Batch Operations
Batch operations allow you to retrieve multiple CVEs in a single request, significantly improving performance and reducing API quota usage.
Overview
Instead of making individual API calls for each CVE, you can request up to 50 CVEs at once using the batch lookup feature.
Benefits
- Performance: Up to 50x faster than individual requests
- Quota efficiency: Counts as single API call against monthly quota
- Atomicity: Get consistent data snapshot
- Bandwidth: Reduced overhead from fewer HTTP connections
Using Batch Lookup
Basic Example
Retrieve multiple CVEs using the ids parameter:
# Default batch request (KEV and EPSS included when available)
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003"
# Include ACSC data in batch request
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003&include=acsc"
Limitations
- Maximum 50 CVE IDs per request
- IDs must be comma-separated
- No spaces in the ID list
- Invalid IDs are silently skipped
Implementation Examples
Python
import requests
def batch_lookup_cves(cve_ids, api_key, include_acsc=False, include_enrichment=False):
"""
Look up multiple CVEs in a single request
Args:
cve_ids: List of CVE IDs (max 50)
api_key: Your API key
include_acsc: Include ACSC notices (optional)
include_enrichment: Include enrichment framework data (optional)
Returns:
Dictionary with CVE data
"""
base_url = "https://api.cybersecfeed.com/api/v1/cves"
headers = {"X-API-Key": api_key}
# Join IDs with commas
ids_param = ",".join(cve_ids[:50]) # Limit to 50
params = {"ids": ids_param}
# Add enrichment parameters
include_params = []
if include_acsc:
include_params.append("acsc")
if include_enrichment:
include_params.append("enrichment")
if include_params:
params["include"] = ",".join(include_params)
response = requests.get(
base_url,
params=params,
headers=headers
)
return response.json()
# Example usage
cve_list = [
"CVE-2024-0001",
"CVE-2024-0002",
"CVE-2024-0003",
"CVE-2024-0004",
"CVE-2024-0005"
]
# Basic batch lookup (KEV and EPSS included by default)
result = batch_lookup_cves(cve_list, "your-api-key-here")
# Include ACSC data for regional threat intelligence
result_with_acsc = batch_lookup_cves(cve_list, "your-api-key-here", include_acsc=True)
# Include all enrichment data
result_full = batch_lookup_cves(cve_list, "your-api-key-here", include_acsc=True, include_enrichment=True)
Processing Large Lists
When you have more than 50 CVEs to look up, process them in batches:
def process_large_cve_list(all_cve_ids, api_key, include_acsc=False, include_enrichment=False):
"""
Process a large list of CVEs in batches of 50
Args:
all_cve_ids: List of all CVE IDs to process
api_key: Your API key
include_acsc: Include ACSC notices
include_enrichment: Include enrichment framework data
Returns:
List of all CVE data
"""
batch_size = 50
all_results = []
# Process in batches
for i in range(0, len(all_cve_ids), batch_size):
batch = all_cve_ids[i:i + batch_size]
# Make batch request with enrichment options
result = batch_lookup_cves(batch, api_key, include_acsc, include_enrichment)
# Extract CVEs from response
if result.get("data", {}).get("cves"):
all_results.extend(result["data"]["cves"])
# Optional: Add delay to avoid overwhelming the API
# time.sleep(0.1)
return all_results
# Example: Process 200 CVEs with ACSC data
large_cve_list = [f"CVE-2024-{str(i).zfill(4)}" for i in range(1, 201)]
all_cves = process_large_cve_list(large_cve_list, "your-api-key-here", include_acsc=True)
print(f"Retrieved {len(all_cves)} CVEs with enrichment data")
JavaScript/Node.js
async function batchLookupCVEs(cveIds, apiKey, options = {}) {
const baseUrl = 'https://api.cybersecfeed.com/api/v1/cves';
const headers = { 'X-API-Key': apiKey };
// Limit to 50 IDs
const limitedIds = cveIds.slice(0, 50);
const idsParam = limitedIds.join(',');
// Build URL with enrichment parameters
const params = new URLSearchParams({ ids: idsParam });
const includeParams = [];
if (options.includeACSC) includeParams.push('acsc');
if (options.includeEnrichment) includeParams.push('enrichment');
if (includeParams.length > 0) {
params.append('include', includeParams.join(','));
}
const response = await fetch(`${baseUrl}?${params}`, {
headers: headers,
});
return await response.json();
}
// Process large list in batches with enrichment options
async function processLargeCVEList(allCveIds, apiKey, options = {}) {
const batchSize = 50;
const allResults = [];
