With the move from CVSS v2.0 to CVSS v3.1 as the standard scoring used by our scanning tools, the Detectify API has been updated to also serve these new scores and severity levels. The changes are all made with backwards compatibility in mind and all requests that previously worked should continue to work as before. If you want to update your requests to fetch the new scores and severities, some minor changes to your query are required.
You can find our complete API documentation at developer.detectify.com.
Have any fields or query parameters been changed or deprecated?
No. All the previously existing fields and filters will work exactly the way they used to.
Reading the CVSS v3.1 score
A Surface Monitoring finding’s CVSS v3.1 score is available in the score field of the object available in the findings score array, where the version field has the value 3.1 . The full path looks like:
finding.score[x].score
where
finding.score[x].version = 3.1
Reading the CVSS v3.1 severity
The new severity is available in the score object under the field severity. The severity is calculated differently depending on the version of the score, and the value can be information, low, medium, high, or critical. The full path looks like:
finding.score[x].severity
Filtering by CVSS v3.1 severity
A new filter parameter called severityV3 is added to allow for filtering by the CVSS v3.1 severity. The value can be information, low, medium, high, or critical. The old severity query parameter will still work and it will filter by the old severity.
Have any fields or query parameters been changed or deprecated?
The severity filter parameter will now accept an additional severity called critical.
The cvss field for future reports will be based on the CVSS v3.1 score instead of the CVSS v2.0 score. The scores of old reports remain unchanged.
Nothing has been deprecated.
Reading the CVSS v3.1 severity
A new field called critical_level_findings is added to the reports which counts the number of critical severity findings.
Have any fields or query parameters been changed or deprecated?
The severity filter parameter will now accept an additional severity called critical.
Nothing has been deprecated.
Reading the CVSS v3.1 severity
The new severity is available in the score object under the field severity. The severity is calculated differently depending on the version of the score, and the value can be information, low, medium, high, or critical. The full path looks like:
finding.score[x].severity
Have any fields or query parameters been changed or deprecated?
No. All the previously existing fields and filters will work exactly the way they used to.
Reading the CVSS v3.1 score
A Vulnerability’s CVSS v3.1 score is available at:
vulnerability.cvss_scores.cvss_3_1.score
Reading the CVSS v3.1 severity
A Vulnerability’s CVSS v3.1 severity is available at:
vulnerability.cvss_scores.cvss_3_1.severity
The value can be information, low, medium, high, or critical.
Filtering by CVSS v3.1 severity
A new filter parameter called severityV3[] is added to allow for filtering by the CVSS v3.1 severity. The values can be information, low, medium, high, or critical. The old severity[] query parameter will still work and it will filter by CVSS v2.0 severity.