Availabilty of Findings data via API

Hi! In many cases XM recommendations can only be fulfilled by considering vulnerable files. In the Elements portal those are shown after clicking Elements > Enivronment > Exposure > Recommendation > Asset > Critical Finding > Found vulnerable files. With them one can trace the origins to remediate individual vulnerabilities.
In an organization with thousands of devices this is something between annoying and impossible. So I tried to find a way to automate this process. Unfortunately the Elements API doesn't cover this. Or have I missed the value point?
Thanks in advance

Find more posts tagged with

API & Integration

Reporting, Export & Filtering

Accepted answers

All comments

Stefan_G

A feature request covering that topic has been placed by @PiotreCz here. Many thanks! Upvoting is welcome.

Sethu Laks

Hi @Stefan_G

Thanks for the detailed description and for outlining your workflow so clearly.

You are correct: at the moment the public Elements / Exposure / XM APIs do not expose the same “Found vulnerable files” data that you see in the Elements portal under:

Elements → Environment → Exposure → Recommendation → Asset → Critical Finding → Found vulnerable files

Because of that, there’s currently no supported way to retrieve that exact per‑file evidence via API, or to fully automate that specific view across thousands of devices.

What is possible today via the available APIs is to:

List assets/devices.
Retrieve vulnerability findings per asset (CVE / plugin / rule, severity, etc.).
In some cases, combine that with software inventory to understand which product/version is responsible for a given vulnerability.

This supports automation at the level of questions like:

“Which assets are affected by CVE‑XXXX‑YYYY?”
“Which software version needs updating, and where?”

But it does not include the vulnerable file instances (paths, filenames) shown in the “Found vulnerable files” section in the UI.

Since you rely on that file‑level detail, this is indeed a limitation of the current public API. I’d recommend raising this as an idea/feature request in the idea portal, specifically for:

An API (or export) that exposes the file‑level evidence behind XM / Exposure findings.

If you can share a bit more in the idea portal about how you’d like to consume this (for example: CSV export, integration with ticketing/CMDB, or a SIEM/automation platform), it will also help to shape a more targeted solution.

Best regards,
Sethu
Community Moderator | Technical Support Engineer https://www.withsecure.com/