This API is used to query the list of detected vulnerabilities.

Querying the Vulnerability List

For details, see Calling APIs.

POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Range N/A Default Value N/A
workspace_id	Yes	String	Definition Workspace ID. Constraints N/A Range N/A Default Value N/A

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
limit	No	Integer	The number of records on each page.
offset	No	Integer	Offset.
sort_by	No	String	Sorting field: create_time \| update_time.
order	No	String	Sorting order. Options: DESC and ASC.
from_date	No	String	Search start time, for example, 2023-02-20T00:00:00.000Z.
to_date	No	String	Search end time, for example, 2023-02-27T23:59:59.999Z.
condition	No	condition object	Search condition expression.

**Table 3** condition
Parameter	Mandatory	Type	Description
conditions	No	Array of conditions objects	Expression list.
logics	No	Array of strings	Expression name list.

**Table 4** conditions
Parameter	Mandatory	Type	Description
name	No	String	Expression name.
data	No	Array of strings	Expression content list.

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
code	String	Error code.
message	String	Error message.
total	Integer	Total number of vulnerabilities.
size	Integer	Page size.
page	Integer	Offset.
success	Boolean	Successful or not.
data	Array of VulnerabilityDetail objects	Vulnerability list.

**Table 6** VulnerabilityDetail
Parameter	Type	Description
id	String	Vulnerability ID.
format_version	Integer	Format version.
version	Integer	Version.
project_id	String	ID of the current project.
workspace_id	String	ID of the current workspace.
create_time	String	Creation time. The format is ISO 8601: YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone refers to where the incident occurred. If this parameter cannot be parsed, the default time zone UTC+8 is used.
update_time	String	Update time. The format is ISO 8601: YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone refers to where the incident occurred. If this parameter cannot be parsed, the default time zone UTC+8 is used.
dataclass_ref	dataclass_ref object	Data class object.
data_object	VulnerabilityDataObject object	Data class.

**Table 7** dataclass_ref
Parameter	Type	Description
id	String	Unique identifier of a data class. The value is in UUID format and can contain a maximum of 36 characters.
name	String	Data class name.

**Table 8** VulnerabilityDataObject
Parameter	Type	Description
vul_name	String	Vulnerability name.
first_observed_time	String	First discovery time.
batch_number	String	Vulnerability batch number.
description	String	Vulnerability description.
resource_num	Integer	Number of affected resources.
domain_id	String	Tenant ID.
workspace_id	String	Workspace ID.
remediation	remediation object	Rectification suggestions.
domain_name	String	Tenant name.
update_time	String	Update time.
is_deleted	Boolean	Whether to delete.
project_id	String	Project ID.
extend_properties	extend_properties object	Extended attribute.
region_name	String	Region name.
id	String	Vulnerability notice ID.
vulnerability_type	vulnerability_type object	Vulnerability type information.
create_time	String	Creation time.
last_observed_time	String	Last discovery time.
resource	resource object	Resource information.
count	Integer	Vulnerability count.
region_id	String	Region ID.
vulnerability	vulnerability object	Vulnerability details.
dataclass_id	String	Data classification ID.
version	String	Vulnerability version.
data_source	data_source object	Data source.
arrive_time	String	Data arrival time.
environment	environment object	Environment information.
trigger_flag	Boolean	Whether to trigger the labeling.
handled	Integer	Handling status.

**Table 9** remediation
Parameter	Type	Description
recommendation	String	Recommended rectification measures.

**Table 10** extend_properties
Parameter	Type	Description
operations	operations object	Extended operation attributes.

**Table 11** operations
Parameter	Type	Description
is_build_in	String	Whether the attribute is built-in. false: The vulnerability is manually imported. true: The vulnerability is built-in.

**Table 12** vulnerability_type
Parameter	Type	Description
id	String	Type ID.
category	String	Vulnerability category.
category_en	String	Vulnerability category in English.
category_zh	String	Vulnerability category in Chinese.
vulnerability_type	String	Vulnerability type.
vulnerability_type_en	String	Vulnerability type in English.
vulnerability_type_zh	String	Vulnerability type in Chinese.

**Table 14** vulnerability
Parameter	Type	Description
id	String	Vulnerability ID.
type	Integer	Vulnerability type ID.
url	String	Vulnerability link.
status	Integer	Vulnerability status.
level	String	Vulnerability severity.
reason	String	Vulnerability cause.
solution	String	Solution to fix the vulnerability.
repair_severity	Integer	Severity level.
related	Array of related objects	Related vulnerabilities.
tags	Array of strings	Vulnerability tag.

**Table 15** related
Parameter	Type	Description
cnnvd_id	String	CNNVD vulnerability ID.
cnvd_id	String	CNVD vulnerability ID.
cve_description	String	CVE vulnerability description.
cve_id	String	CVE ID.
cve_name	String	CVE vulnerability name.
cve_url	String	CVE official link.
cvss	String	CVSS vulnerability score.
cvss_vector	String	CVSS vector string.
cvss_version	String	CVSS version.
public_time	String	Vulnerability disclosure date (format: YYYY-MM-DD).