",
          "type": "EmbeddedNote",
          "nested": [
            {
              "field": "user",
              "type": "EmbeddedUser",
              "nested": [
                {
                  "field": "id",
                  "type": "int",
                  "nested": []
                },
                {
                  "field": "name",
                  "type": "string",
                  "nested": []
                }
              ]
            },
            {
              "field": "note",
              "type": "string",
              "nested": []
            },
            {
              "field": "date",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "tags",
          "type": "EmbeddedTag[]",
          "nested": []
        },
        {
          "field": "tickets",
          "type": "EmbeddedTicket",
          "nested": [
            {
              "field": "ticketNumber",
              "type": "string",
              "nested": []
            },
            {
              "field": "ticketStatus",
              "type": "string",
              "nested": []
            },
            {
              "field": "deepLink",
              "type": "string",
              "nested": []
            },
            {
              "field": "type",
              "type": "string",
              "nested": []
            },
            {
              "field": "connectorName",
              "type": "string",
              "nested": []
            },
            {
              "field": "detailedStatus",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "assetTags",
          "type": "EmbeddedTag",
          "nested": [
            {
              "field": "id",
              "type": "int",
              "nested": []
            },
            {
              "field": "name",
              "type": "string",
              "nested": []
            },
            {
              "field": "category",
              "type": "string",
              "nested": []
            },
            {
              "field": "description",
              "type": "string",
              "nested": []
            },
            {
              "field": "created",
              "type": "string",
              "nested": []
            },
            {
              "field": "updated",
              "type": "string",
              "nested": []
            },
            {
              "field": "color",
              "type": "string",
              "nested": []
            }
          ]
        },
        {
          "field": "owasps",
          "type": "EmbeddedOWASP[]",
          "nested": []
        },
        {
          "field": "cwes",
          "type": "EmbeddedCWE[]",
          "nested": []
        },
        {
          "field": "wascs",
          "type": "EmbeddedWASC[]",
          "nested": []
        },
        {
          "field": "scannerName",
          "type": "string",
          "nested": []
        }
      ]
    },
    {
      "name": "apiDetail",
      "fields": [
        {
          "field": "id",
          "type": "int",
          "nested": []
        },
        {
          "field": "url",
          "type": "string",
          "nested": []
        },
        {
          "field": "title",
          "type": "string",
          "nested": []
        },
        {
          "field": "methodType",
          "type": "string",
          "nested": []
        },
        {
          "field": "headers",
          "type": "string",
          "nested": []
        },
        {
          "field": "parameters",
          "type": "string",
          "nested": []
        },
        {
          "field": "payload",
          "type": "string",
          "nested": []
        },
        {
          "field": "response",
          "type": "string",
          "nested": []
        }
      ]
    }
  ]
}

HTTP Status Codes

Code Description
200 Ok

200 Sample Response

Copy

{
  "projections": [
    {
      "name": "basic",
      "fields": [
        {
          "field": "id",
          "type": "integer"
        },
        {
          "field": "name",
          "type": "string"
        }
      ]
    }
  ]
}

Code Description
401 Unauthorized
404 Not Found

List Filterable Application Finding Fields

Displays the fields that the search endpoint can filter by.

API Call: GET/client/{clientId}/applicationFinding/filter

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/hostFinding/filter

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can list application finding fields that can be filtered by are:

  • Manager
  • Group Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample list_applicationFindingFields Snippet

Copy

curl -X GET "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/filter"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"

Make sure to replace the option values here with your own option values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

