Skip to main content

Get Vulnerabilities by RQL

POST 
/uve/api/v1/vulnerabilities/search

Get the list of vulnerabilities and their details based on an RQL query. For vulnerability RQL query attributes, see Vulnerability Query Attributes. For example queries, see Vulnerability Query Examples.

To download all the vulnerabilities by RQL in a CSV format, see Download All Vulnerabilities by RQL

Note: You need investigateVulnerabilityRql feature with View permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Investigate > Vulnerability is enabled.

Request

Query Parameters

    page_token string

    Token for pagination

    view string

    Possible values: [asset, cve]

    Filter vulnerabilities based on the CVE or Asset view as available in the UI. cve is used to get details of the CVEs that matches the query and asset is used to get the details of the assets that have the CVE which matches the query.

Body

    query stringrequired

    Vulnerability Query to Search

    id string

    saved search ID

Responses

successful operation

Schema
    id string
    name string
    description string
    searchType string
    saved boolean
    timeRange object
    type string
    value string
    query string
    data object
    totalRows int64
    totalAssets int64
    totalVulnerabilities int64
    items object[]
  • Array [
    • cveId string
    name string
    cvssScore double
    epssScore int32
    epssScorePrevious int32
    completeEpssScore double
    totalImpactedAssets int64
    riskFactors string[]
    code object
    assetsCount int64
    packages object
    packageCount int64
    repositoryCount int64
    iacResources object
    iacResourcesCount int64
    repositoryCount int64
    build object
    assetsCount int64
    images object
    imagesCount int64
    pipelineCount int64
    functions object
    functionsCount int64
    pipelineCount int64
    deploy object
    assetsCount int64
    registryImages object
    registryImagesCount int64
    repositoryCount int64
    hostVmImages object
    hostVmImagesCount int64
    run object
    assetsCount int64
    deployedImages object
    deployedImagesCount int64
    containerCount int64
    functions object
    functionsCount int64
    hosts object
    hostsCount int64
    published int64
    exploitable boolean
    patchable boolean
    severity string
  • ]
    • nextPageToken string
    assetSearchResultData object
    totalAssets int64
    totalRows int64
    items object[]
  • Array [
    • unifiedAssetId string
    assetType string
    assetName string
    cloudAccount string
    c2cFixSource string
    registryName string
    internetExposed boolean
    packageInUse boolean
    application string
    owner string
    spId string
    severityCount object
    lowSeverityCount int64
    mediumSeverityCount int64
    highSeverityCount int64
    criticalSeverityCount int64
    repoName string
    clusterName string[]
    clusterNamespaces string[]
  • ]
    • nextPageToken string
Loading...