Bulk Update Scheduled Scans
PATCH/scheduledscans/bulk/
Request
- application/json
- application/x-www-form-urlencoded
- multipart/form-data
Body
Array [
]
h
- Hourlyd
- Dailyw
- Weeklym
- Monthlyq
- Quarterly1
- Monday2
- Tuesday3
- Wednesday4
- Thursday5
- Friday6
- Saturday7
- Sundayfirst
- Firstsecond
- Secondthird
- Thirdfourth
- Fourthlast
- Last
scheduledscans
object[]
scheduledscan
object
Serializer for scheduled/recurrent scans
Date and time of next scan scheduled.
Possible values: [h
, d
, w
, m
, q
, ``]
Scheduled scan recurrence.
Possible values: <= 64 characters
Timezone to use for scheduled scan timestamp.
Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).
Possible values: >= -2147483648
and <= 2147483647
, [1
, 2
, 3
, 4
, 5
, 6
, 7
, null
]
Day of week to run scan on - monday to sunday (for run on day of week option).
Possible values: [first
, second
, third
, fourth
, last
, ``, null
]
Which week of the month to run scan on (with run_on_day_of_week
enabled).
Future scans set as partial scans, use in conjunction with incremental
and reduced_scope
.
Override scan target's scan settings, use in conjunction with override_target_settings
.
Future scans set to incremental, use in conjunction with partial_scan
and override_target_settings
.
Future scans set as reduced scope, use in conjunction with partial_scan
and override_target_settings
.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
Body
Array [
]
h
- Hourlyd
- Dailyw
- Weeklym
- Monthlyq
- Quarterly1
- Monday2
- Tuesday3
- Wednesday4
- Thursday5
- Friday6
- Saturday7
- Sundayfirst
- Firstsecond
- Secondthird
- Thirdfourth
- Fourthlast
- Last
scheduledscans
object[]
scheduledscan
object
Serializer for scheduled/recurrent scans
Date and time of next scan scheduled.
Possible values: [h
, d
, w
, m
, q
, ``]
Scheduled scan recurrence.
Possible values: <= 64 characters
Timezone to use for scheduled scan timestamp.
Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).
Possible values: >= -2147483648
and <= 2147483647
, [1
, 2
, 3
, 4
, 5
, 6
, 7
, null
]
Day of week to run scan on - monday to sunday (for run on day of week option).
Possible values: [first
, second
, third
, fourth
, last
, ``, null
]
Which week of the month to run scan on (with run_on_day_of_week
enabled).
Future scans set as partial scans, use in conjunction with incremental
and reduced_scope
.
Override scan target's scan settings, use in conjunction with override_target_settings
.
Future scans set to incremental, use in conjunction with partial_scan
and override_target_settings
.
Future scans set as reduced scope, use in conjunction with partial_scan
and override_target_settings
.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
Body
Array [
]
h
- Hourlyd
- Dailyw
- Weeklym
- Monthlyq
- Quarterly1
- Monday2
- Tuesday3
- Wednesday4
- Thursday5
- Friday6
- Saturday7
- Sundayfirst
- Firstsecond
- Secondthird
- Thirdfourth
- Fourthlast
- Last
scheduledscans
object[]
scheduledscan
object
Serializer for scheduled/recurrent scans
Date and time of next scan scheduled.
Possible values: [h
, d
, w
, m
, q
, ``]
Scheduled scan recurrence.
Possible values: <= 64 characters
Timezone to use for scheduled scan timestamp.
Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).
Possible values: >= -2147483648
and <= 2147483647
, [1
, 2
, 3
, 4
, 5
, 6
, 7
, null
]
Day of week to run scan on - monday to sunday (for run on day of week option).
Possible values: [first
, second
, third
, fourth
, last
, ``, null
]
Which week of the month to run scan on (with run_on_day_of_week
enabled).
Future scans set as partial scans, use in conjunction with incremental
and reduced_scope
.
Override scan target's scan settings, use in conjunction with override_target_settings
.
Future scans set to incremental, use in conjunction with partial_scan
and override_target_settings
.
Future scans set as reduced scope, use in conjunction with partial_scan
and override_target_settings
.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
Responses
- 200
- 400
- 401
- 500
- application/json
- Schema
- Example (from schema)
Schema
Array [
Array [
]
Array [
]
Array [
]
any
- Is logged out if any condition is verified.all
- Is logged out only if all condition are verified.SHA1
- Sha1SHA256
- Sha256SHA512
- Sha5126
- Six7
- Seven8
- EightArray [
]
-
file
- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office
- Automatically set if manually verified in the back-office. Read-only. -
existing_domain
- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt
- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns
- Same asdns_txt
. -
dns_cname
- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag
- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist
- Automatically verifies if the domain is in the whitelist -
email
- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53
- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare
- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved
- Automatically verifies a domain if there is a waver agreement. openapi
- OpenAPI schema.postman
- Postman collection.Array [
]
application/json
- The payload is in JSON format in the request body.application/x-www-form-urlencoded
- The payload is encoded in the request URL.cookie
- Cookieheader
- HeaderArray [
]
pdf
- PDF file format.docx
- DOCX file format.Array [
]
h
- Hourlyd
- Dailyw
- Weeklym
- Monthlyq
- Quarterly1
- Monday2
- Tuesday3
- Wednesday4
- Thursday5
- Friday6
- Saturday7
- Sundayfirst
- Firstsecond
- Secondthird
- Thirdfourth
- Fourthlast
- Last]
A unique Base58 value identifying this object.
target
object
required
Possible values: <= 255 characters
Name of the target.
