Application Finding
This documentation is currently outdated and in the process of being updated. This documentation is provided as a temporary reference to various API endpoints and output. This warning will be at the top of each outdated page. As the documentation is updated, this warning will be removed.
Creating an Application Finding
Create a new application finding on the client.
API Call: POST/client/{clientId}/applicationFinding
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user role that can create an application finding is:
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample create_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"applicationId\": <APPLICATIONID>, \"assessmentId\": <ASSESSMENTID>, \"applicationUrl\": \"<APPLICATIONURL>\", \"severity\": <SEVERITY>, \"scannerUuid\": \"<SCANNERUUID>\", \"sourceId\": \"<SOURCEID>\", \"title\": \"<TITLE>\", \"description\": \"<DESCRIPTION>\", \"solution\": \"<SOLUTION>\",, \"synopsis\": \"<SYNOPSIS>\", \"notes\": \"<NOTES>\", \"cweId\": <CWEID>, \"request\": \"<REQUEST>\", \"response\": \"<RESPONSE>\", \"parameter\": \"<PARAMETER>\", \"payload\": \"<PAYLOAD>\"}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| HOSTID | Host ID number. | |
| APPLICATIONID | Application ID number. | |
| ASSESSMENTID | Assessment ID number. | |
| APPLICATIONURL | Application URL. | |
| SEVERITY | Host finding severity. | |
| SCANNERUUID | Scanner UUID. | |
| SOURCEID | Source ID. | |
| TITLE | Host finding title. | |
| DESCRIPTION | Host finding description. | |
| SOLUTION | Host finding solution. | |
| SYNOPSIS | Host finding synopsis. | |
| NOTES | Notes. | |
| CWEID | CWE ID. | |
| REQUEST | Request. | |
| RESPONSE | Response. | |
| PARAMETER | Parameter. | |
| PAYLOAD | Payload. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 201 | Job Created |
201 Sample Response
Copy
{
"id": 0,
"created": "2019-09-17T09:41:54.870Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
Updating an Application Finding
API Call: PUT/client/{clientId}/applicationFinding/{applicationFindingId}
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<APPLICATIONFINDINGID>
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| APPLICATIONFINDINGID | Application Finding ID number. |
User Roles
The user role that can update an application finding is:
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample update_applicationFinding Snippet
Copy
curl -X PUT "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<APPLICATIONFINDINGID>"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"applicationId\": <APPLICATIONID>, \"assessmentId\": <ASSESSMENTID>, \"applicationUrl\": \"<APPLICATIONURL>\", \"severity\": <SEVERITY>, \"<SYNOPSIS>\", \"notes\": \"<NOTES>\", \"cweId\": <CWEID>, \"request\": \"<REQUEST>\", \"response\": \"<RESPONSE>\", \"parameter\": \"<PARAMETER>\", \"payload\": \"<PAYLOAD>\"}"
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| APPLICATIONID | Application ID number. | integer
|
| ASSESSMENTID | Assessment ID number. | integer
|
| APPLICATIONURL | Application URL. | |
| SEVERITY | Application severity. | |
| SYNOPSIS | Application finding synopsis. | |
| NOTES | Application finding notes. | |
| CWEID | Application finding CWE ID. | |
| REQUEST | Application finding request | |
| RESPONSE | Application finding response. | |
| PARAMETER | Application finding parameter. | |
| PAYLOAD | Application finding synopsis. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 201 | Job Created |
201 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T19:12:41.243Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | User Error |
| 403 | Forbidden |
| 404 | Not Found |
Listing Application Finding Projections and Their Models
API Call: GET/client/{clientId}/applicationFinding/model
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/model
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user role that can update an application finding is:
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_projection Snippet
Copy
curl -X GET "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/model"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
Response Parameters
Sample Response
Copy
{
"subject": "applicationFinding",
"projections": [
{
"name": "basic",
"fields": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "hiddenId",
"type": "int",
"nested": []
},
{
"field": "networkId",
"type": "int",
"nested": []
},
{
"field": "network",
"type": "EmbeddedNetwork",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
},
{
"field": "type",
"type": "string",
"nested": []
}
]
},
{
"field": "groupId",
"type": "int",
"nested": []
},
{
"field": "group",
"type": "EmbeddedGroup",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
}
]
},
{
"field": "discoveredOn",
