...
- Log in to VINCE.
- Go to your User Profile.
- Scroll down to "Generate API Key".
- Copy they API key to a safe place, you will not be able to access it again. If lost, you need to regenerate a new one.
- Use the API key in the headers of your request as shown below.
| Code Block | ||
|---|---|---|
| ||
headers={'Authorization': "Token {}".format(token)} |
...
| Code Block | ||
|---|---|---|
| ||
# get information about organizations you belong to:
api = 'https://kb.cert.org/vince/comm/api/vendor/'
headers={'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/api/vendor #get information about vendors you belong to
[ { 'emails': ['test@example.com'],
'id': 3548,
'users': ['vince.user'],
'vendor_name': 'VendorCorp'},
{ 'emails': ['test@example.com'],
'id': 3551,
'users': ['vince.user'],
'vendor_name': 'Testing Co'},
{ 'emails': ['test@example.com', 'test3@example.com'],
'id': 3549,
'users': ['vince.user', 'Vince User'],
'vendor_name': 'Testing Vendor'}] |
...
| Code Block | ||
|---|---|---|
| ||
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/api/cases # get a list of cases involved in
[ { 'created': '2020-06-11T18:51:48.204903Z',
'due_date': None,
'status': 'Active',
'summary': 'test',
'title': 'test',
'vuid': '782161'},
{ 'created': '2020-04-28T19:48:50.216317Z',
'due_date': '2018-07-23T14:20:09Z',
'status': 'Inactive',
'summary': 'TechSmash firmware or operating system software drivers '
'may not sufficiently validate elliptic curve parameters '
'used to generate public keys during a Diffie-Hellman key '
'exchange, which may allow a remote attacker to obtain the '
'encryption key used by the device',
'title': 'TechSmash implementations may not sufficiently validate '
'elliptic curve parameters during Diffie-Hellman key exchange',
'vuid': '3123125'}]
|
...
Get case metadata
| Code Block | ||
|---|---|---|
| ||
# get information about VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: vince/comm/api/case/701852/ # get information about a specific case
{ 'created': '2020-06-11T18:51:48.204903Z',
'due_date': None,
'status': 'Active',
'summary': 'test',
'title': 'test',
'vuid': '785701'} |
Get posts for case
| Code Block | ||
|---|---|---|
| ||
# get all posts for case VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/posts/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: vince/comm/api/case/posts/701852/ # get all posts for a specific case
[ { 'author': 'vince.user',
'content': 'The [draft vulnerability '
'note](http://localhost:8000/vince/comm/case/18/notedraft/) '
'has been updated.',
'created': '2020-11-17T19:13:07.866230Z',
'pinned': True},
{ 'author': 'vince.user',
'content': 'Please [view this draft vulnerability '
'note](http://localhost:8000/vince/comm/case/18/notedraft/).',
'created': '2020-11-17T19:07:56.624450Z',
'pinned': True},
{ 'author': 'vince.user',
'content': 'test 2',
'created': '2020-10-29T19:49:33.422875Z',
'pinned': False},
{ 'author': 'vince.user',
'content': 'test 1',
'created': '2020-10-29T19:49:30.434164Z',
'pinned': False}]
|
Get original report for case
| Code Block | ||
|---|---|---|
| ||
# get the original report for VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/report/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/case/report/701582/ # get report for a specific case
{ 'contact_email': 'joebob@vendor.example.com',
'contact_name': 'Joe Bob',
'contact_org': 'VendorExample',
'contact_phone': '5551231234',
'date_submitted': '2020-06-08T20:01:47.896419Z',
'disclosure_plans': '',
'exploit_references': '',
'product_name': 'test',
'product_version': 'v. 12.3',
'public_references': '',
'share_release': True,
'vendor_name': 'Test Vendor',
'vul_description': 'This is the description',
'vul_disclose': True,
'vul_discovery': 'This is the discovery.',
'vul_exploit': 'This is the exploit',
'vul_exploited': True,
'vul_impact': 'This is the impact',
'vul_public': True} |
List vuls for case
| Code Block | ||
|---|---|---|
| ||
# get the vuls for VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/vuls/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/case/vuls/701582/ # get vuls for a specific case
[ { 'cve': None,
