Bulk Update Vulnerabilities
PUT https://{{API_URL}}/vulnerabilities/bulk
Update multiple vulnerabilities at a time using the bulk update endpoint. Update limit is 30,000 vulnerabilities at a time. By default we will index the vulnerabilities in the background.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
**Items below - Update in Body only | null | **Items below - Update in Body only | |
vulnerability_ids | string | array of integers | |
| Kenna IDs of all vulnerabilities to be updated | |||
asset_id | string | int32 | |
| The numeric id of an asset | |||
cve_id | string | string | |
| A National Vulnerability Database CVE identifier, | |||
cwe_id | string | string | |
| A CWE - Common Weakness Enumeration identifier |
|
| closed_at | string | | string
The datetime(as a UTC timestamp) to mark when a vulnerability was closed in the format (2013-09-01 |
| custom_fields | string | | object
Custom Fields are defined by Custom Field Definitions which can be set up in the UI for your account. When updating a vulnerability's custom fields, reference them by their custom_field_definition_id as in the example. Only ids that are present in the UPDATE request will be modified (ie: leaving out custom fields in the UPDATE request will not delete them on the server). To remove a vulnerability's custom field value, UPDATE it with an empty string. { "777": "" } |
| database | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| due_date | string | | string
The date a vulnerability needs to be fixed by. |
| file | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| found_on | string | | string
The date a vulnerability was found on. |
| fqdn | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| hostname | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| identifier | string | | string
A unique text identifier for this type of vulnerability |
| ip_address | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| jira_key | string | | string
A JIRA ticket key to associate this vulnerability with |
| last_seen_time | string | | string
The date a vulnerability was last seen on |
| netbios | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| notes | string | | string
Strings may be used to store plain english notes on a vulnerability |
| mac_address | string | | Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| override_score | string | | int32
An integer (0 - 100) representing the risk score for a vulnerability. Kenna continuously updates risk scores as the threat landscape changes. If you manually override this score, the vulnerability will no longer be updated dynamically and the change will be logged for audit purposes. |
| port | string | | int32
The port affected by the vulnerability. |
| primary_locator | string | | string
The primary locator used for the corresponding asset. This is required to associate the vulnerability with the asset it was found on. This should be one of the following values: ip_address, hostname, database, url, mac_address, netbios, or fqdn |
| prioritized | string | | boolean
Boolean that indicates whether the vulnerability is a top priority or not. |
| severity | string | | int32
The severity of the vulnerability instance; an integer between 1 (low) to 10 (high) |
| status | string | | string
The status of a vulnerability (open, closed, risk_accepted, false_positive). |
| threat | string | | int32
The threat level of the vulnerability instance; an integer between 1 (low) to 10 (high) |
| url | string | | string
Whichever locator was specified as the primary_locator above must have a value set that matches the primary_locator of the associated asset. |
| wasc_id | string | | string
A WASC 2.0 Threat Classification ID |
Request Body
{"vulnerability_ids"=>["<integer>", "<integer>"], "vulnerability"=>{"asset_id"=>"", "cve_id"=>"", "cwe_id"=>"", "closed_at"=>"", "custom_fields"=>"", "database"=>"", "due_date"=>"", "file"=>"", "found_on"=>"", "fqdn"=>"", "hostname"=>"", "identifier"=>"", "ip_address"=>"", "jira_key"=>"", "last_seen_time"=>"", "netbios"=>"", "notes"=>"", "mac_address"=>"", "override_score"=>"", "port"=>"", "primary_locator"=>"", "prioritized"=>"false", "severity"=>"", "status"=>"open", "threat"=>"", "url"=>"", "wasc_id"=>""}}