Response Parameters

Sample Response

Copy

[
  {
    "name": "Architecture",
    "legacyUid": "architectureList",
    "uid": "architectureList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Architecture type"
  },
  {
    "name": "Assessment",
    "legacyUid": "assessment_labels",
    "uid": "assessment_labels",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by one or more assessments."
  },
  {
    "name": "Assigned To",
    "legacyUid": "assignments",
    "uid": "assignments",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by assigned user."
  },
  {
    "name": "CIA Impact",
    "legacyUid": "ciaImpactList",
    "uid": "ciaImpactList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by CIA Impact"
  },
  {
    "name": "CWE",
    "legacyUid": "cwes",
    "uid": "cwes",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by CWE reference."
  },
  {
    "name": "Clear-text Credentials or Weak Encryption",
    "legacyUid": "has_owasp_a6",
    "uid": "has_owasp_a6",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by CWEs associated with clear-text credentials or weak encyrption."
  },
  {
    "name": "Compiler",
    "legacyUid": "compilerList",
    "uid": "compilerList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Compiler Name"
  },
  {
    "name": "Cross-Site Scripting",
    "legacyUid": "has_xss",
    "uid": "has_xss",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by CWEs associated with cross-site scripting"
  },
  {
    "name": "Cwe Hash",
    "legacyUid": "cwe_hash",
    "uid": "cwe_hash",
    "operators": [
      "EXACT",
      "IN"
    ],
    "type": "int",
    "description": "Filters vulnerabilities by referenced CWE hash."
  },
  {
    "name": "Discovered On",
    "legacyUid": "dates_created",
    "uid": "dates_created",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD",
      "RANGE"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by discovered date."
  },
  {
    "name": "Due Date",
    "legacyUid": "due_dates",
    "uid": "due_dates",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by assigned remediation due date."
  },
  {
    "name": "Exploit Level",
    "legacyUid": "exploitLevelList",
    "uid": "exploitLevelList",
    "operators": [
      "EXACT",
      "IN",
      "RANGE"
    ],
    "type": "int",
    "description": "Filters vulnerabilities by Exploit Level"
  },
  {
    "name": "Function Protoype",
    "legacyUid": "functionProtoypeList",
    "uid": "functionProtoypeList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Function Protoype"
  },
  {
    "name": "Function Relative Location",
    "legacyUid": "functionRelativeLocationList",
    "uid": "functionRelativeLocationList",
    "operators": [
      "EXACT",
      "IN",
      "RANGE"
    ],
    "type": "int",
    "description": "Filters vulnerabilities by Function Relative Location"
  },
  {
    "name": "Group",
    "legacyUid": "group_name",
    "uid": "groupName",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by selected group(s)."
  },
  {
    "name": "Group ID",
    "legacyUid": "groups_id",
    "uid": "groupIds",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities within selected group IDs."
  },
  {
    "name": "Has CWE",
    "legacyUid": "has_cwe",
    "uid": "has_cwe",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by CWE link."
  },
  {
    "name": "Has CWE/Sans Top 25 Programming Errors",
    "legacyUid": "has_sans",
    "uid": "has_sans",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by CWEs associated with the CWE/Sans Top 25 Programming Errors."
  },
  {
    "name": "Has Manual Exploit",
    "legacyUid": "has_manual_exploit",
    "uid": "has_manual_exploit",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by manually verified exploit."
  },
  {
    "name": "Has Note",
    "legacyUid": "has_note",
    "uid": "has_note",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities that have an associated note."
  },
  {
    "name": "Has OWASP",
    "legacyUid": "has_owasp",
    "uid": "has_owasp",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by OWASP security risk."
  },
  {
    "name": "Has SQL Injection",
    "legacyUid": "has_sql_injection",
