> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add suspected vulnerabilities for an organization

> Add suspected vulnerabilities for an organization, creating corresponding assets if needed. On success returns list of numeric IDs of the newly created suspected vulnerabilities



## OpenAPI

````yaml /vulns-openapi.yaml post /v1/organizations/{organizationUid}/suspected-vulnerabilities
openapi: 3.1.0
info:
  title: Vulnerability Service API
  version: 1.0.0
  description: >
    Comprehensive API for managing suspected vulnerabilities within the Synack
    platform.

    This service provides endpoints for retrieving, filtering, and triaging
    security vulnerabilities

    discovered across client assets. It supports advanced filtering, pagination,
    export functionality,

    and automated triage workflows to streamline vulnerability management
    processes.
  contact:
    name: Synack Engineering
    email: engineering@synack.com
servers:
  - url: https://client.synack.com/api/vulnerability
    description: Commercial
  - url: https://client.synack.us/api/vulnerability
    description: FedRAMP (Medium)
security: []
paths:
  /v1/organizations/{organizationUid}/suspected-vulnerabilities:
    post:
      tags:
        - Suspected Vulnerabilities
      summary: Add suspected vulnerabilities for an organization
      description: >-
        Add suspected vulnerabilities for an organization, creating
        corresponding assets if needed. On success returns list of numeric IDs
        of the newly created suspected vulnerabilities
      operationId: postSuspectedVulnerabilities
      parameters:
        - name: organizationUid
          in: path
          description: Unique identifier for the organization
          required: true
          schema:
            type: string
          x-go-name: orgUID
      requestBody:
        description: >-
          Request body containing the list of objects, describing the properties
          of suspected vulnerabilities to create
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SuspectedVulnerabilitiesCreateRequest'
        required: true
      responses:
        '201':
          $ref: '#/components/responses/SuspectedVulnerabilitiesCreateResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
        '500':
          $ref: '#/components/responses/InternalServerError'
      security:
        - OAuth2:
            - asset_gr
            - asset_gw
components:
  schemas:
    SuspectedVulnerabilitiesCreateRequest:
      description: >-
        List of objects, describing the properties of suspected vulnerabilities
        to create
      type: array
      items:
        $ref: '#/components/schemas/NewSuspectedVulnerability'
    NewSuspectedVulnerability:
      description: Object, describing properties of a new suspected vulnerability to create
      type: object
      properties:
        name:
          description: The name (also known as title) of the suspected vulnerability
          type: string
        description:
          description: Optional detailed description of the suspected vulnerability
          type: string
        location:
          description: >-
            Location of the suspected vulnerability, keeps information about
            where the it was discovered
          type: string
          examples:
            bareIpAddress:
              summary: Reference to a single IP address
              value: 192.168.1.1
            ipAddressWithTcpPort:
              summary: Reference to a single TCP port number
              value: tcp://192.168.1.1:22
            ipAddressWithUdpPort:
              summary: Reference to a single UDP port number
              value: udp://192.168.1.1:53
            ipAddressWithIcmpProto:
              summary: Reference to a single IP address, ICMP protocol
              description: >-
                Since the ICMP protocol doesn't have port abstraction, like TCP
                or UDP, the URI defines only protocl name and IP address of the
                host
              value: icmp://192.168.1.1
            webUrl:
              summary: URL pointing to a specific resource inside a webapp
              value: https://example.com/path?query#segment
        cvssScore:
          description: >-
            CVSS base score of the vulnerability, valid values are from 0 to 10
            inclusively. See https://www.first.org/cvss/ for further details.
          type: number
          format: float
          x-go-name: CVSSScore
        cvssVersion:
          description: >-
            Version of CVSS base score, positive float number. See
            https://www.first.org/cvss/ for further details.
          type: number
          format: float
          x-go-name: CVSSVersion
          examples:
            v2:
              summary: CVSS version 2
              value: 2
            v3.1:
              summary: CVSS version 3.1
              value: 3.1
        cves:
          description: >-
            Optional list of IDs of Common Vulnerabilities and Exposures (also
            known as CVE), in "CVE-YYYY-N" format. See https://www.cve.org/ for
            details
          type: array
          items:
            type: string
          examples:
            cveID:
              summary: >-
                Log4shell vulnerability, affects Log4j versions 2.0-beta9 to
                2.14.1. It allows remote code execution and information
                disclosure if exploited.
              value:
                - CVE-2021-44228
          x-go-name: CVEs
        cwes:
          description: >-
            Optional list of IDs of Common Weakness Enumeration (also known as
            CWE), in "CWE-N" format. See https://cwe.mitre.org/ for further
            details.
          type: array
          items:
            type: string
          examples:
            cweID:
              summary: >-
                Improper Neutralization of Input During Web Page Generation
                ('Cross-site Scripting')
              value:
                - CWE-79
          x-go-name: CWEs
        category:
          description: >-
            Optional category of the suspected vulnerability, as human readable
            string. Usually it is scanner dependent. For instance, in Tenable it
            is called `family`.
          type: string
        firstFoundAt:
          description: >-
            Optional date and time when the suspected vulnerability was detected
            for the first time on the asset, in RFC 3339 format, with sub-second
            precision added if present.
          type: string
          format: date-time
        lastFoundAt:
          description: >-
            Date and time when the suspected vulnerability was detected for the
            last time on the asset, in RFC 3339 format, with sub-second
            precision added if present.
          type: string
          format: date-time
        solution:
          description: >-
            Optional description of actions that could be taken in order to
            remediate the vulnerability.
          type: string
        source:
          description: >-
            Identifier of the source of the suspected vulnerability. Usually it
            points to a scanner name. It should contain only lowercase
            alphanumeric chars and hyphens. It should start with a letter.
          type: string
          examples:
            OpenVAS:
              summary: OpenVAS vulnerability scanner
              value: openvas
            Burp Suite:
