Forum Discussion

dmj86's avatar
dmj86
Copper Contributor
Jan 02, 2024

List vulnerabilities API - Max results 8000?

Hi,

Someone knows why there has been a limit since last December 2023 in the results of this request? 

I have built an powerbi report that connects and uses the information in tables from this api that now have stopped working because of this limit of 8000. 


My Odata query i have used is:

Source = OData.Feed("https://api.securitycenter.microsoft.com/api/Vulnerabilities", null, [Implementation="2.0", MoreColumns=true])

This is sad, because I'm no longer able to use the data as published on and other tables in the vulnerabilities feed to visualize my cves in org like published on, exploit info etc. 

Get all vulnerabilities | Microsoft Learn

Anyone have a workaround for this? or other tips? 🙂 

  • zenodj's avatar
    zenodj
    Copper Contributor
    Hello dmj86

    It seems the limit was 8000 , did you try to open a case with MS ?
    • dmj86's avatar
      dmj86
      Copper Contributor

      No I haven't opened a case yet, but maybe I will. Seems that this was related (or just bad timing) to when they changed things in their rebrand to "defender XDR"

      • zenodj's avatar
        zenodj
        Copper Contributor

        ok, also try to follow jbmartin6 suggestion with $skip
        By my side, a ticket is always a first approach

    • jbmartin6's avatar
      jbmartin6
      Iron Contributor
      My guess is they don't want to be supplying a global vulnerability database so there is a limit of 8000 on unfiltered queries. You could probably get more data via the advanced hunting API if you really wanted. But why are you trying to dump every known vulnerability? You might have better luck using the Vulnerabilities/machinesVulnerabilities API, that will only return 10k results but provides an @odata.nextlink property in the response that you can use to get the next page.
    • dmj86's avatar
      dmj86
      Copper Contributor

      Yeah, I understand it like this too at first. But the limit seems to be there, regardless of whether you use top or not.

  • suhasgoli's avatar
    suhasgoli
    Copper Contributor

    Try following code, it will solve this issue: you can remove the exposedMachines condition if you want - skip is the important part

     

    let
    Source = OData.Feed("https://api.securitycenter.microsoft.com/api/vulnerabilities?$skip=8000", null, [Implementation="2.0"]),
    Partial = if partial then Table.FirstN(Source, 50000) else Source,
    #"Filtered Rows" = Table.SelectRows(Partial, each [exposedMachines] > 0)
    in
    #"Filtered Rows"

    • Cedric-ff-38's avatar
      Cedric-ff-38
      Copper Contributor

      Hi ! 

      I try the code under excel, advanced editor. I had the following error: 

      Expression.Error: Partial import does not correspond to any export. Have you forgotten a module reference?

      Did I miss something ?

      Thanks !

  • RickardR's avatar
    RickardR
    Copper Contributor
    I'm in a similar situation, though I'm calling the API directly from code. I would love to make an OData filter on exposedMachines, but it's not implemented it seems (,$filter=exposedMachines ge 1 gives filter parameter is invalid) right now I get about 97.000 results if I iterate over it with $filter=CvssV3 ge 7, about 96.000 of them have "exposedMachines: 0"....

Resources