{ "openapi" : "3.1.0", "info" : { "title" : "Forward Networks: Vulnerability Analysis API", "description" : "Identify network devices potentially impacted by CVEs", "contact" : { "email" : "support@forwardnetworks.com" }, "license" : { "name" : "MIT", "url" : "https://spdx.org/licenses/MIT" }, "version" : "${apiVersion}" }, "servers" : [ { "url" : "/" } ], "tags" : [ { "name" : "Vulnerability Analysis", "description" : "Vulnerability Analysis Controller" } ], "paths" : { "/api/networks/{networkId}/vulnerabilities" : { "get" : { "tags" : [ "Vulnerability Analysis" ], "summary" : "Gets vulnerabilities and possibly impacted devices", "operationId" : "getVulnerabilitiesUsingGET", "parameters" : [ { "name" : "networkId", "in" : "path", "description" : "networkId", "required" : true, "style" : "simple", "explode" : false, "schema" : { "type" : "string" } }, { "name" : "snapshotId", "in" : "query", "description" : "An optional Snapshot id. If omitted, the network’s latest processed Snapshot is used.", "required" : false, "allowEmptyValue" : false, "style" : "form", "explode" : true, "schema" : { "type" : "string" } }, { "name" : "offset", "in" : "query", "description" : "An optional number of vulnerabilities to skip. Useful for paging. Defaults to 0.", "required" : false, "allowEmptyValue" : false, "style" : "form", "explode" : true, "schema" : { "type" : "integer", "format" : "int32" } }, { "name" : "limit", "in" : "query", "description" : "An optional maximum number of vulnerabilities desired. Useful for paging. Defaults to 1000.", "required" : false, "allowEmptyValue" : false, "style" : "form", "explode" : true, "schema" : { "type" : "integer", "format" : "int32" } } ], "responses" : { "200" : { "description" : "OK", "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/VulnerabilityAnalysis" } } } }, "409" : { "description" : "The system is currently processing this Snapshot.\n\nNote: GET /networks/{networkId}/snapshots/latestProcessed can be used to determine when processing of the latest Snapshot is done or to identify an alternate Snapshot that has already been processed.", "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/ErrorInfo" } } } } }, "deprecated" : false, "security" : [ { "api_token" : [ ] } ] } } }, "components" : { "schemas" : { "ErrorInfo" : { "required" : [ "apiUrl", "httpMethod", "message" ], "type" : "object", "properties" : { "httpMethod" : { "type" : "string", "examples" : [ "GET" ], "enum" : [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE" ] }, "apiUrl" : { "type" : "string", "examples" : [ "/api/version" ] }, "message" : { "type" : "string", "description" : "A description of the error" }, "reason" : { "type" : "string" } } }, "LineRange" : { "type" : "object", "properties" : { "start" : { "type" : "integer", "description" : "The 0-based index of the first line in the range.", "format" : "int32", "examples" : [ 23 ] }, "end" : { "type" : "integer", "description" : "The 0-based index of the last line in the range (inclusive).", "format" : "int32", "examples" : [ 27 ] } } }, "Vulnerability" : { "required" : [ "dependsOnConfig", "detectionMethod", "id", "os", "osVersions", "severity", "vendor" ], "type" : "object", "properties" : { "id" : { "type" : "string", "description" : "The Common Vulnerabilities and Exposures ([CVE](https://www.cve.org)) ID assigned to this vulnerability in the National Vulnerability Database ([NVD](https://nvd.nist.gov))", "examples" : [ "CVE-2019-0201" ] }, "description" : { "type" : "string", "examples" : [ "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command…" ] }, "severity" : { "type" : "string", "examples" : [ "MEDIUM" ], "enum" : [ "NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] }, "url" : { "type" : "string", "description" : "URL of this vulnerability’s vendor advisory, if available, or else the URL of the best source of information about the vulnerability that’s currently available", "examples" : [ "https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability" ] }, "publishedDate" : { "type" : "string", "examples" : [ "2023-12-31" ] }, "v2Score" : { "type" : "number", "description" : "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss)) v2.0 standard", "format" : "double", "examples" : [ 6.1 ] }, "v3Score" : { "type" : "number", "description" : "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss)) v3.x standard", "format" : "double", "examples" : [ 9.8 ] }, "v4Score" : { "type" : "number", "description" : "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://www.first.org/cvss/v4.0/specification-document)) v4.0 standard", "format" : "double", "examples" : [ 8.4 ] }, "knownExploitSource" : { "type" : "string", "description" : "`CISA` if the vulnerability is in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities ([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) catalog. `VENDOR` if