    "uid": "has_sql_injection",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters vulnerabilities by CWEs associated with SQL Injection."
  },
  {
    "name": "Has Ticket",
    "legacyUid": "HAS_CONNECTOR_TICKET",
    "uid": "HAS_CONNECTOR_TICKET",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Does the tag have a ticket"
  },
  {
    "name": "Last Found On",
    "legacyUid": "lastFoundOn",
    "uid": "lastFoundOn",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD",
      "RANGE"
    ],
    "type": "string",
    "description": ""
  },
  {
    "name": "Line",
    "legacyUid": "lineList",
    "uid": "lineList",
    "operators": [
      "EXACT",
      "IN",
      "RANGE"
    ],
    "type": "int",
    "description": "Filters vulnerabilities by Line No"
  },
  {
    "name": "Manual Exploit",
    "legacyUid": "manual_exploits",
    "uid": "manual_exploits",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by assigned user."
  },
  {
    "name": "Manual Finding Report",
    "legacyUid": "manual_finding_reports",
    "uid": "manual_finding_reports",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by name(s) of manual finding reports added by a penetration tester."
  },
  {
    "name": "Manual Finding Report Type",
    "legacyUid": "manual_finding_report_types",
    "uid": "manual_finding_report_types",
    "operators": [
      "EXACT",
      "IN"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by the type of manual finding reports associated with it"
  },
  {
    "name": "Module Name",
    "legacyUid": "moduleNames",
    "uid": "moduleNames",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Module Name"
  },
  {
    "name": "Network",
    "legacyUid": "network_partition_name",
    "uid": "network.name",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by the name of the network partition they belong to."
  },
  {
    "name": "Network Type",
    "legacyUid": "network_partition_type",
    "uid": "network_partition_type",
    "operators": [
      "EXACT",
      "IN"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by the type of network partition they belong to."
  },
  {
    "name": "OS",
    "legacyUid": "osList",
    "uid": "osList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Operating System"
  },
  {
    "name": "OWASP",
    "legacyUid": "owasps",
    "uid": "owasps",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by OWASP security risks' URL."
  },
  {
    "name": "PCI Related",
    "legacyUid": "pciRelatedList",
    "uid": "pciRelatedList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by PCI Related"
  },
  {
    "name": "Past Due",
    "legacyUid": "past_due",
    "uid": "past_due",
    "operators": [
      "EXACT"
    ],
    "type": "boolean",
    "description": "Filters unmediated vulnerabilities by due date."
  },
  {
    "name": "Remediation Effort",
    "legacyUid": "remediationEffortList",
    "uid": "remediationEffortList",
    "operators": [
      "EXACT",
      "IN",
      "RANGE"
    ],
    "type": "int",
    "description": "Filters vulnerabilities by Remediation Effort"
  },
  {
    "name": "Request Method",
    "legacyUid": "request_method",
    "uid": "request_method",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by request method."
  },
  {
    "name": "Resolved On",
    "legacyUid": "resolved_on",
    "uid": "resolved_on",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD",
      "RANGE"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by remediation date."
  },
  {
    "name": "Scanner Name",
    "legacyUid": "scanner_names",
    "uid": "scanner_names",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by scanner names."
  },
  {
    "name": "Scanner Plugin",
    "legacyUid": "found_by_ids",
    "uid": "found_by_ids",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by scanner plugin ID."
  },
  {
    "name": "Scanner UUID",
    "legacyUid": "found_bys",
    "uid": "sources",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by scanner uuids."
  },
  {
    "name": "Scanner Version",
    "legacyUid": "scannerVersionList",
    "uid": "scannerVersionList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Scanner Version"
  },
  {
    "name": "Scope",
    "legacyUid": "scopeList",
