@@ -6,6 +6,305 @@ components:
66 name : X-API-KEY
77 type : apiKey
88 schemas :
9+ CVECoverageAPIKeyErrorResponse :
10+ type : object
11+ properties :
12+ success :
13+ type : boolean
14+ example : false
15+ message :
16+ type : string
17+ description : Error message
18+ example : " X-API-KEY: Value is invalid."
19+ required :
20+ - success
21+ - message
22+ CVECoverageServerErrorResponse :
23+ type : object
24+ properties :
25+ success :
26+ type : boolean
27+ example : false
28+ message :
29+ type : string
30+ description : Error message
31+ example : " Failed to query Threat Vault API"
32+ required :
33+ - success
34+ - message
35+ CVECoverageErrorResponse :
36+ type : object
37+ properties :
38+ success :
39+ type : boolean
40+ example : false
41+ message :
42+ type : string
43+ description : Error message
44+ example : " cve_id: Value is invalid."
45+ required :
46+ - success
47+ - message
48+ CVECoverageInfo :
49+ type : object
50+ properties :
51+ cve_id :
52+ type : string
53+ description : The CVE identifier
54+ example : CVE-2021-1647
55+ nvd_link :
56+ type : string
57+ description : Link to the NVD database entry for this CVE
58+ example : https://nvd.nist.gov/vuln/detail/CVE-2021-1647
59+ cve_status :
60+ type : string
61+ description : Status of coverage for this CVE
62+ enum :
63+ - cve_not_reviewed
64+ - cve_being_monitored
65+ - cve_assigned
66+ - cve_under_testing
67+ - cve_pending_release
68+ - cve_cannot_cover
69+ release_week :
70+ type : string
71+ format : date
72+ nullable : true
73+ description : Expected release date for pending coverage
74+ example : 2025-04-15
75+ not_cover_reason :
76+ type : string
77+ nullable : true
78+ enum :
79+ - encrypted_traffic_limitations
80+ - risk_of_high_false_positives
81+ - threat_detection_limitations
82+ - performance_considerations
83+ description : Reason why the CVE cannot be covered. This field will only be available when ```cve_status``` is ```cve_cannot_cover```
84+ response_text :
85+ type : string
86+ description : Human-readable response explaining the status
87+ example : We have not looked into this CVE. Contact Customer Support if you want us to consider this CVE.
88+ required :
89+ - cve_id
90+ - nvd_link
91+ - cve_status
92+ - response_text
93+ CoveredCVEResponse :
94+ type : object
95+ properties :
96+ cve_id :
97+ type : string
98+ description : The CVE identifier
99+ example : CVE-2021-1647
100+ cve_status :
101+ type : string
102+ enum :
103+ - cve_covered
104+ description : Status of coverage for this CVE
105+ nvd_link :
106+ type : string
107+ description : Link to the NVD database entry for this CVE
108+ example : https://nvd.nist.gov/vuln/detail/CVE-2021-1647
109+ antivirus :
110+ type : array
111+ items :
112+ $ref : ' #/components/schemas/AntivirusSignature'
113+ description : Antivirus signatures related to this CVE
114+ vulnerability :
115+ type : array
116+ items :
117+ $ref : ' #/components/schemas/VulnerabilitySignature'
118+ description : Vulnerability protection signatures related to this CVE
119+ required :
120+ - cve_id
121+ - cve_status
122+ - nvd_link
123+ AntivirusSignature :
124+ type : object
125+ properties :
126+ name :
127+ type : string
128+ description : Name of the antivirus signature
129+ example : Virus/Win32.CVE-2021-1647.a
130+ severity :
131+ type : string
132+ description : Severity level of the signature
133+ example : medium
134+ type :
135+ type : string
136+ description : Type identifier
137+ example : " 0"
138+ subtype :
139+ type : string
140+ description : Subtype of the signature
141+ example : virus
142+ description :
143+ type : string
144+ description : Human-readable description of the signature
145+ example : This signature detected Virus/Win32.CVE-2021-1647.a
146+ action :
147+ type : string
148+ description : Action to take when detected
149+ example : " "
150+ id :
151+ type : string
152+ description : Unique identifier for the signature
153+ example : " 396564186"
154+ create_time :
155+ type : string
156+ format : date-time
157+ description : Creation timestamp of the signature
158+ example : 2021-01-11T12:00:48-08:00
159+ status :
160+ type : string
161+ description : Current status of the signature
162+ example : active
163+ related_sha256_hashes :
164+ type : array
165+ items :
166+ type : string
167+ description : SHA256 hashes of related files
168+ example :
169+ - 2084858ba68c50881ce80605202febdcd8bd9d62f652f5ee9f9a0809f4b44956
170+ release :
171+ type : object
172+ properties :
173+ antivirus :
174+ type : object
175+ properties :
176+ first_release_version :
177+ type : string
178+ description : First version where this signature was released
179+ example : " 3592"
180+ first_release_time :
181+ type : string
182+ format : date-time
183+ description : Timestamp of first release
184+ example : 2021-01-11T13:34:50Z
185+ last_release_version :
186+ type : string
187+ description : Latest version where this signature was released
188+ example : " 5169"
189+ last_release_time :
190+ type : string
191+ format : date-time
192+ description : Timestamp of latest release
193+ example : 2025-04-29T11:00:05Z
194+ in_current_release :
195+ type : boolean
196+ description : Whether this signature is in the current release
197+ example : true
198+ wildfire :
199+ type : object
200+ properties :
201+ first_release_version :
202+ type : string
203+ description : First WildFire version where this signature was released
204+ example : " 524540"
205+ first_release_time :
206+ type : string
207+ format : date-time
208+ description : Timestamp of first WildFire release
209+ example : 2021-01-15T10:46:18Z
210+ last_release_version :
211+ type : string
212+ description : Latest WildFire version where this signature was released
213+ example : " 973990"
214+ last_release_time :
215+ type : string
216+ format : date-time
217+ description : Timestamp of latest WildFire release
218+ example : 2025-04-29T23:17:11Z
219+ in_current_release :
220+ type : boolean
221+ description : Whether this signature is in the current WildFire release
222+ example : false
223+ VulnerabilitySignature :
224+ type : object
225+ properties :
226+ id :
227+ type : string
228+ description : Unique identifier for the vulnerability signature
229+ example : " 90207"
230+ name :
231+ type : string
232+ description : Name of the vulnerability
233+ example : Microsoft Windows Defender Remote Code Execution Vulnerability
234+ description :
235+ type : string
236+ description : Detailed description of the vulnerability
237+ example : Microsoft Windows Defender is prone to a remote code execution vulnerability while parsing certain crafted PE files.
