A Fleet customer has a workflow that uses the Fleet API to fetch software versions with vulnerabilities and import that data into a 3rd party dashboard.
Every time an API call is made, the response includes vulnerabilities that have already been imported into the 3rd party dashboard. This means a lot of data is ingested into the dashboard for vulnerabilities that are already there.
The more frequent the API is called, the more this becomes an issue.
The desire is to have a way for the Fleet API to only return software versions that have vulnerabilities added since the last fetch was performed.
What have you tried?
TODO
Potential solutions
If the Fleet API supported a way to only return software versions that have new vulnerabilities, that would dramatically cut down on the size of the response and and only vulnerabilities that aren't already known would be ingested into the 3rd party dashboard.
What is the expected workflow as a result of your proposal?
An admin would build a workflow to call the Fleet API every 10 minutes and ingest the response into 3rd party dashboard.
The API would only return new vulnerabilities that were not present since the last API call. The smaller response would speed up the workflow.
JoStableford
commented
3 months ago
Problem
A Fleet customer has a workflow that uses the Fleet API to fetch software versions with vulnerabilities and import that data into a 3rd party dashboard.
Every time an API call is made, the response includes vulnerabilities that have already been imported into the 3rd party dashboard. This means a lot of data is ingested into the dashboard for vulnerabilities that are already there.
The more frequent the API is called, the more this becomes an issue.
The desire is to have a way for the Fleet API to only return software versions that have vulnerabilities added since the last fetch was performed.
What have you tried?
TODO
Potential solutions
If the Fleet API supported a way to only return software versions that have new vulnerabilities, that would dramatically cut down on the size of the response and and only vulnerabilities that aren't already known would be ingested into the 3rd party dashboard.
What is the expected workflow as a result of your proposal?
An admin would build a workflow to call the Fleet API every 10 minutes and ingest the response into 3rd party dashboard. The API would only return new vulnerabilities that were not present since the last API call. The smaller response would speed up the workflow.