Resolve Vulnerability Instances
Table of Contents
Expand all | Collapse all
-
- Get Device Details per Device ID
- Get Device Details per IP Address
- Get the Device Inventory
- Get Profile Mapping
- Get Security Alerts
- Resolve a Security Alert
- Get Vulnerability Instances
- Resolve Vulnerability Instances
- Add User-defined Tags
- Get a List of User-defined Tags
- Get Active Policy Rule Recommendations
Resolve Vulnerability Instances
Use the IoT Security API to mark one or more instances
of a vulnerability as resolved.
Synopsis
| URI | /pub/v4.0/vulnerability/update |
| HTTP Method | PUT |
| FQDN | <customer-name>.iot.paloaltonetworks.com |
Description
Mark one or more instances
of a vulnerability as resolved.
Request Fields
The URL of this request
contains the following parameter:
| Field | Description |
|---|---|
| customerid | (Required) The customer ID specifies
the API call for a specific tenant. The following value is
a string. |
The payload of this request contains the following
parameters:
| Field | Description |
|---|---|
| ticketIdList | (Required) This is a list of one or
more ticket IDs for vulnerability instances being resolved. If
you include the ticket IDs for multiple vulnerability instances,
separate them by commas; for example: "ticketIdList": ["vuln-1a4a72c2", "vuln-1a4a72c3", "vuln-1a4a72c4"] To
retrieve a list of vulnerabilities and vulnerability instances,
including their ticket IDs, use Get Vulnerability Instances and refer
to the zb_ticketid values. |
| action | (Required) This is the action employed
to resolve the vulnerability instance. The following value is a
string and must be either mitigate or ignore. |
| reason | (Required) This is the reason for
resolving the vulnerability instance. The following value is a string
and cannot contain any special characters. |
| full_name | (Required) This is the name of
the vulnerability; for example, CVE-2018-18568. The
following value is a string. |
Request to Resolve a Vulnerability Instance
Example
curl --location -X PUT 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/vulnerability/update?customerid=acmecorp' \ -H 'X-Key-Id: KEY_ID' \ -H 'X-Access-Key: ACCESS_KEY' \ --header 'Content-Type: application/json' \ --data-raw \ '{ "ticketIdList": [ "vuln-1a4a72c2" ], "action": "mitigate", "reason": "Threat was removed", "full_name": "CVE-2018-18568" }'
Success Response
Upon success,
the HTTP response code is 200.
Success Response Example
{ "api": "/pub/v4.0/vulnerability/update", "ver":"v4.0", "updatedVulnerInstanceList": [ "newScore": 18, "newLevel": "Low", "newAnomalyMap": { "application": 0, "payload": 0, "internal": 0, "external": 0, "protocol": 0 } ] }
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
| Field | Description |
|---|---|
| 400 | Bad Request. This occurs when an HTTP request contains invalid JSON in its body. |
| 403 | Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API. |
| 429 | Too many requests. The number of requests to resolve a vulnerability instance exceeded the rate limit of 180 queries per minute per tenant. |
| 500 | Internal server error. A unified status for API communication type errors. |
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}