Ad-Hoc Scan a Specific Asset in Nexpose Enterprise Plug-In

If I’m reading the Nexpose Enterprise Plug-In documentation right, the “Scan a Site” Action only allows you to scan a predefined site by site_name.
I’m trying to do an Ad-Hoc scan of a specific Asset in a Site and don’t see that as an option.
I know that I can do this via a REST by passing a string array of hosts with a templateId and name.
Is there an Action in the Plug-In that I’m missing? If not could this functionality be added?

Looks like the assets to include could be easily added by just sending them in the body of the request:
https://help.rapid7.com/insightvm/en-us/api/index.html#operation/startScan

The request isn’t using the body at the moment:

But I think it could be easily added as the request function already supports a JSON payload for the body:

With this change it would be possible to also define engine, scan name and scan template.

yes, that is exactly what I’m doing via the REST API

Passing the body like this
{ "engineId": int, "hosts": [ "string" ], "name": "string", "templateId": "string" }

I would just prefer to use an action on the Nexpose Enterprise Plug-In verses making a REST call

I implemented this functionality quickly for the hosts.

Feel free to add the other parameters and send in a pull request.
This functionality is available as soon as the pull request is merged.
Then you need to update your IVM plugin in ICON and your workflow.

Thanks, I’ll keep an eye out for it and le you know.
I didn’t see this Plug-In in the community repo on GitHub

@brandon_mcclure the new version was just released :tada:

So I got this working as a test, but I’m not sure about the pull request, I started filling it but wasn’t sure I was doing it right. Any way you can help me with that?
The change was pretty minimal, I just used what you did and added a few more.
I did run through the tests playing with different values for these and they all passed.
In the plugin.spec.yaml I did this

  scan:
    title: Scan
    description: Start a scan on a site
    input:
      site_id:
        title: Site ID
        description: ID of the site to scan
        type: string
        example: 1
        required: true
      name:
        title: Scan Name
        description: The Scan Name, leaving blank will use "API Scan - " + UTC Timestamp
        type: string
        example: "Full Audit Ad-Hoc Scan from API"
        required: false
      hosts:
        title: Hosts
        description: The hosts that should be included in the scan, leaving blank will scan all
        type: "[]string"
        example: ["192.0.2.3", "192.0.2.10-192.0.2.20", "ADSRV.local"]
        required: false
      template_id:
        title: Template Id
        description: The ID of the Scan Template that should use, leaving blank will use the default Scan Template
        type: string
        example: "full-audit-without-web-spider"
        required: false
      engine_id:
        title: Engine Id
        description: The ID of the Scan Engine that should use, leaving blank will use the default Scan Engine
        type: string
        example: 4
        required: false

then in the scan action I modified it to this:

        site_id = params.get("site_id")
        name = params.get("name")
        hosts = params.get("hosts")
        template_id = params.get("template_id")
        engine_id = params.get("engine_id")
        endpoint = endpoints.Scan.site_scans(self.connection.console_url,site_id)
        self.logger.info("Using %s ..." % endpoint)
        if name or hosts or template_id or engine_id:
            payload = {}
            if name:
                payload["name"] = name
            if hosts:
                payload["hosts"] = hosts
            if template_id:
                payload["templateId"] = template_id
            if engine_id:
                payload["engineId"] = engine_id
            response = resource_helper.resource_request(endpoint=endpoint, method='post', payload=payload)
        else:
            response = resource_helper.resource_request(endpoint=endpoint, method='post')

Hi Brandon!
I only noticed that the engineId is an integer (you defined it as string):
https://help.rapid7.com/insightvm/en-us/api/index.html#operation/startScan

Everything else looks fine for me.
Before you do the pull request don’t forget to also increase the version number and add a line to the changelog in the help file.

But the ICON team will also review your changes in the pull request.

I saw that, but switched it to a string because the scan_id was defined as a string, but maybe that is because it is being used in the URL and not the body.
I’ll give the pull request a shot, I did one for the workflows, the plugins just had different requirements that I wasn’t sure about.