Cisco Kenna-Security-API

Security
Developer Tools
Business Operations
Download This Spec

About this spec

Use steps: Update authorization tab with your API code and then proceed to the API requests you require which are grouped by function (assets, vulnerabilities, etc) ************************************************************************************************************* This is a list of API calls that can be leveraged to get the most out of the Kenna Platform. The most current documentation can be found at: https://apidocs.kennasecurity.com/reference#reference-getting-started Getting Started This page will help you get started with Kenna Platform API. No connector available yet for one of your security tools? No problem. You can push vulnerabilities from any external system into Kenna using our simple, secure API. Enterprise integration has never been easier. The API is organized around REST to have predictable, resource-oriented URLs and to use HTTP response codes to indicate errors. We use HTTP verbs, which can be understood by off-the-shelf HTTP clients and libraries. The API utilizes JSON as the data exchange format. All API calls must be made over HTTPS and be accompanied by a valid token parameter. Your Kenna API root path depends on your Kenna URL. In most cases the API root path will be https://{{API_URL}}, assuming your Kenna instance url is https://mycompany.kennasecurity.com/. If you have an instance in the EU or in a private environment, your Kenna instance URL will include additional subdomain components, such as https://mycompany.eu.kennasecurity.com. In that case, only the instance specific hostname component (mycompany in the example) is replaced with api, so an instance with an EU address will use the EU api address of https://api.eu.kennasecurity.com/. SUGGEST EDITS Authentication Access to the API is controlled using a token. Every account has a token generated when the account is created. You may locate and change your API token by logging in and clicking your company's name in the upper right hand corner. In the dropdown that appears, chose 'API Keys'. Your API token will be listed first in the table found on the applications page. You would replace in the example below with your API token. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests. Requests are limited to a maximum of 5 requests per second. If you exceed this limit, your request will receive a “429: Too Many Requests" status code response. SUGGEST EDITS Parameters Many API methods take optional parameters. For GET requests, parameters are specified as a segment in the path. For example if you were requesting data regarding a vulnerability with an id of 100: Request Response curl -H "X-Risk-Token: <token>" "https://{{API_URL}}/vulnerabilities/100" -X GET For most POST requests, parameters are encoded as JSON, with a Content-Type of 'application/json': Request Response curl -H "X-Risk-Token: <token>" -H "Content-Type: application/json" https://{{API_URL}}/vulnerabilities -X POST -d '{ "vulnerability": { "wasc_id" : "WASC-01", "primary_locator" : "url", "url" : "http://www.example.com" } }' Note: The Content-Type parameter should be omitted for specific POST request endpoints, such as the "Upload Data File" endpoint. Larger record sets are paginated by 500. For example, when requesting your list of vulnerabilities. To page through the record set, you pass a page parameter. Each paginated response includes meta data containing the current page and the total number of pages. Page limit is currently set to 20. Pages are 1-indexed based. Request Response curl -H "X-Risk-Token: <token>" "https://{{API_URL}}/vulnerabilities/?page=3" -X GET SUGGEST EDITS Data Types The API utilizes JSON as the data exchange format. Request Response curl -H "X-Risk-Token: <token>" "https://{{API_URL}}/vulnerabilities/100" -X GET SUGGEST EDITS Errors In the case of an error, the appropriate HTTP status code will be returned in the response header. In addition, the response body will contain a JSON formatted description of what went wrong. The JSON will contain an error attribute, and may contain a more explanatory message attribute as well. It also includes a success attribute with a value of false. Request Response curl -H "X-Risk-Token: <token>" "https://{{API_URL}}/assets/100" -X PUT -d {"priority":"-1"} SUGGEST EDITS HTTP Status Codes The following HTTP status codes are returned by the API. Code Meaning 102 Processing 200 OK 201 Created 204 No Content 400 Bad Request 401 Unauthorized 404 Not Found 409 Conflict 412 Precondition Failed 422 Unprocessable Entity 429 Too Many Requests (more than 5 per second) 500 Internal Server Error SUGGEST EDITS Pagination Requests that return multiple items will be paginated to 1000 items at a time, by default. You can request further pages with the page parameter, and/or change the number of items returned with the per_page parameter. Note that page numbering is 1-based and that omitting the page parameter will return the first page.

About Versori

Versori has established itself as the third generation of Integration Platform as a Service (iPaaS). Versori builds custom integrations for its customers using an intuitive visual user interface.

Versori’s connector engine means there is no dependency on an existing library of apps, all you need to start is the documentation of the app or system you want to integrate to.

How can I integrate with this spec?

Upload your spec

Drag and drop the Open API Spec into Versori's connector engine to create a new connector in minutes.

Build your workflow

Build out visual integration workflows with powerful data tools on an intuitive canvas UI.

Deploy instantly

Deploy your automated workflow instantly and maintain your integrations with ease.

Issue with this spec?

Is there something wrong with this spec? Let us know and Versori's engineering team will improve the quality of the spec based on your feedback.

Report This Spec
Built for Security & Scale

How developers maximise their time & productivity with Versori

Easily map complex data fields

Automatically match and transform data fields between systems with precision, reducing manual effort and errors.

Build, integrate & deploy faster

Design integrations visually, test workflows instantly, and deploy seamlessly—accelerating your time to value.

Create any custom connector in minutes

Drag and drop API specifications to build custom integrations, unlocking endless connectivity with minimal setup.

Start building today

Ready to start integrating?

Google Ads
Batch
Dropbox
Airtable
Asana
Calendly
Filter