Get Impacted Resources Vulnerability (CVE) Stats
GET/api/v32.07/stats/vulnerabilities/impacted-resources
x-prisma-cloud-target-env: {"permission":"monitorVuln"}
Generates a list of impacted resources for a specific vulnerability. This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE.
Prisma Cloud Compute recalculates the stats for your environment every 24 hours. Alternatively, you can manually update the stats by clicking the Refresh button in Vulnerability Explorer.
You can use filters such as cvssThreshold
, severityThreshold
, or collections
as query parameters to get desired results.
Consider the following observations:
- You cannot use new filters such as severityThreshold and cvssThreshold with the collections filter or when you're assigned with specific collections or accounts.
- cvssThresold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher.
- severityThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher.
- collections: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name.
cURL Request
Refer to the following example cURL command that retrieves a list of impacted resources for CVE-2022-28391
:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2022-28391'
cURL Response
Refer to the following example JSON response that shows the risk tree for the impacted resources:
{
"_id": "CVE-2022-28391",
"images": [
{
"resourceID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229",
"containers": [
{
"image": "alpine:3.11",
"container": "mystifying_banzai",
"host": "jen-sle12-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal",
"factors": {
"rootPrivilege": true
}
},
{
"image": "alpine:3.11",
"container": "compassionate_austin",
"host": "jen-sle15-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal",
"factors": {
"rootPrivilege": true
}
},
...
},
{
"resourceID": "sha256:fcd5d51fc526ef1ff7cf2e94aa91be39d052874057ff603b66b9b461386fae93",
"containers": [
{
"image": "infoslack/dvwa:latest",
"factors": {}
}
]
},
{
"resourceID": "sha256:bc6b65772f298854ea0dca7d562684cb835f2f677e0e2ea1863b4566f29dcac1",
"containers": [
{
"image": "ghcr.io/christophetd/log4shell-vulnerable-app:latest",
"factors": {}
}
]
},
...
],
"hosts": [
{
"resourceID": "jen-ubu2204-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal"
},
{
"resourceID": "jen-ubu2004-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal"
},
...
],
"imagesCount": 5,
"hostsCount": 21,
"functionsCount": 0,
"codeReposCount": 0,
"registryImagesCount": 0
}
cURL Request
Refer to the following example cURL command that retrieves a the impacted registry images CVE-2015-0313
by using an optional query parameter resourceType
:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&resourceType=registryImage'
Note: The API returns the impacted registry images only when you use the optional resourceType
parameter with value registryImage
.
cURL Request
Refer to the following example cURL command that retrieves a paginated list of impacted resources for CVE-2015-0313
by using optional query parameters limit
and offset
:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&offset=10&limit=100'
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
CVE is used to as a pivot for the impacted resource search.
SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.
CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.
Possible values: [container,image,host,istio,vm,function,registryImage
]
ResourceType is the single resource type to return vulnerability data for.
Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.
Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.
Packages filter by impacted packages.
RiskFactors filter by CVE risk factors.
EnvRiskFactors filter by environmental risk factors.
Responses
- 200
- default
VulnImpactedResources holds details about the resources impacted by vulnerability
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- ]
- Array [
- ]
- ]
- Array [
- Array [
- ]
- Array [
- ]
- ]
- Array [
- Array [
- ]
- Array [
- ]
- ]
- Array [
- Array [
- ]
- Array [
- ]
- ]
ID is the CVE ID (index for the impacted resources).
functions object[]
Functions is a map between function id to its details.
containers object[]
Containers are the running containers of this image found in the environment.
.
factors object
RiskScoreFactors holds factors used to calculate risk score
EnvVarSecrets indicates whether a container has access to secrets via environment variables.
HostAccess indicates whether a container has access to the host network or namespace.
Internet indicates whether a container has internet access.
Network indicates whether a container is listening to ports.
NoSecurityProfile indicates whether a container has security profile issue.
PrivilegedContainer indicates whether a container runs using the --privileged flag.
RootMount indicates whether a container has access to the host file system using a root mount.
RootPrivilege indicates whether a container runs as root.
RuntimeSocket indicates whether a container has the runtime socket mounted.
.
.
.
.
FunctionDetails is a formatted string holding function details.
packages object[]
Packages holds vulnerability details per impacted package found in this resource.
CVSS is the vulnerability cvss score for this package.
Package is the impacted package name and version.
Severity is the vulnerability severity for this package.
ResourceID is a resource identifier (e.g. image ID, hostname).
FunctionsCount is the total impacted functions count.
hosts object[]
Hosts is the list of impacted hosts.
containers object[]
Containers are the running containers of this image found in the environment.
.
factors object
RiskScoreFactors holds factors used to calculate risk score
EnvVarSecrets indicates whether a container has access to secrets via environment variables.
HostAccess indicates whether a container has access to the host network or namespace.
Internet indicates whether a container has internet access.
Network indicates whether a container is listening to ports.
NoSecurityProfile indicates whether a container has security profile issue.
PrivilegedContainer indicates whether a container runs using the --privileged flag.
RootMount indicates whether a container has access to the host file system using a root mount.
