Forum Discussion
List vulnerabilities API - Max results 8000?
Hi,
Someone knows why there has been a limit since last December 2023 in the results of this request?
I have built an powerbi report that connects and uses the information in tables from this api that now have stopped working because of this limit of 8000.
My Odata query i have used is:
Source = OData.Feed("https://api.securitycenter.microsoft.com/api/Vulnerabilities", null, [Implementation="2.0", MoreColumns=true])
This is sad, because I'm no longer able to use the data as published on and other tables in the vulnerabilities feed to visualize my cves in org like published on, exploit info etc.
Get all vulnerabilities | Microsoft Learn
Anyone have a workaround for this? or other tips? 🙂
- zenodjCopper ContributorHello dmj86
It seems the limit was 8000 , did you try to open a case with MS ?- dmj86Copper Contributor
No I haven't opened a case yet, but maybe I will. Seems that this was related (or just bad timing) to when they changed things in their rebrand to "defender XDR"
- zenodjCopper Contributor
ok, also try to follow jbmartin6 suggestion with $skip
By my side, a ticket is always a first approach
- jbmartin6Iron ContributorThe online documentation only mentions limit of 8000 when using oData $top filter: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/get-all-vulnerabilities?view=o365-worldwide
- jbmartin6Iron ContributorMy guess is they don't want to be supplying a global vulnerability database so there is a limit of 8000 on unfiltered queries. You could probably get more data via the advanced hunting API if you really wanted. But why are you trying to dump every known vulnerability? You might have better luck using the Vulnerabilities/machinesVulnerabilities API, that will only return 10k results but provides an @odata.nextlink property in the response that you can use to get the next page.
- jbmartin6Iron ContributorYou might also try using the odata $skip option to get the next 8000 e.g. https://api-us.securitycenter.microsoft.com/api/Vulnerabilities?$skip=8000 . I have not tried this but the doc says $skip is supported
- dmj86Copper Contributor
Yeah, I understand it like this too at first. But the limit seems to be there, regardless of whether you use top or not.
- suhasgoliCopper Contributor
Try following code, it will solve this issue: you can remove the exposedMachines condition if you want - skip is the important part
let
Source = OData.Feed("https://api.securitycenter.microsoft.com/api/vulnerabilities?$skip=8000", null, [Implementation="2.0"]),
Partial = if partial then Table.FirstN(Source, 50000) else Source,
#"Filtered Rows" = Table.SelectRows(Partial, each [exposedMachines] > 0)
in
#"Filtered Rows"- Cedric-ff-38Copper Contributor
Hi !
I try the code under excel, advanced editor. I had the following error:
Expression.Error: Partial import does not correspond to any export. Have you forgotten a module reference?
Did I miss something ?
Thanks !
- RickardRCopper ContributorI'm in a similar situation, though I'm calling the API directly from code. I would love to make an OData filter on exposedMachines, but it's not implemented it seems (,$filter=exposedMachines ge 1 gives filter parameter is invalid) right now I get about 97.000 results if I iterate over it with $filter=CvssV3 ge 7, about 96.000 of them have "exposedMachines: 0"....