the vendor advisory (the page at `url`) indicates that the vulnerability has a known exploit. Absent otherwise.", "examples" : [ "CISA" ], "enum" : [ "CISA", "VENDOR" ] }, "weaknesses" : { "type" : "array", "description" : "Common Weakness Enumeration ([CWE](https://cwe.mitre.org/about/new_to_cwe.html)) IDs associated with this CVE", "examples" : [ [ "CWE-123" ] ], "items" : { "type" : "string" } }, "vendor" : { "type" : "string", "examples" : [ "ARISTA" ], "enum" : [ "UNKNOWN", "CISCO", "JUNIPER", "ARISTA", "PICA8", "F5", "A10", "CHECKPOINT", "HP", "FORTINET", "PALO_ALTO_NETWORKS", "VMWARE", "CITRIX", "CUMULUS", "RIVERBED", "LINUX_GENERIC", "AMAZON", "SYMANTEC", "AVI_NETWORKS", "MICROSOFT", "GOOGLE", "AVAYA", "T128", "ARUBA", "VIASAT", "SILVER_PEAK", "PENSANDO", "FORCEPOINT", "BLUECAT", "NOKIA", "VERSA", "BROCADE", "EXTREME", "DELL", "HUAWEI", "GD", "ALKIRA", "EDGE_CORE", "FORWARD_CUSTOM" ] }, "os" : { "type" : "string", "examples" : [ "arista_eos" ], "enum" : [ "arista_eos", "avi_vantage", "bluecoat", "cisco_ios", "cisco_ios_xe", "cisco_ios_xr", "cisco_nxos", "cisco_asa", "cisco_ftd", "cisco_fxos", "cisco_nxos_aci", "cisco_apic", "cisco_sg", "cisco_wireless", "viptela", "juniper_junos", "juniper_srx", "juniper_netscreen", "linux_ovs_ofctl", "pica8_ovs_ofctl", "f5", "f5_os_hypervisor", "a10_acos", "checkpoint", "hp_provision", "hp_comware", "fortinet", "pan_os", "esxi", "citrix_netscaler", "cumulus", "riverbed_steelhead", "riverbed_interceptor", "128t", "aruba_switch", "aruba_aos_cx", "aruba_wifi_controller", "silver_peak_edgeconnect", "pensando", "cloud_genix", "forcepoint", "avaya_sr", "viasat_encryptor", "nokia", "huawei_switch", "versa_sase", "versa_switch", "brocade_switch", "cisco_encs_nfv", "extreme_nos", "meraki_ms", "meraki_mr", "meraki_mx", "mist_ap", "dell_os6", "dell_os9", "dell_os10", "dell_sonic", "gd_encryptor", "edge_core_sonic" ] }, "osVersions" : { "type" : "array", "examples" : [ [ "4.15.0F" ] ], "items" : { "type" : "string" } }, "dependsOnConfig" : { "type" : "boolean", "description" : "Whether the CVE depends on configuration for this OS. Null if unknown.", "examples" : [ true ] }, "detectionMethod" : { "type" : "string", "description" : "How the set of possibly matching devices was constructed. `CONFIG` means that the analysis was more thorough than using just the OS version. The `CONFIG` method yields fewer false positives.", "examples" : [ "OS_VERSION" ], "enum" : [ "OS_VERSION", "CONFIG" ] }, "devices" : { "type" : "array", "description" : "Possibly impacted devices. Present when `detectionMethod` is \"OS_VERSION\".", "examples" : [ [ "dev01", "dev02" ] ], "items" : { "type" : "string" } }, "deviceResults" : { "type" : "array", "description" : "Results of device configuration analysis for this vulnerability. Present when `detectionMethod` is \"CONFIG\".", "items" : { "$ref" : "#/components/schemas/VulnerabilityDetectionResult" } } } }, "VulnerabilityAnalysis" : { "required" : [ "indexCreatedAt", "offset", "total", "vulnerabilities" ], "type" : "object", "properties" : { "vulnerabilities" : { "type" : "array", "items" : { "$ref" : "#/components/schemas/Vulnerability" } }, "offset" : { "type" : "integer", "description" : "The number of vulnerabilities dropped from the front of `vulnerabilities` due to paging.", "format" : "int32", "examples" : [ 200 ] }, "total" : { "type" : "integer", "description" : "The total number of vulnerabilities available in the analysis. This number can be larger than `offset` plus the length of `vulnerabilities` if some have been dropped from the back of `vulnerabilities` due to paging.", "format" : "int32", "examples" : [ 1234 ] }, "indexCreatedAt" : { "type" : "string", "description" : "When the CVE index used for analysis was created (epoch milliseconds)", "examples" : [ "2025-06-01T12:34:56.789Z" ] }, "indexUploadedAt" : { "type" : "string", "description" : "When the CVE index used for analysis was uploaded to the server (epoch milliseconds)", "examples" : [ "2025-06-03T04:05:06.007Z" ] }, "indexUploadedBy" : { "type" : "string", "description" : "The id of the `User` who uploaded the CVE index used for analysis", "examples" : [ "345" ] } } }, "VulnerabilityDetectionResult" : { "required" : [ "device", "vulnerable" ], "type" : "object", "properties" : { "device" : { "type" : "string", "examples" : [ "dev01" ] }, "vulnerable" : { "type" : "boolean", "description" : "Absent if an error prevented analysis from completing", "examples" : [ false ] }, "fileLines" : { "type" : "object", "additionalProperties" : { "type" : "array", "items" : { "$ref" : "#/components/schemas/LineRange" } }, "description" : "Relevant source file lines for the device and CVE", "examples" : [ { "dev01,configuration.txt" : [ { "start" : 117, "end" : 119 } ] } ] } } } }, "securitySchemes" : { "api_token" : { "type" : "http", "scheme" : "basic" } } } }