Forum Discussion
API GET for Defender TVM
Hi Guys,
I am running GET on "https://api-eu.securitycenter.windows.com/api/vulnerabilities" to pull all my vulnerabilities. What I am noticing is there is a lot of results with Exposed Machines that equal 0, while I only want to show Vulns that is equal to or greater than 1 (so shows all vulns on any of my machines).
In theory I should be able to do this via the below ("ge" = ">=")
https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=exposedMachines ge 1
But I am getting the below error:
Hi MattBurrows
I know I am a bit late to your question. I was searching something similar and found your question which was not answered yet. Thought I will add this if someone else stumbles over this:
As you can see here, there is no filter for the endpoint you are trying to request called "exposedMachines". This is also what you can see in the response error message "Filter parameter is invalid".
To solve this, you could either first request all vulnerabilities using the endpoint you already are using and then using the /api/vulnerabilities/{cveId/machineReferences you could loop through the first request and filter for vulnerabilities with device responses on them. Or the easier solution would be to access the /api/vulnerabilities/machinesVulnerabilities endpoint to directly query vulnerabilities which affect the organization per machine and software.
Hope this answers your question
- Michael Shalev
Microsoft
Hi MattBurrows ,
You could try calling the "Export software vulnerabilities assessment per device" API as follows:
GET https://api-eu.securitycenter.windows.com/api/machines/SoftwareVulnerabilitiesByMachine?$filter=cveId ne nullto only return devices that have a CVE ID
