I’d like to use the Nexpose v3 API as per InsightVM API (v3)
However my org has moved to the InsightVM Platform Login
I can access the API and JSON results via a browser once authenticated - What are the best practices in this situation?
(I know it’s unsupported, but ideally i’d be building off GitHub - rapid7/vm-console-client-python: the UNOFFICIAL (but useful) Python library for the Rapid7 InsightVM/Nexpose RESTful API )
While that Github repo is assumable old (~ 3 years old) it was designed by a member of my team and can be very useful.
For your purposes, I would just create a separate user account on your console designed specifically for use with the API. Within the InsightVM console there is no concept of API permissions, it’s just a user account that has specific permissions to do what it needs to do within the tool.
There does not seem to be a python library that supports the okta-emea type logins unfortunately
I’ve had some success with getting the cookies from a browser session and passing them on to wget to provide some basic scripting capability
I’ll see if i am able to get a service style account for API access configured - thanks
Regards
james