API GET for Defender TVM

Occasional Contributor

Hi Guys,

 

I am running GET on "https://api-eu.securitycenter.windows.com/api/vulnerabilities" to pull all my vulnerabilities. What I am noticing is there is a lot of results with Exposed Machines that equal 0, while I only want to show Vulns that is equal to or greater than 1 (so shows all vulns on any of my machines). 

 

In theory I should be able to do this via the below ("ge" = ">=")

https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=exposedMachines ge 1 

But I am getting the below error:

 

    "error": {
        "code""BadRequest",
        "message""Filter parameter is invalid",
 
I have tried various other ways that is mentioned online but nothing seems to work.
 
No doubt its something so simple.
 
Cheers.
2 Replies

Hi @MattBurrows 

 

I know I am a bit late to your question. I was searching something similar and found your question which was not answered yet. Thought I will add this if someone else stumbles over this:

 

As you can see here, there is no filter for the endpoint you are trying to request called "exposedMachines". This is also what you can see in the response error message "Filter parameter is invalid".

 

To solve this, you could either first request all vulnerabilities using the endpoint you already are using and then using the /api/vulnerabilities/{cveId/machineReferences you could loop through the first request and filter for vulnerabilities with device responses on them. Or the easier solution would be to access the /api/vulnerabilities/machinesVulnerabilities endpoint to directly query vulnerabilities which affect the organization per machine and software.

 

Hope this answers your question