Retrieve vulnerabilities and misconfiguration

This API allows to query the scanners to retrieve detected vulnerabilities and misconfiguration #### Request URI

Path Parameter	Type	Mandatory	Description	Technical details
`system`	String	Y	Parameter Indicating which system must be queried.	Possible values: Pentera or RangerAD

Query Parameter	Type	Mandatory	Description	Technical details
`fromDate`	String	Y	From which date the data should be retrieved	Format: YYYY-MM-DD
`toDate`	String	N	Up to which date the data should be retrieved. If missing, current date will be used as default	Format: YYYY-MM-DD
`top`	Integer	N	Parameter for pagination result. Indicates how many record should be retrieved at the time.	Currently active only for RangerAD. For Pentera, all the data retrieved will be always returned in response
`nextPage`	String	N	Parameter for pagination result. Indicates the identifier to resume from the last page read.	Currently active only for RangerAD. For Pentera, all the data retrieved will be always returned in response

# Response structure

Field	Type	Description
`vulnerabilities (0..∞)`
target_name	string	Name of the scanned target
target_id	string	Unique identifier of the target
target_type	string	Type of the target (Host, Network, etc.)
id	string	Internal vulnerability identifier
name	string	Vulnerability name
summary	string	Short explanation of the vulnerability
port	number	Port where service is detected
protocol	string	Protocol associated with the vulnerability
severity	number	Severity score (CVSS-like)
insight	string	Detailed explanation of the risk
remediation	string	Recommended fix
priority	number	Priority for remediation
`misconfigurations (0..∞)`
`edges (0..∞)`
`node (0..∞)`
id	string	Unique identifier for this misconfiguration item
name	string	Title describing the misconfiguration
detectedAt	string (timestamp)	Timestamp when the misconfiguration was first detected
lastSeenAt	string (timestamp)	The most recent time this misconfiguration was observed
product	string	Security product that identified the issue
organization	string	Organization or tenant associated with this misconfiguration
environment	string	The system environment where the misconfiguration exists
severity	string	Risk severity classification
status	string	Current lifecycle state of the finding
exploitId	string	Identifier referencing an associated exploit (if any)
misconfigurationType	string	Category/type of misconfiguration
`misconfigurationDetail (0..∞)`
impact	string	Description of the security or operational impact
mitigationSteps	string	Steps recommended to mitigate or resolve the misconfiguration
mitigationReferences	string	Reference links or documentation supporting mitigation
`mitreAttacks (0..∞)`
techniqueId	string	MITRE ATTACK technique identifier
techniqueName	string	Name and description of the attack technique
techniqueUrl	string	External URL to the MITRE ATTACK technique reference

#### Response Example

{ "vulnerabilities": [ { "target_name": "Anonymous FTP login allowed", "target_id": "69242d907011f355fc0a8da7", "target_type": "Host", "id": "001", "name": "Anonymous FTP login allowed", "summary": "An attacker might look for anonymous logins on ftp server to find sensitive files in the network.", "port": 99, "protocol": "ftp", "severity": 5.3, "insight": "An attacker might look for anonymous logins on ftp server to find sensitive files in the network.", "remediation": "Disable anonymous logins and enforce logins using username and password. If you prefer to keep anonymous logins (to enable simple file sharing), make sure there are no sensitive files on the server", "priority": 1 }, { "target_name": "Anonymous FTP login allowed", "target_id": "69242d8d7011f355fc0a8b8e", "target_type": "Host", "id": "002", "name": "Anonymous FTP login allowed", "summary": "An attacker might look for anonymous logins on ftp server to find sensitive files in the network.", "port": 99, "protocol": "ftp", "severity": 5.3, "insight": "An attacker might look for anonymous logins on ftp server to find sensitive files in the network.", "remediation": "Disable anonymous logins and enforce logins using username and password. If you prefer to keep anonymous logins (to enable simple file sharing), make sure there are no sensitive files on the server", "priority": 1 }}

