manager.spec.yaml

openapi: "3.0.0"

info:
  title: Vulnerability Engine Manager
  version: {{ app_version }}

paths:
  /apistatus:
    get:
      summary: Determine the health of the application
      description: Checks database availability and API response threshold time.
      operationId: manager.api_status_handler.GetApiStatus.get
      x-methodName: getApiStatus
      responses:
        200:
          description: API is healthy
        503:
          description: Database is unavaiable

  /version:
    get:
      summary: Get application version
      description: >
        This endpoint will provide you with the application version. Use this endpoint
        to track application changes.
      operationId: manager.version_handler.GetVersion.get
      x-methodName: getVersion
      responses:
        200:
          description: Application version.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/VersionOut'

  /business_risk:
    get:
      summary: Access business risk values
      description: >
        This endpoint helps you determine the numeric business risk for a given CVE.
        A business risk is a label you can set for a given CVE. Choose one of five business risk
        options ranging from 0-4, where 0 is not defined and 4 indicates a critical risk.
        You must call this endpoint to choose a numerical value before calling the *PATCH/cves/business_risk* endpoint.
      operationId: manager.risk_handler.GetRisk.get
      x-methodName: getBusinessRiskList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: List of business risk/business_risk_id pairs.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/BusinessRiskListOut'


  /cves/{cve_id}:
    get:
      summary: Get CVE details
      description: >
        This endpoint returns the CVE identification number, description, scores
        and other metadata. The metadata includes the description, CVSS 2/3 Score,
        CVSS 2/3 attack vector, severity, public date, modified date, business risk,
        status, a URL to Red Hat web pages, a list of advisories remediating the CVE, and
        information regarding known exploits for the CVE.
      operationId: manager.cve_handler.GetCves.get
      x-methodName: getCveDetails
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: CVE details
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/CveDetailOut'
        404:
          description: Given CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/cve_id'
        - $ref: '#/components/parameters/advisory_available'

  /cves/{cve_id}/affected_systems:
    get:
      summary: Determine affected systems for a given CVE
      description: >
        This is a report of affected systems for a given CVE.
        Use this request to obtain server identification numbers of all affected servers along
        with last check-in, system name and more.
      operationId: manager.cve_handler.GetCvesAffectedSystems.get
      x-methodName: getAffectedSystemsByCve
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Report of affected systems for a given CVE.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/AffectedSystemsOut'
        404:
          description: Given CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/sort'
        - $ref: '#/components/parameters/cve_id'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/uuid'
        - $ref: '#/components/parameters/rule_key_deprecated'
        - $ref: '#/components/parameters/rule_presence_deprecated'
        - $ref: '#/components/parameters/rule'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/show_advisories'
        - $ref: '#/components/parameters/advisory'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/first_reported_from'
        - $ref: '#/components/parameters/first_reported_to'
        - $ref: '#/components/parameters/advisory_available'
        - $ref: '#/components/parameters/remediation'
        - $ref: '#/components/parameters/report'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/group_names'
        - $ref: '#/components/parameters/group_ids'
        - $ref: '#/components/parameters/host_type'

  /cves/{cve_id}/affected_systems/ids:
    get:
      summary: Get identification numbers of affected systems for a given CVE
      description: >
        This is a report of identification numbers of affected systems for a given CVE.
        Use this request to obtain server identification numbers of all affected systems.
      operationId: manager.cve_handler.GetCvesAffectedSystemsIds.get
      x-methodName: getAffectedSystemsIdsByCve
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Report of IDs of affected systems for a given CVE.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/AffectedSystemsIdsOut'
        404:
          description: Given CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/sort'
        - $ref: '#/components/parameters/cve_id'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/uuid'
        - $ref: '#/components/parameters/rule_key_deprecated'
        - $ref: '#/components/parameters/rule_presence_deprecated'
        - $ref: '#/components/parameters/rule'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/show_advisories'
        - $ref: '#/components/parameters/advisory'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/first_reported_from'
        - $ref: '#/components/parameters/first_reported_to'
        - $ref: '#/components/parameters/advisory_available'
        - $ref: '#/components/parameters/remediation'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/group_names'
        - $ref: '#/components/parameters/group_ids'
        - $ref: '#/components/parameters/host_type'

  /cves/business_risk:
    patch:
      summary: Set business risk for a CVE
      description: >
        This sets a business risk for a specific CVE. Set a value of low,
        medium, high or critical for a given CVE. These values are obtained by the business
        risk path *GET/business_risk*. To set a business risk, you must call the
        GET/business_risk endpoint first, followed by the *PATCH/cves/business_risk* path.
      operationId: manager.cve_handler.PatchCveRisk.patch
      x-methodName: setCveBusinessRisk
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: Values to be set. At least one of the "business_risk_id" or "business_risk_text" parameters is required.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/CveRiskIn'
              x-body-name: data
      responses:
        200:
          description: Business risk successfully updated.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/BulkChangeOut'
        404:
          description: Given CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
        503:
          description: Service is running in read-only mode.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'

  /cves/status:
    patch:
      summary: Set status for a CVE
      description: >
        This sets the status for a specific CVE. Set a status
        value for a given CVE (e.g. in-review, on-hold, scheduled for a patch, or resolved).
        These values are obtained by sending a *GET/status* request. To set a status, you
        must call the *GET/business_risk* first, followed by the *PATCH/cves/status* path.
      operationId: manager.cve_handler.PatchCveStatus.patch
      x-methodName: setCveStatus
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: Values to be set. At least one of the "status_id" or "status_text" parameters is required.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/CveStatusIn'
              x-body-name: data
      responses:
        200:
          description: Status successfully updated.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/BulkChangeOut'
        404:
          description: Given CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
        503:
          description: Service is running in read-only mode.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'

  /dashboard:
    get:
      summary: Get a macro level overview of aggregated vulnerabilities
      description: >
        These are aggregations summarizing your account such as number
        of unique CVEs, list of security rules, CVEs by severity, and more.
        Use this endpoint to obtain a snapshot of all the CVES and details about their
        prevalence and severity.
      operationId: manager.dashboard_handler.GetDashboard.get
      x-methodName: getDashboard
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Dashboard.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Dashboard'
      parameters:
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'

  /playbooks/templates/{rule_id}:
    get:
      summary: Get an Ansible Playbook template for CVEs with security rules
      description: >
        This returns an Ansible playbook template for a given rule identification
        number. Use this endpoint to return an Ansible playbook template for a given rule
        error key. The template is used to remediate issues on your system.
      operationId: manager.playbook_handler.GetTemplate.get
      x-methodName: getPlaybookTemplate
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Playbook template response
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/PlaybookTemplate'
        404:
          description: Given rule id does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - in: path
          name: rule_id
          description: Insights security rule ID.
          required: true
          schema:
            type: string
          example: CVE_2017_8779_rpc|CVE_2017_8779_WARN

  /report/executive:
    get:
      summary: Generate an executive report
      description: >
        This returns an overview of vulnerabilities affecting a given account.
        Use this request when you need to download a high-level, executive report summarizing
        the security exposure of your infrastructure. These reports are designed for an executive
        audience and include data such as the number of RHEL systems analyzed, the number of
        security rules in your infrastructure, percentage of CVEs with a certain severity and more.
      operationId: manager.report_handler.GetExecutive.get
      x-methodName: getExecutiveReport
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Executive report.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/ExecutiveReport'

  /status:
    get:
      summary: Access available status values
      description: >
        This endpoint returns a list of possible
        values for setting status for a CVE or system-CVE pair.
        Call this api when you want to know which values are available
        for setting a status. A list of numbers will be returned.
        You must call this endpoint before calling the *PATCH/cves/status* endpoint.
      operationId: manager.status_handler.GetStatus.get
      x-methodName: getStatusList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: List of status/status_id pairs.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/StatusListOut'

    patch:
      summary: Set status for system vulnerabilities
      description: >
        This endpoint sets status for given systems and CVEs. Use this endpoint when
        you need to set a status value for system-CVE pairs.
      operationId: manager.status_handler.PatchStatus.patch
      x-methodName: setStatus
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: Values to be set.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/StatusIn'
              x-body-name: data
      responses:
        200:
          description: Status successfully updated.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/StatusOut'
        404:
          description: Given host/CVE does not exist.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
        503:
          description: Service is running in read-only mode.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'

  /systems:
    get:
      summary: List systems
      description: >
        List systems that are accessible when you are logged into your account.
        Use this endpoint to view basic system attributes such as display name and system type.
      operationId: manager.system_handler.GetSystems.get
      x-methodName: getSystemsList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: System list
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/SystemListOut'
      parameters:
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/sort'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/stale'
        - $ref: '#/components/parameters/uuid'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/excluded'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/report'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/group_names'
        - $ref: '#/components/parameters/group_ids'

  /systems/ids:
    get:
      summary: List systems identification numbers along with opt out state
      description: >
        This lists systems including those that have opted out of the current query.
        Use this when you do not want to see a registered system or systems in your reports.
      operationId: manager.system_handler.GetSystemsIds.get
      x-methodName: getSystemsIds
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: System list
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/SystemIdsOut'
      parameters:
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/sort'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/stale'
        - $ref: '#/components/parameters/uuid'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/excluded'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/group_names'
        - $ref: '#/components/parameters/group_ids'

  /systems/{inventory_id}:
    get:
      summary: Get system details
      description: >
        This allows you to get information
        about systems related to an inventory identification number. This includes
        details such as operating system, inventory tags, last update, opt-out status,
        and more.
      operationId: manager.system_handler.GetSystemDetails.get
      x-methodName: getSystemDetails
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: System details
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/SystemDetailsOut'
        404:
          description: System has not been found in the database.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/inventory_id'

