RS3

This documentation is currently outdated and in the process of being updated. This documentation is provided as a temporary reference to various API endpoints and output. This warning will be at the top of each outdated page. As the documentation is updated, this warning will be removed.

The Ivanti Neurons for RBVM/ASOC platform uses an advanced analysis engine as well as human-interactive machine learning technology to continuously measure, monitor, and track an organization’s overall exposure to risk, reflected in the Ivanti RS3 and a visual representation of cyber risk posture at the organization, department or group, and host level. The score accounts for internal security findings, external threats, and business criticality. It enables security and IT teams to quickly answer questions from compliance, boards of directors, and the C-suite.

Fetching RS3 Trend Data for a Specified Date Range

Fetch RS3 trend data over a specific date range.

API Call: POST/client/{clientId}/rs3-trend

URL: https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/rs3-trend

URL Parameters

Name Description Additional Information
PLATFORM Platform number. Endpoint URL Structure
CLIENTID Client ID number. Finding Your Client ID

User Roles

The user roles that can fetch Ivanti RS3 trend date for a specified date range are:

  • Manager
  • Group Manager
  • User

Python

Python Sample rs3_trend Snippet

Copy
import json
import requests

platform = 'https://platform<PLATFORM>.risksense.com'
api_key = '<APIKEY>'
client_id = <CLIENTID>
group_id_list = [<GROUPID>, <GROUPID>]

header = {
    "x-api-key": api_key,
    "content-type": "application/json"
}

body = {
    "startDate": "<STARTDATE>",  # Format must be YYYY-MM-DD
    "endDate": "<ENDDATE>",    # Format must be YYYY-MM-DD
    "selectedGroups": group_id_list
}

url = platform + "/api/v1/client/" + str(client_id) + "/rs3-trend"

response = requests.post(url, headers=header, data=json.dumps(body))

Replace angle bracket parameters with your own values.

Python Parameters

Name Description Type Required Additional Information
PLATFORM Platform number. integer Y Endpoint URL Structure
APIKEY Your API key. string Y Generating an API Token
CLIENTID Client ID number. integer Y Finding Your Client ID
GROUPID Group ID number. integer Y Searching for a Group Separate group IDs with commas.
STARTDATE First date in range. string($date) Y Format: YYYY-MM-DD.
ENDDATE Last date in range. string($date) Y Format: YYYY-MM-DD.

cURL

cURL Sample rs3_trend Snippet

Copy

curl -X POST "https://platform<PLATFORM>.risksense.com/api/v1/client/<CLIENTID>/rs3-trend"
  -H  "accept: application/json"
  -H  "x-api-key: <APIKEY>"
  -H  "Content-Type: application/json"
  -d "{  \"startDate\": \"<STARTDATE>\",  \"endDate\": \"<ENDDATE>\",  \"selectedGroups\": [    <GROUPID>  ]}"

Replace angle bracket parameters with your own values.

cURL Parameters

Name Description Type Required Additional Information
PLATFORM Platform number. integer Y Endpoint URL Structure
CLIENTID Client ID number. integer Y Finding Your Client ID
APIKEY Your API key. string Y Generating an API Token
STARTDATE First date in range. string($date) Y Format: YYYY-MM-DD.
ENDDATE Last date in range. string($date) Y Format: YYYY-MM-DD.
GROUPID Group ID number. integer Y Searching for a Group Separate group IDs with commas.

Response Parameters

Sample Response

Copy

[
  {
    "rs3": <RS3>,
    "riskAcceptedRs3": <RISKACCEPTEDRS3>,
    "date": "<DATE>",
    "hostCount": <HOSTCOUNT>,
    "manualExploitFindingsCount": <MANUALEXPLOITFINDINGSCOUNT>,
    "rceFindingsCount": <RCEFINDINGSCOUNT>,
    "peFindingsCount": <PEFINDINGCOUNT>,
    "malwareFindingsCount": <MALWAREFINDINGSCOUNT>,
    "exploitFindingsCount": <EXPLOITFINDINGSCOUNT>,
    "defaultCredentialFindingCount": <DEFAULTCREDENTIALFINDINGCOUNT>,
    "noneExploitFindingCount": <NONEEXPLOITFINDINGCOUNT>
  }
]
Name Description Type Additional Information
RS3 Ivanti RS3 for that day. integer
RISKACCEPTEDRS3 Risk accepted Ivanti RS3 for that day. integer
DATE Date associated with the Ivanti RS3 score. string($date)
HOSTCOUNT Total number of hosts included in Ivanti RS3 calculation. integer
MANUALEXPLOITFINDINGSCOUNT Total findings count with manual exploit. integer
RCEFINDINGSCOUNT Total finding count with remote code execution. integer
PEFINDINGCOUNT Total finding count with priviledge escalation. integer
MALWAREFINDINGSCOUNT Total findings count with malware. integer
EXPLOITFINDINGSCOUNT Total findings count with exploit. integer
DEFAULTCREDENTIALFINDINGCOUNT Total findings count with default credentials. integer
NONEEXPLOITFINDINGCOUNT Total findings count with no exploit. integer

HTTP Status Codes

Code Description
200 Success

200 Sample Response

Copy

[
  {
    "rs3": 752,
    "riskAcceptedRs3": 792,
    "date": "2019-02-02 00:00:00",
    "hostCount": 1234,
    "manualExploitFindingsCount": 250,
    "rceFindingsCount": 123,
    "peFindingsCount": 45,
    "malwareFindingsCount": 0,
    "exploitFindingsCount": 435,
    "defaultCredentialFindingCount": 120,
    "noneExploitFindingCount": 87
  },
  {
    "rs3": 763,
    "riskAcceptedRs3": 785,
    "date": "2019-02-05 00:00:00",
    "hostCount": 12234,
    "manualExploitFindingsCount": 2350,
    "rceFindingsCount": 1234,
    "peFindingsCount": 145,
    "malwareFindingsCount": 70,
    "exploitFindingsCount": 4325,
    "defaultCredentialFindingCount": 6,
    "noneExploitFindingCount": 0
  },
  {
    "rs3": 766,
    "riskAcceptedRs3": 802,
    "date": "2019-02-06 00:00:00",
    "hostCount": 7956,
    "manualExploitFindingsCount": 515,
    "rceFindingsCount": 896,
    "peFindingsCount": 566,
    "malwareFindingsCount": 1230,
    "exploitFindingsCount": 4351,
    "defaultCredentialFindingCount": 1250,
    "noneExploitFindingCount": 871
  }
]

Code Description
400 Bad Request
401 Unauthorized
404 Not Found