VulnCheck
App Vendor: VulnCheck
App Category: Vulnerability Management
Connector Version: 1.0.0
API Version: v3
About App
Leverage Exploit & Vulnerability Intelligence to make better decisions on which vulnerabilities need immediate remediation. VulnCheck provides API relays for 200+ vendor vulnerability disclosure sources, in addition to its own vulnerability intelligence. It provides information on vulnerabilities, their related exploits, their use by threat actors, ransomware, and botnets, where they have been seen in the wild, and if any IP is actively exploiting them.
The VulnCheck app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Index Details | This action retrieves a paginated list of all documents from the index of your choice. By default, a maximum of 100 documents are shown per page. |
Get Vulnerabilities with CPE | This action retrieves all vulnerabilities related to a CPE. |
Get Vulnerability with PURL | This action retrieves all vulnerabilities related to a PURL. |
List Indexes | This action returns a list of indexes with backup and endpoint links. |
Generic Action | This is a generic action used to make requests to any VulnCheck endpoint. |
Configuration Parameters
The following configuration parameters are required for the VulnCheck app to communicate with the VulnCheck enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API token to authenticate with VulnCheck. | Password | Required | |
API Version | Enter the API version of VulnCheck. | Text | Optional | Default value: v3 |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with VulnCheck. | Integer | Optional | Allowed Range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | Default value: false |
Action: Get Index Details
This action retrieves a paginated list of all documents from the index of your choice. By default, a maximum of 100 documents are shown per page.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Index Name | Enter the index name to get the details. Example: vulncheck-nvd2 | Text | Required | |
CVE ID | Enter the CVE ID to get the details. Example: cve-2019-0708 | Text | Optional | Allowed Format: (CVE-YYYY-N{4-7}) |
Alias | Enter the alias to get the details. Example: ms17-010 | Text | Optional | |
MISP ID | Enter the MISP ID to get the details. Example: 1 | Text | Optional | |
Publication Start Date | Enter the publication start date to retrieve the details. Example: 2021-01-01 | Text | Optional | Allowed Format: YYYY-MM-DD |
Publication End Date | Enter the publication end date to retrieve the details. Example: 2021-12-31 | Text | Optional | Allowed Format: YYYY-MM-DD |
Additional Data | Enter the additional parameters to pass to the API. Example: {"page": 1, "size": 10} | Key Value | Optional |
Example Request
[
{
"index": "sampleindex"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| Array of JSON Objects | Returns a list of indexes. |
| String | Returns the description of the index. |
| Array | Returns the VulnCheck link to the index. |
| JSON Object | Returns the name of the index. |
Action: Get Vulnerabilities with CPE
This action retrieves all vulnerabilities related to a CPE.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CPE ID | Enter the CPE ID to get the related vulnerabilities. Example: cpe:/a:microsoft:internet_explorer:8.0.6001:beta | Text | Required |
Example Request
[
{
"cpe": "cpe:/a:microsoft:internet_explorer:8.0.6001:beta"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| JSON Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| JSON Object | Includes the response received from the app action. |
| JSON Object | Returns the metadata of the input CPE ID. |
| String | Returns the CPE ID. |
| JSON Object | Returns the construct of the CPE ID, such as the part, vendor, product, version, update, edition, language, sw_edition, target_sw, target_hw, and other. |
| String | Returns the timestamp of the request. |
| Integer | Returns the total number of vulnerabilities related to the CPE ID. |
| Array | Returns a list of CVE IDs related to the CPE ID. |
Action: Get Vulnerability with PURL
This action retrieves all vulnerabilities related to a PURL.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
PURL ID | Enter the PURL ID to get the related vulnerabilities. Example: pkg:hex/coherence@0.1.2 | Text | Required | Refer VulnCheck API documentation for supported package managers. |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
app_instance/_benchmark | Float | The benchmark value indicating performance, e.g., 0.057389 |
app_instance/_meta/purl_struct/type | String | The type of the package URL, e.g., 'hex' |
app_instance/_meta/purl_struct/namespace | String | The namespace of the package URL, e.g., '' |
app_instance/_meta/purl_struct/name | String | The name of the package, e.g., 'coherence' |
app_instance/_meta/purl_struct/version | String | The version of the package, e.g., '0.1.2' |
app_instance/_meta/purl_struct/qualifiers | Null | The qualifiers of the package URL, which is null |
app_instance/_meta/purl_struct/subpath | String | The sub-path of the package URL, e.g., '' |
app_instance/_meta/timestamp | String | The timestamp of the metadata, e.g., '2023-09-11T15:02:50.325502302Z' |
app_instance/_meta/total_documents | Integer | The total number of documents, e.g., 1 |
app_instance/data/cves | Array of Strings | The array of CVE identifiers, e.g., ['CVE-2018-20301'] |
app_instance/data/vulnerabilities/detection | String | The detection identifier, e.g., 'CVE-2018-20301' |
app_instance/data/vulnerabilities/fixed_version | String | The version in which the vulnerability is fixed, e.g., '0.5.2' |
Action: List Indexes
This action returns a list of indexes with backup and endpoint links.
Action Input Parameters
No input parameters are required for this action.
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| Float | The benchmark value indicating performance, e.g., 1.146941 |
| Integer | The total count of items, e.g., 102 |
| String | The name of the index, e.g., 'abb' |
| String | The description of the index, e.g., 'ABB Vulnerabilities' |
| URL | The API endpoint for the index, e.g., 'https://api.vulncheck.com/v3/index/abb' |
Action: Generic Action
This is a generic action used to make requests to any VulnCheck endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /v3/vulncheck/indexes | Text | Required | |
Query Params | Enter the query parameters to pass to the API. Example: {"page": 1, "size": 10} | Key Value | Optional | |
Payload | Enter the payload to pass to the API. Example: {"name": "test"} | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |
Example Request
[
{
"method": "GET",
"endpoint": "/index",
"extra_fields": {},
"query_params": {
"page": 1,
"size": 10
}
}
]