Skip to main content

Download Impacted Resources Vulnerability (CVE) Stats

GET 
/api/v30.00/stats/vulnerabilities/impacted-resources/download
x-prisma-cloud-target-env: {"permission":"monitorVuln","saas":true,"self-hosted":true}
x-public: true

Downloads a list of impacted resources for a specific vulnerability in a CSV format. This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE.

You can use filters such as cvssThreshold, severityThreshold, or collections as query parameters to get desired results.

Consider the following observations:

  • You cannot use new filters such as severityThreshold and cvssThreshold with the collections filter or when you're assigned with specific collections or accounts.
  • cvssThresold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher.
  • severityThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher.
  • collections: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name.

cURL Request

Refer to the following example cURL command that downloads a list of impacted resources for CVE-2015-0313 in a CSV format:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  -o <FILE NAME> \
  "https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources/download?cve=CVE-2015-0313"

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

    search string

    Retrieves the result for a search term.

    sort string

    Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

    reverse boolean

    Sorts the result in reverse order.

    collections string[]

    Filters the result based on collection names that you have defined in Prisma Cloud Compute.

    provider string[]

    Scopes the query by cloud provider.

    accountIDs string[]

    Filters the result based on cloud account IDs.

    resourceIDs string[]

    Scopes the query by resource ID.

    region string[]

    Scopes the query by cloud region.

    fields string[]

    Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

    cve string

    CVE is used to as a pivot for the impacted resource search.

    severityThreshold string

    SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.

    cvssThreshold float

    CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.

    resourceType string

    Possible values: [container,image,host,istio,vm,function,codeRepo,registryImage]

    ResourceType is the single resource type to return vulnerability data for.

    agentless boolean

    Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.

    stopped boolean

    Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.

    packages string[]

    Packages filter by impacted packages.

    riskFactors string[]

    RiskFactors filter by CVE risk factors.

    envRiskFactors string[]

    EnvRiskFactors filter by environmental risk factors.

Responses

OK

Loading...