Attack Surface Summary
Get Attack Surface
Finds the Attack Surface information of the given account
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface'
Response
{
"id": 88256,
"name": "RiskIQ, Inc.",
"priorities": {
"high": {
"observationCount": 0,
"link": "https://api.riskiq.net/pt/v2/attack-surface/priority/high"
},
"medium": {
"observationCount": 14,
"link": "https://api.riskiq.net/pt/v2/attack-surface/priority/medium"
},
"low": {
"observationCount": 141,
"link": "https://api.riskiq.net/pt/v2/attack-surface/priority/low"
}
}
}
Get Attack Surface Details
Finds the Attack Surface Third-Party information (Detail) for the vendor ID specified
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256'
Response
{
"id": 88256,
"name": "RiskIQ, Inc.",
"priorities": {
"high": {
"observationCount": 0,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
},
"medium": {
"observationCount": 14,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
},
"low": {
"observationCount": 141,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
}
}
}
Attack Surface Third-Party Portfolio
Get all Attack Surface Third-Party vendors
Finds all vendors associated with the given account
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party?page=2&size=50'
Response
{
"totalCount": 20,
"totalPages": 1,
"nextPage": null,
"vendors": [
{
"id": 41798,
"name": "Amgen Inc.",
"priorities": {
"high": {
"observationCount": 3,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
},
"medium": {
"observationCount": 449,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
},
"low": {
"observationCount": 188,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
}
}
}
]
}
Attack Surface Priority
Get Attack Surface Priority Information
Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/priority/low'
Response
{
"activeInsightCount": 2,
"totalInsightCount": 44,
"totalObservations": 11,
"insights": [
{
"name": "ASI: Deprecated Tech - PHP",
"description": "##### Description \nDeprecated versions of PHP that are no longer supported. Running end of life or deprecated hardware or software can open organizations up to potential risks and vulnerabilities as these systems are no longer supported via regular updates and security patches\n\n##### Remediation\nOrganizations should consider upgrading to supported versions of PHP to ensure security patches are available.\n",
"observationCount": 1,
"link": "https://api.riskiq.net/pt/v2/attack-surface/insight/40466?page=0&size=25&groupBy=RISK_CATEGORY&segmentBy=savedfilter_metric_29642"
}
]
}
Get Attack Surface Third-Party Priority Information
Finds the Attack Surface Third-Party Priority Information given the level (low, medium, high) and vendor ID
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/medium'
Response
{
"activeInsightCount": 2,
"totalInsightCount": 44,
"totalObservations": 11,
"insights": [
{
"name": "ASI: Expired Domains",
"description": "##### Description \nThe following domains, previously owned by your organization have expired registration records. Expired domains could be renewed and used by malicious actors to impersonate your brand to target your organization, employees, or customers.\n\n\n##### Remediation\nOrganizations should review these domains to determine if they should be reregistered.",
"observationCount": 13,
"link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40465?page=0&size=25&groupBy=RISK_CATEGORY&segmentBy=savedfilter_metric_29633"
}
]
}
Attack Surface Insight
Get Attack Surface Insight Information
Finds the Attack Surface Insight Information given the insight ID for the given account
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/insight/40466'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/insight/40466?page=2&size=50'
Response
{
"totalCount": 2,
"totalPages": 1,
"nextPage": null,
"assets": [
{
"type": "HOST",
"name": "mail.malvertisingdb.org",
"firstSeen": "2015-12-03 13:35:49",
"lastSeen": "2021-06-04 20:23:19"
},
{
"type": "HOST",
"name": "mail.risk-iq.org",
"firstSeen": "2017-06-20 05:19:11",
"lastSeen": "2021-06-04 10:06:28"
