Versions Compared

Old Version 11

changes.mady.by.user user-8b192

Saved on

compared with

New Version 15

changes.mady.by.user user-8b192

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The VINCE API is still under development, but we are making this documentation available for folks who might want to try it out in the meantime. Please let us know what changes you'd like by submitting a work in progress. Please provide feedback through VINCE or GitHub.

Table of Contents

...

Authentication

...

  1. Log in to VINCE.
  2. Go to your User Profile.
  3. Scroll down to "Generate API Key".
  4. Copy they API key to a safe place, you will not be able to access it again. If lost, you need to regenerate a new one.
  5. Use the API key in the headers of your request as shown below.

Image Modified

Code Block
languagepy
headers={'Authorization': "Token {}".format(token)}

Code Examples

List orgs groups (organizations) you belong to

Code Block
languagepy
# get information about organizations you belong to:
api = 'https://kb.cert.org/vince/comm/api/vendor/'
headers={'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/api/vendor #get information about vendors you belong to
[   {   'emails': ['test@example.com'],
        'id': 3548,
        'users': ['vince.user'],
        'vendor_name': 'VendorCorp'},
    {   'emails': ['test@example.com'],
        'id': 3551,
        'users': ['vince.user'],
        'vendor_name': 'Testing Co'},
    {   'emails': ['test@example.com', 'test3@example.com'],
        'id': 3549,
        'users': ['vince.user', 'Vince User'],
        'vendor_name': 'Testing Vendor'}]

List

...

cases you are participating in

Code Block
languagepy
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

...

Code Block
languagejs
API: vince/comm/api/case/701852/ # get information about a specific case
{   'created': '2020-06-11T18:51:48.204903Z',
    'due_date': None,
    'status': 'Active',
    'summary': 'test',
    'title': 'test',
    'vuid': '785701'}

Get message posts for case

Code Block
languagepy
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/posts/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

...

Code Block
languagejs
API: /vince/comm/case/701582/report/ # get report for a specific case
{   'contact_email': 'joebob@vendor.example.com',
    'contact_name': 'Joe Bob',
    'contact_org': 'VendorExample',
    'contact_phone': '5551231234',
    'date_submitted': '2020-06-08T20:01:47.896419Z',
    'disclosure_plans': '',
    'exploit_references': '',
    'product_name': 'test',
    'product_version': 'v. 12.3',
    'public_references': '',
    'share_release': True,
    'vendor_name': 'Test Vendor',
    'vul_description': 'This is the description',
    'vul_disclose': True,
    'vul_discovery': 'This is the discovery.',
    'vul_exploit': 'This is the exploit',
    'vul_exploited': True,
    'vul_impact': 'This is the impact',
    'vul_public': True}

List

...

vulnerabilities for case

Code Block
languagepy
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/vuls/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)

...

Code Block
languagejs
API: /vince/comm/case/701582/vendors/ # get vendors for a specific case
[   {   'cert_addendum': None,
        'date_added': '2020-11-20T14:40:24.080886Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-23T19:50:44.813809Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp'},
    {   'cert_addendum': None,
        'date_added': '2020-10-08T18:27:41.526942Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:26:32.399730Z',
        'status': 'Affected',
        'vendor': 'Testing Co'}]

List vendors including status and statement for each

...

vulnerability

Code Block
languagepy
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/701582/vendors/vuls/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vendors/vuls/ # get vendors status for specific vuls
[   {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:47:44.239683Z',
        'status': 'Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'VU#785701.2'},
    {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'This is my statement',
        'statement_date': '2020-10-22T15:38:11.859615Z',
        'status': 'Not Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'CVE-2020-19293'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.997947Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'VU#785701.2'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.938232Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'CVE-2020-19293'}]

Get

...

Vulnerability Note text

...

(if

...

it exists)

Code Block
languagepy
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/701582/note'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)

...

Code Block
languagejs
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/'
data = [{'vendor': 3548,   # vendor ID only required if user belongs to multiple vendors in a case
	'status':'Not Affected',  # required: ['Affected', 'Not Affected', 'Unknown']
	'references':["http://www.test.gov", "https://www.google.com"],  # not required, must be a list 
	'share':True, # not required, default = False
	'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n'
	'statement': 'This is my statement'}]  # not required

Look up CVE IDs (must have access to case)

Code Block
# lookup CVE-2021-55555 - must have access to case otherwise 404 
api = f'https://kb.cert.org/vince/comm/api/cve/2021-55555/' 
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) } 
r = requests.get(api, headers=headers, stream=True) 
print(r.text)
Code Block
API: CVE Lookup: https://kb.cert.org/vince/comm/api/cve/2021-55555/

{   'case': {   'created': '2020-03-11T18:56:14.975973Z',
                'due_date': '2020-03-25T0000Z',
                'status': 'Active',
                'summary': 'This is a summary',
                'title': 'This is a title',
                'vuid': '123456'},
    'note': 'NOT Public',
    'vendors': [ {   'references': '',
                       'statement': '',
                       'statement_date': '2020-11-20T11:05:07.603524Z',
                       'status': 'Unknown',
                       'vendor': 'Test Vendor',
                       'vulnerability': 'CVE-2021-55555'}],
    'vulnerability': {   'cve': '2021-55555',
                         'date_added': '2020-03-11T20:37:51.629151Z',
                         'description': 'This is a description of the vulnerability',
                         'name': 'CVE-2021-55555'}}