Search Vulnerabilities

GET https://{{API_URL}}/vulnerabilities/search

Filters vulnerabilities by a given set of parameters and returns the filtered vulnerabilities as well as the total number of vulnerabilities in the filtered set.

By default, only open vulnerabilities with active assets are returned. Results are paginated in pages of 500. Each unique parameter is combined using AND while each of values passed in a single array will be combined using OR. For example, if you search for all vulnerabilities with status=[open] and port=[443, 80] you will receive all open vulnerabilities that have either port 443 or port 80. This is shown in the CURL example below.

Request Params

| | asset_id[] | string | | array of integers Search for all fixes related to vulnerabilities that are connected to a set of assets. | | status[] | string | | array of strings By default, only fixes for vulnerabilities with active assets are returned. To override this default specify the status param for an asset as shown. Status choices are active and inactive. | | classification[] | string | | array of strings Find all vulnerabilities matching the specified classifications. | | connector_names[] | string | | array of strings An array of connector names related to your vulnerabilities. | | connector_types[] | string | | array of strings An array of connector types related to your vulnerabilities. | | custom_fields:CUSTOM_FIELD_NAME[] | string | | array of strings Search for all vulnerabilities that have a specific custom field value. The proper format for a custom field query is 'custom_fields:', then the id of the custom_field, then the name of the custom_field you are searching on, then the value you are searching for. | | easily_exploitable[] | string | | array of booleans An array of booleans for filtering your vulnerabilities by those that have seen high levels of exploitation recently. | | has_known_exploits[] | string | | array of strings Find all vulnerabilities matching the specified known exploit related details. | | has_known_malware[] | string | | array of strings Find all vulnerabilities matching the specified known malware related details.vu | | id[] | string | | array of integers Array of vulnerability ids | | malware_exploitable[] | string | | array of booleans An array of booleans for filtering your vulnerabilities by those that have had pieces of malware identified. | | max_priority | string | | string Find all vulnerabilities on assets with priority levels less than this value. | | min_priority | string | | Find all vulnerabilities on assets with priority levels greater than this value. | | max_risk_meter_score | string | | int32 Find all vulnerabilities with risk scores less than this value. | | min_risk_meter_score | string | | int32 Find all vulnerabilities with risk scores greater than this value.

| | max_rounded_risk_meter_score | string | | int32 Similar to max_risk_meter_score, rounded to the nearest integer.

| | min_rounded_risk_meter_score | string | | int32 Similar to min_risk_meter_score, rounded to the nearest integer. | | max_severity | string | | Find all vulnerabilities with severity levels less than this value. | | min_severity | string | | int32 Find all vulnerabilities with severity levels greater than this value. | | max_threat | string | | int32 Find all vulnerabilities with threat levels less than this value.

| | min_threat | string | | int32 Find all vulnerabilities with threat levels greater than this value.

| | no_vulnerability_definition_id[] | string | | array of integers Exclude all vulnerabilities for the identified definition IDs.

| | pci_related[] | string | | array of strings Find all vulnerabilities matching the specified PCI related details. | | popular_target[] | string | | array of booleans An array of booleans for filtering your vulnerabilities by those that are popular targets. | | port[] | string | | array of integers An array of ports associated with your vulnerabilities.

| | predicted_exploitable[] | string | | array of booleans An array of booleans for filtering your vulnerabilities by those that have been predicted to be exploited. | | prioritized[] | string | | array of strings Find all vulnerabilities matching the specified priority details.

| | q | string | | string Additional text search parameters, as documented at: https://help.kennasecurity.com/hc/en-us/articles/206280593. Example q=tag:(mytag+AND+thetag). | | remote_code_execution[] | string | | array of strings Find all vulnerabilities matching the specified RCEs.

| | search_id | string | | The ID of a risk meter group to retrieve vulnerabilities for. Other parameters are ignored if search_id is provided.

| | service_ticket_status[] | string | | array of strings An array of strings that represent the statuses of all service tickets connected to your vulnerabilities. | | status[] | string | | array of strings An array of statuses for your vulnerabilities.

| | top_exploit[] | string | | array of strings Find all vulnerabilities matching the specified top exploit related details. | | top_priority[] | string | | array of booleans An array of booleans for filtering your vulnerabilities by those that Kenna recommends should be a top priority to fix.

| | trending[] | string | | array of strings Find all vulnerabilities matching the specified trending related details. | | vulnerability_class[] | string | | array of strings An array of strings describing the class of your vulnerabilities. | | vulnerability_definition_id[] | string | | array of integers Find all vulnerabilities for the identified definition IDs. | | wasc_classification[] | string | | array of strings An array of WASC classifications related to your vulnerabilities.

| | zero_day[] | string | | array of strings Find all vulnerabilities matching the specified zero day related details. |