"type": "string",
"nested": []
},
{
"field": "lastFoundOn",
"type": "string",
"nested": []
},
{
"field": "resolvedOn",
"type": "string",
"nested": []
},
{
"field": "clientId",
"type": "int",
"nested": []
},
{
"field": "applicationId",
"type": "int",
"nested": []
},
{
"field": "applicationName",
"type": "string",
"nested": []
},
{
"field": "scanner",
"type": "string",
"nested": []
},
{
"field": "scannerPlugin",
"type": "string",
"nested": []
},
{
"field": "state",
"type": "string",
"nested": []
},
{
"field": "statusEmbedded",
"type": "EmbeddedStatus",
"nested": [
{
"field": "state",
"type": "string",
"nested": []
},
{
"field": "stateName",
"type": "string",
"nested": []
},
{
"field": "stateDescription",
"type": "string",
"nested": []
},
{
"field": "status",
"type": "boolean",
"nested": []
},
{
"field": "userIds",
"type": "int[]",
"nested": []
},
{
"field": "durationInDays",
"type": "string",
"nested": []
},
{
"field": "dueDate",
"type": "string",
"nested": []
},
{
"field": "expirationDate",
"type": "string",
"nested": []
}
]
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "url",
"type": "string",
"nested": []
},
{
"field": "assignments",
"type": "EmbeddedUserDetail[]",
"nested": []
},
{
"field": "tagAssetCount",
"type": "int",
"nested": []
},
{
"field": "tags",
"type": "EmbeddedTag[]",
"nested": []
},
{
"field": "tagCount",
"type": "int",
"nested": []
},
{
"field": "ticketCount",
"type": "int",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "threats",
"type": "EmbeddedThreats",
"nested": [
{
"field": "manualExploits",
"type": "EmbeddedManualExploit",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "label",
"type": "string",
"nested": []
},
{
"field": "pii",
"type": "string",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "source",
"type": "string",
"nested": []
},
{
"field": "isManualExploit",
"type": "boolean",
"nested": []
},
{
"field": "easeOfExploit",
"type": "string",
"nested": []
}
]
},
{
"field": "paramsAndPayloads",
"type": "EmbeddedParamsAndPayloads",
"nested": [
{
"field": "parameter",
"type": "string",
"nested": []
},
{
"field": "attack",
"type": "string",
"nested": []
}
]
}
]
},
{
"field": "manualFindingReports",
"type": "EmbeddedManualExploit",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "label",
"type": "string",
"nested": []
},
{
"field": "pii",
"type": "string",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "source",
"type": "string",
"nested": []
},
{
"field": "isManualExploit",
"type": "boolean",
"nested": []
},
{
"field": "easeOfExploit",
"type": "string",
"nested": []
}
]
},
{
"field": "acceptanceDates",
"type": "LocalDateTime[]",
"nested": []
},
{
"field": "severity",
"type": "double",
"nested": []
},
{
"field": "severityEmbedded",
"type": "EmbeddedSeverity",
"nested": [
{
"field": "combined",
"type": "double",
"nested": []
},
{
"field": "overridden",
"type": "boolean",
"nested": []
},
{
"field": "aggregated",
"type": "double",
"nested": []
},
{
"field": "state",
"type": "string",
"nested": []
},
{
"field": "stateName",
"type": "string",
"nested": []
},
{
"field": "expirationDate",
"type": "string",
"nested": []
}
]
},
{
"field": "noteCount",
"type": "int",
"nested": []
},
{
"field": "scannerName",
"type": "string",
"nested": []
},
{
"field": "moduleName",
"type": "string",
"nested": []
},
{
"field": "compiler",
"type": "string",
"nested": []
},
{
"field": "os",
"type": "string",
"nested": []
},
{
"field": "architecture",
"type": "string",
"nested": []
},
{
"field": "sourceOrigin",
"type": "string",
"nested": []
},
{
"field": "visibility",
"type": "string",
"nested": []
},
{
"field": "remediationEffort",
"type": "int",
"nested": []
},
{
"field": "exploitLevel",
"type": "int",
"nested": []
},
{
"field": "ciaImpact",
"type": "string",
"nested": []
},
{
"field": "pciRelated",
"type": "string",
"nested": []
},
{
"field": "line",
"type": "int",
"nested": []
},
{
"field": "scope",
"type": "string",
"nested": []
},
{
"field": "functionProtoype",
"type": "string",
"nested": []
},
{
"field": "functionRelativeLocation",
"type": "int",
"nested": []
},
{
"field": "scannerVersion",
"type": "string",
"nested": []
}
]
},
{
"name": "detail",
"fields": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "hiddenId",
"type": "int",
"nested": []
},
{
"field": "network",
"type": "EmbeddedNetwork",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
},
{
"field": "type",
"type": "string",
"nested": []
}
]
},
{
"field": "group",
"type": "EmbeddedGroup",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
}
]
},
{
"field": "discoveredOn",
"type": "string",
"nested": []
},
{
"field": "lastFoundOn",
"type": "string",
"nested": []
},
{
"field": "resolvedOn",
"type": "string",
"nested": []
},
{
"field": "clientId",
"type": "int",
"nested": []
},
{
"field": "application",
