Download Vulnerability (CVEs) Stats
Downloads a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment in a CSV format.
The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts.
You can use filters such as
collections as query parameters to get desired results.
Consider the following observations:
- You cannot use new filters such as severityThreshold and cvssThreshold with the collections filter or when you're assigned with specific collections or accounts.
- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API
/stats/vulnerabilitiesare returned as zero and empty in the API
- cvssThresold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher.
- severityThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher.
- collections: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name.
Refer to the following example cURL command that downloads a summary count of the CVEs and detailed descriptions for each CVE in a CSV format:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
- o <FILE NAME> \
Offsets the result to a specific report count. Offset starts from 0.
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
Retrieves the result for a search term.
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
Sorts the result in reverse order.
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
Scopes the query by cloud provider.
Filters the result based on cloud account IDs.
Scopes the query by resource ID.
Scopes the query by cloud region.
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
CVE is the single CVE ID to return vulnerability data for.
SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.
CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.
Possible values: [
ResourceType is the single resource type to return vulnerability data for.
Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.
Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.
Packages filter by impacted packages.
RiskFactors filter by CVE risk factors.
EnvRiskFactors filter by environmental risk factors.