Skip to main content

Get Vulnerability (CVEs) Stats

GET 

/api/v33.01/stats/vulnerabilities

x-prisma-cloud-target-env: {"permission":"monitorVuln"}

Returns a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment.

The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts.

This endpoint maps to the table in Monitor > Vulnerabilities > Vulnerability explorer in the Console UI.

You can use filters such as cvssThreshold, severityThreshold, or collections as query parameters to get desired results.

Consider the following observations:

  • You cannot use new filters such as severityThreshold and cvssThreshold with the collections filter or when you're assigned with specific collections or accounts.
  • The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API /stats/vulnerabilities are returned as zero and empty in the API /stats/vulnerabilities/download. Note: This is supported only for the System Admin role.
  • cvssThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher.
  • severityThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher.
  • collections: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name.

cURL Request

Refer to the following example cURL command that retrieves a summary count of the CVEs and detailed descriptions for each CVE:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities'

cURL Response

A successful response returns a summary count of the CVEs and detailed descriptions for each CVE.

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    cve string

    CVE is the single CVE ID to return vulnerability data for.

    severityThreshold string

    SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.

    cvssThreshold float

    CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.

    resourceType string

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType is the single resource type to return vulnerability data for.

    agentless boolean

    Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.

    stopped boolean

    Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.

    packages string[]

    Packages filter by impacted packages.

    riskFactors string[]

    RiskFactors filter by CVE risk factors.

    envRiskFactors string[]

    EnvRiskFactors filter by environmental risk factors.

Responses

Schema
  • Array [
  • _id string

    ID of the vulnerability stats.

    containers object

    ResourceVulnerabilityStats holds vulnerability stats of a single resource type

    count integer

    Count is the total number of vulnerabilities.

    cves object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    impacted object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    vulnerabilities object[]

    All resource vulnerabilities.

  • Array [
  • cve string

    CVE ID.

    description string

    Vulnerability description.

    exploits object[]

    Exploits represents the exploits data found for a CVE

  • Array [
  • kind vulnerability.ExploitKind (string)

    Possible values: [poc,in-the-wild]

    ExploitKind represents the kind of the exploit

    link string

    Link is a link to information about the exploit.

    source vulnerability.ExploitType (string)

    Possible values: [,exploit-db,exploit-windows,cisa-kev]

    ExploitType represents the source of an exploit

  • ]
  • highestCVSS float

    HighestCVSS is the highest CVSS score of the vulnerability.

    highestRiskFactors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    highestSeverity string

    HighestSeverity is the highest severity of the vulnerability.

    impactedPkgs string (string)[]

    Packages impacted by the vulnerability.

    impactedResourceType vuln.ResourceType (string)

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType represents the resource type

    impactedResourcesCnt integer

    Number of resources impacted by this vulnerability.

    link string

    Link to CVE.

    riskFactors object

    RiskFactors maps the existence of vulnerability risk factors

    property name* string (string)
    riskScore float

    Risk score.

    status string

    CVE status.

  • ]
  • functions object

    ResourceVulnerabilityStats holds vulnerability stats of a single resource type

    count integer

    Count is the total number of vulnerabilities.

    cves object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    impacted object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    vulnerabilities object[]

    All resource vulnerabilities.

  • Array [
  • cve string

    CVE ID.

    description string

    Vulnerability description.

    exploits object[]

    Exploits represents the exploits data found for a CVE

  • Array [
  • kind vulnerability.ExploitKind (string)

    Possible values: [poc,in-the-wild]

    ExploitKind represents the kind of the exploit

    link string

    Link is a link to information about the exploit.

    source vulnerability.ExploitType (string)

    Possible values: [,exploit-db,exploit-windows,cisa-kev]

    ExploitType represents the source of an exploit

  • ]
  • highestCVSS float

    HighestCVSS is the highest CVSS score of the vulnerability.

    highestRiskFactors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    highestSeverity string

    HighestSeverity is the highest severity of the vulnerability.

    impactedPkgs string (string)[]

    Packages impacted by the vulnerability.

    impactedResourceType vuln.ResourceType (string)

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType represents the resource type

    impactedResourcesCnt integer

    Number of resources impacted by this vulnerability.

    link string

    Link to CVE.

    riskFactors object

    RiskFactors maps the existence of vulnerability risk factors

    property name* string (string)
    riskScore float

    Risk score.

    status string

    CVE status.