              summary: Burp Suite vulnerability scanner
              value: burp-suite
            Tenable:
              summary: Tenable Vulnerability Management Service
              value: tenable
            TenableWAS:
              summary: Tenable Vulnerability Management Service
              value: tenablewas
            Qualys:
              summary: Qualys Vulnerability Management Tool
              value: qualys
        confidence:
          description: >-
            Optional confidence of the suspected vulnerability. Usually it is
            scanner specific. For example, it is called `confidence` in Burp
            Suite, `Quality of Detection` in OpenVAS. Tenable doesn't have any
            at all.
          type: string
          enum:
            - certain
            - firm
            - tentative
        severity:
          description: >-
            Optional severity of the suspected vulnerability. Usually it is
            scanner specific. Sometimes it is calculated from CVSS Base Score.
          type: string
          enum:
            - critical
            - high
            - medium
            - low
        assetUid:
          description: >-
            Optional unique identifier of the asset, where the suspected
            vulnerability was discovered. When set, must contain only lowercase
            hex digits. When not set, asset will be created based on `location`
            property.
          type: string
          x-go-name: AssetUID
        listingUid:
          description: >-
            Optional unique identifier of the assessment (also known as
            listing), that should be used to assign to when creating new assets.
            Used only when `assetUid` property is set. If set, must contain only
            lowercase alphanumeric characters.
          type: string
          x-go-name: ListingUID
        owaspIds:
          description: >-
            Optional list of OWASP identifiers. These identifiers are
            standardized labels used to categorize security vulnerabilities
            according to the OWASP (Open Web Application Security Project) Top
            10 framework - a globally recognized list of the most critical
            security risks to web applications. The identifiers follow a
            specific format - "A##:YYYY" where "A##" is position in the OWASP
            Top 10 list (e.g., A01, A02, A03); "YYYY" is year of the OWASP Top
            10 publication (e.g., 2017, 2021, 2024)
          type: array
          items:
            type: string
          examples:
            brokenAccessControl:
              summary: Broken Access Control
              value:
                - A01:2021
          x-go-name: OWASPIDs
        vendorRiskScore:
          description: >-
            A risk score value provided by the vendor of the imported
            vulnerability. This can differ from vendor to vendor. For example,
            Qualys QDS has a range from 1 to 100, Tenable VPR is 0.1 – 10.0.
          type: number
        httpRequest:
          description: >-
            If the HTTP request, used to discover the suspected vulnerability is
            known, it should be placed here as is, including all the request
            headers.
          type: string
          format: byte
          x-go-name: HTTPRequest
        httpResponse:
          description: >-
            If the HTTP response, used to discover the suspected vulnerability
            is known, it should be placed here as is, including all the response
            headers.
          type: string
          format: byte
          x-go-name: HTTPResponse
      required:
        - name
        - location
        - cvssScore
        - cvssVersion
        - lastFoundAt
        - source
    Error:
      type: object
      description: >-
        Standard error response format following RFC 7807 Problem Details
        specification
      required:
        - status
        - title
      properties:
        type:
          type: string
          description: URI reference that identifies the problem type
        status:
          type: integer
          description: HTTP status code for this occurrence of the problem
        title:
          type: string
          description: Human-readable summary of the problem type
        detail:
          type: string
          description: Human-readable explanation specific to this occurrence
        instance:
          type: string
          description: URI reference identifying the specific occurrence of the problem
  responses:
    SuspectedVulnerabilitiesCreateResponse:
      description: >-
        Response to a POST request, inserting new suspected vulnerabilities for
        the organization
      content:
        application/json:
          schema:
            type: array
            description: >-
              List of numeric identifiers of newly created suspected
              vulnerabilities
            items:
              type: integer
    BadRequest:
      description: >
        Bad Request - The request is malformed, contains invalid parameters, or
        missing

        required fields. Check request syntax and parameter values.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >
        Unauthorized - Authentication failed. The bearer token is missing,
        expired,

        invalid, or lacks sufficient permissions to access this resource.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >
        Forbidden - Access denied. The authenticated user lacks permission to
        access

        the requested resource or perform the specified operation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnprocessableEntity:
      description: >
        Unprocessable Entity - The request is well-formed but contains semantic
        errors

        or business logic violations that prevent processing (e.g., invalid
        status transitions).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerError:
      description: >
        Internal Server Error - An unexpected server-side error occurred. This
        indicates

        a system issue that should be reported to the engineering team for
        investigation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: login.synack.com
          scopes:
            asset_lr: Grants per-listing read access for all types of assets.
            asset_srt_lr: Grants per-listing read access to assets that may be read by SRTs.
            asset_or: >-
              Grants organization-level read access for all types of assets
              owned by a particular organization.
            asset_boss_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by BOSS users.
            asset_boss_lw: >-
              Grants per-listing write access to assets that may be modified by
              BOSS users.
            asset_client_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by Client users.
            asset_client_lw: >-
              Grants per-listing write access to assets that may be modified by
              Client users.
            asset_user_or: >-
              Grants user-level read access to asset stats that owned by a
              particular organization.
            asset_gr: >-
              Grants unrestricted read access to all assets. Except for
              credential data of cloud accout assets.
            asset_gw: Grants unrestricted write access to all assets.
            asset_scan_gr: >-
              Grants unrestricted read access to all assets. Including
              credential data of cloud account assets.

````