Skip to main content

Get Impacted Resources Vulnerability (CVE) Stats

GET 

/api/v33.01/stats/vulnerabilities/impacted-resources

x-prisma-cloud-target-env: {"permission":"monitorVuln"}

Generates a list of impacted resources for a specific vulnerability. This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE.

Prisma Cloud Compute recalculates the stats for your environment every 24 hours. Alternatively, you can manually update the stats by clicking the Refresh button in Vulnerability Explorer.

You can use filters such as cvssThreshold, severityThreshold, or collections as query parameters to get desired results.

Consider the following observations:

  • You cannot use new filters such as severityThreshold and cvssThreshold with the collections filter or when you're assigned with specific collections or accounts.
  • cvssThresold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher.
  • severityThreshold: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher.
  • collections: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name.

cURL Request

Refer to the following example cURL command that retrieves a list of impacted resources for CVE-2022-28391:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2022-28391'

cURL Response

Refer to the following example JSON response that shows the risk tree for the impacted resources:

{
"_id": "CVE-2022-28391",
"images": [
{
"resourceID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229",
"containers": [
{
"image": "alpine:3.11",
"container": "mystifying_banzai",
"host": "jen-sle12-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal",
"factors": {
"rootPrivilege": true
}
},
{
"image": "alpine:3.11",
"container": "compassionate_austin",
"host": "jen-sle15-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal",
"factors": {
"rootPrivilege": true
}
},
...
},
{
"resourceID": "sha256:fcd5d51fc526ef1ff7cf2e94aa91be39d052874057ff603b66b9b461386fae93",
"containers": [
{
"image": "infoslack/dvwa:latest",
"factors": {}
}
]
},
{
"resourceID": "sha256:bc6b65772f298854ea0dca7d562684cb835f2f677e0e2ea1863b4566f29dcac1",
"containers": [
{
"image": "ghcr.io/christophetd/log4shell-vulnerable-app:latest",
"factors": {}
}
]
},
...
],
"hosts": [
{
"resourceID": "jen-ubu2204-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal"
},
{
"resourceID": "jen-ubu2004-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal"
},
...
],
"imagesCount": 5,
"hostsCount": 21,
"functionsCount": 0,
"codeReposCount": 0,
"registryImagesCount": 0
}

cURL Request

Refer to the following example cURL command that retrieves a the impacted registry images CVE-2015-0313 by using an optional query parameter resourceType:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&resourceType=registryImage'

Note: The API returns the impacted registry images only when you use the optional resourceType parameter with value registryImage.

cURL Request

Refer to the following example cURL command that retrieves a paginated list of impacted resources for CVE-2015-0313 by using optional query parameters limit and offset:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&offset=10&limit=100'

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    cve string

    CVE is used to as a pivot for the impacted resource search.

    severityThreshold string

    SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.

    cvssThreshold float

    CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.

    resourceType string

    Possible values: [container,image,host,istio,vm,function,registryImage]

    ResourceType is the single resource type to return vulnerability data for.

    agentless boolean

    Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.

    stopped boolean

    Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.

    packages string[]

    Packages filter by impacted packages.

    riskFactors string[]

    RiskFactors filter by CVE risk factors.

    envRiskFactors string[]

    EnvRiskFactors filter by environmental risk factors.

Responses

VulnImpactedResources holds details about the resources impacted by vulnerability

Schema
    _id string

    ID is the CVE ID (index for the impacted resources).

    functions object[]

    Functions is a map between function id to its details.

  • Array [
  • containers object[]

    Containers are the running containers of this image found in the environment.

  • Array [
  • container string

    .

    factors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    host string

    .

    image string

    .

    imageID string

    .

    namespace string

    .

  • ]
  • functionDetails string

    FunctionDetails is a formatted string holding function details.

    packages object[]

    Packages holds vulnerability details per impacted package found in this resource.

  • Array [
  • cvss float

    CVSS is the vulnerability cvss score for this package.

    package string

    Package is the impacted package name and version.

    severity string

    Severity is the vulnerability severity for this package.

  • ]
  • resourceID string

    ResourceID is a resource identifier (e.g. image ID, hostname).

  • ]
  • functionsCount integer

    FunctionsCount is the total impacted functions count.

    hosts object[]

    Hosts is the list of impacted hosts.

  • Array [
  • containers object[]

    Containers are the running containers of this image found in the environment.

  • Array [
  • container string

    .

    factors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    host string

    .

    image string

    .

    imageID string

    .

    namespace string

    .

  • ]
  • functionDetails string

    FunctionDetails is a formatted string holding function details.

    packages object[]

    Packages holds vulnerability details per impacted package found in this resource.

  • Array [
  • cvss float

    CVSS is the vulnerability cvss score for this package.

    package string

    Package is the impacted package name and version.

    severity string

    Severity is the vulnerability severity for this package.

  • ]
  • resourceID string

    ResourceID is a resource identifier (e.g. image ID, hostname).

  • ]
  • hostsCount integer

    HostsCount is the total impacted hosts count.

    images object[]

    Images is the list of impacted hosts.

  • Array [
  • containers object[]

    Containers are the running containers of this image found in the environment.

  • Array [
  • container string

    .

    factors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    host string

    .

    image string

    .

    imageID string

    .

    namespace string

    .

  • ]
  • functionDetails string

    FunctionDetails is a formatted string holding function details.

    packages object[]

    Packages holds vulnerability details per impacted package found in this resource.

  • Array [
  • cvss float

    CVSS is the vulnerability cvss score for this package.

    package string

    Package is the impacted package name and version.

    severity string

    Severity is the vulnerability severity for this package.

  • ]
  • resourceID string

    ResourceID is a resource identifier (e.g. image ID, hostname).

  • ]
  • imagesCount integer

    ImagesCount is the total impacted images count.

    registryImages object[]

    RegistryImages is a list of impacted registry images.

  • Array [
  • containers object[]

    Containers are the running containers of this image found in the environment.

  • Array [
  • container string

    .

    factors object

    RiskScoreFactors holds factors used to calculate risk score

    envVarSecrets boolean

    EnvVarSecrets indicates whether a container has access to secrets via environment variables.

    hostAccess boolean

    HostAccess indicates whether a container has access to the host network or namespace.

    internet boolean

    Internet indicates whether a container has internet access.

    network boolean

    Network indicates whether a container is listening to ports.

    noSecurityProfile boolean

    NoSecurityProfile indicates whether a container has security profile issue.

    privilegedContainer boolean

    PrivilegedContainer indicates whether a container runs using the --privileged flag.

    rootMount boolean

    RootMount indicates whether a container has access to the host file system using a root mount.

    rootPrivilege boolean

    RootPrivilege indicates whether a container runs as root.

    runtimeSocket boolean

    RuntimeSocket indicates whether a container has the runtime socket mounted.

    host string

    .

    image string

    .

    imageID string

    .

    namespace string

    .

  • ]
  • functionDetails string

    FunctionDetails is a formatted string holding function details.

    packages object[]

    Packages holds vulnerability details per impacted package found in this resource.

  • Array [
  • cvss float

    CVSS is the vulnerability cvss score for this package.

    package string

    Package is the impacted package name and version.

    severity string

    Severity is the vulnerability severity for this package.

  • ]
  • resourceID string

    ResourceID is a resource identifier (e.g. image ID, hostname).

  • ]
  • registryImagesCount integer

    RegistryImagesCount is the total impacted registry images count.

Loading...