cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API GET for Defender TVM

MattBurrows
Brass Contributor

‎Feb 10 2022 03:51 AM

‎Feb 10 2022 03:51 AM

API GET for Defender TVM

Hi Guys,

 

I am running GET on "https://api-eu.securitycenter.windows.com/api/vulnerabilities" to pull all my vulnerabilities. What I am noticing is there is a lot of results with Exposed Machines that equal 0, while I only want to show Vulns that is equal to or greater than 1 (so shows all vulns on any of my machines). 

 

In theory I should be able to do this via the below ("ge" = ">=")

https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=exposedMachines ge 1 

But I am getting the below error:

 

    "error": {
        "code""BadRequest",
        "message""Filter parameter is invalid",
 
I have tried various other ways that is mentioned online but nothing seems to work.
 
No doubt its something so simple.
 
Cheers.
Labels:
1,958 Views
1 Like
2 Replies
Reply
2 Replies
AKugaseelan

‎Mar 30 2022 02:33 AM

‎Mar 30 2022 02:33 AM

Re: API GET for Defender TVM

Hi @MattBurrows 

 

I know I am a bit late to your question. I was searching something similar and found your question which was not answered yet. Thought I will add this if someone else stumbles over this:

 

As you can see here, there is no filter for the endpoint you are trying to request called "exposedMachines". This is also what you can see in the response error message "Filter parameter is invalid".

 

To solve this, you could either first request all vulnerabilities using the endpoint you already are using and then using the /api/vulnerabilities/{cveId/machineReferences you could loop through the first request and filter for vulnerabilities with device responses on them. Or the easier solution would be to access the /api/vulnerabilities/machinesVulnerabilities endpoint to directly query vulnerabilities which affect the organization per machine and software.

 

Hope this answers your question

0 Likes
Reply
Michael Shalev

‎Apr 19 2022 04:11 PM

‎Apr 19 2022 04:11 PM

Re: API GET for Defender TVM

Hi @MattBurrows ,

 

You could try calling the "Export software vulnerabilities assessment per device" API as follows:
GET https://api-eu.securitycenter.windows.com/api/machines/SoftwareVulnerabilitiesByMachine?$filter=cveI...

to only return devices that have a CVE ID

0 Likes
Reply