"type": "EmbeddedApplication",
"nested": [
{
"field": "applicationId",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
}
]
},
{
"field": "assessments",
"type": "EmbeddedAssessment",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
},
{
"field": "date",
"type": "string",
"nested": []
}
]
},
{
"field": "scanner",
"type": "string",
"nested": []
},
{
"field": "scannerPlugin",
"type": "string",
"nested": []
},
{
"field": "severity",
"type": "double",
"nested": []
},
{
"field": "state",
"type": "string",
"nested": []
},
{
"field": "statusEmbedded",
"type": "EmbeddedStatus",
"nested": [
{
"field": "state",
"type": "string",
"nested": []
},
{
"field": "stateName",
"type": "string",
"nested": []
},
{
"field": "stateDescription",
"type": "string",
"nested": []
},
{
"field": "status",
"type": "boolean",
"nested": []
},
{
"field": "userIds",
"type": "int[]",
"nested": []
},
{
"field": "durationInDays",
"type": "string",
"nested": []
},
{
"field": "dueDate",
"type": "string",
"nested": []
},
{
"field": "expirationDate",
"type": "string",
"nested": []
}
]
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "url",
"type": "string",
"nested": []
},
{
"field": "assignments",
"type": "EmbeddedUserDetail[]",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "threats",
"type": "EmbeddedThreats",
"nested": [
{
"field": "manualExploits",
"type": "EmbeddedManualExploit",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "label",
"type": "string",
"nested": []
},
{
"field": "pii",
"type": "string",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "source",
"type": "string",
"nested": []
},
{
"field": "isManualExploit",
"type": "boolean",
"nested": []
},
{
"field": "easeOfExploit",
"type": "string",
"nested": []
}
]
},
{
"field": "paramsAndPayloads",
"type": "EmbeddedParamsAndPayloads",
"nested": [
{
"field": "parameter",
"type": "string",
"nested": []
},
{
"field": "attack",
"type": "string",
"nested": []
}
]
}
]
},
{
"field": "manualFindingReports",
"type": "EmbeddedManualExploit",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "label",
"type": "string",
"nested": []
},
{
"field": "pii",
"type": "string",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "source",
"type": "string",
"nested": []
},
{
"field": "isManualExploit",
"type": "boolean",
"nested": []
},
{
"field": "easeOfExploit",
"type": "string",
"nested": []
}
]
},
{
"field": "solutions",
"type": "string",
"nested": []
},
{
"field": "output",
"type": "string",
"nested": []
},
{
"field": "notes",
"type": "EmbeddedNote",
"nested": [
{
"field": "user",
"type": "EmbeddedUser",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
}
]
},
{
"field": "note",
"type": "string",
"nested": []
},
{
"field": "date",
"type": "string",
"nested": []
}
]
},
{
"field": "tags",
"type": "EmbeddedTag[]",
"nested": []
},
{
"field": "tickets",
"type": "EmbeddedTicket",
"nested": [
{
"field": "ticketNumber",
"type": "string",
"nested": []
},
{
"field": "ticketStatus",
"type": "string",
"nested": []
},
{
"field": "deepLink",
"type": "string",
"nested": []
},
{
"field": "type",
"type": "string",
"nested": []
},
{
"field": "connectorName",
"type": "string",
"nested": []
},
{
"field": "detailedStatus",
"type": "string",
"nested": []
}
]
},
{
"field": "assetTags",
"type": "EmbeddedTag",
"nested": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "name",
"type": "string",
"nested": []
},
{
"field": "category",
"type": "string",
"nested": []
},
{
"field": "description",
"type": "string",
"nested": []
},
{
"field": "created",
"type": "string",
"nested": []
},
{
"field": "updated",
"type": "string",
"nested": []
},
{
"field": "color",
"type": "string",
"nested": []
}
]
},
{
"field": "owasps",
"type": "EmbeddedOWASP[]",
"nested": []
},
{
"field": "cwes",
"type": "EmbeddedCWE[]",
"nested": []
},
{
"field": "wascs",
"type": "EmbeddedWASC[]",
"nested": []
},
{
"field": "scannerName",
"type": "string",
"nested": []
}
]
},
{
"name": "apiDetail",
"fields": [
{
"field": "id",
"type": "int",
"nested": []
},
{
"field": "url",
"type": "string",
"nested": []
},
{
"field": "title",
"type": "string",
"nested": []
},
{
"field": "methodType",
"type": "string",
"nested": []
},
{
"field": "headers",
"type": "string",
"nested": []
},
{
"field": "parameters",
"type": "string",
"nested": []
},
{
"field": "payload",
"type": "string",
"nested": []
},
{
"field": "response",
"type": "string",
"nested": []
}
]
}
]
}
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Ok |
200 Sample Response
Copy
{
"projections": [
{
"name": "basic",
"fields": [
{
"field": "id",
"type": "integer"
},
{
"field": "name",
"type": "string"
}
]
}
]
}
| Code | Description |
|---|---|
| 401 | Unauthorized |
| 404 | Not Found |
List Filterable Application Finding Fields
Displays the fields that the search endpoint can filter by.
