jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
75ac8c823a6bb40378a1646d0f1b9b44d8c28c3a
cve-dashboard/docs/ivanti-api-reference.md

6.0 KiB
Raw Blame History

Ivanti / RiskSense API Reference

Base URL: https://platform4.risksense.com/api/v1 Swagger: https://platform4.risksense.com/doc/swagger.json

Auth: x-api-key header. Error codes: 401 bad key, 419 insufficient privileges, 429 rate limited.

Endpoints Used

Search Workflow Batches

POST /client/{clientId}/workflowBatch/search
Content-Type: application/json

Standard JSON body with filters, projection, sort, page, size. Used by ivantiWorkflows.js for the daily sync.

Create False Positive Workflow

POST /client/{clientId}/workflowBatch/falsePositive/request
Content-Type: multipart/form-data

This endpoint does NOT accept JSON. It requires multipart/form-data with the following fields:

Field Type Required Notes
name string yes Workflow batch name (max 255)
reason string yes Reason for the FP determination
description string yes Description (can be empty string but field must be present)
expirationDate string yes ISO-8601 date, e.g. 2026-06-01
overrideControl string yes AUTHORIZED, NONE, or AUTOMATED. Use AUTHORIZED for standard FP workflows. NONE with isEmptyWorkflow=true is rejected (400).
isEmptyWorkflow boolean yes true if no findings attached, false otherwise
subjectFilterRequest string yes Stringified JSON (see format below)
files file no Attachments sent inline in the same request

subjectFilterRequest format

This is the critical field. It must be a stringified JSON object with this exact structure:

{
  "subject": "hostFinding",
  "filterRequest": {
    "filters": [
      {
        "field": "id",
        "exclusive": false,
        "operator": "IN",
        "value": "2283734550,2283734551"
      }
    ]
  }
}

Key details:

  • subject must be "hostFinding" — without this, the API returns 500
  • filters is nested inside filterRequest, NOT at the top level — {"filters":[]} at the top level returns 500
  • value for multiple IDs is comma-separated as a single string, not an array
  • operator values: EXACT, IN, LIKE, WILDCARD, RANGE, CIDR
  • For empty workflows, use {"subject":"hostFinding","filterRequest":{"filters":[]}} with isEmptyWorkflow=true

Response (200/202)

{
  "id": 33418832,
  "created": "2026-04-08T18:16:08"
}

Returns HTTP 200 or 202 (Accepted — async job creation). Response contains a numeric id (the workflow batch job ID) and created timestamp. No generatedId or uuid in this response.

Other Workflow Endpoints (from Swagger)

These are available but not all are currently used by the dashboard:

Endpoint Purpose Status
/workflowBatch/acceptance/request Risk acceptance workflow Not used
/workflowBatch/remediation/request Remediation workflow Not used
/workflowBatch/severityChange/request Severity change workflow Not used
/workflowBatch/{workflowType}/approve Approve a workflow (needs workflowBatchUuid) Not used
/workflowBatch/{workflowType}/reject Reject a workflow Not used
/workflowBatch/{workflowType}/rework Send back for rework Not used
/workflowBatch/{workflowType}/update Update a workflow Not used
/workflowBatch/{workflowType}/{workflowBatchUuid}/map Map findings to workflow Used (FP editing)
/workflowBatch/{workflowType}/{workflowBatchUuid}/unmap Unmap findings Not used
/workflowBatch/{workflowType}/{workflowBatchUuid}/attach Attach file to existing workflow Broken — see note
/workflowBatch/{workflowType}/{workflowBatchUuid}/detach Detach file Not used
/workflowBatch/model Get model/schema Not used
/workflowBatch/filter Get available filter fields Not used
/workflowBatch/suggest Get suggested values for a filter field Not used

Known Limitations

Attach endpoint does not work (tested 2026-04-13)

The /workflowBatch/{workflowType}/{workflowBatchUuid}/attach endpoint is listed in the Swagger spec but returns HTTP 400 (Bad Request) for all tested request formats:

  • multipart/form-data with field name file (singular) — 400
  • multipart/form-data with field name files (plural) — 400
  • Tested with Content-Type: application/octet-stream and image/png — both 400
  • Tested with both ivantiMultipartPost and ivantiFormPost helpers — both 400

The Ivanti response is a generic Spring Boot error with no detail message:

{"timestamp":"...","status":400,"error":"Bad Request","path":"/api/v1/client/1550/workflowBatch/falsePositive/{uuid}/attach"}

Workaround: File attachments can only be uploaded during the initial workflow creation (sent inline with the /workflowBatch/falsePositive/request endpoint). To add attachments to an existing workflow, users must upload them directly in the Ivanti platform UI.

Search by numeric batch ID does not work

The /workflowBatch/search endpoint does not support filtering by the numeric id returned from the create endpoint. Searching with { field: 'id', operator: 'EXACT', value: '33432541' } returns 0 results. Searching by name field works and returns the workflow batch object including the uuid field needed for map/attach operations.

UUID not returned by create endpoint

The /workflowBatch/falsePositive/request create endpoint returns only { id: <number>, created: <timestamp> }. The uuid needed for map/attach/approve/reject operations must be obtained separately via the search endpoint.

Environment Variables

Variable Default Description
IVANTI_API_KEY Required. API key for authentication
IVANTI_CLIENT_ID 1550 Client ID in the Ivanti platform
IVANTI_SKIP_TLS false Set true to skip TLS verification
IVANTI_FIRST_NAME Used for workflow search filter (sync)
IVANTI_LAST_NAME Used for workflow search filter (sync)
Reference in New Issue View Git Blame Copy Permalink