Findings API

Verwalten Sie Schwachstellen, die während Scans entdeckt wurden.

Endpunkte

Method	Endpoint	Beschreibung
GET	`/api/v1/findings`	Alle Findings auflisten
GET	`/api/v1/findings/{id}`	Finding-Details abrufen
PATCH	`/api/v1/findings/{id}`	Finding-Status aktualisieren
POST	`/api/v1/findings/{id}/comments`	Kommentar hinzufügen
GET	`/api/v1/findings/stats`	Findings-Statistiken abrufen

Findings auflisten

Alle Schwachstellen abrufen.

bash

GET /api/v1/findings

Query-Parameter

Parameter	Typ	Beschreibung
`page`	integer	Seitennummer (Standard: 1)
`per_page`	integer	Einträge pro Seite (Standard: 20, max: 100)
`severity`	string	Filter: `critical`, `high`, `medium`, `low`, `info`
`status`	string	Filter: `open`, `in_progress`, `resolved`, `false_positive`, `accepted`
`scan_id`	string	Nach Scan filtern
`target`	string	Nach Ziel-Domain filtern
`tool`	string	Nach Erkennungs-Tool filtern
`cve`	string	Nach CVE ID filtern
`sort`	string	Sortieren nach: `severity`, `created_at`, `cvss_score`
`order`	string	Sortierreihenfolge: `asc`, `desc`

Antwort

json

{
  "items": [
    {
      "id": "finding_abc123",
      "title": "Remote Code Execution via Deserialization",
      "severity": "critical",
      "status": "open",
      "cvss_score": 9.8,
      "epss_score": 0.85,
      "target": "example.com",
      "affected_component": "https://example.com/api/upload",
      "tool": "nuclei",
      "template_id": "CVE-2024-1234",
      "cve_ids": ["CVE-2024-1234"],
      "cwe_ids": ["CWE-502"],
      "scan_id": "scan_xyz789",
      "detected_at": "2025-12-21T10:30:00Z",
      "frameworks": ["SOC 2", "PCI-DSS"]
    }
  ],
  "total": 156,
  "page": 1,
  "per_page": 20,
  "pages": 8
}

Finding-Details abrufen

Vollständige Details für ein Finding abrufen.

bash

GET /api/v1/findings/{finding_id}

Antwort

json

{
  "id": "finding_abc123",
  "title": "Remote Code Execution via Deserialization",
  "severity": "critical",
  "status": "open",
  "cvss_score": 9.8,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "epss_score": 0.85,
  "target": "example.com",
  "affected_component": "https://example.com/api/upload",
  "description": "The application deserializes untrusted data without validation, allowing remote code execution...",
  "impact": "An attacker can execute arbitrary code on the server, potentially gaining full system access...",
  "remediation": {
    "summary": "Avoid deserializing untrusted data. If necessary, use allowlists for permitted classes.",
    "steps": [
      "Update the serialization library to the latest version",
      "Implement input validation before deserialization",
      "Use secure deserialization patterns"
    ],
    "code_example": "// Example secure deserialization...",
    "references": [
      "https://owasp.org/www-project-web-security-testing-guide/"
    ]
  },
  "evidence": {
    "request": "POST /api/upload HTTP/1.1...",
    "response": "HTTP/1.1 500 Internal Server Error...",
    "screenshot_url": null
  },
  "tool": "nuclei",
  "template_id": "CVE-2024-1234",
  "cve_ids": ["CVE-2024-1234"],
  "cwe_ids": ["CWE-502"],
  "scan_id": "scan_xyz789",
  "detected_at": "2025-12-21T10:30:00Z",
  "frameworks": [
    {
      "name": "SOC 2",
      "controls": ["CC6.1", "CC7.1"]
    },
    {
      "name": "PCI-DSS",
      "controls": ["6.5.1", "11.3"]
    }
  ],
  "comments": [
    {
      "id": "comment_123",
      "user": "[email protected]",
      "text": "Assigned to security team for immediate review",
      "created_at": "2025-12-21T11:00:00Z"
    }
  ],
  "history": [
    {
      "action": "status_changed",
      "from": null,
      "to": "open",
      "user": "system",
      "timestamp": "2025-12-21T10:30:00Z"
    }
  ]
}

Finding aktualisieren

Status oder Eigenschaften eines Findings aktualisieren.

