Skip to main content

Create scan

POST https://daas.digicert.com/apicontroller/v1/scan/create

Use this endpoint to create a scan and get certificates and vulnerabilities.

Related topic

For more information on discovery scan and its details, see Set up and run a scan.

Example requests and responses

Request parameters

Name

Req/Opt

Type

Description

surveyName

required

string

Friendly name provided for the scan.

Max length: 80 characters.

frequencyType

required

string

How often the scan will run.

Allowed values: One Time, Daily, Weekly, Monthly, Cloud

surveyConfigDTO

required

object

Object container for scan configuration details.

.. sensorWithIpPortDTO

required

array

Array of objects with IP/port configuration details.

.. .. portSelectionChoice

required

string

Select the default port or choose from all/custom ports.

.. .. ipInclusionList

required

string

IPs to include in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs.

Example for IP format: 104.20.67.46

Example for FQDN format: digicert.com

Note: Loopback IP "127.0.0.1" is not allowed to scan.

.. .. ipExclusionList

optional

string

IPs to exclude in the scan. Supported formats are individual IPs, IP range, CIDR, and FQDNs.

.. .. includedPorts

required

array

Ports to include in the scan. It can be individual ports or port range.

.. .. licenseKey

required

string

Sensor license key to create scan.

.. .. name

required

string

Name of the sensor selected.

.. .. includeAllSubdomains

required

array

List of domains to scan all subdomains for. If a domain is in this list, the scan includes all subdomains of that domain.

.. .. selectedSubdomains

required

array

List of objects that define which subdomains of a given domain are included in the scan.

.. .. .. domain

required

string

Name of the domain.

.. .. .. subdomains

required

array

List of subdomains included in the scan for the given domain.

.. .. isIPv4Sensor

required

boolean

Use true if the operating system of the installed sensor runs on IPv4.

.. .. openPorts

required

array

A list of the open ports scanned. Used in scenarios where the host is unresponsive to ping.

.. startTime

optional

integer

Start time for the scheduled scan.

Format: epoch in millisecond.

Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system.

Example: 1596781119

Note: startTime value should be 0 when the frequencytype is onetime

.. timeToComplete

optional

integer

Wait time to complete the scan. 0 implies no timeout.

.. timezone

optional

string

Time zone for the scan.

Format: GMT + your timezone offset.

Example: -8#pacifictime

.. monthRecType

optional

string

Day of the month specified for recurring scan.

Allowed values: 1st, 2nd, 3rd, 4th, 5th

Note: 1st being the first day of the month.

.. speed

optional

string

How fast the scan completes.

Default: medium

Allowed values: slow, medium, fast

.. refreshHPSInventory

required

string

How often the host inventory will refresh. 1 - always, 2 - monthly, 0 - never

.. isCreateFlow

required

boolean

Use true when creating a new scan, and false when updating an existing scan.

.. scanOption

optional

string

Configure the scan settings either to custom / optimize.

.. tls13

optional

boolean

Enable scan of TLS v1.3 protocol.

Default: false

.. sshDiscovery

optional

boolean

Enable SSH key to be discovered.

Default: false

.. sni

optional

boolean

Enable the Server Name Indication (SNI) for your scan.

.. vulnerabilityList

required

string

This is a comma separated list of the vulnerabilities to scan for.

Allowed values: Heartbleed, POODLE(SSLv3), FREAK, LogJam, DROWN, RC4, POODLE(TLS), BEAST, CRIME, BREACH, SWEET32.

.. isOsDiscoverable

optional

boolean

Include or exclude OS information.

Default: false

.. isServiceDiscoverable

required

boolean

Include or exclude server application information.

Default: false

.. extraTlsProtocolsDiscovery

optional

boolean

Enable discovery of extra TLS protocol.

Default: false

.. ipv6

optional

boolean

Use true if IPv6 addresses are used.

Default: false

.. disablePing

optional

boolean

Enable hosts discovery that do not respond to ping.

Note: If true, openPorts should be provided.

.. emulationScans

optional

boolean

If true, it will exclude Heartbleed and POODLE (TLS) from vulnerability discovery.

accountId

required

string

Account ID.

divisionId

required

long

Division ID.

cipherScan

optional

boolean

Enable scan for ciphers configured on server.

Default: false

emailAddress

optional

string

Email address for the contact associated with the scan.

vulnerabilityScanOption

optional

string

Setting that defines which vulnerabilities to scan for.

Allowed values: all, critical.

listFilteredPorts

optional

boolean

If enabled, scan will list all the closed and filtered ports.

Default: false

tags

optional

string

Add tags to the scan. Tags can be a combination of letters (a-z or A-Z), numbers (0-9), number signs (#), or spaces. Entries must be comma-separated. (Maximum 512 characters).

Note: Alphanumeric characters like #, @ and _ are allowed.

Response parameters

Name

Type

Description

error

object

Includes the error code if any.

data

object

Object container for response.

.. accountId

string

Account ID.

.. divisionId

integer

Division ID.

.. surveyName

string

Friendly name provided for the scan.

Max length: 80 characters.

.. message

string

Updated message for scan creation.