Forum Discussion

sirferl's avatar
sirferl
Copper Contributor
Mar 10, 2022

api/vulnerabilities/machinesVulnerabilities suddenly returns only 1000 items

We're querying api/vulnerabilities/machinesVulnerabilities and other defender apis once a day for some months  with success. Starting today around 1:20AM UTC this query only returns 1000 items - we ...
sirferl's avatar
sirferl
Copper Contributor
Feb 12, 2024

Hi ndaishuna Since posting this two years ago I switched to this query, which gives every vulnerability.

We select only a few fields with the $select operator

https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine?$select=cveId, deviceId, softwareName, softwareVendor, softwareVersion, vulnerabilitySeverityLevel, firstSeenTimestamp

 

You have to observe the next-link presence in the returned data to get all the elements eg. python:

if '@odata.nextLink' in jsonResponse:
    url = jsonResponse['@odata.nextLink']

 

ndaishuna's avatar
ndaishuna
Copper Contributor
Feb 12, 2024

sirferl 

Thanks, for us , since last week Microsoft applied some changes on their Defender API and it doesn't show all vulnerabilities like before. The best way to have all of the vulnerabilities is to send request to the Azure Resource Graph API.

 

That allows us much more flexibility and we can explore any assessment we need. I think that's what Microsoft has moved to.

 

 

 

POST https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01

Headers:
Content-Type: application/json
Authorization: Bearer [Your token after authentication]

Body 
{
    "subscriptions": [
        "[Your subscription ID]"
    ],
    "query": "securityresources | where type =~ \"microsoft.security/assessments/subassessments\" | where properties.additionalData.assessedResourceType =~ \"ServerVulnerabilityTvm\""
}

 

 

Resources