Skip to main content

Create scan

POST https://daas.digicert.com/apicontroller/v1/scan/create

Use this endpoint to create a scan and get certificates and vulnerabilities.

Related topic

For more information on discovery scan and its details, see Set up and run a scan.

Example requests and responses

Example 1. cURL

curl --location --request GET 'https://daas.digicert.com/apicontroller/v1/scan/create' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "surveyName": "testingscan",
    "frequencyType": "onetime",
    "surveyConfigDTO": {
        "sensorWithIpPortDTO": [
            { 
                "portSelectionChoice": "default",
                "ipInclusionList": "www.digicert.com",
                "ipExclusionList": "",
                "includedPorts": [
                    "80",
                    "443",
                    "389",
                    "636",
                    "22",
                    "143",
                    "110",
                    "465",
                    "8443",
                    "3389"
                ],
                "licenseKey": "9E205E8B61130C32",
                "name": "14MaySensor Proxy3810 (Error)",
                "includeAllSubdomains": ["www.digicert.com"],
                "selectedSubdomains": [{
				"domain": "www.yahoo.com",
				"subdomains": ["accountlink.www.yahoo.com",                         
    						"secure.www.yahoo.com"]
	       }, {
				"domain": "www.google.com",
				"subdomains": ["www.google.com----------------- 
						r.reflectiz.com"]
	       }],
                "isIPv4Sensor": true,
                "openPorts": null
            }
        ],
        "startTime": 0,
        "timeToComplete": 0,
        "timezone": "5:30#chennai",
        "monthRecType": "1st",
        "speed": "medium",
        "refreshHPSInventory": "always",
        "isCreateFlow": true,
        "scanOption": "optimize",
        "tls13": false,
        "sshDiscovery": false,
        "sni": false,
        "vulnerabilityList": "Heartbleed,POODLE (SSLv3),FREAK,LogJam,DROWN,RC4,POODLE (TLS)",
        "isOsDiscoverable": false,
        "isServiceDiscoverable": false,
        "extraTlsProtocolsDiscovery": false,
        "ipv6": false,
        "disablePing": false,
        "emulationScans": false
    },
    "accountId": 5153184,
    "cipherScan": false,
    "divisionId": 677793,
    "emailAddresses": "cc.admin@cert-testing.com",
    "vulnerabilityScanOption": "critical",
    "listFilteredPorts": false,
    "tags": ""
}'

Request parameters

Name	Req/Opt	Type	Description
surveyName	required	string	Friendly name provided for the scan. Max length: 80 characters.
frequencyType	required	string	How often the scan will run. Allowed values: `One Time`, `Daily`, `Weekly`, `Monthly`, `Cloud`
surveyConfigDTO	required	object	Object container for scan configuration details.
.. sensorWithIpPortDTO	required	array	Array of objects with IP/port configuration details.
.. .. portSelectionChoice	required	string	Select the default port or choose from all/custom ports.
.. .. ipInclusionList	required	string	IPs to include in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs. Example for IP format: `104.20.67.46` Example for FQDN format: `digicert.com` Note: Loopback IP "127.0.0.1" is not allowed to scan.
.. .. ipExclusionList	optional	string	IPs to exclude in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs.
.. .. includedPorts	required	array	Ports to include in the scan. It can be individual ports or port range.
.. .. licenseKey	required	string	Sensor license key to create scan.
.. .. name	required	string	Name of the sensor selected.
.. .. includeAllSubdomains	required	array	List of domains to scan all subdomains for. If a domain is in this list, the scan includes all subdomains of that domain.
.. .. selectedSubdomains	required	array	List of objects that define which subdomains of a given domain are included in the scan.
.. .. .. domain	required	string	Name of the domain.
.. .. .. subdomains	required	array	List of subdomains included in the scan for the given domain.
.. .. isIPv4Sensor	required	boolean	Use `true` if the operating system of the installed sensor runs on IPv4.
.. .. openPorts	required	array	A list of the open ports scanned. Used in scenarios where the host is unresponsive to ping.
.. startTime	optional	integer	Start time for the scheduled scan. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: `1596781119` Note: `startTime` value should be `0` when the `frequencytype` is `onetime`
.. timeToComplete	optional	integer	Wait time to complete the scan. 0 implies no timeout.
.. timezone	optional	string	Time zone for the scan. Format: GMT + your timezone offset. Example: `-8#pacifictime`
.. monthRecType	optional	string	Day of the month specified for recurring scan. Allowed values: `1st`, `2nd`, `3rd`, `4th`, `5th` Note: `1st` being the first day of the month.
.. speed	optional	string	How fast the scan completes. Default: `medium` Allowed values: `slow`, `medium`, `fast`
.. refreshHPSInventory	required	string	How often the host inventory will refresh. `1` - always, `2` - monthly, `0` - never
.. isCreateFlow	required	boolean	Use `true` when creating a new scan, and `false` when updating an existing scan.
.. scanOption	optional	string	Configure the scan settings either to `custom` / `optimize`.
.. tls13	optional	boolean	Enable scan of TLS v1.3 protocol. Default: `false`
.. sshDiscovery	optional	boolean	Enable SSH key to be discovered. Default: `false`
.. sni	optional	boolean	Enable the Server Name Indication (SNI) for your scan.
.. vulnerabilityList	required	string	This is a comma separated list of the vulnerabilities to scan for. Allowed values: `Heartbleed`, `POODLE(SSLv3)`, `FREAK`, `LogJam`, `DROWN`, `RC4`, `POODLE(TLS)`, `BEAST`, `CRIME`, `BREACH`, `SWEET32`.
.. isOsDiscoverable	optional	boolean	Include or exclude OS information. Default: `false`
.. isServiceDiscoverable	required	boolean	Include or exclude server application information. Default: `false`
.. extraTlsProtocolsDiscovery	optional	boolean	Enable discovery of extra TLS protocol. Default: `false`
.. ipv6	optional	boolean	Use true if IPv6 addresses are used. Default: `false`
.. disablePing	optional	boolean	Enable hosts discovery that do not respond to ping. Note: If `true`, `openPorts` should be provided.
.. emulationScans	optional	boolean	If `true`, it will exclude `Heartbleed` and `POODLE (TLS)` from vulnerability discovery.
accountId	required	string	Account ID.
divisionId	required	long	Division ID.
cipherScan	optional	boolean	Enable scan for ciphers configured on server. Default: `false`
emailAddress	optional	string	Email address for the contact associated with the scan.
vulnerabilityScanOption	optional	string	Setting that defines which vulnerabilities to scan for. Allowed values: `all`, `critical`.
listFilteredPorts	optional	boolean	If enabled, scan will list all the closed and filtered ports. Default: `false`
tags	optional	string	Add tags to the scan. Tags can be a combination of letters (a-z or A-Z), numbers (0-9), number signs (#), or spaces. Entries must be comma-separated. (Maximum 512 characters). Note: Alphanumeric characters like #, @ and _ are allowed.

Response parameters

Name	Type	Description
error	object	Includes the error code if any.
data	object	Object container for response.
.. accountId	string	Account ID.
.. divisionId	integer	Division ID.
.. surveyName	string	Friendly name provided for the scan. Max length: 80 characters.
.. message	string	Updated message for scan creation.

In this section:

Was this page helpful?

Provide feedback