  • ]
  • hosts object

    ResourceVulnerabilityStats holds vulnerability stats of a single resource type

    count integer

    Count is the total number of vulnerabilities.

    cves object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    impacted object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    vulnerabilities object[]

    All resource vulnerabilities.

  • Array [
  • cve string

    CVE ID.

    description string

    Vulnerability description.

    exploits object[]

    Exploits represents the exploits data found for a CVE

  • Array [
  • kind vulnerability.ExploitKind (string)

    Possible values: [poc,in-the-wild]

    ExploitKind represents the kind of the exploit

    link string

    Link is a link to information about the exploit.

    source vulnerability.ExploitType (string)

    Possible values: [,exploit-db,exploit-windows,cisa-kev]

    ExploitType represents the source of an exploit

  • ]
  • highestCVSS float

    HighestCVSS is the highest CVSS score of the vulnerability.

    highestRiskFactors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    highestSeverity string

    HighestSeverity is the highest severity of the vulnerability.

    impactedPkgs string (string)[]

    Packages impacted by the vulnerability.

    impactedResourceType vuln.ResourceType (string)

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType represents the resource type

    impactedResourcesCnt integer

    Number of resources impacted by this vulnerability.

    link string

    Link to CVE.

    riskFactors object

    RiskFactors maps the existence of vulnerability risk factors

    property name* string (string)
    riskScore float

    Risk score.

    status string

    CVE status.

  • ]
  • images object

    ResourceVulnerabilityStats holds vulnerability stats of a single resource type

    count integer

    Count is the total number of vulnerabilities.

    cves object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    impacted object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    vulnerabilities object[]

    All resource vulnerabilities.

  • Array [
  • cve string

    CVE ID.

    description string

    Vulnerability description.

    exploits object[]

    Exploits represents the exploits data found for a CVE

  • Array [
  • kind vulnerability.ExploitKind (string)

    Possible values: [poc,in-the-wild]

    ExploitKind represents the kind of the exploit

    link string

    Link is a link to information about the exploit.

    source vulnerability.ExploitType (string)

    Possible values: [,exploit-db,exploit-windows,cisa-kev]

    ExploitType represents the source of an exploit

  • ]
  • highestCVSS float

    HighestCVSS is the highest CVSS score of the vulnerability.

    highestRiskFactors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    highestSeverity string

    HighestSeverity is the highest severity of the vulnerability.

    impactedPkgs string (string)[]

    Packages impacted by the vulnerability.

    impactedResourceType vuln.ResourceType (string)

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType represents the resource type

    impactedResourcesCnt integer

    Number of resources impacted by this vulnerability.

    link string

    Link to CVE.

    riskFactors object

    RiskFactors maps the existence of vulnerability risk factors

    property name* string (string)
    riskScore float

    Risk score.

    status string

    CVE status.

  • ]
  • modified date-time

    Date/time when the entity was modified.

    registryImages object

    ResourceVulnerabilityStats holds vulnerability stats of a single resource type

    count integer

    Count is the total number of vulnerabilities.

    cves object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    impacted object

    Distribution counts the number of vulnerabilities per type

    critical integer

    .

    high integer

    .

    low integer

    .

    medium integer

    .

    total integer

    .

    vulnerabilities object[]

    All resource vulnerabilities.

  • Array [
  • cve string

    CVE ID.

    description string

    Vulnerability description.

    exploits object[]

    Exploits represents the exploits data found for a CVE

  • Array [
  • kind vulnerability.ExploitKind (string)

    Possible values: [poc,in-the-wild]

    ExploitKind represents the kind of the exploit

    link string

    Link is a link to information about the exploit.

    source vulnerability.ExploitType (string)

    Possible values: [,exploit-db,exploit-windows,cisa-kev]

    ExploitType represents the source of an exploit

  • ]
  • highestCVSS float

    HighestCVSS is the highest CVSS score of the vulnerability.

    highestRiskFactors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    highestSeverity string

    HighestSeverity is the highest severity of the vulnerability.

    impactedPkgs string (string)[]

    Packages impacted by the vulnerability.

    impactedResourceType vuln.ResourceType (string)

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType represents the resource type

    impactedResourcesCnt integer

    Number of resources impacted by this vulnerability.

    link string

    Link to CVE.

    riskFactors object

    RiskFactors maps the existence of vulnerability risk factors

    property name* string (string)
    riskScore float

    Risk score.

    status string

    CVE status.

  • ]
  • ]
Loading...