{ "misconfigurations": { "edges": [ { "node": [ { "id": "01962012-c2f9-7e89-af7b-d131dcf2ccae", "name": "Misconfiguration Name", "detectedAt": "2025-11-15T15:09:14.457Z", "lastSeenAt": "2025-11-22T06:22:47.960Z", "product": "XXX", "organization": "Test", "environment": "Active Directory", "severity": "CRITICAL", "status": "NEW", "exploitId": "21", "misconfigurationType": "ISPM", "misconfigurationDetail": [ { "impact": "A Kerberos Golden Ticket allows an attacker to impersonate any user within a domain.", "mitigationSteps": "{\"label\":\"Mitigation Steps\",\"children\":[{\"text\":\"Reason 1: Password not reset.\",\"type\":\"TextNode\"},{\"label\":\"\",\"children\":[{\"text\":\"Reset the krbtgt account password at least every 180 days.\",\"type\":\"TextNode\"},{\"text\":\"Open Active Directory Users and Computers.\",\"type\":\"TextNode\"},{\"text\":\"Locate the krbtgt account and reset the password twice to any string, waiting at least the maximum ticket lifetime (10 hours by default) between resets.\",\"type\":\"TextNode\"}],\"type\":\"UnorderedListNode\"},{\"text\":\"Reason 2: Default DN is moved.\",\"type\":\"TextNode\"},{\"label\":\"\",\"children\":[{\"text\":\"It indicates that the KRBTGT account was moved to a container other than the default \\\"Users\\\" container.\",\"type\":\"TextNode\"},{\"text\":\"Open Active Directory Users and Computers.\",\"type\":\"TextNode\"},{\"text\":\"Locate the krbtgt account reported as vulnerable and move it back to the users container.\",\"type\":\"TextNode\"}],\"type\":\"UnorderedListNode\"},{\"text\":\"Reason 3: UserAccountControl Value is not 514 or \\\"Account has delegation enabled\\\"\",\"type\":\"TextNode\"},{\"label\":\"\",\"children\":[{\"text\":\"It indicates that the default UserAccountControl Value of the krbtgt account has been changed.\",\"type\":\"TextNode\"},{\"text\":\"Open Active Directory Users and Computers.\",\"type\":\"TextNode\"},{\"text\":\"Locate the krbtgt account reported as vulnerable and Right-click the user account and select Properties.\",\"type\":\"TextNode\"},{\"text\":\"Switch to the \\\"Attribute Editor\\\" tab.\",\"type\":\"TextNode\"},{\"text\":\"Scroll down the attribute list and locate the \\\"UserAccountControl\\\" attribute.\",\"type\":\"TextNode\"},{\"text\":\"Update the value to 514 and Save.\",\"type\":\"TextNode\"}],\"type\":\"UnorderedListNode\"}],\"type\":\"UnorderedListNode\"}", "mitigationReferences": "{\"label\":\"References\",\"children\":[{\"label\":\"\",\"children\":[{\"text\":\"Reset the krbtgt account password/keys\",\"link\":\"https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password\",\"type\":\"LinkNode\"},{\"text\":\"Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory\",\"link\":\"https://adsecurity.org/?p=1515\",\"type\":\"LinkNode\"}],\"type\":\"UnorderedListNode\"},{\"label\":\"\",\"children\":[{\"text\":\"Golden Ticket Attack\",\"link\":\"https://adsecurity.org/wp-content/uploads/2016/03/Shakacon-2015-RedvsBlue-Final.pdf\",\"type\":\"LinkNode\"}],\"type\":\"UnorderedListNode\"}],\"type\":\"UnorderedListNode\"}" } ], "mitreAttacks": [ { "techniqueId": "T1558.001", "techniqueName": "Steal or Forge Kerberos Tickets: Golden Ticket, T1558.001", "techniqueUrl": "https://test.com/techniques/T1558/001" } ] } ] } ] } }

version 14 as of 1 week ago by Giuseppe Modena

0 Comments

Please sign in to post a comment.

Retrieve vulnerabilities and misconfiguration

0 Comments

Docs Navigation