'date_added': '2020-11-19T21:43:17.210726Z',
'description': 'This is another vul without a cve.',
'name': 'VU#785701.2'},
{ 'cve': '2020-19293',
'date_added': '2020-10-22T15:30:11.888074Z',
'description': 'Test this is a vul.',
'name': 'CVE-2020-19293'}] |
List vendors for case
| Code Block | ||
|---|---|---|
| ||
# get all the vendors involved in VU#701582 (also gets their status and statements) api = 'https://kb.cert.org/vince/comm/api/case/vendors/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/case/vendors/701582/ # get vendors for a specific case
[ { 'cert_addendum': None,
'date_added': '2020-11-20T14:40:24.080886Z',
'references': 'http://www.example.com\nhttps://www.example.org',
'statement': 'Test',
'statement_date': '2020-11-23T19:50:44.813809Z',
'status': 'Unknown',
'vendor': 'VendorCorp'},
{ 'cert_addendum': None,
'date_added': '2020-10-08T18:27:41.526942Z',
'references': 'http://www.example.com\nhttps://www.example.org',
'statement': 'Test',
'statement_date': '2020-11-19T21:26:32.399730Z',
'status': 'Affected',
'vendor': 'Testing Co'}] |
List vendors including status and statement for each vul
| Code Block | ||
|---|---|---|
| ||
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/vendors/vuls/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
| Code Block | ||
|---|---|---|
| ||
API: /vince/comm/case/vendors/vuls/701582/ # get vendors status for specific vuls
[ { 'references': 'http://www.example.com\nhttps://www.example.org',
'statement': 'Test',
'statement_date': '2020-11-19T21:47:44.239683Z',
'status': 'Affected',
'vendor': 'Testing Co',
'vulnerability': 'VU#785701.2'},
{ 'references': 'http://www.example.com\nhttps://www.example.org',
'statement': 'This is my statement',
'statement_date': '2020-10-22T15:38:11.859615Z',
'status': 'Not Affected',
'vendor': 'Testing Co',
'vulnerability': 'CVE-2020-19293'},
{ 'references': '',
'statement': '',
'statement_date': '2020-11-20T15:23:18.997947Z',
'status': 'Unknown',
'vendor': 'VendorCorp',
'vulnerability': 'VU#785701.2'},
{ 'references': '',
'statement': '',
'statement_date': '2020-11-20T15:23:18.938232Z',
'status': 'Unknown',
'vendor': 'VendorCorp',
'vulnerability': 'CVE-2020-19293'}]
|
Get vul note text, if available
| Code Block | ||
|---|---|---|
| ||
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
| Code Block | ||
|---|---|---|
| ||
#API: /vince/comm/api/case/note/710582/ # get draft vul note
{ 'content': '### Overview\r\n'
'\r\n'
'Testing API so need some content.\r\n'
'\r\n'
'\r\n'
'### Description\r\n'
'\r\n'
'### Impact\r\n'
'The complete impact of this vulnerability is not yet known.\r\n'
'\r\n'
'### Solution\r\n'
'The CERT/CC is currently unaware of a practical solution to '
'this problem.\r\n'
'\r\n'
'### Acknowledgements\r\n'
'Thanks to the reporter who wishes to remain anonymous.\r\n'
'\r\n'
'This document was written by Emily Sarneso.',
'datefirstpublished': None,
'dateupdated': '2020-11-17T19:13:07.755453Z',
'published': False,
'references': ['www.example.org', 'www.example.com'],
'revision': 2,
'title': 'test',
'vuid': '785701'} |
Update vendor status
| Code Block | ||
|---|---|---|
| ||
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548,
'status':'Not Affected',
'references':["http://www.test.gov", "https://www.google.com"],
'share':True,
'vulnerability':'CVE-2020-19293',
'statement': 'This is my statement'},
{'vendor': 3548,
'status':'Affected',
'statement':"Test",
'references':["http://www.test.gov","https://www.google.com"],
'share':True,
'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
|
| Code Block | ||
|---|---|---|
| ||
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548, # vendor ID only required if user belongs to multiple vendors in a case
'status':'Not Affected', # required: ['Affected', 'Not Affected', 'Unknown']
'references':["http://www.test.gov", "https://www.google.com"], # not required, must be a list
'share':True, # not required, default = False
'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n'
'statement': 'This is my statement'}] # not required |
...