Burp Suite User Forum

Login to post

Burp Suite Enterprise GraphQL how do I get counts of all of the vulnerabilities discovered by a scan

Glenn | Last updated: Sep 25, 2020 02:51PM UTC

I am trying to use GraphQL and C# to look through all of our scans to determine which scans we need to have the developers look and handle any possible vulnerabilities in their websites. I could do this manually using the web GUI, but there a lot of scans performed on a schedule every day so I would like have a program run everyday to automate this process. My question is what GraphQL query can I use to get the number of High, Medium, and Low vulnerabilities that were discovered in a scan using a scanid? Thanks,

Uthman, PortSwigger Agent | Last updated: Sep 25, 2020 03:09PM UTC

If you just want to retrieve the total number, you can use the Scan object with issue_counts. Replace the scan ID as appropriate. Example below: query Scan { scan(id: 267) { site_name issue_counts { high { total } medium { total } low { total } } } } If you need in-depth information about all the issues at once, it may be best to generate a scan report for a completed scan (https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScanReport.html).

You need to Log in to post a reply. Or register here, for free.