API Call: GET/client/{clientId}/applicationFinding/filter
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/hostFinding/filter
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can list application finding fields that can be filtered by are:
- Manager
- Group Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample list_applicationFindingFields Snippet
Copy
curl -X GET "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/filter"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
Make sure to replace the option values here with your own option values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
Response Parameters
Sample Response
Copy
[
{
"name": "Architecture",
"legacyUid": "architectureList",
"uid": "architectureList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Architecture type"
},
{
"name": "Assessment",
"legacyUid": "assessment_labels",
"uid": "assessment_labels",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by one or more assessments."
},
{
"name": "Assigned To",
"legacyUid": "assignments",
"uid": "assignments",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by assigned user."
},
{
"name": "CIA Impact",
"legacyUid": "ciaImpactList",
"uid": "ciaImpactList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by CIA Impact"
},
{
"name": "CWE",
"legacyUid": "cwes",
"uid": "cwes",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by CWE reference."
},
{
"name": "Clear-text Credentials or Weak Encryption",
"legacyUid": "has_owasp_a6",
"uid": "has_owasp_a6",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by CWEs associated with clear-text credentials or weak encyrption."
},
{
"name": "Compiler",
"legacyUid": "compilerList",
"uid": "compilerList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Compiler Name"
},
{
"name": "Cross-Site Scripting",
"legacyUid": "has_xss",
"uid": "has_xss",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by CWEs associated with cross-site scripting"
},
{
"name": "Cwe Hash",
"legacyUid": "cwe_hash",
"uid": "cwe_hash",
"operators": [
"EXACT",
"IN"
],
"type": "int",
"description": "Filters vulnerabilities by referenced CWE hash."
},
{
"name": "Discovered On",
"legacyUid": "dates_created",
"uid": "dates_created",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD",
"RANGE"
],
"type": "string",
"description": "Filters vulnerabilities by discovered date."
},
{
"name": "Due Date",
"legacyUid": "due_dates",
"uid": "due_dates",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by assigned remediation due date."
},
{
"name": "Exploit Level",
"legacyUid": "exploitLevelList",
"uid": "exploitLevelList",
"operators": [
"EXACT",
"IN",
"RANGE"
],
"type": "int",
"description": "Filters vulnerabilities by Exploit Level"
},
{
"name": "Function Protoype",
"legacyUid": "functionProtoypeList",
"uid": "functionProtoypeList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Function Protoype"
},
{
"name": "Function Relative Location",
"legacyUid": "functionRelativeLocationList",
"uid": "functionRelativeLocationList",
"operators": [
"EXACT",
"IN",
"RANGE"
],
"type": "int",
"description": "Filters vulnerabilities by Function Relative Location"
},
{
"name": "Group",
"legacyUid": "group_name",
"uid": "groupName",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by selected group(s)."
},
{
"name": "Group ID",
"legacyUid": "groups_id",
"uid": "groupIds",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities within selected group IDs."
},
{
"name": "Has CWE",
"legacyUid": "has_cwe",
"uid": "has_cwe",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by CWE link."
},
{
"name": "Has CWE/Sans Top 25 Programming Errors",
"legacyUid": "has_sans",
"uid": "has_sans",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by CWEs associated with the CWE/Sans Top 25 Programming Errors."
},
{
"name": "Has Manual Exploit",
"legacyUid": "has_manual_exploit",
"uid": "has_manual_exploit",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by manually verified exploit."
},
{
"name": "Has Note",
"legacyUid": "has_note",
"uid": "has_note",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities that have an associated note."
},
{
"name": "Has OWASP",
"legacyUid": "has_owasp",
"uid": "has_owasp",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by OWASP security risk."
