RS3
This documentation is currently outdated and in the process of being updated. This documentation is provided as a temporary reference to various API endpoints and output. This warning will be at the top of each outdated page. As the documentation is updated, this warning will be removed.
The Ivanti Neurons RBVM/ASOC/VULN KB platform uses an advanced analysis engine as well as human-interactive machine learning technology to continuously measure, monitor, and track an organization’s overall exposure to risk, reflected in the Ivanti RS3 and a visual representation of cyber risk posture at the organization, department or group, and host level. The score accounts for internal security findings, external threats, and business criticality. It enables security and IT teams to quickly answer questions from compliance, boards of directors, and the C-suite.
Fetching RS3 Trend Data for a Specified Date Range
Fetch RS3 trend data over a specific date range.
API Call: POST/client/{clientId}/rs3-trend
URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/rs3-trend
URL Parameters
| Name | Description | Additional Information |
|---|---|---|
| PLATFORM | Platform number. | Endpoint URL Structure |
| CLIENTID | Client ID number. | Finding Your Client ID |
User Roles
The user roles that can fetch Ivanti RS3 trend date for a specified date range are:
- Manager
- Group Manager
- User
Python
Python Sample rs3_trend Snippet
import json
import requests
platform = 'https://platform<PLATFORM>.risksense.com'
api_key = '<APIKEY>'
client_id = <CLIENTID>
group_id_list = [<GROUPID>, <GROUPID>]
header = {
"x-api-key": api_key,
"content-type": "application/json"
}
body = {
"startDate": "<STARTDATE>", # Format must be YYYY-MM-DD
"endDate": "<ENDDATE>", # Format must be YYYY-MM-DD
"selectedGroups": group_id_list
}
url = platform + "/api/v1/client/" + str(client_id) + "/rs3-trend"
response = requests.post(url, headers=header, data=json.dumps(body))
Replace angle bracket parameters with your own values.
Python Parameters
| Name | Description | Type | Required | Additional Information |
|---|---|---|---|---|
| PLATFORM | Platform number. | integer
|
Y | Endpoint URL Structure |
| APIKEY | Your API key. | string
|
Y | Generating an API Token |
| CLIENTID | Client ID number. | integer
|
Y | Finding Your Client ID |
| GROUPID | Group ID number. | integer
|
Y | Searching for a Group Separate group IDs with commas. |
| STARTDATE | First date in range. | string($date)
|
Y | Format: YYYY-MM-DD. |
| ENDDATE | Last date in range. | string($date)
|
Y | Format: YYYY-MM-DD. |
cURL
cURL Sample rs3_trend Snippet
curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/rs3-trend"
-H "accept: application/json"
-H "x-api-key: <APIKEY>"
-H "Content-Type: application/json"
-d "{ \"startDate\": \"<STARTDATE>\", \"endDate\": \"<ENDDATE>\", \"selectedGroups\": [ <GROUPID> ]}"
Replace angle bracket parameters with your own values.
cURL Parameters
| Name | Description | Type | Required | Additional Information |
|---|---|---|---|---|
| PLATFORM | Platform number. | integer
|
Y | Endpoint URL Structure |
| CLIENTID | Client ID number. | integer
|
Y | Finding Your Client ID |
| APIKEY | Your API key. | string
|
Y | Generating an API Token |
| STARTDATE | First date in range. | string($date)
|
Y | Format: YYYY-MM-DD. |
| ENDDATE | Last date in range. | string($date)
|
Y | Format: YYYY-MM-DD. |
| GROUPID | Group ID number. | integer
|
Y | Searching for a Group Separate group IDs with commas. |
Response Parameters
Sample Response
[
{
"rs3": <RS3>,
"riskAcceptedRs3": <RISKACCEPTEDRS3>,
"date": "<DATE>",
"hostCount": <HOSTCOUNT>,
"manualExploitFindingsCount": <MANUALEXPLOITFINDINGSCOUNT>,
"rceFindingsCount": <RCEFINDINGSCOUNT>,
"peFindingsCount": <PEFINDINGCOUNT>,
"malwareFindingsCount": <MALWAREFINDINGSCOUNT>,
"exploitFindingsCount": <EXPLOITFINDINGSCOUNT>,
"defaultCredentialFindingCount": <DEFAULTCREDENTIALFINDINGCOUNT>,
"noneExploitFindingCount": <NONEEXPLOITFINDINGCOUNT>
}
]
| Name | Description | Type | Additional Information |
|---|---|---|---|
| RS3 | Ivanti RS3 for that day. | integer
|
|
| RISKACCEPTEDRS3 | Risk accepted Ivanti RS3 for that day. | integer
|
|
| DATE | Date associated with the Ivanti RS3 score. | string($date)
|
|
| HOSTCOUNT | Total number of hosts included in Ivanti RS3 calculation. | integer
|
|
| MANUALEXPLOITFINDINGSCOUNT | Total findings count with manual exploit. | integer
|
|
| RCEFINDINGSCOUNT | Total finding count with remote code execution. | integer
|
|
| PEFINDINGCOUNT | Total finding count with priviledge escalation. | integer
|
|
| MALWAREFINDINGSCOUNT | Total findings count with malware. | integer
|
|
| EXPLOITFINDINGSCOUNT | Total findings count with exploit. | integer
|
|
| DEFAULTCREDENTIALFINDINGCOUNT | Total findings count with default credentials. | integer
|
|
| NONEEXPLOITFINDINGCOUNT | Total findings count with no exploit. | integer
|
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
200 Sample Response
[
{
"rs3": 752,
"riskAcceptedRs3": 792,
"date": "2019-02-02 00:00:00",
"hostCount": 1234,
"manualExploitFindingsCount": 250,
"rceFindingsCount": 123,
"peFindingsCount": 45,
"malwareFindingsCount": 0,
"exploitFindingsCount": 435,
"defaultCredentialFindingCount": 120,
"noneExploitFindingCount": 87
},
{
"rs3": 763,
"riskAcceptedRs3": 785,
"date": "2019-02-05 00:00:00",
"hostCount": 12234,
"manualExploitFindingsCount": 2350,
"rceFindingsCount": 1234,
"peFindingsCount": 145,
"malwareFindingsCount": 70,
"exploitFindingsCount": 4325,
"defaultCredentialFindingCount": 6,
"noneExploitFindingCount": 0
},
{
"rs3": 766,
"riskAcceptedRs3": 802,
"date": "2019-02-06 00:00:00",
"hostCount": 7956,
"manualExploitFindingsCount": 515,
"rceFindingsCount": 896,
"peFindingsCount": 566,
"malwareFindingsCount": 1230,
"exploitFindingsCount": 4351,
"defaultCredentialFindingCount": 1250,
"noneExploitFindingCount": 871
}
]
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 404 | Not Found |