Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Range N/A Default Value N/A
workspace_id	Yes	String	Definition Workspace ID. Constraints N/A Range N/A Default Value N/A

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
limit	No	Integer	Page size.
offset	No	Integer	Offset.
sort_by	No	String	Sorting field: create_time \| update_time
order	No	String	Sorting order. Options: DESC and ASC.
from_date	No	String	Search start time, for example, 2023-02-20T00:00:00.000Z.
to_date	No	String	Search end time, for example, 2023-02-27T23:59:59.999Z.
condition	No	condition object	Search condition expression.

**Table 3** condition
Parameter	Mandatory	Type	Description
conditions	No	Array of conditions objects	Expression list.
logics	No	Array of strings	Expression name list.

**Table 4** conditions
Parameter	Mandatory	Type	Description
name	No	String	Expression name.
data	No	Array of strings	Expression content list.

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
code	String	Error code.
message	String	Error message.
total	Integer	Total number of vulnerabilities.
size	Integer	Page size.
page	Integer	Offset.
success	Boolean	Successful or not.
data	Array of VulnerabilityDetail objects	Vulnerability list.

**Table 6** VulnerabilityDetail
Parameter	Type	Description
id	String	Vulnerability ID.
format_version	Integer	Format version.
version	Integer	Version.
project_id	String	ID of the current project.
workspace_id	String	ID of the current workspace.
create_time	String	Creation time. The format is ISO 8601: YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone refers to where the incident occurred. If this parameter cannot be parsed, the default time zone UTC+8 is used.
update_time	String	Update time. The format is ISO 8601: YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone refers to where the incident occurred. If this parameter cannot be parsed, the default time zone UTC+8 is used.
dataclass_ref	dataclass_ref object	Data class object.
data_object	VulnerabilityDataObject object	Data class.

**Table 7** dataclass_ref
Parameter	Type	Description
id	String	Unique identifier of a data class. The value is in UUID format and can contain a maximum of 36 characters.
name	String	Data class name.

**Table 8** VulnerabilityDataObject
Parameter	Type	Description
vul_name	String	Vulnerability name.
first_observed_time	String	First discovery time, in the ISO 8601 format of "YYYY-MM-DDTHH:mm:ss.ms+Time zone". Time zone refers to where the incident occurred. If this parameter cannot be parsed, the default time zone UTC+8 is used.
batch_number	String	Vulnerability batch number.
description	String	Vulnerability description.
resource_num	Integer	Number of affected resources.
domain_id	String	Tenant ID.
workspace_id	String	Workspace ID.
remediation	remediation object	Rectification suggestions.
domain_name	String	Tenant name.
update_time	String	Update time.
is_deleted	Boolean	Whether to delete.
project_id	String	Project ID.
extend_properties	extend_properties object	Extended attribute.
region_name	String	Region name.
id	String	Vulnerability notice ID.
vulnerability_type	vulnerability_type object	Vulnerability type information.
create_time	String	Creation time.
last_observed_time	String	Last discovery time.
resource	resource object	Resource information.
count	Integer	Vulnerability count.
region_id	String	Region ID.
vulnerability	vulnerability object	Vulnerability details.
dataclass_id	String	Data classification ID.
version	String	Vulnerability version.
data_source	data_source object	Data source.
arrive_time	String	Data arrival time.
environment	environment object	Environment information.
trigger_flag	Boolean	Whether to trigger the labeling.
handled	Integer	Handling status.

**Table 9** remediation
Parameter	Type	Description
recommendation	String	Recommended rectification measures.

**Table 10** extend_properties
Parameter	Type	Description
operations	operations object	Extended operation attributes.

**Table 11** operations
Parameter	Type	Description
is_build_in	String	Whether the attribute is built-in. false: The vulnerability is manually imported. true: The vulnerability is built-in.

**Table 12** vulnerability_type
Parameter	Type	Description
id	String	Type ID.
category	String	Vulnerability category.
category_en	String	Vulnerability category in English.
category_zh	String	Vulnerability category in Chinese.
vulnerability_type	String	Vulnerability type.
vulnerability_type_en	String	Vulnerability type in English.
vulnerability_type_zh	String	Vulnerability type in Chinese.

**Table 13** resource
Parameter	Type	Description
id	String	Resource ID.
name	String	Resource name.
type	String	Resource type.
provider	String	Provider.
region_id	String	Region ID.
domain_id	String	Tenant ID.
project_id	String	Project ID.
ep_id	String	Enterprise project ID.
tags	Map<String,String>	Resource tags.

**Table 14** vulnerability
Parameter	Type	Description
id	String	Vulnerability ID.
type	Integer	Vulnerability type ID.
url	String	Vulnerability link.
status	Integer	Vulnerability status.
level	String	Vulnerability severity.
reason	String	Vulnerability cause.
solution	String	Solution to fix the vulnerability.
repair_severity	Integer	Severity level.
related	Array of objects	Related vulnerabilities.
tags	Array of strings	Vulnerability tag.

**Table 15** data_source
Parameter	Type	Description
domain_id	String	Tenant ID.
project_id	String	Project ID.
region_id	String	Region ID.
company_name	String	Company name.
source_type	Integer	Source type.
product_name	String	Product name.
product_feature	String	Product feature.