    "uid": "scopeList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Scope"
  },
  {
    "name": "Severity",
    "legacyUid": "severity",
    "uid": "severity",
    "operators": [
      "EXACT",
      "IN",
      "RANGE"
    ],
    "type": "double",
    "description": "Filters vulnerabilities by risk association."
  },
  {
    "name": "Severity Group",
    "legacyUid": "severity_group",
    "uid": "severity_group",
    "operators": [
      "EXACT",
      "IN"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by severity group (high, medium and low)."
  },
  {
    "name": "Severity Update State",
    "legacyUid": "severity_update_state",
    "uid": "severity_update_state",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by severity update state."
  },
  {
    "name": "Source Origin",
    "legacyUid": "sourceOriginList",
    "uid": "sourceOriginList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Source Origin type"
  },
  {
    "name": "State",
    "legacyUid": "states",
    "uid": "state",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by current state (unassigned, assigned, review by scan, reviewed, false positive, accepted, awaiting acceptance or reworked)."
  },
  {
    "name": "Status",
    "legacyUid": "generic_state",
    "uid": "generic_state",
    "operators": [
      "EXACT"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by open/closed status."
  },
  {
    "name": "Tag",
    "legacyUid": "tags",
    "uid": "tags",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by tags."
  },
  {
    "name": "Tag Connector ID",
    "legacyUid": "TAG_CONNECTOR_ID",
    "uid": "TAG_CONNECTOR_ID",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Tag Connector ID"
  },
  {
    "name": "Tag Connector Name",
    "legacyUid": "TAG_CONNECTOR_NAME",
    "uid": "TAG_CONNECTOR_NAME",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Name of the Connector associated with the tag"
  },
  {
    "name": "Ticket ID",
    "legacyUid": "TICKET_ID",
    "uid": "TICKET_ID",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Ticket ID"
  },
  {
    "name": "Ticket Status",
    "legacyUid": "TICKET_STATUS",
    "uid": "TICKET_STATUS",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "status of ticket"
  },
  {
    "name": "Title",
    "legacyUid": "titles",
    "uid": "titles",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by title."
  },
  {
    "name": "URL",
    "legacyUid": "url",
    "uid": "url",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by applications with particular URLs."
  },
  {
    "name": "Unique ID",
    "legacyUid": "unique_id",
    "uid": "unique_id",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by unique ID."
  },
  {
    "name": "Visibility",
    "legacyUid": "visibilityList",
    "uid": "visibilityList",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Visibility"
  },
  {
    "name": "Web App Asset Owner",
    "legacyUid": "asset_owner",
    "uid": "asset_owner",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Web Application asset owner."
  },
  {
    "name": "Web App Description",
    "legacyUid": "webapp_description",
    "uid": "webapp_description",
    "operators": [
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Web Application description."
  },
  {
    "name": "Web App ID",
    "legacyUid": "web_app_id",
    "uid": "application.id",
    "operators": [
      "EXACT",
      "IN"
    ],
    "type": "string",
    "description": "Web application unique ID"
  },
  {
    "name": "Web App Reported Scan Date",
    "legacyUid": "reported_scan_time",
    "uid": "lastScanTime",
    "operators": [
      "EXACT",
      "RANGE"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by Web Application reported scan date."
  },
  {
    "name": "Web Application",
    "legacyUid": "web_app_name",
    "uid": "application.name",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by web application URL."
  },
  {
    "name": "Web Application Tag",
    "legacyUid": "asset_tags",
    "uid": "asset_tags",
    "operators": [
      "EXACT",
      "IN",
      "LIKE",
      "WILDCARD"
    ],
    "type": "string",
    "description": "Filters vulnerabilities by the tag(s) applied to the web application(s) of the vulnerabilities."
  }
]