}
]
}
Get Attack Surface Third-Party Insight Information
Finds the Attack Surface Third-Party Insight Information given the vendor ID and insight ID
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466?page=2&size=50'
Response
{
"totalCount": 135,
"totalPages": 6,
"nextPage": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466?page=1&size=25&segmentBy=savedfilter_metric_29643",
"assets": [
{
"type": "HOST",
"name": "mail.malvertisingdb.org",
"firstSeen": "2017-06-20 05:19:11",
"lastSeen": "2021-06-04 10:06:28"
},
{
"type": "HOST",
"name": "mail.risk-iq.org",
"firstSeen": "2018-05-11 20:40:17",
"lastSeen": "2021-06-04 21:05:49"
}
]
}
Attack Surface Vulnerable Components
Get Attack Surface Vulnerable Components
Finds the Attack Surface Vulnerable Components for the primary vendor
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/components'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/components?page=0&size=25'
Response
{
"totalCount": 25,
"totalPages": 1,
"nextPage": null,
"vulnerableComponents": [
{
"name": "nginx 1.14.0",
"type": "Server",
"severity": "HIGH",
"count": 129
},
{
"name": "Apache 2.4.39",
"type": "Server",
"severity": "HIGH",
"count": 12
}
]
}
Get Attack Surface Third-Party Vulnerable Components
Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/third-party/88256/components'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/third-party/88256/components?page=0&size=25'
Response
{
"totalCount": 25,
"totalPages": 1,
"nextPage": null,
"vulnerableComponents": [
{
"name": "nginx 1.14.0",
"type": "Server",
"severity": "HIGH",
"count": 129
},
{
"name": "Apache 2.4.39",
"type": "Server",
"severity": "HIGH",
"count": 12
}
]
}
Attack Surface Vulnerabilities
Get Attack Surface Vulnerability Information
Finds the Attack Surface Vulnerability Information for the primary vendor for the given account
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/cves'
Response
{
"totalCount": 377,
"totalPages": 16,
"nextPage": "https://api.riskiq.net/v2/attack-surface/vuln-intel/cves?page=1&size=25",
"cves": [
{
"cveId": "CVE-2014-4078",
"cwes": [
{
"cweId": "CWE-264"
}
],
"priorityScore": 51.0,
"observationCount": 26987,
"cveLink": "https://api.riskiq.net/v2/vuln-intel/CVE-2014-4078"
}
]
}
Get Attack Surface Third-Party Vulnerability Information
Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/third-party/88256/cves'
Response
{
"totalCount": 377,
"totalPages": 16,
"nextPage": "https://api.riskiq.net/v2/attack-surface/vuln-intel/third-party/88256/cves?page=1&size=25",
"cves": [
{
"cveId": "CVE-2014-4078",
"cwes": [
{
"cweId": "CWE-264"
}
],
"priorityScore": 51.0,
"observationCount": 26987,
"cveLink": "https://api.riskiq.net/v2/vuln-intel/CVE-2014-4078"
}
]
}
Attack Surface Vulnerability Observations
Get Attack Surface Vulnerability Observations
Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/cves/CVE-2016-6797/observations'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/cves/CVE-2016-6797/observations?page=0&size=25'
Response
{
"assets": [
{
"type": "HOST",
"name": "ejs.riskiq.net",
"firstSeen": "2020-05-06 00:07:13",
"lastSeen": "2021-08-09 06:13:34"
},
{
"type": "HOST",
"name": "webhook.riskiq.net",
"firstSeen": "2018-02-14 22:39:36",
"lastSeen": "2021-08-08 20:27:44"
}
],
"cveId": "CVE-2016-6797",
"cwes": [
{
"cweId": "CWE-284"
}
],
"totalCount": 2,
"totalPages": 1,
"nextPage": null
}
Get Attack Surface Third-Party Vulnerability Observations
Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/third-party/88256/cves/CVE-2016-6797/observations'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/vuln-intel/third-party/88256/cves/CVE-2016-6797/observations?page=0&size=25'
Response
{
"assets": [
{
"type": "HOST",
"name": "ejs.riskiq.net",
"firstSeen": "2020-05-06 00:07:13",
"lastSeen": "2021-08-09 06:13:34"
},
{
"type": "HOST",
"name": "webhook.riskiq.net",
"firstSeen": "2018-02-14 22:39:36",
"lastSeen": "2021-08-08 20:27:44"
}
],
"cveId": "CVE-2016-6797",
"cwes": [
{
"cweId": "CWE-284"
}
],
"totalCount": 2,
"totalPages": 1,
"nextPage": null
}