Resolve Vulnerability Instances

Use the IoT Security API to mark one or more instances of a vulnerability as resolved.

Synopsis

URI
/pub/v4.0/vulnerability/update
HTTP Method
PUT
FQDN
<customer-name>.iot.paloaltonetworks.com

Description

Mark one or more instances of a vulnerability as resolved.

Request Fields

The URL of this request contains the following parameter:
Field
Description
customerid
(
Required
) The customer ID specifies the API call for a specific tenant.
The following value is a string.
The payload of this request contains the following parameters:
Field
Description
ticketIdList
(
Required
) This is a list of one or more ticket IDs for vulnerability instances being resolved.
If you include the ticket IDs for multiple vulnerability instances, separate them by commas; for example:
"ticketIdList": ["vuln-1a4a72c2", "vuln-1a4a72c3", "vuln-1a4a72c4"]
To retrieve a list of vulnerabilities and vulnerability instances, including their ticket IDs, use Get Vulnerability Instances and refer to the
zb_ticketid
values.
action
(
Required
) This is the action employed to resolve the vulnerability instance. The following value is a string and must be either
mitigate
or
ignore
.
reason
(
Required
) This is the reason for resolving the vulnerability instance. The following value is a string and cannot contain any special characters.
full_name
(
Required
) This is the name of the vulnerability; for example,
CVE-2018-18568
.
The following value is a string.
Request to Resolve a Vulnerability Instance Example
curl --location -X PUT 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/vulnerability/update?customerid=acmecorp' \ -H 'X-Key-Id: KEY_ID' \ -H 'X-Access-Key: ACCESS_KEY' \ --header 'Content-Type: application/json' \ --data-raw \ '{ "ticketIdList": [ "vuln-1a4a72c2" ], "action": "mitigate", "reason": "Threat was removed", "full_name": "CVE-2018-18568" }'

Success Response

Upon success, the HTTP response code is 200.
Success Response Example
{ "api": "/pub/v4.0/vulnerability/update", "ver":"v4.0", "updatedVulnerInstanceList": [ "newScore": 18, "newLevel": "Low", "newAnomalyMap": { "application": 0, "payload": 0, "internal": 0, "external": 0, "protocol": 0 } ] }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. This occurs when an HTTP request contains invalid JSON in its body.
403
Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API.
429
Too many requests. The number of requests to resolve a vulnerability instance exceeded the rate limit of 180 queries per minute per tenant.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}

Recommended For You