HTTP Status Codes

Code Description
200 OK

200 Sample Response

Copy
[
  {
    "name": "id",
    "uid": "id",
    "operator": [
      "EXACT",
      "IN"
    ],
    "type": "integer",
    "description": "The id"
  }
]
Code Description
401 Unauthorized
404 Not Found

Suggesting Filter Values for Application Finding Filtering

Displays suggested filter values when filtering application findings.

API Call: GET/client/{clientId}/applicationFinding/filter

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/filter

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can view suggested filter values for application findings are:

  • Manager
  • Group Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample filter_applicationFindingvalues Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/suggest"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filters\": [    {      \"field\": \"<FIELD>\",      \"exclusive\": <EXCLUSIVE>,      \"operator\": \"<OPERATOR>\",      \"value\": \"<VALUE>\"    }  ],  \"filter\": {    \"field\": \"<FIELD>\",    \"exclusive\": <EXCLUSIVE>,    \"operator\": \"<OPERATOR>\",    \"value\": \"<VALUE>\"  }}"

Make sure to replace the option values here with your own option values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string

Response Parameters

Sample Response

Copy

[
  {
    "key": "<KEY>",
    "count": <COUNT>
  }
]

Name Description Additional Information
KEY Value for the field the suggestion was requested for. string
COUNT Count. integer($int64)

HTTP Status Codes

Code Description
200 OK

200 Sample Response

Copy
[
  {
    "key": "string",
    "count": 0
  }
]
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Searching for a Application Finding

Search for an application finding within the designated client.

API Call: POST/client/{clientId}/applicationFinding/search

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can search for an application finding are:

  • Manager
  • Group Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample search_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search"
  -H "accept: application/json"
  -H "x-api-key: <APIKEY>"
  -H "Content-Type: application/json"
  -d "{ \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDIRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE>}"

Make sure to replace the option values here with your own option values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
PROJECTION Projection type. Options: basic, detailed Yes
SORTFIELD Notes about the assessment. Yes
SORTDIRECTION Sort direction. Options: ASC, DESC Yes
PAGENUMBER Page number to view. Yes
PAGESIZE Number of entries per page. Yes

Response Parameters

Sample Response

Copy

{
  "errors": [],
  "page": {
    "size": <PAGESIZE>,
    "totalElements": <TOTALELEMENTS>,
    "totalPages": <TOTALPAGES>,
    "number": <PAGENUMBER>
  },
  "_links": {
    "self": {
      "href": "http://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search?page=<PAGENUMBER>&size=<PAGESIZE>&sort=<SORT>,<SORTDIRECTION>"
    }
  }
}

Name Description Additional Information
PAGESIZE Page size requested. Shows how many items to display on the page.
TOTALELEMENTS Total elements on pages.
TOTALPAGES Total amount of pages.
PAGENUMBER Page to view. Note that 0 is the first page.
PLATFORM Platform number.
CLIENTID Client ID number.
SORT Field to sort by.
SORTDIRECTION Direction to sort. Options: ASC, DESC

HTTP Status Codes

Code Description
200 OK

200 Sample Response

Copy
{
  "_embedded": {
    "strings": [
      {}
    ]
  },
  "page": {
    "size": 0,
    "totalElements": 0,
    "totalPages": 0,
    "number": 0
  },
  "errors": [
    {
      "id": "string",
      "errorRefId": "string",
      "code": 0,
      "cause": "string"
    }
  ]
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Adding or Removing a Tag from an Application Finding

Add or remove a tag from an application finding.

API Call: POST/client/{clientId}/applicationFinding/tag

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/tag

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can add or remove a tag from an application finding are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample tag_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/tag"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"tagId\":<TAGID>,  \"isRemove\": <ISREMOVE>,  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": <VALUE>      }    ]  }}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token
TAGID Tag ID number. integer
ISREMOVE Remove tag? Options: True = Yes, False = No
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Job Created

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T17:54:19.121Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Assigning Application Findings

Assign application finding to user.

API Call: POST/client/{clientId}/applicationFinding/assign

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/assign

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can assign an application finding to user are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample assign_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/assign"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filters\": [    {      \"field\": \"<FIELD>\",      \"exclusive\": <EXCLUSIVE>,      \"operator\": \"<OPERATOR>\",      \"value\": \"<VALUE>\"    }  ],  \"userIds\": [    <USERID>, <USERID>  ]}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
USERID User ID number. Separate user IDs with a comma.

HTTP Status Codes

Code Description
200 Job Created

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T10:33:56.434Z"
}
Code Description
400 User Error
401 Unauthorized
404 Not Found

Unassigning Application Findings

Unssign an application finding from a user.