**Table 16** environment
Parameter	Type	Description
domain_id	String	Tenant ID.
domain_name	String	Tenant name.
project_id	String	Project ID.
region_id	String	Region ID.
region_name	String	Region name.
vendor_type	String	Vendor type.

Example Requests

https://{endpoint}/v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search

{
  "limit" : 10,
  "offset" : 2
}

Example Responses

Status code: 200

Response body for requests for querying the vulnerability list.

{
  "code" : "00000000",
  "data" : [ {
    "id" : "KB*****5",
    "format_version" : 0,
    "version" : 0,
    "project_id" : "",
    "workspace_id" : "",
    "create_time" : "2025-12-02T18:35:12.609Z+0800",
    "update_time" : "2025-12-05T06:07:23.882Z+0800",
    "dataclass_ref" : {
      "id" : "ee44*****6a",
      "name" : ""
    },
    "data_object" : {
      "vul_name" : "vulnerability_a",
      "first_observed_time" : "2025-12-02T18:35:12.609Z+0800",
      "batch_number" : "20251203",
      "description" : "vulnerability_a description",
      "resource_num" : 1,
      "domain_id" : "ac74*****f4",
      "workspace_id" : "ea95*****55",
      "remediation" : {
        "recommendation" : "Download and install the patch KB*****5.For details, please refer to:https://*****5.Or use Windows Update to install patches."
      },
      "domain_name" : "scc_*****09",
      "update_time" : "2025-12-05T06:07:23.882Z+0800",
      "is_deleted" : false,
      "project_id" : "1564*****a6",
      "extend_properties" : {
        "operations" : {
          "is_build_in" : "true"
        }
      },
      "region_name" : "region_a",
      "id" : "KB*****5",
      "vulnerability_type" : {
        "id" : "2373*****3c",
        "category" : "Windows_A",
        "category_en" : "Windows_A",
        "category_zh" : "Windows_A",
        "vulnerability_type" : "Windows_A",
        "vulnerability_type_en" : "Windows_A",
        "vulnerability_type_zh" : "Windows_A"
      },
      "create_time" : "2025-12-02T18:35:12.609Z+0800",
      "last_observed_time" : "2025-12-03T18:47:10.068Z+0800",
      "resource" : {
        "id" : "bf9d*****b6",
        "name" : "hcss*****53",
        "type" : "cloudservers",
        "provider" : "ecs",
        "region_id" : "region_a",
        "domain_id" : "ac74*****f4",
        "project_id" : "1564*****a6",
        "ep_id" : "0",
        "tags" : {
          "ip" : "X.X.X.X"
        }
      },
      "count" : 1,
      "region_id" : "region_a",
      "vulnerability" : {
        "id" : "KB*****5",
        "type" : 1,
        "url" : "Download and install the patch KB*****5.For details, please refer to:https://*****5.Or use Windows Update to install patches.",
        "status" : 4,
        "level" : "Medium",
        "reason" : "Offline Processing",
        "solution" : "Download and install the patch KB*****5.For details, please refer to:https://*****5.Or use Windows Update to install patches.",
        "repair_severity" : 2,
        "related" : [ "CVE-*****37" ],
        "tags" : [ ]
      },
      "dataclass_id" : "ee44*****6a",
      "version" : "X.X.X",
      "data_source" : {
        "domain_id" : "ac74*****f4",
        "project_id" : "1564*****a6",
        "region_id" : "region_a",
        "company_name" : "HHH",
        "source_type" : 1,
        "product_name" : "hss",
        "product_feature" : "hvd"
      },
      "arrive_time" : "2025-12-03T18:47:06.085Z+0800",
      "environment" : {
        "domain_id" : "ac74*****f4",
        "domain_name" : "scc_*****09",
        "project_id" : "1564*****a6",
        "region_id" : "region_a",
        "region_name" : "region_a",
        "vendor_type" : "C"
      },
      "trigger_flag" : false,
      "handled" : 1
    }
  } ],
  "message" : "",
  "page" : 2,
  "size" : 10,
  "success" : true,
  "total" : 0
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v1.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v1.*;
import com.huaweicloud.sdk.secmaster.v1.model.*;


public class ListVulnerabilitiesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        ListVulnerabilitiesRequest request = new ListVulnerabilitiesRequest();
        request.withWorkspaceId("{workspace_id}");
        VulnerabilityDataObjectSearch body = new VulnerabilityDataObjectSearch();
        body.withOffset(2);
        body.withLimit(10);
        request.withBody(body);
        try {
            ListVulnerabilitiesResponse response = client.listVulnerabilities(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v1.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListVulnerabilitiesRequest()
        request.workspace_id = "{workspace_id}"
        request.body = VulnerabilityDataObjectSearch(
            offset=2,
            limit=10
        )
        response = client.list_vulnerabilities(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListVulnerabilitiesRequest{}
	request.WorkspaceId = "{workspace_id}"
	offsetVulnerabilityDataObjectSearch:= int32(2)
	limitVulnerabilityDataObjectSearch:= int32(10)
	request.Body = &model.VulnerabilityDataObjectSearch{
		Offset: &offsetVulnerabilityDataObjectSearch,
		Limit: &limitVulnerabilityDataObjectSearch,
	}
	response, err := client.ListVulnerabilities(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     