API to add hostname/ip to global asset exclusion list

joe_braun · August 13, 2021, 2:14pm

We have a requirement to pull a list of assets from our CMDB and add them to the global asset exclusion list in InsightVM so they’re not scanned. I’ve created a python script to pull the appropriate assets from our CMDB and now am working on adding them to InsightVM. Is there an API to add hostname/ip to the global asset exclusion list? We’ve been using the rapid7vmconsole python utility to perform other automated actions, and I’m seeing the APIs to manage excluded assets on sites, but I’m not seeing anything for adding hostname/ip to the global asset exclusion list.

holly_wilsey · August 18, 2021, 9:18pm

I’m double checking with the team to see if we have an endpoint for that, but looking through the API docs, I didn’t see one offhand. If you’re doing this with a Python script, an alternative could be to write the IPs/hostnames of assets you want to exclude to a file, and then use the “Import list from file” option in InsightVM. I know that’s an extra step, but it beats manually entering each one in the textbox.

joe_braun · August 19, 2021, 2:00pm

Thanks Holly. That’s what we’re doing for now, just manually loading the output from the python script. The hope was to fully automate the process, but this will work for now. If it’s confirmed that an API doesn’t exist, can we submit an enhancement request?

holly_wilsey · August 19, 2021, 7:43pm

I confirmed with the team and it looks like there isn’t currently an APIv3 endpoint for global exclusions. I suppose another option could be to retrieve all your sites, then loop through those to add the assets you want to exclude to each site (since like you said, there is an endpoint for that). Definitely not the best option though, and it would depend on how your assets are grouped.

I can pass your feedback to the team regarding a new global asset exclusion-related endpoint. Thanks for letting us know!

joe_braun · August 19, 2021, 9:09pm

Ok thanks Holly!

Rocker_01 · January 11, 2022, 1:25pm

@holly_wilsey @joe_braun Do you have any python script to update IPs from csv to irrespective sites using python script and schedule the same for CRONJOB. Please suggest as soon as possible.

Rocker_01 · September 14, 2022, 9:37am

Do you guys has any update on the question asked ?@holly_wilsey

joe_braun · September 14, 2022, 1:13pm

Hi Amit, apologies I missed your previous message, no we don’t have a python script for this. We’ve just been manually loading the records into the global exclusion list.

Rocker_01 · September 14, 2022, 1:25pm

@joe_braun How about adding the list of IP for scanning into multiple sites

joe_braun · September 14, 2022, 1:43pm

We haven’t created a script to do that.

luke_albinson · September 22, 2022, 12:19pm

@joe_braun - Would tagging work? You “tag” an asset as “Exclude”, and create a Dynamic Group based on the tag itself. This group can then be added to the sites “Exclude” section in the config?

joe_braun · September 22, 2022, 1:08pm

Yeah that would work for assets that have already been discovered. The hope was to proactively exclude ip addresses/ranges so the scanner would never hit them in the first place.