},
{
"name": "Has SQL Injection",
"legacyUid": "has_sql_injection",
"uid": "has_sql_injection",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters vulnerabilities by CWEs associated with SQL Injection."
},
{
"name": "Has Ticket",
"legacyUid": "HAS_CONNECTOR_TICKET",
"uid": "HAS_CONNECTOR_TICKET",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Does the tag have a ticket"
},
{
"name": "Last Found On",
"legacyUid": "lastFoundOn",
"uid": "lastFoundOn",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD",
"RANGE"
],
"type": "string",
"description": ""
},
{
"name": "Line",
"legacyUid": "lineList",
"uid": "lineList",
"operators": [
"EXACT",
"IN",
"RANGE"
],
"type": "int",
"description": "Filters vulnerabilities by Line No"
},
{
"name": "Manual Exploit",
"legacyUid": "manual_exploits",
"uid": "manual_exploits",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by assigned user."
},
{
"name": "Manual Finding Report",
"legacyUid": "manual_finding_reports",
"uid": "manual_finding_reports",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by name(s) of manual finding reports added by a penetration tester."
},
{
"name": "Manual Finding Report Type",
"legacyUid": "manual_finding_report_types",
"uid": "manual_finding_report_types",
"operators": [
"EXACT",
"IN"
],
"type": "string",
"description": "Filters vulnerabilities by the type of manual finding reports associated with it"
},
{
"name": "Module Name",
"legacyUid": "moduleNames",
"uid": "moduleNames",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Module Name"
},
{
"name": "Network",
"legacyUid": "network_partition_name",
"uid": "network.name",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by the name of the network partition they belong to."
},
{
"name": "Network Type",
"legacyUid": "network_partition_type",
"uid": "network_partition_type",
"operators": [
"EXACT",
"IN"
],
"type": "string",
"description": "Filters vulnerabilities by the type of network partition they belong to."
},
{
"name": "OS",
"legacyUid": "osList",
"uid": "osList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Operating System"
},
{
"name": "OWASP",
"legacyUid": "owasps",
"uid": "owasps",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by OWASP security risks' URL."
},
{
"name": "PCI Related",
"legacyUid": "pciRelatedList",
"uid": "pciRelatedList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by PCI Related"
},
{
"name": "Past Due",
"legacyUid": "past_due",
"uid": "past_due",
"operators": [
"EXACT"
],
"type": "boolean",
"description": "Filters unmediated vulnerabilities by due date."
},
{
"name": "Remediation Effort",
"legacyUid": "remediationEffortList",
"uid": "remediationEffortList",
"operators": [
"EXACT",
"IN",
"RANGE"
],
"type": "int",
"description": "Filters vulnerabilities by Remediation Effort"
},
{
"name": "Request Method",
"legacyUid": "request_method",
"uid": "request_method",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by request method."
},
{
"name": "Resolved On",
"legacyUid": "resolved_on",
"uid": "resolved_on",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD",
"RANGE"
],
"type": "string",
"description": "Filters vulnerabilities by remediation date."
},
{
"name": "Scanner Name",
"legacyUid": "scanner_names",
"uid": "scanner_names",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by scanner names."
},
{
"name": "Scanner Plugin",
"legacyUid": "found_by_ids",
"uid": "found_by_ids",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by scanner plugin ID."
},
{
"name": "Scanner UUID",
"legacyUid": "found_bys",
"uid": "sources",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by scanner uuids."
},
{
"name": "Scanner Version",
"legacyUid": "scannerVersionList",
"uid": "scannerVersionList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Scanner Version"
},
{
"name": "Scope",
"legacyUid": "scopeList",
"uid": "scopeList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Scope"
},
{
"name": "Severity",
"legacyUid": "severity",
"uid": "severity",
"operators": [
"EXACT",
"IN",
"RANGE"
],
"type": "double",
"description": "Filters vulnerabilities by risk association."
},
{
"name": "Severity Group",
"legacyUid": "severity_group",
"uid": "severity_group",
"operators": [
"EXACT",
"IN"
],
"type": "string",
"description": "Filters vulnerabilities by severity group (high, medium and low)."
},
{
"name": "Severity Update State",
"legacyUid": "severity_update_state",
"uid": "severity_update_state",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by severity update state."
},
{
"name": "Source Origin",
"legacyUid": "sourceOriginList",
"uid": "sourceOriginList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Source Origin type"
},
{
"name": "State",
"legacyUid": "states",
"uid": "state",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by current state (unassigned, assigned, review by scan, reviewed, false positive, accepted, awaiting acceptance or reworked)."