  /systems/{inventory_id}/cves:
    get:
      summary: Get a CVE report for a system
      description: >
        This endpoint displays detailed information about all CVEs
        for which a system is exposed. Use this endpoint to discover which CVEs
        are affecting a given system. CVE metadata is included.
      operationId: manager.system_handler.GetSystemsCves.get
      x-methodName: getCveListBySystem
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: CVE report.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/SystemCvesOut'
        404:
          description: System has not been found in the database.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/inventory_id'
        - $ref: '#/components/parameters/cve_filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/cve_sort'
        - $ref: '#/components/parameters/cvss_from'
        - $ref: '#/components/parameters/cvss_to'
        - $ref: '#/components/parameters/public_from'
        - $ref: '#/components/parameters/public_to'
        - $ref: '#/components/parameters/impact'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/business_risk_id'
        - $ref: '#/components/parameters/rule_presence'
        - $ref: '#/components/parameters/show_advisories'
        - $ref: '#/components/parameters/advisory'
        - $ref: '#/components/parameters/rule_key'
        - $ref: '#/components/parameters/known_exploit'
        - $ref: '#/components/parameters/first_reported_from'
        - $ref: '#/components/parameters/first_reported_to'
        - $ref: '#/components/parameters/advisory_available'
        - $ref: '#/components/parameters/remediation'
        - $ref: '#/components/parameters/report'

  /systems/{inventory_id}/cves/ids:
    get:
      summary: Get a CVE identification number report for a system
      description: >
        This endpoint displays identification numbers of all CVEs for which
        a system is exposed. Use this endpoint to learn which CVEs are
        affecting a given system.
      operationId: manager.system_handler.GetSystemsCvesIds.get
      x-methodName: getCveIdsBySystem
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: CVE Ids report.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/SystemCvesIdsOut'
        404:
          description: System has not been found in the database.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'
      parameters:
        - $ref: '#/components/parameters/inventory_id'
        - $ref: '#/components/parameters/cve_filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/cve_sort'
        - $ref: '#/components/parameters/cvss_from'
        - $ref: '#/components/parameters/cvss_to'
        - $ref: '#/components/parameters/public_from'
        - $ref: '#/components/parameters/public_to'
        - $ref: '#/components/parameters/impact'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/business_risk_id'
        - $ref: '#/components/parameters/rule_presence'
        - $ref: '#/components/parameters/show_advisories'
        - $ref: '#/components/parameters/advisory'
        - $ref: '#/components/parameters/rule_key'
        - $ref: '#/components/parameters/known_exploit'
        - $ref: '#/components/parameters/first_reported_from'
        - $ref: '#/components/parameters/first_reported_to'
        - $ref: '#/components/parameters/advisory_available'
        - $ref: '#/components/parameters/remediation'

  /systems/opt_out:
    patch:
      summary: Opt a system in or out of the vulnerability service
      description: >
        Opt a specific system in or out of vulnerability analysis.
        Use this when you want to use other Insights services but do not want
        to see specific systems in vulnerability reports. This allows you to
        hide select systems.
      operationId: manager.system_handler.PatchBulkSystemsOptOut.patch
      x-methodName: setSystemsOptOut
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: Values to be set.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/OptOutIn'
              x-body-name: data
      responses:
        200:
          description: System(s) setting has been updated.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/BulkChangeOut'
        503:
          description: Service is running in read-only mode.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/Errors'

  /vulnerabilities/cves:
    get:
      summary: Get a vulnerabilities overview
      description: >
        This provides an overview of vulnerabilities across your entire system inventory.
        Use this endpoint to get an overview of which CVEs are affecting your account, including some CVE
        metadata, how many systems are affected by each CVE, and more.
      operationId: manager.vulnerabilities_handler.GetCves.get
      x-methodName: getCveList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Vulnerabilities overview.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/VulnerabilitiesOut'
      parameters:
        - $ref: '#/components/parameters/cve_filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/cve_sort'
        - $ref: '#/components/parameters/cvss_from'
        - $ref: '#/components/parameters/cvss_to'
        - $ref: '#/components/parameters/public_from'
        - $ref: '#/components/parameters/public_to'
        - $ref: '#/components/parameters/impact'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/business_risk_id'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/rule_presence'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/known_exploit'
        - $ref: '#/components/parameters/affecting'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/report'
        - $ref: '#/components/parameters/advanced_report'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/advisory_available'
        - $ref: '#/components/parameters/group_names'
        - $ref: '#/components/parameters/group_ids'
        - $ref: '#/components/parameters/affecting_host_type'

    post:
      summary: Send a vulnerabilities overview
      description: >
        This is an overview of vulnerabilities for specific CVEs provided in the body.
        Use this endpoint to get a CVSS score, and learn the severity for a list of CVEs provided
        in the request.
      operationId: manager.vulnerabilities_handler.PostCves.post
      x-methodName: getCveList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: List of CVEs to provide info about.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/VulnerabilitiesPostIn'
              x-body-name: data
      responses:
        200:
          description: Vulnerabilities overview.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/VulnerabilitiesPostOut'
      parameters:
        - $ref: '#/components/parameters/cve_filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/sort'

  /vulnerabilities/cves/ids:
    get:
      summary: Get an overview of Vulnerabilities' identification numbers
      description: >
        This is an overview of vulnerabilities identification numbers
        across your entire system inventory.
        Use this endpoint to get an overview of which CVEs are affecting your account.
      operationId: manager.vulnerabilities_handler.GetCvesIds.get
      x-methodName: getCveIdsList
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Vulnerabilities IDs overview.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/VulnerabilitiesIdsOut'
      parameters:
        - $ref: '#/components/parameters/cve_filter'
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
        - $ref: '#/components/parameters/page'
        - $ref: '#/components/parameters/page_size'
        - $ref: '#/components/parameters/cve_sort'
        - $ref: '#/components/parameters/cvss_from'
        - $ref: '#/components/parameters/cvss_to'
        - $ref: '#/components/parameters/public_from'
        - $ref: '#/components/parameters/public_to'
        - $ref: '#/components/parameters/impact'
        - $ref: '#/components/parameters/data_format'
        - $ref: '#/components/parameters/business_risk_id'
        - $ref: '#/components/parameters/status_id'
        - $ref: '#/components/parameters/rule_presence'
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/known_exploit'
        - $ref: '#/components/parameters/affecting'
        - $ref: '#/components/parameters/rhel_version'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'
        - $ref: '#/components/parameters/advisory_available'

  /announcement:
    get:
      summary: Announce important updates
      description: >
        This endpoint provides vulnerability service announcements. Remain informed about important alerts
        for the vulnerability service. Announcements are issued by Insights Product Managers and other subject matter experts.
      operationId: manager.announcement_handler.GetAnnouncement.get
      x-methodName: getAnnouncement
      responses:
        200:
          description: Announcement.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/AnnouncementOut'

  /dashbar:
    get:
      summary: Get aggregations for the dashbar
      description: >
        These are aggregations summarizing your account such as number
        of unique CVEs, list of security rules, CVEs by severity and more. Use this
        endpoint to obtain a snapshot of all the CVES and details about their prevalence,
        severity and other details.
      operationId: manager.dashbar_handler.GetDashbar.get
      x-methodName: getDashbar
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Dashbar aggregations.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/DashbarOut'
      parameters:
        - $ref: '#/components/parameters/tags'
        - $ref: '#/components/parameters/sap_sids'
        - $ref: '#/components/parameters/sap_system'
        - $ref: '#/components/parameters/ansible'
        - $ref: '#/components/parameters/mssql'

  /feature/cves_without_errata:
    patch:
      summary: Set a feature flag for CVEs without errata
      description: >
        Use this endpoint to enable/disable reporting CVEs that do not have advisories
        (errata) for your customer account. If the feature is disabled, CVEs without advisories
        will be hidden in outputs of all endpoints.
      operationId: manager.feature_handler.PatchCvesWithoutErrata.patch
      x-methodName: setCvesWithoutErrata
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      requestBody:
        description: Values to be set.
        required: true
        content:
          application/vnd.api+json:
            schema:
              $ref: '#/components/schemas/CvesWithoutErrataIn'
              x-body-name: data
      responses:
        200:
          description: CVEs without Errata feature successfully updated.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/CvesWithoutErrataOut'

  /notifications:
    delete:
      summary: Delete already sent notifications for CVEs
      description: >
        Use this endpoint for restarting your already obtained notifications for CVEs.
      operationId: manager.feature_handler.DeleteNotifications.delete
      x-methodName: deleteNotifications
      security:
        - ApiKeyAuth: []
        - BasicAuth: []
      responses:
        200:
          description: Sent notifications deleted.
          content:
            application/vnd.api+json:
              schema:
                $ref: '#/components/schemas/NotificationsOut'
        403:
          description: Non-existing account.

