Select the tab
ESET Connect – Table of Contents

GET List device operating system vulnerabilities

Relative path: /v1/device-os-vulnerabilities

List vulnerabilities of the operating system of the given device.

Note:
Besides vulnerabilities of the Linux kernel, there are also some "core packages" whose vulnerabilities are treated as operating system vulnerabilities.
For example: glibc, systemd, etc.
Such vulnerabilities are reported twice, once as an operating system vulnerability and once as a package vulnerability.

Endpoint URL for Europe, Germany, United States, Canada and Japan regions:






Query parameters

Name

Type

Description

deviceUuid

string

Reference to the vulnerable device.

If the device is identified as "me", all the [OS vulnerabilities] of the actual device are returned. If called with "me" in the cloud (that is, not on the device where the device context is ambiguous), the call will fail.

If empty or null, vulnerabilities of the operating system regardless of any device accessible to the caller will be returned in the response.

Clean devices with no vulnerabilities have no entry in the collection of vulnerable devices.

type: VulnerableDevice

deviceGroupUuid

string

Reference to the [device group].

If filled, only devices within the group will be included in the response. If empty, any device accessible to the caller will be included in the response.

type: device_management.v1.DeviceGroup

pageSize

integer

Limit for pagination purposes.

If unspecified or 0, the default value is 50. The maximum value is 1000; values above 1000 will be coerced to 1000.

Info: For more information, refer to Paginating Requests in APIs

or Design Patterns: Pagination

pageToken

string

Page token of the current page.

If not given or "", the first page is returned.

Info: For more information, refer to Paginating Requests in APIs

or Design Patterns: Pagination

Responses

Display Schema+Headers instead of an Example or vice-versa

Code

Description and Example

Description, Schema and Headers

200

Successful response.


Response example

{
  "nextPageToken": "string",
  "vulnerabilities": [
    {
      "osFamilyId": 0,
      "cveNumber": "string",
      "firstDetectTime": "string",
      "lastDetectTime": "string",
      "patchAvailable": true,
      "riskScore": 0,
      "severity": "SEVERITY_LEVEL_UNSPECIFIED",
      "vulnerabilityId": 0
    }
  ]
}

Successful response.


Response schema

{
  "$ref": "v1ListDeviceOsVulnerabilitiesResponse",
  "nextPageToken": {
    "type": "string",
    "description": "Page token of the next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or Design Patterns: Pagination"
  },
  "vulnerabilities": [
    {
      "$ref": "v1OsVulnerability",
      "description": "Descriptor of an operating system vulnerability. Note: Besides vulnerabilities of the Linux kernel, there are also some 'core packages', whose vulnerabilities are treated as operating system vulnerabilities. For example: glibc, systemd, etc. Such vulnerabilities are reported twice, once as an operating system vulnerability and once as a package vulnerability.",
      "osFamilyId": {
        "type": "integer",
        "description": "Operating system family. The family comprises the whole series of related operating systems. Some families feature multiple editions, for example, MacOS versus MacOS Server. Value Description 1 Windows 2 Linux 3 Mac OS 7 Unix type: os_catalog.v2.OsFamily",
        "format": "int64"
      },
      "cveNumber": {
        "type": "string",
        "description": "A CVE identifier string. Info: CVE identifiers"
      },
      "firstDetectTime": {
        "type": "string",
        "description": "When the vulnerability was detected for the first time.",
        "format": "date-time"
      },
      "lastDetectTime": {
        "type": "string",
        "description": "When the vulnerability was seen for the last time. Vulnerabilities are observed at discrete times. This is also the last time of observation.",
        "format": "date-time"
      },
      "patchAvailable": {
        "type": "boolean",
        "description": "If true, a patch fixing this vulnerability is available."
      },
      "riskScore": {
        "type": "integer",
        "description": "How risky the vulnerability is. The score is a numerical expression ranging from 0 to 100, where: 0 = no threat 100 = threat",
        "format": "int64"
      },
      "severity": {
        "$ref": "v1SeverityLevel",
        "type": "string",
        "description": "Severity levels abstracted to cover all the possible GUIs. Vocabulary is leaving interpretation of severity level completely to API client. This approach is inevitable on SIEM level as there are many contributing sources. Keeping the local names for severity levels never fits all the GUIs. SEVERITY_LEVEL_UNSPECIFIED: fallback SEVERITY_LEVEL_DIAGNOSTIC: In some GUIs known Debug SEVERITY_LEVEL_INFORMATIONAL: In some GUIs known as Info or Information SEVERITY_LEVEL_LOW: In some GUIs known Warning SEVERITY_LEVEL_MEDIUM: In some GUIs known as Error or Threat SEVERITY_LEVEL_HIGH: In some GUIs known as Critical",
        "default": "SEVERITY_LEVEL_UNSPECIFIED",
        "enum": [
          "SEVERITY_LEVEL_UNSPECIFIED",
          "SEVERITY_LEVEL_DIAGNOSTIC",
          "SEVERITY_LEVEL_INFORMATIONAL",
          "SEVERITY_LEVEL_LOW",
          "SEVERITY_LEVEL_MEDIUM",
          "SEVERITY_LEVEL_HIGH"
        ]
      },
      "vulnerabilityId": {
        "type": "integer",
        "description": "Vulnerability catalog ID.",
        "format": "int64"
      }
    }
  ]
}


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

Response took too long; request cached. Response can be retrieved later using the response-id header.


Response schema

[]


Headers

{
  "response-id": {
    "description": "Unique ID of a pending request. Used to retrieve cached result.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  },
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

401

Token has expired or is invalid.

Token has expired or is invalid.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

403

Access denied. Check permissions.

Access denied. Check permissions.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

404

Requested resource not found.

Requested resource not found.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

429

Rate limit reached. Try again later.

Rate limit reached. Try again later.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

500

Internal server failure. Try again later.

Internal server failure. Try again later.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

502

Internal server failure. Try again later.

Internal server failure. Try again later.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

503

Environment under maintenance. Try again later.

Environment under maintenance. Try again later.


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}

504

Action took too long; timeout reached

Action took too long; timeout reached


Response schema

[]


Headers

{
  "request-id": {
    "description": "Unique ID of the request. Include in support requests.",
    "style": "simple",
    "explode": false,
    "schema": {
      "type": "string",
      "format": "uuid"
    }
  }
}