Send custom vulnerability or security data to New Relic through our security data API through a simple POST request. Use the API if we don't currently support your security service with an integration or if sending security data through an API fits your custom workflow better.
Prerequisites
- A New Relic for the account you want to report data to.
Send data to New Relic
To send vulnerability or other security data, send a JSON object via POST method containing a findings array. Each object in the array describes a detected vulnerability or other security event. Make sure to include the security endpoint for New Relic. Use one of the following according to your region:
- For the US,
https://security-api.newrelic.com/security/v1
- For EU,
https://security-api.service.eu.newrelic.com/security/v1
Here's an example POST request. We'll take a look at individual components in the next section:
$curl -X POST https://security-api.newrelic.com/security/v1 \> -H "Content-Type: application/json" \> -H "Api-Key: INSERT_YOUR_API_KEY " \> -d '{$ "findings": [$ {$ "source": "Insert security tool name, such as Snyk",$ "title": "Insert a short description of security issue",$ "message": "Insert long description and remediation advice",$ "issueType": "Insert Library|Container|Host Vulnerability",$ "issueId": "Insert vulnerability identifier like CVE, CWE, CIS, etc.",$ "issueVendorId": "Vendor-specific identifier if different from issueId",$ "issueInstanceKey": "Insert the unique path to this instance of the issue",$ "disclosureUrl": "Insert a URL to additional information on the issue",$ "severity": "Insert CRITICAL|HIGH|MEDIUM|LOW|INFO",$ "remediationExists": Insert boolean true | false (no quotation marks),$ "remediationRecommendation": "Explain the action to take",$ "detectedAt": "Insert timestamp when detected, in milliseconds since epoch",$ "entityType": "Insert Host|Service|Repository|Image|AWS",$ "entityLookupValue": "Insert a URL to find entity",$ "entityGuid": "ABCDEFG",$ "customFields": {$ "sourceDetailInfo": "DecadeCoffee"$ }$ }$ ]$}'
URL Parameters
Parameter | Description |
---|---|
| Optional: The respositiory url for the application with your integration. |
Required fields
The following fields are required in the request:
Field | Description |
---|---|
| The user-friendly name of the security tool that generated this event such as |
| A short (50-100 character) summary of the issue. Should be suitable for use as a page title or table cell content. |
| Detailed description of the issue, including explanation of the finding and how to remediate it. May include markdown. |
| An issue type supported by New Relic. Currently these are:
|
| A standard identifier for the detected issue. For example, the CVE or CWE identifier, or the CIS benchmark rule. If multiple tools detect the same issue, the |
| The defined community consensus on the severity of the issue or the scanning tool. This should be one of the following:
|
| Used to correlate reported issue to an entity known to the New Relic platform. Must be one of the types recognized by the entity search api, or special cases supported by Security API ( An example with
|
| Used to find the appropriate entity of that type. An example with
|
| A unique identifier for a specific entity within the New Relic platform, essential for tracking and managing applications, services, or infrastructure components. An example of
|
Optional fields
Your request may contain any of the following optional fields:
Field | Description |
---|---|
| The CVSSv3 score assigned to the CVE, as a floating point number in JSON/ |
| The CVSSv3 vector describing this CVE. |
| A path or identifier that uniquely identifies the occurrence of this instance of the vulnerability from other instances in the same repo, service, entity, or account. For example: full path to file plus the line number for a source code finding, or path to a vulnerable binary on a host or in a container image. The instance key should be identical for repeat findings of the same issue while differentiating multiple instances that each need remediation. If not provided, the resolved |
| Vendor-specific identifier for the issue, if different from |
| A URL to additional information on the issue, either from the source tool vendor’s website or public disclosure references. Should be a trustworthy source. |
| Boolean indicating whether a fix for the issue is known to exist. |
| Short-form text explaining the action to take for remediation. For 3rd party dependencies, use the form |
| Timestamp of when the issue was detected, in milliseconds since epoch. If not provided, we use the moment data is sent to New Relic. |