Stats
The Vulnerability DB API provides a list of endpoints that allow users to query different statistis regarding the vulnerabilities stored in the Vuln DB.
Get Fixed Findings Stats
This endpoint provides statistics for the findings that are currently FIXED. It returns the number of fixed findings by criticality (informational, low, medium, high and critical).
It also has support for filtering by date and target teams.
It’s important to clarify that when querying for a time range, it returns every finding that has been fixed in that time and is still fixed at the end of the time range specified, so a finding that is FIXED and then reopened in that span of time will not be counted.
For example we might want to know the stats of fixed issues during Q4 of 2019:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/fixed?minDate=2019-10-01&maxDate=2019-12-31"
Or the total number of issues by severity that were fixed at the beginning of 2020:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/fixed?atDate=2020-01-01"
Get Open Findings Stats
This endpoint provides statistics for the findings that are currently OPEN. It returns the number of open findings by criticality (informational, low, medium, high and critical).
It also has support for filtering by date and target teams.
It’s important to clarify that when querying for a time range, it returns every finding that has been found in that time regardless if that finding has also been fixed in that span of time.
For example we might want to know the stats of open issues during Q4 of 2019:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/open?minDate=2019-10-01&maxDate=2019-12-31"
Or the total number of open issues by severity at the beginning of 2020:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/open?atDate=2020-01-01"
Get Issues Stats
The Get Issues Stats endpoint provides statistics for the status of the issues currently present in the Vulnerability Database.
By using filters for date and score we can query the number of OPEN and FIXED findings for each issue.
For example we can query the stats for high and critical severity issues that were reported in Q4 of 2019:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/issues?minScore=7&minDate=2019-10-01&maxDate=2019-12-31"
Get MTTR stats
MTTR stands for Mean Time To Remediate, and is the average time that elapses since the vulnerability is found until it is fixed.
The MTTR stats endpoint allows to query statistics related to the Mean Time to Remediate classified by issue severity (informational, low, medium, high and critical). It also returns the total average.
We can query MTTR stats by time range and/or get statistics only for vulnerabilities that are related to targets associated with a specific team.
For example we can query MTTR statistics for vulnerabilities that have been fixed in Q4 of 2019:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/mttr?minDate=2019-10-01&maxDate=2019-12-31"
Or we could query the MTTR for vulnerabilities found in targets associated with the Security Team:
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/mttr?team=e84cfeeb-7a2b-442b-b1cf-15af8b4a52d3"
Get Size Stats
The size stats endpoint returns statistics related to the number of elements currently stored in the Vulnerability DB.
- sources
- targets
- issues
- findings
- finding_events
curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/stats/size"