After poking around Jamf Pro and Jamf Protect, it seems that JSC/RADAR/Wandera is the only source of storage for CVE-level details for managed client app inventories. I can plainly see them in the default web dashboard. So I set up a Risk API key, and enabled the option to see user and device details.
Both the docs [1] and manual exploration seem to conclude that only “Device risk” can be gathered from the public API, whereas things like “Average CVSS score” (or anything related to CVEs) cannot. Which would be fine if those two had a tight relationship, but I can plainly see things like an endpoint with six (6) high-scoring app vulnerabilities (including a 10 and a 9.8) per CVSS that only has two (2) app vulnerabilities reported per device risk and grading overall as low-risk.
I did notice that app vulns as a category can be force-upgraded from low to high to influence device risk more, but it’s possible that device risk will entirely miss the presence of vulnerable apps and this still doesn’t get around the inability to API-ask questions like, “what’s the average CVSS score of my endpoints?” There IS a private API that the web site uses, but accessing that would be a hack and require reusing session tokens that only last 30 minutes.
Any workarounds that I’m missing given an interest in API-level access to this information? Thanks!
1: https://developer.jamf.com/jamf-security/reference/getalldevicesinfo
Question
Jamf Security Cloud / RADAR / Wandera Risk API deficiencies
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.