API v2 Documentation

User Guide API Cube API Sysadmin SD Elements Training

Project Threats

Get All Project Threats

This endpoint retrieves a list of Library Threat resources that are relevant to a particular Project.

GET /api/v2/projects/{project_id}/threats/

URL Parameters

Parameter	Description
project_id	The id of the Project to retrieve Threats for.

Query Parameters

The following parameters may be used to filter the Project Threats in the response. Use in conjunction with Custom Filtering Lookups for greater utility.

Parameter	Expected values	Description	Custom Field Lookup support
severity	1-10	Filter by Threat severity	Yes
title		Filter by Threat title	Yes
threat_id		Filter by Threat ID	Yes
capec_id	CAPEC ID (i.e. 66)	Filter by CAPEC ID	Yes
component_id	Project Component ID (e.g. SC29)	Filter for threats from a specific project component.	Yes
search		Filter threats by performing a text search on title and the threat ID.
ordering	threat__severity, threat_id, status	Sort projects by the specified field. Prefix field name with minus to sort descending.
category	Categories in the format of "type:value"	Filter threats that belongs to any of the categories.	Supports `__in` only

GET /api/v2/projects/1/threats/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
  "total_threats_count": 1,
  "results": [
    {
      "id": "1-TH1",
      "threat_id": "TH1",
      "title": "SQL Injection Threat",
      "severity": 10,
      "description": "This is the SQL Injection threat",
      "status": "Unmitigated",
      "created_at": "2022-06-06T12:44:10.800931-04:00",
      "updated_at": "2022-06-06T15:02:58.440973-04:00",
      "problems": [
        "P664"
      ],
      "capecs": [
        66
      ],
      "related_components": [
        {
            "item_id": "SC1",
            "name": "SC1: Component1"
        },
        {
            "item_id": "SC4",
            "name": "SC4: Component4"
        }
      ],
      "became_relevant": "2022-06-07T08:50:04.435835-04:00",
      "relevant_via_problems": true
    }
  ]
}

Expand Parameters

See the Expand Parameters section for more details.

Parameter	Description
capecs	capecs field is expanded to display CAPEC's title and URL

GET /api/v2/projects/1/threats/?expand=capecs HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
  "total_threats_count": 1,
  "results": [
    {
      "id": "1-TH1",
      "threat_id": "TH1",
      "title": "SQL Injection Threat",
      "severity": 10,
      "description": "This is the SQL Injection threat",
      "created_at": "2022-06-06T12:44:10.800931-04:00",
      "updated_at": "2022-06-06T15:02:58.440973-04:00",
      "problems": [
        "P664"
      ],
      "capecs": [
        {
          "capec_id": 1,
          "title": "The first CAPEC",
          "url": "https://capec.mitre.org/data/definitions/1"
        }
      ],
      "capecs": [{
        "capec_id": 1,
        "title": "The first CAPEC",
        "url": "https://capec.mitre.org/data/definitions/1"
      }],
      "components": [],
      "became_relevant": "2022-06-07T08:50:04.435835-04:00",
      "relevant_via_problems": true
    }
  ]
}

results matching ""

No results matching ""