ManageEngine Vulnerability Manager Plus API - Systems' Vulnerability Detailed Information

Systems' Vulnerability Detailed Information

This API returns each vulnerability information in relation to a computer in a detailed format. In other words, every JSON object of the data array will have a computer information and vulnerability information together.

Note: This API is used to fetch large amount of data. This API is supported on Endpoint Central (for both OP and Cloud) and Vulnerability Manager Plus build versions 11.3.2430.01 and above. It is not supported for Endpoint Central MSP.

Functionality
Retrieves each vulnerability alongside its corresponding affected computer

HTTP Method
GET

API URI
/dcapi/threats/detailedinfo/vulnerabilities?pageLimit=5000

Scope (On Premises)
VulnerabilityMgmt_Read

Filters

Filter Name	Description
updatedTime (Case sensitive)	Fetches vulnerabilities that have been updated after the given time.
vulnerabilityStatus (Case sensitive) By default, open will be fetched.	open – Fetches the status of open vulnerabilities.
	close – Fetches the status of closed vulnerabilities.

PageLimit
5000 (Default)

Pagination Handling
Pagination is handled by using 'cursor' and 'isNextPageAvailable' values returned in each API Hit. Depending on these values, data from next page can be fetched if there is any

Step:1 Sample API and Response

First hit: /dcapi/threats/detailedinfo/vulnerabilities?pageLimit=5000

Sample Request Body: No request body in the first hit

First Response Data

{
    "message_response": {
        "data": [
            {
                "severity": "Critical",
                "cvss_2_score": "--",
                "patch_description": "Security Update for SQL Server 2022 RTM (KB5046861)",
                "reference_links": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21528,https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21529",
                "exploitscount": 0,
                "ip_address": "172.23.192.1,172.19.176.1,172.21.239.42",
                "vulnerability_status": "open",
                "fqdn_name": "PURRY-031.DOMAIN.COM",
                "updatedtime": 1733906647275,
                "patchid": 40226,
                "vulnerabilityid": 174340,
                "vulnerabilityname": "Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2022 RTM GDR (KB5021522)",
                "cveids": "CVE-2023-21528,CVE-2023-21568,CVE-2023-21704,CVE-2023-21705,CVE-2023-21713,CVE-2023-21718,CVE-2023-23384",
                "resource_id": 301,
                "resource_name": "PURRY-031",
                "cvss_3_score": 9.8
            }
        ]
    },
    "metadata": {
        "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
        "pageLimit": 1,
        "totalRecords": 1,
        "isNextPageAvailable": true
    }
}

Since in the above response, 'isNextPageAvailable' is 'true', we have to hit the same API with 'cursor' in the payload. -> In every API Hit you'll receive 'cursor' and 'isNextPageAvailable' values. If 'isNextPageAvailable' is 'true' in an API response, then we hit the API again with 'cursor' value in payload until, 'isNextPageAvailable' value is 'false'

Step:2 Second API hit

Second hit: /dcapi/threats/detailedinfo/vulnerabilities?pageLimit=5000

Sample Request Body: In second hit we need to add cursor in the request body to get next set of data.

{
    "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7"
}

If you need to get data greater than updatedTime, then modify the request body as,

{
    "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
    "updatedTime": "12345678910"
}

Second Response Data

{
    "message_response": {
        "data": [
            {
                "severity": "Important",
                "cvss_2_score": "--",
                "patch_description": "Security Update for SQL Server 2022 RTM CU (KB5046862)",
                "reference_links": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29349",
                "exploitscount": 0,
                "ip_address": "172.23.192.1,172.19.176.1,172.21.239.42",
                "vulnerability_status": "open",
                "fqdn_name": "PURRY-031.DOMAIN.COM",
                "updatedtime": 1733906647275,
                "patchid": 40226,
                "vulnerabilityid": 181871,
                "vulnerabilityname": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability for SQL Server 2022 - KB5026806",
                "cveids": "CVE-2023-29349,CVE-2023-29356,CVE-2023-32025,CVE-2023-32026,CVE-2023-32027,CVE-2023-32028,CVE-2023-38169",
                "resource_id": 301,
                "resource_name": "PURRY-031",
                "cvss_3_score": 7.7
            }
        ]
    },
    "metadata": {
        "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
        "pageLimit": 1,
        "totalRecords": 1,
        "isNextPageAvailable": false
    }
}

In the second request, you'll receive a cursor; however, since 'isNextPageAvailable' is 'false', there's no need to call the API again, as it indicates there is no more data available.

Sample Python Code

    
import requests
import json
import urllib3
import time
urllib3.disable_warnings()


META_DATA = "metadata"
MESSAGE_RESPONSE = "message_response"
DATA = "data"
IS_NEXT_PAGE_AVAILABLE = "isNextPageAvailable"
ERRORCODE = "errorCode"
ERROR_CODE = "error_code"
ERROR_MSG = "errorMsg"

serverURL = "https://yourservername:8383" # Replace Your server URL Here
apiURL = "/dcapi/threats/detailedinfo/vulnerabilities?pageLimit=5000" 

if serverURL[-1] != "/":
    serverURL += "/"

url = serverURL + apiURL

headers = {}
headers["Authorization"] = "4968DB1D-323C-45E6-9817-A06526D72B32"  # Replace Your Auth Token Here. To generate Auth token,
                                                                   # Go to, EC console, Admin tab -> API Explorer -> Authentication (in left panel) -> Login (In Authentication dropdown)

payload = {}

try:
    hitAPI = True
    lockoutCounter = 0
    
    while hitAPI:

        response = requests.get(url=url, verify=False, headers=headers, json=payload)
        response = response.content.decode()
        response = json.loads(response)
        
        if ERRORCODE in response:
            print("Error Code: " + str(response[ERRORCODE]) + "  Error Description: " + response[ERROR_MSG])
            time.sleep(360)
            lockoutCounter += 1
            if lockoutCounter > 20:
                hitAPI = False
                print("Error Code: Failure,  Error Description: API locked out more than 20 times, Increase API threshold")
        elif ERROR_MSG in response:
            print("Error: " + response[ERROR_MSG])
            hitAPI = False
        elif ERROR_CODE in response[META_DATA]:
            print("Error Code: " + str(response[META_DATA][ERROR_CODE]) + "  Error Description: " + response[META_DATA]["error_description"])
            hitAPI = False
        else:
            # Your response in Json to manipulate.
            data = response[MESSAGE_RESPONSE][DATA]
            print(data)

            metaData = response[META_DATA]
            hitAPI = True if response[META_DATA][IS_NEXT_PAGE_AVAILABLE] == True or response[META_DATA][IS_NEXT_PAGE_AVAILABLE] == "True" or response[META_DATA][IS_NEXT_PAGE_AVAILABLE] == "true" else False
            
            #Settings cursor as payload for next API hit
            payload["cursor"] = response[META_DATA]["cursor"]

except Exception as e:
    print(e)