},
{
"name": "Status",
"legacyUid": "generic_state",
"uid": "generic_state",
"operators": [
"EXACT"
],
"type": "string",
"description": "Filters vulnerabilities by open/closed status."
},
{
"name": "Tag",
"legacyUid": "tags",
"uid": "tags",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by tags."
},
{
"name": "Tag Connector ID",
"legacyUid": "TAG_CONNECTOR_ID",
"uid": "TAG_CONNECTOR_ID",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Tag Connector ID"
},
{
"name": "Tag Connector Name",
"legacyUid": "TAG_CONNECTOR_NAME",
"uid": "TAG_CONNECTOR_NAME",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Name of the Connector associated with the tag"
},
{
"name": "Ticket ID",
"legacyUid": "TICKET_ID",
"uid": "TICKET_ID",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Ticket ID"
},
{
"name": "Ticket Status",
"legacyUid": "TICKET_STATUS",
"uid": "TICKET_STATUS",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "status of ticket"
},
{
"name": "Title",
"legacyUid": "titles",
"uid": "titles",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by title."
},
{
"name": "URL",
"legacyUid": "url",
"uid": "url",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by applications with particular URLs."
},
{
"name": "Unique ID",
"legacyUid": "unique_id",
"uid": "unique_id",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by unique ID."
},
{
"name": "Visibility",
"legacyUid": "visibilityList",
"uid": "visibilityList",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Visibility"
},
{
"name": "Web App Asset Owner",
"legacyUid": "asset_owner",
"uid": "asset_owner",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Web Application asset owner."
},
{
"name": "Web App Description",
"legacyUid": "webapp_description",
"uid": "webapp_description",
"operators": [
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by Web Application description."
},
{
"name": "Web App ID",
"legacyUid": "web_app_id",
"uid": "application.id",
"operators": [
"EXACT",
"IN"
],
"type": "string",
"description": "Web application unique ID"
},
{
"name": "Web App Reported Scan Date",
"legacyUid": "reported_scan_time",
"uid": "lastScanTime",
"operators": [
"EXACT",
"RANGE"
],
"type": "string",
"description": "Filters vulnerabilities by Web Application reported scan date."
},
{
"name": "Web Application",
"legacyUid": "web_app_name",
"uid": "application.name",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by web application URL."
},
{
"name": "Web Application Tag",
"legacyUid": "asset_tags",
"uid": "asset_tags",
"operators": [
"EXACT",
"IN",
"LIKE",
"WILDCARD"
],
"type": "string",
"description": "Filters vulnerabilities by the tag(s) applied to the web application(s) of the vulnerabilities."
}
]
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | OK |
200 Sample Response
Copy
[
{
"name": "id",
"uid": "id",
"operator": [
"EXACT",
"IN"
],
"type": "integer",
"description": "The id"
}
]
| Code | Description |
|---|---|
| 401 | Unauthorized |
| 404 | Not Found |
Suggesting Filter Values for Application Finding Filtering
Displays suggested filter values when filtering application findings.
API Call: GET/client/{clientId}/applicationFinding/filter
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/filter
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can view suggested filter values for application findings are:
- Manager
- Group Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample filter_applicationFindingvalues Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/suggest"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"filter\": { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" }}"
Make sure to replace the option values here with your own option values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
Response Parameters
Sample Response
Copy
[
{
"key": "<KEY>",
"count": <COUNT>
}
]
| Name | Description | Additional Information |
|---|---|---|
| KEY | Value for the field the suggestion was requested for. | string
|
| COUNT | Count. | integer($int64)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | OK |
200 Sample Response
Copy
[
{
"key": "string",
"count": 0
}
]
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Searching for a Application Finding
Search for an application finding within the designated client.