The maximum length is 255 characters.
site
object
Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login
object[]
Field and value pairs to fill the login form.
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url
and logout_detectors
to be defined.
Defaults to false.
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth
object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers
object[]
Custom headers to send.
cookies
object[]
Custom cookies to send.
whitelist
object
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
blacklist
object
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, the target has authentication.
Defaults to false.
Possible values: [any
, all
]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1
, SHA256
, SHA512
]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1
)
Possible values: >= -2147483648
and <= 2147483647
, [6
, 7
, 8
]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6
)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters
and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
stack
object[]
Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain. Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file
, back_office
, existing_domain
, dns_txt
, dns
, dns_cname
, meta_tag
, whitelist
, email
, aws_route53
, cloudflare
, waved
]
Method used in the domain verification:
Error of the last verification of the domain. Read-only.
api_scan_settings
object
required
Scanning settings if the target is an API.
Possible values: [openapi
, postman
]
Type of schema that defines the API:
custom_api_parameters
object[]
Possible values: [application/json
, application/x-www-form-urlencoded
]
Format of the payload:
Possible values: <= 2048 characters
URL to make the authentication request to the API.
The maximum length is 2048 characters.
Possible values: <= 4096 characters
Payload to send in the authentication request.
The maximum length is 4096 characters.
Possible values: <= 256 characters
Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.
Possible values: <= 16 characters
Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.
Possible values: <= 256 characters
Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.
Possible values: [cookie
, header
]
Where to send the parameter name with the authentication token and the prefix:
Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".
Description of the target.
Defaults to "".
labels
object[]
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the label.
The maximum length is 255 characters.
Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$
Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
Possible values: [pdf
, docx
]
Report format for the target:
(Defaults to pdf
)
scanning_agent
object
nullable
Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value
.
This is for the drf-spectacular documentation generation.
Possible values: <= 255 characters
teams
object[]
required
A unique Base58 value identifying this object.
blackout_period
object
required
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of next scan scheduled.
Possible values: [h
, d
, w
, m
, q
, ``]
Scheduled scan recurrence.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
blackout_period
object
required
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Possible values: <= 64 characters
Timezone to use for scheduled scan timestamp.
Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).
Possible values: >= -2147483648
and <= 2147483647
, [1
, 2
, 3
, 4
, 5
, 6
, 7
, null
]
Day of week to run scan on - monday to sunday (for run on day of week option).
Possible values: [first
, second
, third
, fourth
, last
, ``, null
]
Which week of the month to run scan on (with run_on_day_of_week
enabled).
Future scans set as partial scans, use in conjunction with incremental
and reduced_scope
.
Override scan target's scan settings, use in conjunction with override_target_settings
.
Future scans set to incremental, use in conjunction with partial_scan
and override_target_settings
.
Future scans set as reduced scope, use in conjunction with partial_scan
and override_target_settings
.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
[
{
"id": "string",
"target": {
"id": "string",
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"cookies": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"whitelist": {},
"blacklist": {},
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "string",
"verification_date": "2024-07-29T15:51:28.071Z",
"verification_method": "file",
"verification_last_error": "string",
"api_scan_settings": {
"api_schema_type": "openapi",
"api_schema_url": "string",
"api_schema_file": "string",
"custom_api_parameters": [
{
"name": "string",
"value": "string"
}
],
"media_type": "application/json",
"api_login_url": "string",
"api_login_payload": "string",
"api_login_enabled": true,
"api_login_token_field": "string",
"token_prefix": "string",
"token_parameter_name": "string",
"token_parameter_location": "cookie"
}
},
"type": "string",
"labels": [
{
"id": "string",
"name": "string",
"color": "string",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"changed": "2024-07-29T15:51:28.071Z"
}
],
"has_assets": true,
"report_fileformat": "pdf",
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
},
"teams": [
{
"id": "string",
"name": "string"
}
],
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
}
},
"date_time": "2024-07-29T15:51:28.071Z",
"recurrence": "h",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
},
"timezone": "string",
"run_on_day_of_week": true,
"scheduled_day_of_week": 1,
"week_index": "first",
"partial_scan": true,
"override_target_settings": true,
"incremental": true,
"reduced_scope": true,
"scan_profile": "string",
"unlimited": "string"
}
]
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
scheduledscans
object[]
object
scheduledscan
object[]
object
{
"scheduledscans": [
"This list may not be empty.",
{
"23FmxSYYJQNW": [
"Scheduled scan not saved as it may conflict with blackout period."
]
}
],
"scheduledscan": [
"This field is required.",
{
"scan_profile": [
"Invalid pk 'scan_profile_pk' - object does not exist"
]
}
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Incorrect authentication credentials."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Unexpected error while handling your request."
}