components:
  parameters:
    filter:
      in: query
      name: filter
      description: Full text filter for the display name of system.
      schema:
        type: string
      example: INV-ID-1234

    cve_filter:
      in: query
      name: filter
      description: Full text filter for CVE and it's description text.
      schema:
        type: string
      example: CVE-2017

    limit:
      in: query
      name: limit
      description: Maximum number of records per page. Limit/Offset pagination wins over page/page_size pagination.
      schema:
        type: integer
        maximum: 9007199254740991  # JS Number.MAX_SAFE_INTEGER (used by exports on FE), not to overflow DB storage type
        minimum: 1
      example: 25

    offset:
      in: query
      name: offset
      description: Offset of first record of paginated response. Limit/Offset pagination wins over page/page_size pagination.
      schema:
        type: integer
        maximum: 9007199254740991  # JS Number.MAX_SAFE_INTEGER (used by exports on FE), not to overflow DB storage type
        minimum: 0
      example: 1

    page:
      in: query
      name: page
      description: Page number of paginated response. Limit/Offset pagination wins over page/page_size pagination.
      schema:
        type: integer
        maximum: 9007199254740991  # JS Number.MAX_SAFE_INTEGER (used by exports on FE), not to overflow DB storage type
        minimum: 1
      example: 1

    page_size:
      in: query
      name: page_size
      description: Page size of paginated response. Limit/Offset pagination wins over page/page_size pagination.
      schema:
        type: integer
        maximum: 9007199254740991  # JS Number.MAX_SAFE_INTEGER (used by exports on FE), not to overflow DB storage type
        minimum: 1
      example: 25

    sort:
      in: query
      name: sort
      description: Sorting used for response.
      schema:
        type: string
      example: -inventory_id

    cve_sort:
      in: query
      name: sort
      description: Sorting used for response.
      schema:
        type: string
      example: -synopsis

    inventory_id:
      in: path
      name: inventory_id
      description: Inventory ID.
      required: true
      schema:
        type: string
        format: uuid
      example: INV-ID-0000-1234

    cve_id:
      in: path
      name: cve_id
      description: CVE id.
      required: true
      schema:
        type: string
      example: CVE-2016-0800

    public_from:
      in: query
      name: public_from
      description: Filter CVEs based on their published date, starting from the date.
      schema:
        type: string
      example: '2017-09-18T00:00:00+00:00'

    public_to:
      in: query
      name: public_to
      description: Filter CVEs based on their published date, up to the date.
      schema:
        type: string
      example: '2017-09-18T00:00:00+00:00'

    cvss_from:
      in: query
      name: cvss_from
      description: Filter based on cvss score, starting from the value. Use -1 to include also CVEs with N/A cvss score.
      schema:
        type: number
      example: 4.6

    cvss_to:
      in: query
      name: cvss_to
      description: Filter based on cvss score, up to the value.
      schema:
        type: number
      example: 7.2

    impact:
      in: query
      name: impact
      description: Filter based on impact IDs.
      schema:
        type: string
      example: '5,7'

    status_id:
      in: query
      name: status_id
      description: Filer based on CVE status ID.
      schema:
        type: string
        example: '1,4'

    business_risk_id:
      in: query
      name: business_risk_id
      description: Filter based on business risk IDs.
      schema:
        type: string
        example: 1,3

    data_format:
      in: query
      name: data_format
      description: Format of the output data, either JSON (default) or CSV.
      schema:
        type: string
        example: json

    account_id:
      in: path
      name: account_id
      description: Account ID of user.
      required: true
      schema:
        type: string
      example: '123456'

    stale:
      in: query
      name: stale
      description: If set to true, shows stale systems. If not set defaults to false.
      schema:
        type: boolean

    rule_presence:
      in: query
      name: rule_presence
      description: Comma seprated string with bools. If true shows only CVEs with security rule associated, if false shows CVEs without rules. true, false shows all.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      example: true,false

    rule_presence_deprecated:
      in: query
      name: rule_presence
      description: Comma seprated string with bools. If true shows only CVEs with security rule associated, if false shows CVEs without rules. true, false shows all.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      deprecated: true
      example: true,false

    rule_key:
      in: query
      name: rule_key
      description: Filters security rules by its error key.
      schema:
        type: array
        items:
          type: string
      example: CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2,CVE_2018_12207_cpu_kernel|CVE_2018_12207_CPU_KERNEL_FOR_SURE

    rule_key_deprecated:
      in: query
      name: rule_key
      description: Filters security rules by its error key.
      schema:
        type: array
        items:
          type: string
      deprecated: true
      example: CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2,CVE_2018_12207_cpu_kernel|CVE_2018_12207_CPU_KERNEL_FOR_SURE

    rule:
      in: query
      name: rule
      description: Filters CVEs or systems by security rule, has two functionalities. If value is false, shows results without security rules, every other value is taken as rule error key.
      schema:
        type: array
        items:
          type: string
          minLength: 1
      example: CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2,CVE_2018_12207_cpu_kernel|CVE_2018_12207_CPU_KERNEL_FOR_SURE

    uuid:
      in: query
      name: uuid
      description: Filter based on UUID of inventory.
      schema:
        type: string
      example: 2ee58c62-809f-11ea-bc55-0242ac130003

    tags:
      in: query
      name: tags
      description: Filter based on hosts tags. Tags needs to be in query format, that means <namespace>/<key>=<value> or <namespace>/<key> if value is null. Characters '/', '=' in tag values needs to be escaped by url encoding.
      schema:
        type: array
        items:
          type: string
          pattern: ^([^=/]+\/){1}([^=/])+(=[^=/]+)?$
      example: vulnerability/usage=server

    sap_system:
      in: query
      name: sap_system
      description: Boolean value which shows systems managed by SAP.
      schema:
        type: boolean
      example: false

    known_exploit:
      in: query
      name: known_exploit
      description: >-
        String of booleans (array of booleans), where true shows CVEs with known exploits,
        false shows CVEs without known exploits.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      example: true,false

    sap_sids:
      in: query
      name: sap_sids
      description: List of SAP IDs to filter with
      schema:
        type: array
        items:
          type: string
      example: ABC,CDE

    show_advisories:
      in: query
      name: show_advisories
      description: If true shows advisories list
      schema:
        type: boolean
      example: false

    advisory:
      in: query
      name: advisory
      description: Filter by advisory name, works only with show_advisories=true
      schema:
        type: string
      example: 'RHSA-2019:1481'

    affecting:
      in: query
      name: affecting
      description: >-
        Comma seprated string with bools (array of bools). True value controls displaying CVEs with at least one system affected.
        False value toggles CVEs with no systems affected. Defaults to showing only CVEs with at least one system affected.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      example: true,false

    affecting_host_type:
      in: query
      name: affecting_host_type
      description: >-
        Controls, whenever CVE has 1 or more affecting systems. Value "edge" returns CVEs with one or more
        vulnerable immutable systems, value "rpmdnf" returns CVEs with one or more vulnerable conventional systems. Value "none"
        returns CVEs not affecting systems of any kind.
      schema:
        type: array
        items:
          type: string
          enum:
          - "rpmdnf"
          - "edge"
          - "none"
        maxItems: 3
      example: edge,none

    excluded:
      in: query
      name: excluded
      description: >-
        Comma seprated string with bools (array of bools). True boolean value displays systems which are excluded.
        False value displays systems excluded from vulnerability analysis. Defaults to showing only those systems which are not excluded.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      example: true,false

    rhel_version:
      in: query
      name: rhel_version
      description: Filters results by RHEL OS version. Automatically flters out systems which are not RHEL or have uknown OS.
      required: false
      schema:
        type: string
        description: List of RHEL versions. E.g. 7,8.1 will filter out everything which is not RHEL 7.x or RHEL 8.1

    first_reported_from:
      in: query
      name: first_reported_from
      description: Filter for CVEs/Systems where the vulnerability appeared after given date.
      required: False
      schema:
        type: string
        description: Datetime string
      example: '2017-09-18T00:00:00+00:00'

    first_reported_to:
      in: query
      name: first_reported_to
      description: Filter for CVEs/Systems where the vulnerability appeared before given date.
      required: False
      schema:
        type: string
        description: Datetime string
      example: '2017-09-18T00:00:00+00:00'

    advisory_available:
      in: query
      name: advisory_available
      description: >-
        String of booleans (array of booleans), where true shows CVE-system pairs with available advisory,
        false shows CVE-system pairs without available advisory.
      schema:
        type: array
        items:
          type: boolean
        maxItems: 2
      example: true,false

    remediation:
      in: query
      name: remediation
      description: Filer based on available remediation type id.
      schema:
        type: string
        example: 1

    report:
      in: query
      name: report
      description: Needs to be used when endpoint data is used for report generation, checks RBAC permission for report and export feature.
      required: False
      schema:
        type: boolean
      example: false

    advanced_report:
      in: query
      name: advanced_report
      description: Needs to be used when endpoint data is used for Report by CVEs feature, checks RBAC permission for advanced report.
      schema:
        type: boolean
      example: false

    ansible:
      in: query
      name: ansible
      description: Boolean value which shows systems managed by Ansible Automation Platform.
      schema:
        type: boolean
      example: false

    mssql:
      in: query
      name: mssql
      description: Boolean value which shows systems managed by MSSQL.
      schema:
        type: boolean
      example: false

    group_names:
      in: query
      name: group_names
      description: Names of the inventory groups.
      schema:
        type: array
        items:
          type: string
      example: Production,Stage

    group_ids:
      in: query
      name: group_ids
      description: IDs of the inventory groups.
      schema:
        type: array
        items:
          type: string
      example: 00000000-1111-0000-0000-000000000000,00000000-2222-0000-0000-000000000000

    host_type:
      in: query
      name: host_type
      description: For filtering out the systems based on their type. Value "rpmdnf" for RPMDNF systems, "edge" for OSTree systems.
      schema:
        type: array
        items:
          type: string
          enum:
          - "rpmdnf"
          - "edge"
        maxItems: 2

  securitySchemes:
    BasicAuth:
      type: http
      scheme: basic
      description: Username and password login.
      x-basicInfoFunc: manager.base.basic_auth

    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-rh-identity
      description: Identity header provided by 3scale (for non-prod testing only).
      x-apikeyInfoFunc: manager.base.auth

  schemas:
    Errors:
      type: object
      properties:
        errors:
          type: array
          items:
            type: object
            properties:
              detail:
                oneOf:
                  - type: string
                    description: Error detail.
                    example: Record not found.
                  - type: object
                    description: Returned with RBAC (user permissions) related issue
                    properties:
                      msg:
                        type: string
                        description: Error detail related to RBAC problem
                      permissions:
                        type: array
                        items:
                          type: string
                        description: Array with RBAC permissions of user
              status:
                type: string
                description: String representation of HTTP status code.
                example: 404
            required:
              - detail
              - status
          minItems: 1
      required:
        - errors

    Links:
      type: object
      properties:
        first:
          type: string
          description: Link to first page.
          example: /api?offset=0&limit=1
        last:
          type: string
          description: Link to last page.
          example: /api?offset=7&limit=1
        next:
          type: string
          description: Link to next page.
          example: /api?offset=5&limit=1
          nullable: true
        previous:
          type: string
          description: Link to next page.
          example: /api?offset=3&limit=1
          nullable: true
      required:
        - first
        - last
        - next
        - previous

    Meta:
      type: object
      properties:
        filter:
          type: string
          description: Full text filter
          example: CVE-2016-0800
          nullable: true
        limit:
          type: integer
          description: Maximum number of paginated results.
          example: 25
        offset:
          type: integer
          description: First record of paginated response.
          example: 0
        page:
          type: integer
          description: Page number of paginated response.
          example: 1
        page_size:
          type: integer
          description: Number of records per page of paginated response.
          example: 25
        pages:
          type: integer
          description: Total number of pages of paginated response.
          example: 1
        sort:
          type: string
          description: Sorting filter.
          example: -inventory_id
          nullable: true
        total_items:
          type: integer
          description: Total number of records.
          example: 37
        data_format:
          type: string
          description: Format of the output data, either JSON (default) or CSV.
          example: JSON
      required:
        - filter
        - limit
        - offset
        - page
        - page_size
        - pages
        - sort
        - total_items
        - data_format

    MetaPermissions:
      type: object
      properties:
        permissions:
          type: array
          description: Fetched permissions from RBAC for given user
          nullable: false
          items:
            type: string
            example: vulnerability:vulnerability_results:read
      required:
        - permissions

    MetaVulnerabilitiesOut:
      allOf:
        - $ref: '#/components/schemas/Meta'
        - $ref: '#/components/schemas/MetaPermissions'
        - type: object
          properties:
            affecting:
              type: string
              description: Description of CVE showing preferences
              example: True,False
              nullable: true
            business_risk_id:
              type: string
              description: Filter based on business risk IDs.
              example: 1,3
              nullable: true
            cvss_from:
              type: number
              description: Filter based on cvss score, starting from the value. Use -1 to include also CVEs with N/A cvss score.
              example: 4.6
              nullable: true
            cvss_to:
              type: number
              description: Filter based on cvss score, up to the value.
              example: 7.2
              nullable: true
            public_from:
              type: string
              description: Filter CVEs based on their published date, starting from the date.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            public_to:
              type: string
              description: Filter CVEs based on their published date, up to the date.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            impact:
              type: string
              description: Filter based on impact IDs.
              example: '5,7'
              nullable: true
            system_count_per_type:
              type: object
              description: Number of systems managed by vulnerability application, grouped by host type.
              properties:
                rpmdnf:
                  type: number
                  description: Number of conventional systems.
                  example: 26
                edge:
                  type: number
                  description: Number of immutable systems.
                  example: 3
                  nullable: true
            system_count:
              type: integer
              description: Total number of systems managed by vulnerability application.
              example: 25641
            rhel_version:
              type: string
              description: Filter base on system RHEL version.
              example: '8.2'
              nullable: true
            rule_presence:
              type: string
              description: Filter based on presence of security rule
              example: true,false
              nullable: true
            cves_without_errata:
              type: boolean
              description: CVEs without Errata feature flag
              nullable: true
            advisory_available:
              type: string
              description: Shows whether a CVE has available advisory or not
              example: true,false
              nullable: true
          required:
            - affecting
            - business_risk_id
            - cvss_from
            - cvss_to
            - public_from
            - public_to
            - impact
            - rhel_version
            - rule_presence
            - cves_without_errata
            - advisory_available

    MetaAffectedSystems:
      allOf:
        - $ref: '#/components/schemas/Meta'
        - $ref: '#/components/schemas/MetaPermissions'
        - type: object
          properties:
            status_id:
              type: string
              description: Filer based on CVE status ID.
              example: '1,4'
              nullable: true
            rule_key:
              type: string
              description: Filters security rules by its error key.
              example: CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2,CVE_2018_12207_cpu_kernel|CVE_2018_12207_CPU_KERNEL_FOR_SURE
              nullable: true
            rule_presence:
              type: string
              description: Filter based on presence of security rule
              example: true,false
              nullable: true
            patch_access:
              type: boolean
              description: If show_advisories=true shows access to patch service else null
              example: true
              nullable: true
            rhel_version:
              type: string
              description: Filter base on system RHEL version.
              example: '8.2'
              nullable: true
            first_reported_from:
              type: string
              description: Filter system-cve pairs based on first time of detection of CVE.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            first_reported_to:
              type: string
              description: Filter system-cve pairs based on first time of detection of CVE.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            cves_without_errata:
              type: boolean
              description: CVEs without Errata feature flag
              nullable: true
            group_names:
              type: string
              description: Name of the inventory group.
              example: Production,Stage
              nullable: true
            group_ids:
              type: string
              description: ID of the inventory group.
              example: 00000000-1111-0000-0000-000000000000,00000000-2222-0000-0000-000000000000
              nullable: true
          required:
            - status_id
            - rule_key
            - rule_presence
            - patch_access
            - rhel_version
            - first_reported_from
            - first_reported_to
            - cves_without_errata
            - group_names
            - group_ids

    MetaSystems:
      allOf:
        - $ref: '#/components/schemas/Meta'
        - $ref: '#/components/schemas/MetaPermissions'
        - type: object
          properties:
            excluded:
              type: string
              description: Display setting of opted out systems.
              example: true,false
              nullable: true
            rhel_version:
              type: string
              description: Filter base on system RHEL version.
              example: '8.2'
              nullable: true
          required:
            - excluded
            - rhel_version

    MetaCves:
      allOf:
        - $ref: '#/components/schemas/Meta'
        - $ref: '#/components/schemas/MetaPermissions'
        - type: object
          properties:
            business_risk_id:
              type: string
              description: Filter based on business risk IDs.
              example: 1,3
              nullable: true
            cvss_from:
              type: number
              description: Filter based on cvss score, starting from the value. Use -1 to include also CVEs with N/A cvss score.
              example: 4.6
              nullable: true
            cvss_to:
              type: number
              description: Filter based on cvss score, up to the value.
              example: 7.2
              nullable: true
            public_from:
              type: string
              description: Filter CVEs based on their published date, starting from the date.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            public_to:
              type: string
              description: Filter CVEs based on their published date, up to the date.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            impact:
              type: string
              description: Filter based on impact IDs.
              example: '5,7'
              nullable: true
            status_id:
              type: string
              description: Filer based on CVE status ID.
              example: '1,4'
              nullable: true
            rule_presence:
              type: string
              description: Filter based on presence of security rule
              example: true,false
              nullable: true
            patch_access:
              type: boolean
              description: If show_advisories=true shows access to patch service else null
              example: true
              nullable: true
            first_reported_from:
              type: string
              description: Filter system-cve pairs based on first time of detection of CVE.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            first_reported_to:
              type: string
              description: Filter system-cve pairs based on first time of detection of CVE.
              example: '2017-09-18T00:00:00+00:00'
              nullable: true
            cves_without_errata:
              type: boolean
              description: CVEs without Errata feature flag
              nullable: true
          required:
            - business_risk_id
            - cvss_from
            - cvss_to
            - public_from
            - public_to
            - impact
            - status_id
            - rule_presence
            - patch_access
            - first_reported_from
            - first_reported_to
            - cves_without_errata

    MetaCvesSystems:
      allOf:
        - $ref: '#/components/schemas/MetaCves'
        - type: object
          properties:
            opt_out:
              type: boolean
              description: If given system was opted out.
              example: true
          required:
            - opt_out

    AffectedSystemsOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: Host id.
                    example: INV-ID-0000-1234
                  type:
                    type: string
                    description: Type of the record.
                    example: system
                  attributes:
                    type: object
                    properties:
                      cve_status_id:
                        type: integer
                        description: Internal ID of the CVE status.
                        example: 4
                      culled_timestamp:
                        type: string
                        description: Timestamp from which the host is considered deleted.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      display_name:
                        type: string
                        description: System's name.
                        example: system.example.com
                        nullable: true
                      first_reported:
                        type: string
                        description: Date of when the CVE was first reported on the system.
                        example: '2018-09-22T16:00:00+00:00'
                      inventory_id:
                        type: string
                        description: Host ID.
                        example: INV-ID00-0000-1234
                      insights_id:
                        type: string
                        description: Insights host ID.
                        example: 0035f6bc-cdb0-4763-8fcd-1dc58f716359
                        nullable: true
                      last_evaluation:
                        type: string
                        description: Date of last evaluation.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      os:
                        type: string
                        description: Operating system.
                        example: RHEL 8.4
                      reporter:
                        type: number
                        description: Reporter of the vulnerability, 1 for VMaaS, 2 for security rule, 3 for both VMaaS and rule.
                        enum:
                          - 0
                          - 1
                          - 2
                          - 3
                      rhsm_lock:
                        type: string
                        description: System is locked to following RHSM version.
                        example: '8.4'
                        nullable: true
                      rule:
                        type: object
                        description: Details of associated security rule.
                        properties:
                          details:
                            type: object
                            description: Additional information specific to the system rule hit.
                          resolution:
                            type: object
                            description: Details of recommended resolution.
                            properties:
                              resolution:
                                type: string
                                example: Red Hat recommends that you update the dnsmasq package
                                description: Recommended resolution of the issue.
                                nullable: true
                            required:
                              - resolution
                          rule:
                            type: object
                            properties:
                              description:
                                type: string
                                example: CVE-2017-14491 dnsmasq code execution with listening processes
                                description: Description of the associated security rule.
                                nullable: true
                              more_info:
                                type: string
                                example: For more information about this specific flaw, see its ...
                                description: Additional information about the issue.
                                nullable: true
                              node_id:
                                type: integer
                                description: ID of associated Red Hat knowledgebase article.
                                example: 3199382
                                nullable: true
                              reason:
                                type: string
                                example: This system is vulnerable because it is running a vulnerable package.
                                description: Reason of why rule did hit.
                                nullable: true
                              rule_id:
                                type: string
                                example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
                                description: ID of associated security rule.
                            required:
                              - description
                              - more_info
                              - node_id
                              - reason
                              - rule_id
                        nullable: true
                        required:
                          - details
                          - resolution
                          - rule
                      rules_evaluation:
                        type: string
                        description: Date of last security rules evaluation.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      stale_timestamp:
                        type: string
                        description: Date when stale system becomes stale.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      stale_warning_timestamp:
                        type: string
                        description: Date when stale system becomes hidden in the application.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      status_id:
                        type: integer
                        description: Internal ID of the vulnerability status.
                        example: 4
                      status_name:
                        type: string
                        description: Status of the vulnerability for the application's point of view.
                        example: Resolved
                      status_text:
                        type: string
                        description: Complementary text to the status.
                        example: Not relevant
                        nullable: true
                      tags:
                        type: array
                        items:
                          type: object
                          properties:
                            namespace:
                              type: string
                              description: Namespace of single tag.
                              example: 'vulnerability'
                              nullable: true
                            key:
                              type: string
                              description: Key of the single tag.
                              example: 'CVE'
                            value:
                              type: string
                              description: Value of the single tag.
                              example: 'CVE-2017-1'
                              nullable: true
                          required:
                            - namespace
                            - key
                            - value
                      advisories_list:
                        type: array
                        description: List of advisories for system
                        items:
                          type: string
                          description: Advisory id
                          example: 'RHSA-2019:1481'
                      updated:
                        type: string
                        description: Date of the lastest upload of archive taken from Inventory syndicated data.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      advisory_available:
                        type: boolean
                        description: Shows whether a CVE has available advisory or not
                        example: true
                      remediation:
                        type: number
                        description: Type of available remediation, 0 for none, 1 for manual, 2 for playbook.
                        enum:
                          - 0
                          - 1
                          - 2
                      mitigation_reason:
                        type: string
                        description: Reason why the system is not vulnerable.
                        example: SELinux mitigates the issue
                        nullable: true
                      inventory_group:
                        type: array
                        items:
                          type: object
                          properties:
                            id:
                              type: string
                              description: ID of inventory group.
                              example: '00000000-1111-0000-0000-000000000000'
                            name:
                              type: string
                              description: Name of inventory group.
                              example: 'group01'
                          required:
                            - id
                            - name
                    required:
                      - cve_status_id
                      - culled_timestamp
                      - display_name
                      - first_reported
                      - inventory_id
                      - insights_id
                      - last_evaluation
                      - os
                      - reporter
                      - rhsm_lock
                      - rule
                      - rules_evaluation
                      - stale_timestamp
                      - stale_warning_timestamp
                      - status_id
                      - status_name
                      - status_text
                      - tags
                      - updated
                      - advisory_available
                      - remediation
                      - mitigation_reason
                      - inventory_group
                required:
                  - id
                  - type
                  - attributes
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaAffectedSystems'
      required:
        - data
        - links
        - meta

    AffectedSystemsIdsOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                description: Smallest dataset for frontend to work.
                properties:
                  inventory_id:
                    type: string
                    description: Host ID.
                    example: INV-ID00-0000-1234
                  rule_id:
                    type: string
                    example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
                    description: ID of associated security rule.
                    nullable: true
                  status_id:
                    type: integer
                    description: Internal ID of the vulnerability status.
                    example: 4
                  status_text:
                    type: string
                    description: Complementary text to the status.
                    example: Not relevant
                    nullable: true
                  display_name:
                    type: string
                    description: System's name.
                    example: system.example.com
                  mitigation_reason:
                    type: string
                    description: Reason why the system is not vulnerable.
                    example: SELinux mitigates the issue
                    nullable: true
                  remediation:
                    type: number
                    description: Type of available remediation, 0 for none, 1 for manual, 2 for playbook.
                    enum:
                      - 0
                      - 1
                      - 2
                required:
                  - inventory_id
                  - rule_id
                  - status_id
                  - status_text
                  - display_name
                  - remediation
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaAffectedSystems'
      required:
        - data
        - links
        - meta

    BusinessRiskListOut:
      type: object
      properties:
        data:
          type: array
          description: List of available business risk/business_risk_id pairs.
          items:
            type: object
            properties:
              id:
                type: integer
                description: Internal business_risk_id.
                example: 3
              name:
                type: string
                description: Represenation of internal business_risk_id.
                example: Low
            required:
              - id
              - name
        meta:
          type: object
          properties:
            total_items:
              type: integer
              description: Total number of available business risk/business_risk_id pairs.
              example: 1
          required:
            - total_items
      required:
        - data
        - meta

    CveDetailOut:
      type: object
      properties:
        data:
          type: object
          properties:
            id:
              type: string
              description: CVE id.
              example: CVE-2016-0800
            type:
              type: string
              description: Type of the record.
              example: cve
            attributes:
              type: object
              properties:
                business_risk:
                  type: string
                  description: Business risk of the vulnerability.
                  example: Low
                business_risk_id:
                  type: integer
                  description: Internal ID of the vulnerability business risk.
                  example: 1
                business_risk_text:
                  type: string
                  description: Complementary text to the business risk.
                  example: QA environment => Low business risk
                  nullable: true
                celebrity_name:
                  type: string
                  description: '"Celebrity" name of the CVE.'
                  example: Spectre/Meltdown
                  nullable: true
                cvss2_metrics:
                  type: string
                  description: cvss2 metrics of the CVE.
                  example: 'AV:N/AC:M/Au:N/C:P/I:P/A:N'
                  nullable: true
                cvss2_score:
                  type: string
                  description: String representation of cvss2 score of the CVE.
                  example: '5.800'
                  nullable: true
                cvss3_metrics:
                  type: string
                  description: cvss3 metrics of the CVE.
                  example: 'AV:N/AC:M/Au:N/C:P/I:P/A:N'
                  nullable: true
                cvss3_score:
                  type: string
                  description: String representation of cvss3 score of the CVE.
                  example: '4.400'
                  nullable: true
                description:
                  type: string
                  description: Description of the CVE.
                  example: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could...
                modified_date:
                  type: string
                  description: String representation of ISO-8601 formatted date of last modification of the CVE.
                  example: '2019-03-07T08:15:36+00:00'
                  nullable: true
                impact:
                  type: string
                  description: Red Hat security impact of the CVE.
                  example: Important
                public_date:
                  type: string
                  description: String representation of ISO-8601 formatted date of first public disclosure of the CVE.
                  example: '2016-03-01T00:00:00+00:00'
                  nullable: true
                redhat_url:
                  type: string
                  description: Additional resource about the CVE, provided by Red Hat.
                  example: https://access.redhat.com/security/cve/cve-2016-0800
                  nullable: true
                rules:
                  type: array
                  items:
                    $ref: '#/components/schemas/InsightsRule'
                secondary_url:
                  type: string
                  description: Additional resources about the CVE.
                  example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
                  nullable: true
                status:
                  type: string
                  description: Status of the vulnerability.
                  example: Not Reviewed
                status_id:
                  type: integer
                  description: Internal ID of the vulnerability status.
                  example: 1
                status_text:
                  type: string
                  description: Complementary text to the status.
                  example: Not relevant
                  nullable: true
                synopsis:
                  type: string
                  description: Synopsis of the CVE.
                  example: CVE-2016-0800
                systems_status_detail:
                  type: object
                  description: Counts of systems with given status type.
                systems_status_divergent:
                  type: integer
                  description: How many systems-CVE pairs have different status than CVE-level.
                  example: 20
                advisories_list:
                  type: array
                  description: List of advisory names or detailed advisory information
                  nullable: true
                  items:
                    type: string
                    example: 'RHSA-2015:0809'
                known_exploit:
                  type: boolean
                  description: Shows whether a CVE has known exploits or not
                  example: true
                affected_but_not_vulnerable:
                  type: integer
                  nullable: true
                  description: Number of systems that are affected by given CVE but are not vulnerable.
                  example: 0
                affected_systems:
                  type: integer
                  nullable: true
                  description: Number of systems that are overall affected by given CVE
                  example: 52
              required:
                - business_risk
                - business_risk_id
                - business_risk_text
                - celebrity_name
                - cvss2_metrics
                - cvss2_score
                - cvss3_metrics
                - cvss3_score
                - description
                - impact
                - modified_date
                - public_date
                - redhat_url
                - rules
                - secondary_url
                - status
                - status_id
                - status_text
                - synopsis
                - systems_status_detail
                - systems_status_divergent
                - advisories_list
                - known_exploit
                - affected_but_not_vulnerable
          required:
            - id
            - type
            - attributes
        meta:
          $ref: '#/components/schemas/MetaPermissions'

    CveRiskIn:
      type: object
      properties:
        cve:
          $ref: '#/components/schemas/CveOrList'
        business_risk_id:
          type: integer
          description: Business risk ID to be set, obtained by GET method.
          example: 3
        business_risk_text:
          type: string
          description: Complementary text to the business risk.
          example: Not relevant
          nullable: true
      required:
        - cve

    CveStatusIn:
      type: object
      properties:
        cve:
          $ref: '#/components/schemas/CveOrList'
        status_id:
          type: integer
          description: Status ID to be set, obtained by GET method.
          example: 3
        status_text:
          type: string
          description: Complementary text to the status.
          example: Not relevant
          nullable: true
      required:
        - cve

    CveOrList:
      oneOf:
        - type: string
          description: CVE name.
          example: CVE-2016-0800
        - type: array
          items:
            type: string
            example: CVE-2016-0800
          description: List of CVEs for a bulk change.
      example: CVE-2016-0800

    InventoryIdOrList:
      oneOf:
        - type: string
          description: Inventory ID.
          example: f35b1e1d-d231-43f2-8e4f-8f9cb01e3aa2
        - type: array
          items:
            type: string
            example: f35b1e1d-d231-43f2-8e4f-8f9cb01e3aa2
          description: List of inventory IDs for a bulk change.
      example: f35b1e1d-d231-43f2-8e4f-8f9cb01e3aa2

    OptOutIn:
      type: object
      properties:
        inventory_id:
          $ref: '#/components/schemas/InventoryIdOrList'
        opt_out:
          type: boolean
          description: Opt out setting to be set.
          example: true
      required:
        - inventory_id
        - opt_out

    BulkChangeOut:
      type: object
      properties:
        updated:
          type: array
          items:
            type: string
            example: f35b1e1d-d231-43f2-8e4f-8f9cb01e3aa2
          description: List of updated objects/updated object IDs.
        meta:
          $ref: '#/components/schemas/MetaPermissions'
      required:
        - updated

    StatusIn:
      type: object
      properties:
        inventory_id:
          $ref: '#/components/schemas/InventoryIdOrList'
        cve:
          $ref: '#/components/schemas/CveOrList'
        status_id:
          type: integer
          description: Status ID to be set, obtained by GET method. If not specified, global CVE status is set.
          example: 3
        status_text:
          type: string
          description: Complementary text to the status.
          example: Not relevant
          nullable: true
      required:
        - cve

    CvesWithoutErrataIn:
      type: object
      properties:
        enable:
          type: boolean
          description: Enable or disable CVEs without Errata feature.
          example: true
      required:
        - enable

    ExecutiveReport:
      type: object
      properties:
        system_count_per_type:
          type: object
          description: Number of systems managed by vulnerability application, grouped by host type.
          properties:
            rpmdnf:
              type: number
              description: Number of conventional systems.
              example: 26
            edge:
              type: number
              description: Number of immutable systems.
              example: 3
              nullable: true
        system_count:
          type: integer
          description: Total number of systems managed by vulnerability application.
          example: 25641
        cves_total:
          type: integer
          description: Number of unique CVEs discovered on the managed systems.
          example: 1902
        cves_by_severity:
          type: object
          description: Number of CVEs discovered on the managed systems, divided into buckets based on their CVSSv3 score (CVSSv2 is used when CVSSv3 is not available).
          properties:
            0to3.9:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score lower than 4.
                  example: 1902
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score lower than 4.
                  example: 60
              required:
                - count
                - percentage
            4to7.9:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score higher or equal to 4 and lower then 8.
                  example: 400
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score higher or equal to 4 and lower then 8.
                  example: 15
              required:
                - count
                - percentage
            8to10:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score higher or equal to 8.
                  example: 109
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score higher or equal to 8.
                  example: 2
              required:
                - count
                - percentage
          required:
            - 0to3.9
            - 4to7.9
            - 8to10
        recent_cves:
          type: object
          description: Number of recently published CVEs identified on managed systems
          properties:
            last7days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 7 days.
              example: 14
            last30days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 30 days.
              example: 62
            last90days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 90 days.
              example: 156
          required:
            - last7days
            - last30days
            - last90days
        rules_by_severity:
          type: object
          description: Information about how much systems are affected by a security rule, broken down by rule severity.
          properties:
            1:
              type: object
              properties:
                rule_count:
                  type: integer
                  description: How many unique rules with at least system affected are present.
                  example: 12
                systems_affected:
                  type: integer
                  description: How many unique systems are affected by at least one rules with given severity
                  example: 443
              required:
                - rule_count
                - systems_affected
            2:
              type: object
              properties:
                rule_count:
                  type: integer
                  description: How many unique rules with at least system affected are present.
                  example: 12
                systems_affected:
                  type: integer
                  description: How many unique systems are affected by at least one rules with given severity
                  example: 443
              required:
                - rule_count
                - systems_affected
            3:
              type: object
              properties:
                rule_count:
                  type: integer
                  description: How many unique rules with at least system affected are present.
                  example: 12
                systems_affected:
                  type: integer
                  description: How many unique systems are affected by at least one rules with given severity
                  example: 443
              required:
                - rule_count
                - systems_affected
            4:
              type: object
              properties:
                rule_count:
                  type: integer
                  description: How many unique rules with at least system affected are present.
                  example: 12
                systems_affected:
                  type: integer
                  description: How many unique systems are affected by at least one rules with given severity
                  example: 443
              required:
                - rule_count
                - systems_affected
          required:
            - '1'
            - '2'
            - '3'
            - '4'
        rules_total:
          type: integer
          description: Number of unique CVEs discovered on the managed systems.
          example: 1902
        top_cves:
          type: array
          items:
            type: object
            properties:
              synopsis:
                type: string
                description: CVE synopsis
                example: CVE-2016-0800
              cvss2_score:
                type: string
                description: String representation of cvss2 score of the CVE.
                example: '5.800'
                nullable: true
              cvss3_score:
                type: string
                description: String representation of cvss3 score of the CVE.
                example: '4.400'
                nullable: true
              description:
                type: string
                description: Description of the CVE.
                example: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could...
              security_rule:
                type: boolean
                description: Indicator of security rule presence
                example: true
                deprecated: true
              rule_presence:
                type: boolean
                description: Indicator of security rule presence
                example: true
              systems_affected:
                type: integer
                description: Systems affected by the CVE.
                example: 1795
              known_exploit:
                type: boolean
                description: Shows whether a CVE has known exploits or not
                example: true
            required:
              - synopsis
              - cvss2_score
              - cvss3_score
              - description
              - systems_affected
              - known_exploit
        top_rules:
          type: array
          items:
            type: object
            properties:
              associated_cves:
                type: array
                description: All CVEs associated with the rule
                items:
                  type: string
                  example: CVE-2019-1125
              description:
                type: string
                example: Privilege Escalation with running service (no fix available for this version)
                description: Brief description of the issue.
              rule_id:
                type: string
                example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
                description: ID of associated security rule.
              name:
                type: string
                description: Name of the security rule.
                example: httpd denial of service with running services
              severity:
                type: integer
                description: Severity of the security rule.
                example: 3
              systems_affected:
                type: integer
                description: Number of systems affected by the rule.
                example: 443
            required:
              - associated_cves
              - description
              - name
              - rule_id
              - severity
              - systems_affected
        meta:
          $ref: '#/components/schemas/MetaPermissions'
      required:
        - system_count
        - cves_total
        - cves_by_severity
        - rules_by_severity
        - rules_total
        - recent_cves

    Dashboard:
      type: object
      properties:
        cves_total:
          type: integer
          description: Number of unique CVEs discovered on the managed systems.
          example: 1902
        cves_by_severity:
          type: object
          description: Number of CVEs discovered on the managed systems, divided into buckets based on their CVSSv3 score (CVSSv2 is used when CVSSv3 is not available).
          properties:
            0to3.9:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score lower than 4.
                  example: 1902
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score lower than 4.
                  example: 60
                known_exploits:
                  type: number
                  description: Number of CVEs in given bracket with a known exploit.
                  example: 6
              required:
                - count
                - percentage
            4to7.9:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score higher or equal to 4 and lower then 8.
                  example: 400
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score higher or equal to 4 and lower then 8.
                  example: 15
                known_exploits:
                  type: number
                  description: Number of CVEs in given bracket with a known exploit.
                  example: 6
              required:
                - count
                - percentage
            8to10:
              type: object
              properties:
                count:
                  type: integer
                  description: Number of CVEs with CVSS score higher or equal to 8.
                  example: 109
                percentage:
                  type: number
                  description: Percentage of CVEs with CVSS score higher or equal to 8.
                  example: 2
                known_exploits:
                  type: number
                  description: Number of CVEs in given bracket with a known exploit.
                  example: 6
              required:
                - count
                - percentage
          required:
            - 0to3.9
            - 4to7.9
            - 8to10
        recent_cves:
          type: object
          description: Number of recently published CVEs identified on managed systems
          properties:
            last7days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 7 days.
              example: 14
            last30days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 30 days.
              example: 62
            last90days:
              type: integer
              description: Number of CVEs identified on managed systems published in last 90 days.
              example: 156
          required:
            - last7days
            - last30days
            - last90days
        recent_rules:
          type: array
          description: List of recently (14 days) released security rules.
          items:
            type: object
            description: Security rule.
            properties:
              associated_cves:
                type: array
                description: List of CVEs associated with the security rule.
                items:
                  type: string
                  description: CVE name.
                  example: CVE-2016-0800
              description:
                type: string
                example: A heap-based buffer overflow was found in the way ...
                description: Description of the issue related with the security rule.
              id:
                type: string
                description: ID of the security rule.
                example: CVE_2019_11135_cpu_taa|CVE_2019_11135_CPU_TAA_KERNEL
              name:
                type: string
                description: Name of the security rule.
                example: sudo privilege escalation
              node_id:
                type: number
                description: Node id of access.redhat.com/node/* article.
                example: 5737621
                nullable: true
              public_date:
                type: string
                description: String representation of ISO-8601 formatted date of release of the security rule.
                example: '2016-03-01T00:00:00+00:00'
                nullable: true
              severity:
                type: number
                description: Number representation of the security rule severity.
                example: 3
              systems_affected:
                type: number
                description: Number of systems triggering the security rule.
                example: 178
          required:
            - associated_cves
            - description
            - name
            - node_id
            - severity
            - systems_affected
        rules_cves_total:
          type: integer
          description: Total number of CVEs with associated security rules affecting given account.
          example: 12
        system_count:
          type: integer
          description: Total systems registered to Vulnerability service (with applied filtering).
          example: 241
        exploited_cves_count:
          type: integer
          description: unique number of CVEs having known exploit affecting at least one system
          example: 5
      required:
        - cves_total
        - cves_by_severity
        - recent_cves
        - recent_rules
        - rules_cves_total
        - system_count
        - exploited_cves_count

    PlaybookTemplate:
      type: object
      properties:
        data:
          type: array
          items:
            type: object
            properties:
              description:
                type: string
                description: Playbook template description.
                example: Fix issues caused by CVE_2017_6074_kernel|KERNEL_CVE_2017_6074.
              play:
                type: string
                description: Actual playbook template.
              version:
                type: string
                description: Revision of the playbook template.
                example: 93a1ced8a259666f0505cd20b7cb8e7a1c65b868
              reboot_required:
                type: boolean
                description: Indicator whter reboot is required to mitigate vulnerability.
                example: false
                nullable: true
              resolution_type:
                type: string
                description: Type of the resolution provided by playbook.
            required:
              - description
              - play
              - version
              - resolution_type

    StatusOut:
      type: object
      properties:
        updated:
          type: array
          items:
            type: object
            properties:
              inventory_id:
                type: string
                example: f35b1e1d-d231-43f2-8e4f-8f9cb01e3aa2
              cve:
                type: string
                example: CVE-2016-0800
            required:
              - inventory_id
              - cve
          description: List of updated objects/updated object IDs.
        meta:
          $ref: '#/components/schemas/MetaPermissions'
      required:
        - updated

    StatusListOut:
      type: object
      properties:
        data:
          type: array
          description: List of available status/status_id pairs.
          items:
            type: object
            properties:
              id:
                type: integer
                description: Internal status_id.
                example: 3
              name:
                type: string
                description: Represenation of internal status_id.
                example: Scheduled for Patch
            required:
              - id
              - name
        meta:
          type: object
          properties:
            total_items:
              type: integer
              description: Total number of available status/status_id pairs.
              example: 1
          required:
            - total_items
      required:
        - data
        - meta

    SystemCvesOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: CVE id.
                    example: CVE-2016-0800
                  type:
                    type: string
                    description: Type of the record.
                    example: cve
                  attributes:
                    type: object
                    properties:
                      business_risk:
                        type: string
                        description: Business risk of the vulnerability.
                        example: Low
                      business_risk_id:
                        type: integer
                        description: Internal ID of the vulnerability business risk.
                        example: 1
                      business_risk_text:
                        type: string
                        description: Complementary text to the business risk.
                        example: QA environment => Low business risk
                        nullable: true
                      cve_status_id:
                        type: integer
                        description: Internal ID of the CVE status.
                        example: 4
                      cvss2_score:
                        type: string
                        description: String representation of cvss2 score of the CVE.
                        example: '5.800'
                        nullable: true
                      cvss3_score:
                        type: string
                        description: String representation of cvss3 score of the CVE.
                        example: '4.400'
                        nullable: true
                      description:
                        type: string
                        description: Description of the CVE.
                        example: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could...
                      first_reported:
                        type: string
                        description: Date of when the CVE was first reported on the system.
                        example: '2018-09-22T16:00:00+00:00'
                      impact:
                        type: string
                        description: Red Hat security impact of the CVE.
                        example: Important
                      public_date:
                        type: string
                        description: String representation of ISO-8601 formatted date of first public disclosure of the CVE.
                        example: '2016-03-01T00:00:00+00:00'
                        nullable: true
                      reporter:
                        type: number
                        description: Reporter of the vulnerability, 1 for VMaaS, 2 for security rule, 3 for both VMaaS and rule.
                        enum:
                          - 0
                          - 1
                          - 2
                          - 3
                      rule:
                        type: object
                        nullable: true
                        properties:
                          rule_id:
                            type: string
                            example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
                            description: ID(s) of associated security rule(s).
                          description:
                            type: string
                            description: Description of the rule.
                            example: CVE-2017-14491 dnsmasq code execution with listening processes
                            nullable: true
                          summary:
                            type: string
                            description: Summary of the rule.
                            example: A buffer overflow vulnerability was found in `Dnsmasq`, a popular lightweight DNS and DHCP server....
                            nullable: true
                          reboot_required:
                            type: boolean
                            description: Indicator whter reboot is required to mitigate vulnerability.
                            example: false
                            nullable: true
                          playbook_count:
                            type: integer
                            description: Number of available Ansible playbooks for remediation/mitigation.
                            example: 1
                            nullable: true
                          change_risk:
                            type: integer
                            description: Indicates how likely remediation can change environment on the remediatied system.
                            example: 1
                            nullable: true
                          kbase_node_id:
                            type: integer
                            description: ID of associated Red Hat knowledgebase article.
                            example: 3199382
                            nullable: true
                          generate_autoplaybook:
                            type: boolean
                            description: Indicates whether a playbook should be auto-generated.
                            example: true
                            nullable: true
                        required:
                          - change_risk
                          - description
                          - kbase_node_id
                          - playbook_count
                          - reboot_required
                          - rule_id
                          - summary
                          - generate_autoplaybook
                      status:
                        type: string
                        description: Status of the vulnerability for the application's point of view.
                        example: Resolved
                      status_id:
                        type: integer
                        description: Internal ID of the vulnerability status.
                        example: 4
                      status_text:
                        type: string
                        description: Complementary text to the status.
                        example: Not relevant
                        nullable: true
                      cve_status_text:
                        type: string
                        description: Status text to the whole cve.
                        example: Not relevant for all
                        nullable: true
                      synopsis:
                        type: string
                        description: Synopsis of the CVE.
                        example: CVE-2016-0800
                      advisories_list:
                        type: array
                        description: List of advisories for CVE
                        items:
                          type: string
                          description: Advisory id
                          example: 'RHSA-2019:1481'
                      known_exploit:
                        type: boolean
                        description: Shows whether a CVE has known exploits or not
                        example: true
                      advisory_available:
                        type: boolean
                        description: Shows whether a CVE has available advisory or not
                        example: true
                      remediation:
                        type: number
                        description: Type of available remediation, 0 for none, 1 for manual, 2 for playbook.
                        enum:
                          - 0
                          - 1
                          - 2
                    required:
                      - business_risk
                      - business_risk_id
                      - business_risk_text
                      - cve_status_id
                      - cve_status_text
                      - cvss2_score
                      - cvss3_score
                      - description
                      - first_reported
                      - impact
                      - public_date
                      - reporter
                      - rule
                      - status
                      - status_id
                      - status_text
                      - synopsis
                      - known_exploit
                      - advisory_available
                      - remediation
                required:
                  - id
                  - type
                  - attributes
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaCves'
      required:
        - data
        - links
        - meta

    SystemCvesIdsOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                description: CVE id and minimal information for frontend
                properties:
                  id:
                    type: string
                    description: CVE id.
                    example: CVE-2016-0800
                  rule_id:
                    type: string
                    example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
                    description: ID(s) of associated security rule(s)..
                    nullable: true
                  status_id:
                    type: integer
                    description: Internal ID of the vulnerability status.
                    example: 4
                  status_text:
                    type: string
                    description: Complementary text to the status.
                    example: Not relevant
                    nullable: true
                  cve_status_id:
                    type: integer
                    description: Internal ID of the CVE status.
                    example: 4
                  cve_status_text:
                    type: string
                    description: Status text to the whole cve.
                    example: Not relevant for all
                    nullable: true
                  remediation:
                    type: number
                    description: Type of available remediation, 0 for none, 1 for manual, 2 for playbook.
                    enum:
                      - 0
                      - 1
                      - 2
                required:
                  - id
                  - rule_id
                  - status_id
                  - status_text
                  - cve_status_id
                  - cve_status_text
                  - remediation
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaCves'
      required:
        - data
        - links
        - meta

    SystemDetailsOut:
      type: object
      properties:
        data:
          type: object
          properties:
            last_evaluation:
              type: string
              description: Date of last evaluation.
              example: '2018-09-22T16:00:00+00:00'
              nullable: true
            rules_evaluation:
              type: string
              description: Date of last security rules evaluation.
              example: '2018-09-22T16:00:00+00:00'
              nullable: true
            opt_out:
              type: boolean
              description: System opt out status.
              example: true
            last_upload:
              type: string
              description: Date of the latest upload of archive.
              example: '2018-09-22T16:00:00+00:00'
              nullable: true
            stale:
              type: boolean
              description: System stale status.
              example: true
            updated:
              type: string
              description: Date of the lastest upload of archive taken from Inventory syndicated data.
              example: '2018-09-22T16:00:00+00:00'
              nullable: true
            os:
              type: string
              description: Operating system.
              example: RHEL 8.4
            rhsm_lock:
              type: string
              description: System is locked to following RHSM version.
              example: '8.4'
              nullable: true
            tags:
              type: array
              items:
                type: object
                properties:
                  namespace:
                    type: string
                    description: Namespace of single tag.
                    example: 'vulnerability'
                    nullable: true
                  key:
                    type: string
                    description: Key of the single tag.
                    example: 'CVE'
                  value:
                    type: string
                    description: Value of the single tag.
                    example: 'CVE-2017-1'
                    nullable: true
                required:
                  - namespace
                  - key
                  - value
          required:
            - last_evaluation
            - rules_evaluation
            - opt_out
            - last_upload
            - tags
            - os
            - rhsm_lock
        meta:
          $ref: '#/components/schemas/MetaPermissions'
      required:
        - data
        - meta

    SystemListOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: Host ID.
                    example: INV-ID00-0000-1234
                  type:
                    type: string
                    description: Type of the record.
                    example: system
                  attributes:
                    type: object
                    properties:
                      cve_count:
                        type: integer
                        description: Number of CVE exposures for the system.
                        example: 7
                        nullable: true
                      display_name:
                        type: string
                        description: System's name,
                        example: system.example.com
                        nullable: true
                      inventory_id:
                        type: string
                        description: Host ID.
                        example: INV-ID00-0000-1234
                      insights_id:
                        type: string
                        description: Insights host ID.
                        example: 0035f6bc-cdb0-4763-8fcd-1dc58f716359
                        nullable: true
                      last_evaluation:
                        type: string
                        description: Date of last evaluation.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      rules_evaluation:
                        type: string
                        description: Date of last security rules evaluation.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      opt_out:
                        type: boolean
                        description: Opt out status of the system.
                        example: false
                      last_upload:
                        type: string
                        description: Date of the latest upload of archive.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      os:
                        type: string
                        description: Operating system.
                        example: RHEL 8.4
                      rhsm_lock:
                        type: string
                        description: System is locked to following RHSM version.
                        example: '8.4'
                        nullable: true
                      stale_timestamp:
                        type: string
                        description: Date when stale system becomes stale.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      stale_warning_timestamp:
                        type: string
                        description: Date when stale system becomes hidden in the application.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      updated:
                        type: string
                        description: Date of the lastest upload of archive taken from Inventory syndicated data.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      tags:
                        type: array
                        items:
                          type: object
                          properties:
                            namespace:
                              type: string
                              description: Namespace of single tag.
                              example: 'vulnerability'
                              nullable: true
                            key:
                              type: string
                              description: Key of the single tag.
                              example: 'CVE'
                            value:
                              type: string
                              description: Value of the single tag.
                              example: 'CVE-2017-1'
                              nullable: true
                          required:
                            - namespace
                            - key
                            - value
                        description: Tags given to the system.
                        nullable: true
                      culled_timestamp:
                        type: string
                        description: Timestamp from which the host is considered deleted.
                        example: '2018-09-22T16:00:00+00:00'
                        nullable: true
                      inventory_group:
                        type: array
                        items:
                          type: object
                          properties:
                            id:
                              type: string
                              description: ID of inventory group.
                              example: '00000000-1111-0000-0000-000000000000'
                            name:
                              type: string
                              description: Name of inventory group.
                              example: 'group01'
                          required:
                            - id
                            - name
                    required:
                      - cve_count
                      - display_name
                      - inventory_id
                      - insights_id
                      - last_evaluation
                      - rules_evaluation
                      - opt_out
                      - last_upload
                      - os
                      - rhsm_lock
                      - stale_timestamp
                      - stale_warning_timestamp
                      - tags
                      - culled_timestamp
                      - inventory_group
                required:
                  - id
                  - type
                  - attributes
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaSystems'
      required:
        - data
        - links
        - meta

    SystemIdsOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: Inventory ID.
                    example: INV-ID00-0000-1234
                  opt_out:
                    type: boolean
                    description: Whether the system is active or not.
                    example: false
                    nullable: true
                  display_name:
                    type: string
                    description: System's name.
                    example: system.example.com
                    nullable: true
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaSystems'
      required:
        - data
        - links
        - meta

    VulnerabilitiesOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: CVE id.
                    example: CVE-2016-0800
                  type:
                    type: string
                    description: Type of the record.
                    example: cve
                  attributes:
                    type: object
                    properties:
                      business_risk:
                        type: string
                        description: Business risk of the vulnerability.
                        example: Low
                      business_risk_id:
                        type: integer
                        description: Internal ID of the vulnerability business risk.
                        example: 1
                      business_risk_text:
                        type: string
                        description: Complementary text to the business risk.
                        example: QA environment => Low business risk
                        nullable: true
                      cvss2_score:
                        type: string
                        description: String representation of cvss2 score of the CVE.
                        example: '5.800'
                        nullable: true
                      cvss3_score:
                        type: string
                        description: String representation of cvss3 score of the CVE.
                        example: '4.400'
                        nullable: true
                      description:
                        type: string
                        description: Description of the CVE.
                        example: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could...
                      impact:
                        type: string
                        description: Red Hat security impact of the CVE.
                        example: Important
                      public_date:
                        type: string
                        description: String representation of ISO-8601 formatted date of first public disclosure of the CVE.
                        example: '2016-03-01T00:00:00+00:00'
                        nullable: true
                      rules:
                        type: array
                        items:
                          $ref: '#/components/schemas/InsightsRule'
                      status:
                        type: string
                        description: Status of the vulnerability.
                        example: Not Reviewed
                      status_id:
                        type: integer
                        description: Internal ID of the vulnerability status.
                        example: 1
                      status_text:
                        type: string
                        description: Complementary text to the status.
                        example: Not Relevant
                        nullable: true
                      synopsis:
                        type: string
                        description: Synopsis of the CVE.
                        example: CVE-2016-0800
                      systems_affected:
                        type: integer
                        description: Number of systems affected by the CVE.
                        example: 7
                      systems_status_divergent:
                        type: integer
                        description: How many systems-CVE pairs have different status than CVE-level.
                        example: 20
                      known_exploit:
                        type: boolean
                        description: Shows whether a CVE has known exploits or not
                        example: true
                      advisory_available:
                        type: boolean
                        description: Shows whether a CVE has available advisory or not
                        example: true
                    required:
                      - business_risk
                      - business_risk_id
                      - business_risk_text
                      - cvss2_score
                      - cvss3_score
                      - description
                      - impact
                      - public_date
                      - rules
                      - status
                      - status_id
                      - status_text
                      - synopsis
                      - systems_affected
                      - systems_status_divergent
                      - known_exploit
                      - advisory_available
                required:
                  - id
                  - type
                  - attributes
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaVulnerabilitiesOut'
      required:
        - data
        - links
        - meta

    VulnerabilitiesIdsOut:
      type: object
      properties:
        data:
          oneOf:
            - type: string
              description: CSV export of the JSON.
            - type: array
              items:
                type: object
                description: CVE id and minimal information.
                properties:
                  business_risk_id:
                    type: integer
                    description: Internal ID of the vulnerability business risk.
                    example: 1
                  business_risk_text:
                    type: string
                    description: Complementary text to the business risk.
                    example: QA environment => Low business risk
                    nullable: true
                  id:
                    type: string
                    description: CVE id.
                    example: CVE-2016-0800
                  status_id:
                    type: integer
                    description: Internal ID of the vulnerability status.
                    example: 1
                  status_text:
                    type: string
                    description: Complementary text to the status.
                    example: Not Relevant
                    nullable: true
              required:
                - business_risk_id
                - business_risk_text
                - id
                - status_id
                - status_text
        links:
          $ref: '#/components/schemas/Links'
        meta:
          $ref: '#/components/schemas/MetaVulnerabilitiesOut'
      required:
        - data
        - links
        - meta

    VersionOut:
      type: object
      properties:
        application_version:
          type: string
          description: Version of application.
          example: 0.1.2
        database_version:
          oneOf:
            - type: string
            - type: number
          description: Version of database schema.
          example: 1
      required:
        - application_version
        - database_version

    InsightsRule:
      type: object
      properties:
        rule_id:
          type: string
          example: CVE_2017_14491_dnsmasq|CVE_2017_14491_ERROR
          description: ID(s) of associated security rule(s).
        description:
          type: string
          description: Description of the rule.
          example: CVE-2017-14491 dnsmasq code execution with listening processes
          nullable: true
        summary:
          type: string
          description: Summary of the rule.
          example: A buffer overflow vulnerability was found in `Dnsmasq`, a popular lightweight DNS and DHCP server....
          nullable: true
        reboot_required:
          type: boolean
          description: Indicator whter reboot is required to mitigate vulnerability.
          example: false
          nullable: true
        playbook_count:
          type: integer
          description: Number of available Ansible playbooks for remediation/mitigation.
          example: 1
          nullable: true
        change_risk:
          type: integer
          description: Indicates how likely remediation can change environment on the remediatied system.
          example: 1
          nullable: true
        kbase_node_id:
          type: integer
          description: ID of associated Red Hat knowledgebase article.
          example: 3199382
          nullable: true
        associated_cves:
          type: array
          items:
            type: string
            example: CVE-2016-0800
          description: List of CVEs associated with the rule.
        rule_impact:
          type: integer
          description: Shows rules impact number from 1 to 4
          example: 1
          nullable: true
        systems_affected:
          type: integer
          description: Number of systems affected by the rule.
          example: 72
        publish_date:
          type: string
          description: Date when the rule was published.
          example: 2018-05-15 13:00:00
          nullable: true
      required:
        - associated_cves
        - change_risk
        - description
        - kbase_node_id
        - playbook_count
        - reboot_required
        - rule_id
        - summary
        - rule_impact
        - publish_date

    VulnerabilitiesPostIn:
      type: object
      properties:
        cve_list:
          type: array
          description: Array of CVEs to provide info about
          items:
            type: string
            example: CVE-2016-0800
            description: CVE id.
      required:
        - cve_list

    VulnerabilitiesPostOut:
      type: object
      properties:
        data:
          type: array
          items:
            type: object
            properties:
              id:
                type: string
                description: CVE id.
                example: CVE-2016-0800
              type:
                type: string
                description: Type of the record.
                example: cve
              attributes:
                type: object
                properties:
                  cvss_score:
                    type: string
                    description: String representation of cvss3 or cvvs2 (if v3 is not present) score of the CVE.
                    example: '5.800'
                    nullable: true
                  impact:
                    type: string
                    description: Red Hat security impact of the CVE.
                    example: Important
                  synopsis:
                    type: string
                    description: Synopsis of the CVE.
                    example: CVE-2016-0800
                required:
                  - cvss_score
                  - impact
                  - synopsis
            required:
              - id
              - type
              - attributes
        links:
          $ref: '#/components/schemas/Links'
        meta:
          allOf:
            - $ref: '#/components/schemas/Meta'
            - $ref: '#/components/schemas/MetaPermissions'
      required:
        - data
        - links
        - meta

    AnnouncementOut:
      type: object
      properties:
        message:
          type: string
          description: Announcement message.
          example: Hello from Vulnerability team :).
        last_updated:
          type: string
          description: Datetime string.
          example: '2004-10-19 10:23:54+02'
      required:
        - message
        - last_updated

    DashbarOut:
      type: object
      properties:
        exploitable_cves:
          type: number
        cves_with_rule:
          type: number
        critical_cves:
          type: number
        important_cves:
          type: number

    CvesWithoutErrataOut:
      type: object
      properties:
        updated:
          type: object
          properties:
            org_id:
              type: string
            cves_without_errata:
              type: object
              properties:
                enabled:
                  type: boolean
        meta:
          $ref: '#/components/schemas/MetaPermissions'
      required:
        - updated
        - meta

    NotificationsOut:
      type: object
      properties:
        deleted:
          type: number
          description: Number of deleted notifications for CVEs
          example: 50
      required:
        - deleted