API Call: POST/client/{clientId}/applicationFinding/search
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can search for an application finding are:
- Manager
- Group Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample search_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDIRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE>}"
Make sure to replace the option values here with your own option values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| PROJECTION | Projection type. Options: basic, detailed | Yes |
| SORTFIELD | Notes about the assessment. | Yes |
| SORTDIRECTION | Sort direction. Options: ASC, DESC | Yes |
| PAGENUMBER | Page number to view. | Yes |
| PAGESIZE | Number of entries per page. | Yes |
Response Parameters
Sample Response
Copy
{
"errors": [],
"page": {
"size": <PAGESIZE>,
"totalElements": <TOTALELEMENTS>,
"totalPages": <TOTALPAGES>,
"number": <PAGENUMBER>
},
"_links": {
"self": {
"href": "http://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/search?page=<PAGENUMBER>&size=<PAGESIZE>&sort=<SORT>,<SORTDIRECTION>"
}
}
}
| Name | Description | Additional Information |
|---|---|---|
| PAGESIZE | Page size requested. | Shows how many items to display on the page. |
| TOTALELEMENTS | Total elements on pages. | |
| TOTALPAGES | Total amount of pages. | |
| PAGENUMBER | Page to view. | Note that 0 is the first page. |
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | |
| SORT | Field to sort by. | |
| SORTDIRECTION | Direction to sort. | Options: ASC, DESC |
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | OK |
200 Sample Response
Copy
{
"_embedded": {
"strings": [
{}
]
},
"page": {
"size": 0,
"totalElements": 0,
"totalPages": 0,
"number": 0
},
"errors": [
{
"id": "string",
"errorRefId": "string",
"code": 0,
"cause": "string"
}
]
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Adding or Removing a Tag from an Application Finding
Add or remove a tag from an application finding.
API Call: POST/client/{clientId}/applicationFinding/tag
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/tag
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can add or remove a tag from an application finding are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample tag_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/tag"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"tagId\":<TAGID>, \"isRemove\": <ISREMOVE>, \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": <VALUE> } ] }}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
| TAGID | Tag ID number. | integer
|
| ISREMOVE | Remove tag? | Options: True = Yes, False = No |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Job Created |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T17:54:19.121Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Assigning Application Findings
Assign application finding to user.
API Call: POST/client/{clientId}/applicationFinding/assign
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/assign
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can assign an application finding to user are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample assign_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/assign"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"userIds\": [ <USERID>, <USERID> ]}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| USERID | User ID number. | Separate user IDs with a comma. |
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Job Created |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T10:33:56.434Z"
}
| Code | Description |
|---|---|
| 400 | User Error |
| 401 | Unauthorized |
| 404 | Not Found |
Unassigning Application Findings
Unssign an application finding from a user.
API Call: POST/client/{clientId}/applicationFinding/unassign
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/unassign
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can unassign an application finding to user are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample unassign_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/unassign"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"userIds\": [ <USERID>, <USERID> ]}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| USERID | User ID number. | Separate user IDs with a comma. |
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Job Created |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T10:33:56.434Z"
}
| Code | Description |
|---|---|
| 400 | User Error |
| 401 | Unauthorized |
| 404 | Not Found |
Initiating Application Finding Export Job
Initiate application finding export job.
API Call: POST/client/{clientId}/applicationFinding/export
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/export
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can initiate an application finding export job are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_export Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/export"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json" -d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ] }, \"fileType\": \"<FILETYPE>\", \"comment\": \"<COMMENT>\", \"fileName\": \"<FILENAME>\"}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| FILETYPE | Export file type. | Options: XML, XLSX, CSV |
| COMMENT | Exported file description. | string
|
| FILENAME | Exported file's name. | string
|
Response Parameters
Sample Response
Copy
{
"id": 0,
"created": "2019-09-17T16:59:16.922Z"
}
| Name | Description | Type |
|---|---|---|
| ID | Host Finding Export ID number. | integer
|
| CREATED | Job creation date. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-17T16:59:16.922Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Updating Application Finding Due Dates in Bulk
Update application finding due dates in bulk.
API Call: POST/client/{clientId}/applicationFinding/update-due-date
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/update-due-date
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can update application finding due dates in bulk are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_updateDueDate Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/update-due-date"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>,<VALUE>\" } ] }, \"dueDate\": \"<DUEDATE>\"}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| DUEDATE | Due date. | Format: YYYY-MM-DD |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T19:28:53.639Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Deleting Entities Based on Filters
Delete entities based on filters.
API Call: POST/client/{clientId}/applicationFinding/delete
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/delete
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can delete entities based on filters are:
- Group Manager
- Manager
Python Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample delete_applicationFindingByFilter Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/delete"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ] }}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Job Created |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T17:45:18.407Z"
}
| Code | Description |
|---|---|
| 400 | User Error |
| 401 | Unauthorized |
| 404 | Not Found |
Initiating Workflow Request
Initiate workflow request.
API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/request
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/request
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use request. |
User Roles
The user roles that can initiate workflow request are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_workflowRequest Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/request"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDICRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE> }, \"expirationDate\": \"<EXPDATE>\", \"overrideExpDate\": <OVERRIDEEXPDATE>}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use Request. |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| PROJECTION | Projection type. | Options: basic, detailed |
| SORTFIELD | Field to sort. | |
| SORTDIRECTION | Sort direction. | Options: ASC, DESC |
| PAGENUMBER | Page number to view. | |
| PAGESIZE | Number of entries per page. | |
| EXPDATE | Expiration date. | |
| OVERRIDEEXPDATE | Override expiration date. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T09:21:43.971Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Initiating Workflow Reject
Initiate workflow reject.
