Question

How can I exclude hosts that haven't been seen for over X hours when pulling vulnerability data from the API?

  • 24 August 2023
  • 1 reply
  • 359 views

Badge

I only want to see vulnerabilities for hosts that have been running in last 8 hours in my vulnerability reports. How can I craft my API calls to achieve this?

Agent

N/A

Platform

N/A

Cloud

N/A


1 reply

Userlevel 2
Badge

If I understood the question correctly, you want a list of vulnerabilities for hosts over an 8hr period of time.  In this case, you will need to make an API call to:

{{baseUrl}}/api/v2/Vulnerabilities/Hosts/search then in the body, filter by the time.

baseUrl =  https://yourinstance.lacework.net

So the API call would look something like this, but adjust your time to the time period that you are looking for, but note that it can not exceed 7 days from start to end time.

Example Time Filter:

{ "timeFilter": {
"startTime": "2023-09-07T00:30:00Z",
"endTime": "2023-09-07T08:30:00Z"
}
}

If you have Postman setup:

  1. Run the "Generate Access Tokens,"
  2. Navigate to the Vulnerabilities folder in your Lacework Collection
  3. Run "Post Search Host Vulnerabilities"
  4. Click on the "Body" menu/ Tab
  5. Add the time filters in the body with the time filters that you want
  6. Click send
  7. Read the Body output to give you the JSON list and verify it is what you want to do.

Once you get the unfiltered JSON returned, then you can see what data it returns and adjust further fields or filters to match what you are specifically looking for.

 

Information about setting up postman and also API calls can be found in the following links:

API Information - Vulnerabilities

Postman API setup

 

Reply