238+ category :
239+ type : string
240+ description : Category of the vulnerability
241+ example : code-execution
242+ min_version :
243+ type : string
244+ description : Minimum version affected
245+ example : 8.1.0
246+ max_version :
247+ type : string
248+ description : Maximum version affected, empty if no upper bound
249+ example : " "
250+ severity :
251+ type : string
252+ description : Severity level of the vulnerability
253+ example : high
254+ default_action :
255+ type : string
256+ description : Default action to take when detected
257+ example : reset-both
258+ cve :
259+ type : array
260+ items :
261+ type : string
262+ description : List of related CVE IDs
263+ example :
264+ - CVE-2021-1647
265+ vendor :
266+ type : array
267+ items :
268+ type : string
269+ description : List of vendors affected
270+ example : []
271+ reference :
272+ type : array
273+ items :
274+ type : string
275+ description : List of reference URLs
276+ example :
277+ - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-1647
278+ status :
279+ type : string
280+ description : Current status of the signature
281+ example : released
282+ details :
283+ type : object
284+ properties :
285+ change_data :
286+ type : string
287+ description : Information about changes
288+ example : new coverage
289+ ori_release_version :
290+ type : string
291+ description : Original release version
292+ example : " 8364"
293+ latest_release_version :
294+ type : string
295+ description : Latest release version
296+ example : " 8364"
297+ ori_release_time :
298+ type : string
299+ format : date-time
300+ description : Original release timestamp
301+ example : 2021-01-12T10:40:13Z
302+ latest_release_time :
303+ type : string
304+ format : date-time
305+ description : Latest release timestamp
306+ example : 2021-01-12T10:40:13Z
307+
9308 GetThreatBatchList :
10309 type : object
11310 properties :
@@ -542,11 +841,92 @@ info:
542841 2. Link to [Request Threat Metadata](/threat-vault/api/threats)
543842 3. Link to [Request Threat Signature Metadata in Batch Mode](/threat-vault/api/threatsbatch)
544843 4. Link to [Request Threat Signature Release History](/threat-vault/api/threatshistory)
844+ 5. Link to [Request CVE Coverage Information](/threat-vault/api/get-cve-coverage)
545845 "
546846 title : Threat Prevention
547847 version : " 1.0"
548848openapi : 3.0.1
549849paths :
850+ /threats/cve-coverage :
851+ get :
852+ summary : Request CVE Coverage Information
853+ tags : [Threat Prevention]
854+ description : Retrieves coverage information for a specified CVE ID
855+ operationId : getCVECoverage
856+ parameters :
857+ - name : cve_id
858+ in : query
859+ description : The CVE ID to retrieve coverage for
860+ required : true
861+ schema :
862+ type : string
863+ pattern : ' ^CVE-\d{4}-\d{4,}$'
864+ example : CVE-2021-1647
865+ security :
866+ - ApiKeyAuth : []
867+ responses :
868+ ' 200 '
869+ description : Successful response with CVE coverage information
870+ content :
871+ application/json :
872+ schema :
873+ type : object
874+ properties :
875+ success :
876+ type : boolean
877+ description : Indicates if the request was successful
878+ example : true
879+ link :
880+ type : object
881+ properties :
882+ next :
883+ type : string
884+ nullable : true
885+ description : Link to the next page of results
886+ previous :
887+ type : string
888+ nullable : true
889+ description : Link to the previous page of results
890+ count :
891+ type : integer
892+ description : Number of records returned
893+ example : 2
894+ data :
895+ oneOf :
896+ - $ref : ' #/components/schemas/CoveredCVEResponse'
897+ - $ref : ' #/components/schemas/CVECoverageInfo'
898+ message :
899+ type : string
900+ description : Message describing the outcome of the request
901+ example : Successful
902+ ' 400 '
903+ description : Bad request
904+ content :
905+ application/json :
906+ schema :
907+ $ref : ' #/components/schemas/CVECoverageErrorResponse'
908+ examples :
909+ invalidCVE :
910+ value :
911+ success : false
912+ message : " cve_id: Value is invalid."
913+ nonExistentCVE :
914+ value :
915+ success : false
916+ message : " CVE ID doesn't exist in NVD database"
917+ ' 401 '
918+ description : Unauthorized - Invalid API key
919+ content :
920+ application/json :
921+ schema :
922+ $ref : ' #/components/schemas/CVECoverageAPIKeyErrorResponse'
923+ ' 500 '
924+ description : Server error
925+ content :
926+ application/json :
927+ schema :
928+ $ref : ' #/components/schemas/CVECoverageServerErrorResponse'
929+
550930 /release-notes :
551931 get :
552932 description :
0 commit comments