RootPrivilege indicates whether a container runs as root.
RuntimeSocket indicates whether a container has the runtime socket mounted.
.
.
.
.
FunctionDetails is a formatted string holding function details.
packages object[]
Packages holds vulnerability details per impacted package found in this resource.
CVSS is the vulnerability cvss score for this package.
Package is the impacted package name and version.
Severity is the vulnerability severity for this package.
ResourceID is a resource identifier (e.g. image ID, hostname).
HostsCount is the total impacted hosts count.
images object[]
Images is the list of impacted hosts.
containers object[]
Containers are the running containers of this image found in the environment.
.
factors object
RiskScoreFactors holds factors used to calculate risk score
EnvVarSecrets indicates whether a container has access to secrets via environment variables.
HostAccess indicates whether a container has access to the host network or namespace.
Internet indicates whether a container has internet access.
Network indicates whether a container is listening to ports.
NoSecurityProfile indicates whether a container has security profile issue.
PrivilegedContainer indicates whether a container runs using the --privileged flag.
RootMount indicates whether a container has access to the host file system using a root mount.
RootPrivilege indicates whether a container runs as root.
RuntimeSocket indicates whether a container has the runtime socket mounted.
.
.
.
.
FunctionDetails is a formatted string holding function details.
packages object[]
Packages holds vulnerability details per impacted package found in this resource.
CVSS is the vulnerability cvss score for this package.
Package is the impacted package name and version.
Severity is the vulnerability severity for this package.
ResourceID is a resource identifier (e.g. image ID, hostname).
ImagesCount is the total impacted images count.
registryImages object[]
RegistryImages is a list of impacted registry images.
containers object[]
Containers are the running containers of this image found in the environment.
.
factors object
RiskScoreFactors holds factors used to calculate risk score
EnvVarSecrets indicates whether a container has access to secrets via environment variables.
HostAccess indicates whether a container has access to the host network or namespace.
Internet indicates whether a container has internet access.
Network indicates whether a container is listening to ports.
NoSecurityProfile indicates whether a container has security profile issue.
PrivilegedContainer indicates whether a container runs using the --privileged flag.
RootMount indicates whether a container has access to the host file system using a root mount.
RootPrivilege indicates whether a container runs as root.
RuntimeSocket indicates whether a container has the runtime socket mounted.
.
.
.
.
FunctionDetails is a formatted string holding function details.
packages object[]
Packages holds vulnerability details per impacted package found in this resource.
CVSS is the vulnerability cvss score for this package.
Package is the impacted package name and version.
Severity is the vulnerability severity for this package.
ResourceID is a resource identifier (e.g. image ID, hostname).
RegistryImagesCount is the total impacted registry images count.
{
"_id": "string",
"functions": [
{
"containers": [
{
"container": "string",
"factors": {
"envVarSecrets": true,
"hostAccess": true,
"internet": true,
"network": true,
"noSecurityProfile": true,
"privilegedContainer": true,
"rootMount": true,
"rootPrivilege": true,
"runtimeSocket": true
},
"host": "string",
"image": "string",
"imageID": "string",
"namespace": "string"
}
],
"functionDetails": "string",
"packages": [
{
"cvss": 0,
"package": "string",
"severity": "string"
}
],
"resourceID": "string"
}
],
"functionsCount": 0,
"hosts": [
{
"containers": [
{
"container": "string",
"factors": {
"envVarSecrets": true,
"hostAccess": true,
"internet": true,
"network": true,
"noSecurityProfile": true,
"privilegedContainer": true,
"rootMount": true,
"rootPrivilege": true,
"runtimeSocket": true
},
"host": "string",
"image": "string",
"imageID": "string",
"namespace": "string"
}
],
"functionDetails": "string",
"packages": [
{
"cvss": 0,
"package": "string",
"severity": "string"
}
],
"resourceID": "string"
}
],
"hostsCount": 0,
"images": [
{
"containers": [
{
"container": "string",
"factors": {
"envVarSecrets": true,
"hostAccess": true,
"internet": true,
"network": true,
"noSecurityProfile": true,
"privilegedContainer": true,
"rootMount": true,
"rootPrivilege": true,
"runtimeSocket": true
},
"host": "string",
"image": "string",
"imageID": "string",
"namespace": "string"
}
],
"functionDetails": "string",
"packages": [
{
"cvss": 0,
"package": "string",
"severity": "string"
}
],
"resourceID": "string"
}
],
"imagesCount": 0,
"registryImages": [
{
"containers": [
{
"container": "string",
"factors": {
"envVarSecrets": true,
"hostAccess": true,
"internet": true,
"network": true,
"noSecurityProfile": true,
"privilegedContainer": true,
"rootMount": true,
"rootPrivilege": true,
"runtimeSocket": true
},
"host": "string",
"image": "string",
"imageID": "string",
"namespace": "string"
}
],
"functionDetails": "string",
"packages": [
{
"cvss": 0,
"package": "string",
"severity": "string"
}
],
"resourceID": "string"
}
],
"registryImagesCount": 0
}