for (let i = 0; i < allCveIds.length; i += batchSize) {
const batch = allCveIds.slice(i, i + batchSize);
const result = await batchLookupCVEs(batch, apiKey, options);
if (result.data && result.data.cves) {
allResults.push(...result.data.cves);
}
}
return allResults;
}
// Example usage with ACSC data
const options = { includeACSC: true };
const cveList = ['CVE-2024-0001', 'CVE-2024-0002', 'CVE-2024-0003'];
const results = await processLargeCVEList(cveList, 'your-api-key-here', options);
Best Practices
1. Validate IDs Before Sending
import re
def validate_cve_id(cve_id):
"""Validate CVE ID format"""
pattern = r'^CVE-\d{4}-\d{4,}$'
return bool(re.match(pattern, cve_id))
# Filter valid IDs only
valid_ids = [cve_id for cve_id in cve_list if validate_cve_id(cve_id)]
2. Handle Missing CVEs
Not all requested CVEs may exist in the response:
def check_missing_cves(requested_ids, response_data):
"""Identify which CVEs were not found"""
returned_ids = {cve["id"] for cve in response_data["data"]["cves"]}
missing_ids = set(requested_ids) - returned_ids
if missing_ids:
print(f"CVEs not found: {missing_ids}")
return missing_ids
3. Combine with Field Projection and Enrichment
Optimize further by requesting only needed fields and specific enrichment data:
# Get only essential fields
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002&fields=id,cvss.baseScore,kev"
# Get specific fields with ACSC data
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002&fields=id,cvss,acsc&include=acsc"
# Maximum optimization: specific fields + targeted enrichment
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002&fields=id,cvss.baseScore,kev,epss.score&include=acsc"
4. Error Handling
def safe_batch_lookup(cve_ids, api_key, include_acsc=False, include_enrichment=False, max_retries=3):
"""Batch lookup with retry logic and enrichment options"""
for attempt in range(max_retries):
try:
result = batch_lookup_cves(cve_ids, api_key, include_acsc, include_enrichment)
if result.get("data"):
return result
except Exception as e:
if attempt == max_retries - 1:
raise
time.sleep(2 ** attempt) # Exponential backoff
return None
Performance Comparison
| Method | CVEs | API Calls | Time | Quota Used | Data Completeness |
|---|---|---|---|---|---|
| Individual | 50 | 50 | ~25 seconds | 50 | Full |
| Batch (Basic) | 50 | 1 | ~0.5 seconds | 1 | KEV + EPSS |
| Batch + ACSC | 50 | 1 | ~0.6 seconds | 1 | KEV + EPSS + ACSC |
| Improvement | - | 98% fewer | 50x faster | 98% less | Customizable |
Enrichment Performance Impact
| Include Parameter | Response Size | Processing Time | Use Case |
|---|---|---|---|
| None (default) | ~2KB per CVE | Fastest | Basic vulnerability data |
include=acsc | ~2.5KB per CVE | +10-20% slower | Regional threat intelligence |
include=enrichment | ~3KB per CVE | +20-30% slower | Advanced analytics |
include=acsc,enrichment | ~3.5KB per CVE | +30-40% slower | Complete intelligence picture |
Use Cases
- Daily Vulnerability Scans: Check all CVEs affecting your software stack with basic data
- Regional Threat Assessment: Include ACSC data for Australian organizations
- Compliance Reporting: Bulk retrieve CVEs with full enrichment for audit reports
- Threat Intelligence: Cross-reference threat feeds with KEV and EPSS data
- Inventory Management: Check vulnerabilities for all installed software with field projection
- Risk Prioritization: Batch lookup with EPSS scores for exploitation likelihood
Performance vs Completeness Trade-offs
- Fast Scanning: Use default batch requests for speed
- Regional Awareness: Add
include=acscfor Australian threat context - Complete Intelligence: Use
include=acsc,enrichmentfor full picture - Optimized Bandwidth: Combine with
fieldsparameter for specific data only
Summary
Batch operations are essential for efficient API usage. By grouping requests, you can dramatically improve performance while staying within quota limits. The new parameter-based enrichment system allows you to balance performance with data completeness:
- Default batches: Fast and efficient for basic vulnerability data
- ACSC inclusion: Adds regional threat intelligence when needed
- Field projection: Minimizes bandwidth for targeted data retrieval
- Enrichment combinations: Provides complete intelligence picture when required
Always use batch operations when checking multiple CVEs, and tailor enrichment parameters to your specific use case for optimal performance.