API Call: POST/client/{clientId}/applicationFinding/unassign

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/unassign

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can unassign an application finding to user are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample unassign_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/unassign"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filters\": [    {      \"field\": \"<FIELD>\",      \"exclusive\": <EXCLUSIVE>,      \"operator\": \"<OPERATOR>\",      \"value\": \"<VALUE>\"    }  ],  \"userIds\": [    <USERID>, <USERID>  ]}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
USERID User ID number. Separate user IDs with a comma.

HTTP Status Codes

Code Description
200 Job Created

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T10:33:56.434Z"
}
Code Description
400 User Error
401 Unauthorized
404 Not Found

Initiating Application Finding Export Job

Initiate application finding export job.

API Call: POST/client/{clientId}/applicationFinding/export

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/export

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can initiate an application finding export job are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample applicationFinding_export Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/export"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json" -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ]  },  \"fileType\": \"<FILETYPE>\",  \"comment\": \"<COMMENT>\",  \"fileName\": \"<FILENAME>\"}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
FILETYPE Export file type. Options: XML, XLSX, CSV
COMMENT Exported file description. string
FILENAME Exported file's name. string

Response Parameters

Sample Response

Copy

{
  "id": 0,
  "created": "2019-09-17T16:59:16.922Z"
}

Name Description Type
ID Host Finding Export ID number. integer
CREATED Job creation date. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-17T16:59:16.922Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Updating Application Finding Due Dates in Bulk

Update application finding due dates in bulk.

API Call: POST/client/{clientId}/applicationFinding/update-due-date

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/update-due-date

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can update application finding due dates in bulk are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample applicationFinding_updateDueDate Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/update-due-date"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>,<VALUE>\"      }    ]  },  \"dueDate\": \"<DUEDATE>\"}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
DUEDATE Due date. Format: YYYY-MM-DD

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T19:28:53.639Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Deleting Entities Based on Filters

Delete entities based on filters.

API Call: POST/client/{clientId}/applicationFinding/delete

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/delete

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can delete entities based on filters are:

  • Group Manager
  • Manager

Python Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample delete_applicationFindingByFilter Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/delete"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ]  }}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Job Created

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T17:45:18.407Z"
}
Code Description
400 User Error
401 Unauthorized
404 Not Found

Initiating Workflow Request

Initiate workflow request.

API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/request

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/request

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use request.

User Roles

The user roles that can initiate workflow request are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample applicationFinding_workflowRequest Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/request"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ],    \"projection\": \"<PROJECTION>\",    \"sort\": [      {        \"field\": \"<SORTFIELD>\",        \"direction\": \"<SORTDICRECTION>\"      }    ],    \"page\": <PAGENUMBER>,    \"size\": <PAGESIZE>  },  \"expirationDate\": \"<EXPDATE>\",  \"overrideExpDate\": <OVERRIDEEXPDATE>}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use Request.
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
PROJECTION Projection type. Options: basic, detailed
SORTFIELD Field to sort.
SORTDIRECTION Sort direction. Options: ASC, DESC
PAGENUMBER Page number to view.
PAGESIZE Number of entries per page.
EXPDATE Expiration date.
OVERRIDEEXPDATE Override expiration date.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T09:21:43.971Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Initiating Workflow Reject

Initiate workflow reject.

API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/reject

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/reject

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use reject.

User Roles

The user roles that can initiate workflow reject are:

  • Group Manager
  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample applicationFinding_workflowReject Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/reject"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ],    \"projection\": \"<PROJECTION>\",    \"sort\": [      {        \"field\": \"<SORTFIELD>\",        \"direction\": \"<SORTDICRECTION>\"      }    ],    \"page\": <PAGENUMBER>,    \"size\": <PAGESIZE>  },  \"expirationDate\": \"<EXPDATE>\",  \"overrideExpDate\": <OVERRIDEEXPDATE>}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use Reject.
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
PROJECTION Projection type. Options: basic, detailed
SORTFIELD Field to sort.
SORTDIRECTION Sort direction. Options: ASC, DESC
PAGENUMBER Page number to view.
PAGESIZE Number of entries per page.
EXPDATE Expiration date.
OVERRIDEEXPDATE Override expiration date.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T09:21:43.971Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Initiate Workflow Rework

Initiate workflow rework.

