{ "openapi": "3.1.0", "info": { "title": "Forward Networks: Vulnerability Analysis API", "description": "Identify network devices potentially impacted by CVEs", "contact": { "email": "support@forwardnetworks.com" }, "license": { "name": "MIT", "url": "https://spdx.org/licenses/MIT" }, "version": "${apiVersion}" }, "servers": [ { "url": "/" } ], "security": [ { "api_token": [] } ], "tags": [ { "name": "Vulnerability Analysis", "description": "Identify network devices potentially impacted by CVEs" } ], "paths": { "/api/networks/{networkId}/vulnerabilities": { "get": { "tags": [ "Vulnerability Analysis" ], "summary": "Gets vulnerabilities and possibly impacted devices", "operationId": "getVulnerabilitiesUsingGET", "parameters": [ { "name": "networkId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "snapshotId", "in": "query", "description": "An optional Snapshot id. If omitted, the network’s latest processed Snapshot is used.", "schema": { "type": "string" } }, { "name": "offset", "in": "query", "description": "An optional number of vulnerabilities to skip. Useful for paging. Defaults to 0.", "schema": { "type": "integer", "format": "int32" } }, { "name": "limit", "in": "query", "description": "An optional maximum number of vulnerabilities desired. Useful for paging. Defaults to 1000.", "schema": { "type": "integer", "format": "int32" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VulnerabilityAnalysis" } } } }, "409": { "description": "The system is currently processing this Snapshot.\n\nNote: GET /networks/{networkId}/snapshots/latestProcessed can be used to determine when processing of the latest Snapshot is done or to identify an alternate Snapshot that has already been processed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } } } } }, "components": { "schemas": { "ErrorInfo": { "type": "object", "required": [ "httpMethod", "apiUrl", "message" ], "properties": { "httpMethod": { "type": "string", "examples": [ "GET" ], "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE" ] }, "apiUrl": { "type": "string", "examples": [ "/api/version" ] }, "message": { "type": "string", "description": "A description of the error" }, "reason": { "type": "string" } } }, "LineRange": { "type": "object", "properties": { "start": { "type": "integer", "format": "int32", "description": "The 0-based index of the first line in the range.", "examples": [ 23 ] }, "end": { "type": "integer", "format": "int32", "description": "The 0-based index of the last line in the range (inclusive).", "examples": [ 27 ] } } }, "Vulnerability": { "type": "object", "required": [ "id", "severity", "vendor", "os", "osVersions", "dependsOnConfig", "detectionMethod" ], "properties": { "id": { "type": "string", "description": "The Common Vulnerabilities and Exposures ([CVE](https://www.cve.org)) ID assigned to this vulnerability in the National Vulnerability Database ([NVD](https://nvd.nist.gov))", "examples": [ "CVE-2019-0201" ] }, "description": { "type": "string", "examples": [ "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command…" ] }, "severity": { "type": "string", "examples": [ "MEDIUM" ], "enum": [ "NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] }, "url": { "type": "string", "description": "URL of this vulnerability’s vendor advisory, if available, or else the URL of the best source of information about the vulnerability that’s currently available", "examples": [ "https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability" ] }, "publishedDate": { "type": "string", "examples": [ "2023-12-31" ] }, "v2Score": { "type": "number", "format": "double", "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss)) v2.0 standard", "examples": [ 6.1 ] }, "v3Score": { "type": "number", "format": "double", "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss)) v3.x standard", "examples": [ 9.8 ] }, "v4Score": { "type": "number", "format": "double", "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://www.first.org/cvss/v4.0/specification-document)) v4.0 standard", "examples": [ 8.4 ] }, "knownExploitSource": { "type": "string", "description": "`CISA` if the vulnerability is in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities ([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) catalog. `VENDOR` if the vendor advisory (the page at `url`) indicates that the vulnerability has a known exploit. Absent otherwise.", "examples": [ "CISA" ], "enum": [ "CISA", "VENDOR" ] }, "weaknesses": { "type": "array", "items": { "type": "string" }, "description": "Common Weakness Enumeration ([CWE](https://cwe.mitre.org/about/new_to_cwe.html)) IDs associated with this CVE", "examples": [ "- CWE-123" ] }, "vendor": { "$ref": "#/components/schemas/VulnerabilityVendor", "examples": [ "ARISTA" ] }, "os": { "$ref": "#/components/schemas/VulnerabilityVendorOs", "examples": [ "arista_eos" ] }, "osVersions": { "type": "array", "items": { "type": "string" }, "examples": [ "- 4.15.0F" ] }, "dependsOnConfig": { "type": "boolean", "description": "Whether the CVE depends on configuration for this OS. Null if unknown.", "examples": [ true ] }, "detectionMethod": { "type": "string", "description": "How the set of possibly matching devices was constructed. `CONFIG` means that the analysis was more thorough than using just the OS version. The `CONFIG` method yields fewer false positives.", "examples": [ "OS_VERSION" ], "enum": [ "OS_VERSION", "CONFIG" ] }, "devices": { "type": "array", "items": { "type": "string" }, "description": "Possibly impacted devices. Present when `detectionMethod` is \"OS_VERSION\".", "examples": [ "- dev01\n- dev02" ] }, "deviceResults": { "type": "array", "items": { "$ref": "#/components/schemas/VulnerabilityDetectionResult" }, "description": "Results of device configuration analysis for this vulnerability. Present when `detectionMethod` is \"CONFIG\"." } } }, "VulnerabilityAnalysis": { "type": "object", "required": [ "vulnerabilities", "offset", "total", "indexCreatedAt" ], "properties": { "vulnerabilities": { "type": "array", "items": { "$ref": "#/components/schemas/Vulnerability" } }, "offset": { "type": "integer", "format": "int32", "description": "The number of vulnerabilities dropped from the front of `vulnerabilities` due to paging.", "examples": [ 200 ] }, "total": { "type": "integer", "format": "int32", "description": "The total number of vulnerabilities available in the analysis. This number can be larger than `offset` plus the length of `vulnerabilities` if some have been dropped from the back of `vulnerabilities` due to paging.", "examples": [ 1234 ] }, "indexCreatedAt": { "type": "string", "description": "When the CVE index used for analysis was created (epoch milliseconds)", "examples": [ "2025-06-01T12:34:56.789Z" ] }, "indexUploadedAt": { "type": "string", "description": "When the CVE index used for analysis was uploaded to the server (epoch milliseconds)", "examples": [ "2025-06-03T04:05:06.007Z" ] }, "indexUploadedBy": { "type": "string", "description": "The id of the `User` who uploaded the CVE index used for analysis", "examples": [ "345" ] } } }, "VulnerabilityDetectionResult": { "type": "object", "required": [ "device", "vulnerable" ], "properties": { "device": { "type": "string", "examples": [ "dev01" ] }, "vulnerable": { "type": "boolean", "description": "Absent if an error prevented analysis from completing", "examples": [ false ] }, "fileLines": { "type": "object", "additionalProperties": { "type": "array", "items": { "$ref": "#/components/schemas/LineRange" } }, "description": "Relevant source file lines for the device and CVE", "examples": [ { "dev01,configuration.txt": [ { "start": 117, "end": 119 } ] } ] } } }, "VulnerabilityVendor": { "type": "string", "enum": [ "CISCO", "JUNIPER", "ARISTA", "PICA8", "F5", "A10", "CHECKPOINT", "HP", "FORTINET", "PALO_ALTO_NETWORKS", "VMWARE", "CITRIX", "CUMULUS", "RIVERBED", "LINUX_GENERIC", "SYMANTEC", "AVI_NETWORKS", "AVAYA", "T128", "ARUBA", "VIASAT", "SILVER_PEAK", "PENSANDO", "FORCEPOINT", "NOKIA", "VERSA", "BROCADE", "EXTREME", "DELL", "HUAWEI", "GD", "EDGE_CORE" ] }, "VulnerabilityVendorOs": { "type": "string", "enum": [ "arista_eos", "avi_vantage", "bluecoat", "cisco_ios", "cisco_ios_xe", "cisco_ios_xr", "cisco_nxos", "cisco_asa", "cisco_ftd", "cisco_fxos", "cisco_nxos_aci", "cisco_apic", "cisco_sg", "cisco_wireless", "viptela", "juniper_junos", "juniper_srx", "juniper_netscreen", "linux_ovs_ofctl", "pica8_ovs_ofctl", "f5", "f5_os_hypervisor", "a10_acos", "checkpoint", "hp_provision", "hp_comware", "fortinet", "pan_os", "esxi", "citrix_netscaler", "cumulus", "riverbed_steelhead", "riverbed_interceptor", "128t", "aruba_switch", "aruba_aos_cx", "aruba_wifi_controller", "silver_peak_edgeconnect", "pensando", "cloud_genix", "forcepoint", "avaya_sr", "viasat_encryptor", "nokia", "huawei_switch", "versa_sase", "versa_switch", "brocade_switch", "cisco_encs_nfv", "extreme_nos", "meraki_ms", "meraki_mr", "meraki_mx", "mist_ap", "dell_os6", "dell_os9", "dell_os10", "dell_sonic", "gd_encryptor", "edge_core_sonic" ] } }, "securitySchemes": { "api_token": { "type": "http", "scheme": "basic" } } } }