API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/reject
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/reject
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use reject. |
User Roles
The user roles that can initiate workflow reject are:
- Group Manager
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_workflowReject Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/reject"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDICRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE> }, \"expirationDate\": \"<EXPDATE>\", \"overrideExpDate\": <OVERRIDEEXPDATE>}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use Reject. |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| PROJECTION | Projection type. | Options: basic, detailed |
| SORTFIELD | Field to sort. | |
| SORTDIRECTION | Sort direction. | Options: ASC, DESC |
| PAGENUMBER | Page number to view. | |
| PAGESIZE | Number of entries per page. | |
| EXPDATE | Expiration date. | |
| OVERRIDEEXPDATE | Override expiration date. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T09:21:43.971Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Initiate Workflow Rework
Initiate workflow rework.
API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/rework
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/rework
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use rework. |
User Roles
The user roles that can initiate workflow rework are:
- Group Manager
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_workflowRework Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/rework"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDICRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE> }, \"expirationDate\": \"<EXPDATE>\", \"overrideExpDate\": <OVERRIDEEXPDATE>}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use Rework. |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| PROJECTION | Projection type. | Options: basic, detailed |
| SORTFIELD | Field to sort. | |
| SORTDIRECTION | Sort direction. | Options: ASC, DESC |
| PAGENUMBER | Page number to view. | |
| PAGESIZE | Number of entries per page. | |
| EXPDATE | Expiration date. | |
| OVERRIDEEXPDATE | Override expiration date. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T09:21:43.971Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Initiating Workflow Approve
Initiate workflow approve.
API Call: POST/client/{clientId}/search/applicationFinding/{workflowType}/approve
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/approve
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use Approve. |
User Roles
The user roles that can initiate workflow approve are:
- Group Manager
- Manager
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your designated API key. | Generating an API Token |
cURL
cURL Sample applicationFinding_workflowApprove Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/<WORKFLOWTYPE>/approve"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD>\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ], \"projection\": \"<PROJECTION>\", \"sort\": [ { \"field\": \"<SORTFIELD>\", \"direction\": \"<SORTDICRECTION>\" } ], \"page\": <PAGENUMBER>, \"size\": <PAGESIZE> }, \"expirationDate\": \"<EXPDATE>\", \"overrideExpDate\": <OVERRIDEEXPDATE>}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| WORKFLOWTYPE | Workflow type. | For this, use Approve. |
| APIKEY | Your designated API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| PROJECTION | Projection type. | Options: basic, detailed |
| SORTFIELD | Field to sort. | |
| SORTDIRECTION | Sort direction. | Options: ASC, DESC |
| PAGENUMBER | Page number to view. | |
| PAGESIZE | Number of entries per page. | |
| EXPDATE | Expiration date. | |
| OVERRIDEEXPDATE | Override expiration date. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T09:21:43.971Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |
Adding Note to an Application Finding
Add a note to an application finding.
API Call: POST/client/{clientId}/applicationFinding/note
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/note
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | If you are on platform 1, you do not need to put a number. |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can add a note to an application finding are:
- Group Manager
- Manager
- User
API Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
cURL
cURL Sample addNote_applicationFinding Snippet
Copy
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/applicationFinding/note"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"filterRequest\": { \"filters\": [ { \"field\": \"<FIELD<\", \"exclusive\": <EXCLUSIVE>, \"operator\": \"<OPERATOR>\", \"value\": \"<VALUE>\" } ] }, \"note\": \"<NOTE>\"}"
Make sure to replace the angle bracket parameters here with your own values.
cURL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | |
| CLIENTID | Client ID number. | Finding Your Client ID |
| APIKEY | Your API key. | Generating an API Token |
| FIELD | Filter field. | string
|
| EXCLUSIVE | Exclusive. | boolean Options: True, False |
| OPERATOR | Search operator. | Depends on value. |
| VALUE | Search value. | string
|
| NOTE | Note to add. |
Response Parameters
Sample Response
Copy
{
"id": <ID>,
"created": "<CREATED>"
}
| Name | Description | Additional Information |
|---|---|---|
| ID | Job ID number. | integer
|
| Created | Date/Time job created. | string($date-time)
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
Copy
{
"id": 0,
"created": "2019-09-23T09:14:11.180Z"
}
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |