• EnglishEspañol日本語한국어Português
  • Log inStart now

Send data using the security data API

Send custom vulnerability or security data to New Relic through our security data API through a simple POST request. Use the API if we don't currently support your security service with an integration or if sending security data through an API fits your custom workflow better.

Prerequisites

  • A New Relic for the account you want to report data to.

Send data to New Relic

To send vulnerability or other security data, send a JSON object via POST method containing a findings array. Each object in the array describes a detected vulnerability or other security event. Make sure to include the security endpoint for New Relic. Use one of the following according to your region:

  • For the US, https://security-api.newrelic.com/security/v1
  • For EU, https://security-api.service.eu.newrelic.com/security/v1

Here's an example POST request. We'll take a look at individual components in the next section:

curl -X POST https://security-api.newrelic.com/security/v1 \
-H "Content-Type: application/json" \
-H "Api-Key: INSERT_YOUR_API_KEY " \
-d '{
"findings": [
{
"source": "Insert security tool name, such as Snyk",
"title": "Insert a short description of security issue",
"message": "Insert long description and remediation advice",
"issueType": "Insert Library|Container|Host Vulnerability",
"issueId": "Insert vulnerability identifier like CVE, CWE, CIS, etc.",
"issueVendorId": "Vendor-specific identifier if different from issueId",
"issueInstanceKey": "Insert the unique path to this instance of the issue",
"disclosureUrl": "Insert a URL to additional information on the issue",
"severity": "Insert CRITICAL|HIGH|MEDIUM|LOW|INFO",
"remediationExists": Insert boolean true | false (no quotation marks),
"remediationRecommendation": "Explain the action to take",
"detectedAt": "Insert timestamp when detected, in milliseconds since epoch",
"entityType": "Insert Host|Service|Repository|Image|AWS",
"entityLookupValue": "Insert a URL to find entity",
"entityGuid": "ABCDEFG",
"customFields": {
"sourceDetailInfo": "DecadeCoffee"
}
}
]
}'

URL Parameters

Parameter

Description

repository

Optional: The respositiory url for the application with your integration.

Required fields

The following fields are required in the request:

Field

Description

source

The user-friendly name of the security tool that generated this event such as Snyk or Dependabot.

title

A short (50-100 character) summary of the issue. Should be suitable for use as a page title or table cell content.

message

Detailed description of the issue, including explanation of the finding and how to remediate it. May include markdown.

issueType

An issue type supported by New Relic. Currently these are:

  • Library Vulnerability
  • Container Vulnerability
  • Host Vulnerability

issueID

A standard identifier for the detected issue. For example, the CVE or CWE identifier, or the CIS benchmark rule. If multiple tools detect the same issue, the issueId should be the same across all tools.

severity

The defined community consensus on the severity of the issue or the scanning tool. This should be one of the following:

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
  • INFO

entityType

Used to correlate reported issue to an entity known to the New Relic platform. Must be one of the types recognized by the entity search api, or special cases supported by Security API (Image and AWS).

An example with entityLookupValue would be:

"entityType": "AWS",
"entityLookupValue": "arn:aws:rds:us-east-2:403720000000:db:my-database"

entityLookupValue

Used to find the appropriate entity of that type.

An example with entityType would be:

"entityType": "Repository",
"entityLookupValue": "https://github.com/newrelic/ruby_agent"

Optional fields

Your request may contain any of the following optional fields:

Field

Description

cvssScore

The CVSSv3 score assigned to the CVE, as a floating point number in JSON/

cvssVector

The CVSSv3 vector describing this CVE.

issueInstanceKey

A path or identifier that uniquely identifies the occurrence of this instance of the vulnerability from other instances in the same repo, service, entity, or account. For example: full path to file plus the line number for a source code finding, or path to a vulnerable binary on a host or in a container image. The instance key should be identical for repeat findings of the same issue while differentiating multiple instances that each need remediation. If not provided, the resolved entityGuid or user-supplied entityLookupValue is used.

issueVendorID

Vendor-specific identifier for the issue, if different from issueId.

disclosureUrl

A URL to additional information on the issue, either from the source tool vendor’s website or public disclosure references. Should be a trustworthy source.

remediationExists

Boolean indicating whether a fix for the issue is known to exist.

remediationRecommendation

Short-form text explaining the action to take for remediation. For 3rd party dependencies, use the form upgrade PACKAGE_NAME to X.Y.Z

detectedAt

Timestamp of when the issue was detected, in milliseconds since epoch. If not provided, we use the moment data is sent to New Relic.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.