bash

PATCH /api/v1/findings/{finding_id}
Content-Type: application/json

Request Body

json

{
  "status": "in_progress",
  "assignee": "[email protected]",
  "priority": "high",
  "due_date": "2025-12-28T00:00:00Z",
  "notes": "Escalated to development team"
}

Gültige Status-Werte

Status	Beschreibung
`open`	Finding ist noch offen
`in_progress`	Behebung läuft
`resolved`	Finding wurde behoben
`false_positive`	Kein gültiges Finding
`accepted`	Risiko akzeptiert, keine Behebung geplant

Antwort

json

{
  "id": "finding_abc123",
  "status": "in_progress",
  "assignee": "[email protected]",
  "updated_at": "2025-12-21T12:00:00Z"
}

Kommentar hinzufügen

Einen Kommentar zu einem Finding hinzufügen.

bash

POST /api/v1/findings/{finding_id}/comments
Content-Type: application/json

Request Body

json

{
  "text": "Verified the vulnerability. Working on patch."
}

Antwort

json

{
  "id": "comment_456",
  "finding_id": "finding_abc123",
  "user": "[email protected]",
  "text": "Verified the vulnerability. Working on patch.",
  "created_at": "2025-12-21T12:30:00Z"
}

Findings-Statistiken

Aggregierte Statistiken für Findings abrufen.

bash

GET /api/v1/findings/stats

Query-Parameter

Parameter	Typ	Beschreibung
`from_date`	string	Startdatum (ISO 8601)
`to_date`	string	Enddatum (ISO 8601)
`target`	string	Nach Ziel filtern

Antwort

json

{
  "total": 156,
  "by_severity": {
    "critical": 5,
    "high": 23,
    "medium": 67,
    "low": 45,
    "info": 16
  },
  "by_status": {
    "open": 89,
    "in_progress": 34,
    "resolved": 28,
    "false_positive": 3,
    "accepted": 2
  },
  "by_tool": {
    "nuclei": 89,
    "sqlmap": 12,
    "semgrep": 34,
    "trivy": 21
  },
  "trends": {
    "new_this_week": 23,
    "resolved_this_week": 18,
    "average_resolution_days": 7.5
  }
}

Massenoperationen

Status in Masse aktualisieren

bash

POST /api/v1/findings/bulk
Content-Type: application/json

{
  "finding_ids": ["finding_123", "finding_456", "finding_789"],
  "update": {
    "status": "false_positive",
    "notes": "Verified not exploitable in this context"
  }
}

Findings exportieren

bash

GET /api/v1/findings/export?format=csv

Unterstützte Formate: csv, json, pdf

KI-Analyse

Alle Tarife

KI-gestützte Analyse verfügbar in allen Tarifen (Kontingentgrenzen gelten).

KI-generierte Behebungsempfehlungen abrufen:

bash

GET /api/v1/findings/{finding_id}/ai-analysis

Antwort

json

{
  "finding_id": "finding_abc123",
  "ai_analysis": {
    "risk_assessment": "This vulnerability poses critical risk due to...",
    "attack_scenarios": [
      "An attacker could exploit this by...",
      "Combined with other findings, this enables..."
    ],
    "remediation_priority": "immediate",
    "recommended_actions": [
      "Apply the latest security patch",
      "Implement WAF rules to block exploit attempts",
      "Enable monitoring for suspicious activity"
    ],
    "automation_available": true,
    "ansible_playbook_id": "playbook_remediate_rce"
  },
  "ai_credits_used": 1
}

Findings API ​

Endpunkte ​

Findings auflisten ​

Query-Parameter ​

Antwort ​

Finding-Details abrufen ​

Antwort ​

Finding aktualisieren ​

Request Body ​

Gültige Status-Werte ​

Antwort ​

Kommentar hinzufügen ​

Request Body ​

Antwort ​

Findings-Statistiken ​

Query-Parameter ​

Antwort ​

Massenoperationen ​

Status in Masse aktualisieren ​

Findings exportieren ​

KI-Analyse ​

Antwort ​

Findings API

Endpunkte

Findings auflisten

Query-Parameter

Antwort

Finding-Details abrufen

Antwort

Finding aktualisieren

Request Body

Gültige Status-Werte

Antwort

Kommentar hinzufügen

Request Body

Antwort

Findings-Statistiken

Query-Parameter

Antwort

Massenoperationen

Status in Masse aktualisieren

Findings exportieren

KI-Analyse

Antwort