Continuous Dynamic Help DocsContinuous Dynamic Portal Login (US)Continuous Dynamic Portal Login (EU)Customer Support
API Reference

Retrieve findings

get
https://sentinel.whitehatsec.com/api/findings

This operation returns an object containing information about all findings on assets to which the current user has access.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Query Params
int64

Offset begin showing results from item number n.

int64

Limit results to n number of items.

string

Sort order results by the given field.
Prefix the field name with '-' to order in descending order.
E.g., '-name' sorts results in descending order using the field 'name'

fields
array of strings

Fields values allow the user to specify optional fields returned for each finding in the response.
Supported values:
cvssScore displays the CVSS (v2) score
cvssV3 displays the CVSS v3 score and vector
descAndSolution displays the description and solution of each finding class

fields
id
array of int64s

Filter results to findings with the given ID.

id
asset.id
array of int64s

Filter results to findings on assets with the specified asset IDs.

asset.id
asset.name
array of strings

Filter results to findings on assets that contain the specified name.
Case insensitive.

asset.name
string

Filter results to findings on assets of type site, application, api_site, or mobile_application.
Case sensitive. Combinations are not allowed.

severity
array of int64s

Filter results to findings with the given severity rating (limited to site findings).

NOTE: Severity is a WhiteHat Legacy DAST rating, so results may vary depending on current client rating method (Legacy or Advanced).

Supported values: 0 through 5 inclusive

severity
risk
array of int64s

Filter results to findings with the given risk rating.
NOTE: Risk is a WhiteHat Advanced rating, so results may vary depending on current client rating method (Legacy or Advanced).
Supported values: 1 through 5 inclusive

risk
string

Filter results to findings that contain the specified vulnerability path (location).
For sites, location is usually a URL. For applications, it may be a file location.
Case insensitive.

string

Filter results to findings that have the specified found revision.

date-time

Filter results to findings opened on or after the specified datetime.
EXAMPLE: 2017-07-21T17:32:28Z

date-time

Filter results to findings opened on or before the specified datetime.
EXAMPLE: 2017-07-21T17:32:28Z

date-time

Filter results to findings closed on or after the specified datetime.
EXAMPLE: 2017-07-21T17:32:28Z

date-time

Filter results to findings closed on or before the specified datetime.
EXAMPLE: 2017-07-21T17:32:28Z

asset.clientID
array of int64s

Filter results to findings on assets associated with the specified clients.

asset.clientID
status
array of strings

Filter results to findings that have the specified vulnerability statuses.
Case insensitive.
Supported values: open, closed, mitigated, accepted, out_of_scope, invalid

status
class.name
array of strings

Filter results to findings that have a vulnerability class that contains the given string.
Case insensitive.

class.name
string

Filter type for vuln tags, to be used in combination with the 'tags' filter.
Case insensitive. If notags is specified, only untagged findings will be returned.
Supported values: all, any, notags (defaults to 'any')

tag
array of strings

Filter results to findings based on the specified tags and the tags filter type.
Case sensitive.

tag
zeroDayTag
array of strings

Filter results to findings that contain one or more zero-day tags.
Case sensitive.

zeroDayTag
cveTag
array of strings

Filter results to findings that contain one or more CVE tags.
Case sensitive.

cveTag
cweTag
array of strings

Filter results to findings that contain one or more CWE tags.
Case sensitive.

cweTag
subTypeTag
array of strings

Filter results to findings that contain one or more subtype tags.
Case sensitive.

subTypeTag
retestStatus
array of strings

Filter results to findings that have the specified retest status.
Case sensitive.

retestStatus
string

Filter results to findings that have the specified verification status.
Supported values: verified, unverified

boolean

Filter results to findings that were filed as a result of a BLA.

boolean

Filter results to SAST findings that do or do not have direct remediation available.

boolean

Filter results to DAST findings that have or have not been marked as unreachable.

string

Filter results to findings on assets that have the specified status.
Supported values: active, inactive

attackVectorID
array of int64s

Filter results to the findings that contain the specified attack vector ID.

attackVectorID
businessLogicAssessmentID
array of int64s

Filter results to findings associated with the given Business Logic Assessment (BLA) ID.

businessLogicAssessmentID
Responses

401

UnauthorizedResponse signals an unauthorized API access

403

ForbiddenResponse signals a request for a resource that does not exist or is not authorized

500

GenericError generic error

Updated 7 months ago

Language
LoadingLoading…
Response
Choose an example:
application/json

Updated 7 months ago