API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/rework

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/rework

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use rework.

User Roles

The user roles that can initiate workflow rework are:

  • Group Manager
  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample applicationFinding_workflowRework Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/rework"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ],    \"projection\": \"<PROJECTION>\",    \"sort\": [      {        \"field\": \"<SORTFIELD>\",        \"direction\": \"<SORTDICRECTION>\"      }    ],    \"page\": <PAGENUMBER>,    \"size\": <PAGESIZE>  },  \"expirationDate\": \"<EXPDATE>\",  \"overrideExpDate\": <OVERRIDEEXPDATE>}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use Rework.
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
PROJECTION Projection type. Options: basic, detailed
SORTFIELD Field to sort.
SORTDIRECTION Sort direction. Options: ASC, DESC
PAGENUMBER Page number to view.
PAGESIZE Number of entries per page.
EXPDATE Expiration date.
OVERRIDEEXPDATE Override expiration date.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T09:21:43.971Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Initiating Workflow Approve

Initiate workflow approve.

API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/approve

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/approve

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use Approve.

User Roles

The user roles that can initiate workflow approve are:

  • Group Manager
  • Manager

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your designated API key. Generating an API Token

cURL

cURL Sample applicationFinding_workflowApprove Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/approve"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD>\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ],    \"projection\": \"<PROJECTION>\",    \"sort\": [      {        \"field\": \"<SORTFIELD>\",        \"direction\": \"<SORTDICRECTION>\"      }    ],    \"page\": <PAGENUMBER>,    \"size\": <PAGESIZE>  },  \"expirationDate\": \"<EXPDATE>\",  \"overrideExpDate\": <OVERRIDEEXPDATE>}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
WORKFLOWTYPE Workflow type. For this, use Approve.
APIKEY Your designated API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
PROJECTION Projection type. Options: basic, detailed
SORTFIELD Field to sort.
SORTDIRECTION Sort direction. Options: ASC, DESC
PAGENUMBER Page number to view.
PAGESIZE Number of entries per page.
EXPDATE Expiration date.
OVERRIDEEXPDATE Override expiration date.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T09:21:43.971Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found

Adding Note to an Application Finding

Add a note to an application finding.

API Call: POST/client/{clientId}/applicationFinding/note

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/note

URL Parameters

Name Description Additional Information
PLATFORM Platform number. If you are on platform 1, you do not need to put a number.
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can add a note to an application finding are:

  • Group Manager
  • Manager
  • User

API Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token

cURL

cURL Sample addNote_applicationFinding Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/note"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"filterRequest\": {    \"filters\": [      {        \"field\": \"<FIELD<\",        \"exclusive\": <EXCLUSIVE>,        \"operator\": \"<OPERATOR>\",        \"value\": \"<VALUE>\"      }    ]  },  \"note\": \"<NOTE>\"}"

Make sure to replace the angle bracket parameters here with your own values.

cURL Parameters

Name Description Additional Information
PLATFORM Platform number.
CLIENTID Client ID number. Finding Your Client ID
APIKEY Your API key. Generating an API Token
FIELD Filter field. string
EXCLUSIVE Exclusive. boolean Options: True, False
OPERATOR Search operator. Depends on value.
VALUE Search value. string
NOTE Note to add.

Response Parameters

Sample Response

Copy

{
  "id": <ID>,
  "created": "<CREATED>"
}

Name Description Additional Information
ID Job ID number. integer
Created Date/Time job created. string($date-time)

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy
{
  "id": 0,
  "created": "2019-09-23T09:14:11.180Z"
}
Code Description
400 Bad Request
401 Unauthorized
404 Not Found