Get Vulnerabilities and Alerts for an Application

POST /appid/search/api/v1/app/risk

Returns vulnerabilities and alerts associated with assets.

Note: You need investigateApplicationRql feature with Read permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Investigate > Applications is enabled.

Request

application/json

Body

required

query string

applicationId string

Responses

A JSON object containing vulnerabilities and alerts.

application/json

Schema
Example (from schema)

Schema

vulns object[]

List of vulnerabilities.

alerts object[]

List of alerts.

Array [

unifiedAssetId string

Unique identifier for the asset associated with the alert.

alertId string

Unique identifier for the alert.

policy object

Details of the policy that triggered the alert.

policyId string

Unique identifier for the policy.

name string

Name of the policy.

severity string

Possible values: [low, medium, high, critical]

Severity level of the policy.

policyType string

Type of the policy.

findingTypes string[]

Possible values: [PRIVILEGE_ESCALATION, INTERNET_EXPOSURE, OTHER]

Types of findings associated with the policy.

]

{
  "vulns": [
    {}
  ],
  "alerts": [
    {
      "unifiedAssetId": "string",
      "alertId": "string",
      "policy": {
        "policyId": "string",
        "name": "string",
        "severity": "low",
        "policyType": "string",
        "findingTypes": [
          "PRIVILEGE_ESCALATION"
        ]
      }
    }
  ]
}

Get Vulnerabilities and Alerts for an Application

/appid/search/api/v1/app/risk

Request​

Body

Responses​

Request

Responses