Create scan
5 minute read
POST
Use this endpoint to create a scan and get certificates and vulnerabilities.https://daas.digicert.com/apicontroller/v1/scan/create
Related topic
For more information on discovery scan and its details, see Set up and run a scan.
Example requests and responses
cURL
curl --location --request GET 'https://daas.digicert.com/apicontroller/v1/scan/create' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"surveyName": "testingscan",
"frequencyType": "onetime",
"surveyConfigDTO": {
"sensorWithIpPortDTO": [
{
"portSelectionChoice": "default",
"ipInclusionList": "www.digicert.com",
"ipExclusionList": "",
"includedPorts": [
"80",
"443",
"389",
"636",
"22",
"143",
"110",
"465",
"8443",
"3389"
],
"licenseKey": "9E205E8B61130C32",
"name": "14MaySensor Proxy3810 (Error)",
"includeAllSubdomains": ["www.digicert.com"],
"selectedSubdomains": [{
"domain": "www.yahoo.com",
"subdomains": ["accountlink.www.yahoo.com",
"secure.www.yahoo.com"]
}, {
"domain": "www.google.com",
"subdomains": ["www.google.com-----------------
r.reflectiz.com"]
}],
"isIPv4Sensor": true,
"openPorts": null
}
],
"startTime": 0,
"timeToComplete": 0,
"timezone": "5:30#chennai",
"monthRecType": "1st",
"speed": "medium",
"refreshHPSInventory": "always",
"isCreateFlow": true,
"scanOption": "optimize",
"tls13": false,
"sshDiscovery": false,
"sni": false,
"vulnerabilityList": "Heartbleed,POODLE (SSLv3),FREAK,LogJam,DROWN,RC4,POODLE (TLS)",
"isOsDiscoverable": false,
"isServiceDiscoverable": false,
"extraTlsProtocolsDiscovery": false,
"ipv6": false,
"disablePing": false,
"emulationScans": false
},
"accountId": 5153184,
"cipherScan": false,
"divisionId": 677793,
"emailAddresses": "cc.admin@cert-testing.com",
"vulnerabilityScanOption": "critical",
"listFilteredPorts": false,
"tags": ""
}'
200 OK
{
"error": null,
"data": {
"accountId": "5153184",
"divisionId": 677793,
"surveyDefId": 294291,
"surveyName": "testingscan",
"message": "Scan created successfully"
}
}
Request parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| surveyName | required | string | Friendly name provided for the scan. **Max length:**80 characters. |
| frequencyType | required | string | How often the scan will run. Allowed values: One Time, Daily, Weekly, Monthly, Cloud |
| surveyConfigDTO | required | object | Object container for scan configuration details. |
| .. sensorWithIpPortDTO | required | array | Array of objects with IP/port configuration details. |
| .. .. portSelectionChoice | required | string | Select the default port or choose from all/custom ports. |
| .. .. ipInclusionList | required | string | IPs to include in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs. Example for IP format: 104.20.67.46Example for FQDN format: digicert.com**Note:**Loopback IP “127.0.0.1” is not allowed to scan. |
| .. .. ipExclusionList | optional | string | IPs to exclude in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs. |
| .. .. includedPorts | required | array | Ports to include in the scan. It can be individual ports or port range. |
| .. .. licenseKey | required | string | Sensor license key to create scan. |
| .. .. name | required | string | Name of the sensor selected. |
| .. .. includeAllSubdomains | required | array | List of domains to scan all subdomains for. If a domain is in this list, the scan includes all subdomains of that domain. |
| .. .. selectedSubdomains | required | array | List of objects that define which subdomains of a given domain are included in the scan. |
| .. .. .. domain | required | string | Name of the domain. |
| .. .. .. subdomains | required | array | List of subdomains included in the scan for the given domain. |
| .. .. isIPv4Sensor | required | boolean | Use true if the operating system of the installed sensor runs on IPv4. |
| .. .. openPorts | required | array | A list of the open ports scanned. Used in scenarios where the host is unresponsive to ping. |
| .. startTime | optional | integer | Start time for the scheduled scan. **Format:**epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1596781119Note: startTime value should be 0 when the frequencytype is onetime |
| .. timeToComplete | optional | integer | Wait time to complete the scan. 0 implies no timeout. |
| .. timezone | optional | string | Time zone for the scan. Format: GMT + your timezone offset. Example: -8#pacifictime |
| .. monthRecType | optional | string | Day of the month specified for recurring scan. Allowed values: 1st, 2nd, 3rd, 4th, 5thNote: 1st being the first day of the month. |
| .. speed | optional | string | How fast the scan completes. Default: mediumAllowed values: slow, medium, fast |
| .. refreshHPSInventory | required | string | How often the host inventory will refresh. 1- always,2 - monthly, 0- never |
| .. isCreateFlow | required | boolean | Use true when creating a new scan, and false when updating an existing scan. |
| .. scanOption | optional | string | Configure the scan settings either to custom / optimize. |
| .. tls13 | optional | boolean | Enable scan of TLS v1.3 protocol. Default: false |
| .. sshDiscovery | optional | boolean | Enable SSH key to be discovered. Default: false |
| .. sni | optional | boolean | Enable the Server Name Indication (SNI) for your scan. |
| .. vulnerabilityList | required | string | This is a comma separated list of the vulnerabilities to scan for. Allowed values: Heartbleed, POODLE(SSLv3), FREAK, LogJam, DROWN, RC4, POODLE(TLS), BEAST, CRIME, BREACH, SWEET32. |
| .. isOsDiscoverable | optional | boolean | Include or exclude OS information. Default: false |
| .. isServiceDiscoverable | required | boolean | Include or exclude server application information. Default: false |
| .. extraTlsProtocolsDiscovery | optional | boolean | Enable discovery of extra TLS protocol. Default: false |
| .. ipv6 | optional | boolean | Use true if IPv6 addresses are used. Default: false |
| .. disablePing | optional | boolean | Enable hosts discovery that do not respond to ping. Note: If true, openPorts should be provided. |
| .. emulationScans | optional | boolean | If true, it will exclude Heartbleed and POODLE (TLS) from vulnerability discovery. |
| accountId | required | string | Account ID. |
| divisionId | required | long | Division ID. |
| cipherScan | optional | boolean | Enable scan for ciphers configured on server. Default: false |
| emailAddress | optional | string | Email address for the contact associated with the scan. |
| vulnerabilityScanOption | optional | string | Setting that defines which vulnerabilities to scan for. Allowed values: all, critical. |
| listFilteredPorts | optional | boolean | If enabled, scan will list all the closed and filtered ports. Default: false |
| tags | optional | string | Add tags to the scan. Tags can be a combination of letters (a-z or A-Z), numbers (0-9), number signs (#), or spaces. Entries must be comma-separated. (Maximum 512 characters). Note: Alphanumeric characters like #, @ and _ are allowed. |
Response parameters
| Name | Type | Description |
|---|---|---|
| error | object | Includes the error code if any. |
| data | object | Object container for response. |
| .. accountId | string | Account ID. |
| .. divisionId | integer | Division ID. |
| .. surveyName | string | Friendly name provided for the scan. **Max length:**80 characters. |
| .. message | string | Updated message for scan creation. |
Was this page helpful?
Provide feedback