AnsweredAssumed Answered

Using API to identify web vulnerability scans with 'High' severity

Question asked by wkolatac on Jan 27, 2020
Latest reply on Jan 31, 2020 by wkolatac

I'm hoping to get some design advice ...


I have four multi-site configurations, each with hundreds of web application configurations.
The multi-site configurations run separately, one each weekend (we scan each website once a month). The scheduled multi-site configuration can run for days.

 

My requirement is to identify any web application configuration vulnerability scan that completes with a 'High' severity. I also need to get a list of the vulnerability findings that resulted in the 'High' severity level.

 

My plan is to run a daily process utilizing the WAS API.

 

Idea #1
From the portal, if I go to the Scan List tab and search using the name of a multi-site configuration I get a list of all executions for that multi-site configuration. See below:


If I select one of the dates and click 'View Scans', I get a list of all the web application scans in that multi-site configuration along with the severity. See below:


Is there a way to get that list using the APIs? If so, I could try to do something like:

  • get the list of web application scans that completed since the last time i ran (i'll keep a date/timestamp and use it to only get the most recently completed scans)
  • check if the scan severity is 'high' (how can i determine this ... i don't see this as an element returned by any of the APIs).
  • if high, use the search/was/finding API to identify the vulnerabilities

 

Idea #2
Use the search/was/finding API to get a list of all vulnerabilities found with severity level of 4 or 5.
Use some date/time logic to only get findings identified since the last time process run.
This approach is causing me some issues ... if a vulnerability was detected at one point but can no longer be tested, it still shows up in the list. I will need some way to filter these out ....

 

Anyone have any other suggestions??

 

On a related note ... is there a way to find out when a web application configuration was last scanned?  Can't seem to find this data returned by an API....

 

thanks in advance....

Outcomes