Guides
Start typing to search…

Custom Vulnerabilities API

Organization administrators have the ability to push custom vulnerabilities into their organization's instance.

Getting Started

  1. Create a token (user must have the Admin role) and select thecreate-custom-vulnerability andupdate-custom-vulnerabilityscopes
  2. Save the token in a secure location and use it to create or update custom vulnerabilities for your organization

Creating Custom Vulnerabilities

To create a custom vulnerability use the Create Custom Vulnerability endpoint as defined in our API Documentation.


Updating Custom Vulnerabilities

Updating vulnerability metadata

To make changes to an existing vulnerability you can call same create custom vulnerability endpoint for the vulnerability ID that you want to update and override the existing vulnerability. Note, if any value is empty in the payload, you will lose old values for that vulnerability.

API documentation: https://api-docs.manifestcyber.com/#022c5906-903b-4d11-a339-dadeb2a20bf6

Updating the vulnerability's status

To update the status of the vulnerability, call same create custom vulnerability endpoint for the vulnerability ID that you want to update with the updated status in the payload.

API documentation: https://api-docs.manifestcyber.com/#6e4717c2-941b-4a1b-afe4-48e3a5f564bf

Fetching Custom Vulnerabilities

Users can fetch all custom vulnerabilities from a specific source using the Fetch Custom Vulnerabilities endpoint.

API documentation: https://api-docs.manifestcyber.com/#a63f692e-6fb0-4499-b892-96c7136ad867


FAQ

  1. How do I view the vulnerability that I just created in the UI?
    You can search for the vulnerability ID that you just created using the UI's global search. This will take you to the vulnerability's details page.
  2. If I have sub-organizations, do I need to push the same vulnerability to each one?
    No, if you push to the parent, its sub-organizations will inherit the vulnerabilities.
  3. Will I receive notifications for new vulnerabilities that we push?
    You will only receive a notification if the vulnerability you push has a published date of today's date (the date you push it) AND it has a CVSS score that matches your New Vulnerability Alerts criteria .
  4. How can I test if the vulnerability I pushed will actually match the SBOM that contains its impacted CPE?
    You must first push the vulnerability to your organization. Once you receive a success confirmation from the API response, upload and SBOM that contains the impacted CPE.

Updated about 2 months ago