Forum Discussion
api/vulnerabilities/machinesVulnerabilities suddenly returns only 1000 items
sirferl We have the same problem. For many months, we have had our scripts calling every day the Defender API and suddenly most of the vulnerabilities disappeared, only some of them remain. That makes not a lot of sense. Maybe it only display the latest vulnerabilities and after a date, the API doesn't display it. Even that, nothing on the documentation is explaining anything about this and we don't know how to display all the CVE from the API. We are checking..
Hi ndaishuna Since posting this two years ago I switched to this query, which gives every vulnerability.
We select only a few fields with the $select operator
https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine?$select=cveId, deviceId, softwareName, softwareVendor, softwareVersion, vulnerabilitySeverityLevel, firstSeenTimestamp
You have to observe the next-link presence in the returned data to get all the elements eg. python:
if '@odata.nextLink' in jsonResponse:
url = jsonResponse['@odata.nextLink']
Thanks, for us , since last week Microsoft applied some changes on their Defender API and it doesn't show all vulnerabilities like before. The best way to have all of the vulnerabilities is to send request to the Azure Resource Graph API.
That allows us much more flexibility and we can explore any assessment we need. I think that's what Microsoft has moved to.
POST https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01 Headers: Content-Type: application/json Authorization: Bearer [Your token after authentication] Body { "subscriptions": [ "[Your subscription ID]" ], "query": "securityresources | where type =~ \"microsoft.security/assessments/subassessments\" | where properties.additionalData.assessedResourceType =~ \"ServerVulnerabilityTvm\"" }