Hi David @david_smith,
Would it be possible for you to send the preview docs my way as well? This sounds like exactly what I’m looking for.
Thanks very much.
Hey David, I’m getting the following error when I try to run any queries. Any ideas?
{
“errors”: [
{
“message”: “Internal server error”,
“locations”: [],
“extensions”: {}
}
],
“data”: {
“organization”: null
}
}
I’d need to know the query you are running to comment further,
heres a simple one
query MyQuery {
organization(id: "ORG_ID_HERE") {
assets(first: 10000) {
edges {
node {
id
}
}
}
}
}
And ensure you are passing your ORG_ID instead
As well as your org API key as a header
and the accept version header kratos
and finally the application/json as the Content-Type
Are you using the correct region for your org?
David
Hey David,
I have been sure to include my Org ID as well as the X-Api-Key and Accept-Version: Kratos headers and I believe that these values are not the problem, as when I modify the values to be incorrect I get a different error (“Unable to validate”). Additionally, I am using the correct region (us). https://imgur.com/zsxHtNy
Interestingly, I am able to successfully run introspection queries such as:
{
__schema {
types {
name
}
}
}
*UPDATE:
I spelled kratos as “Kratos”, I did not realize this was case-sensitive. Thanks for your help
Ah nice one, glad you got it sorted!
@david_smith not sure if I missed it, but I believe the documentation isn’t out yet. Would you mind to sent me a copy also please?
Hey David, @david_smith
Is there a field that gives you the Last Seen time of an agent? Currently I can only find “Last Update” which only shows the last time the agent version was updated.
Thanks
Hi @cwilliams5 see this came up before over here [API] [CURL] get agent in Data Collection Management - #12 by david_smith
the key is timestamp
David
Here is something I am working on in PowerShell, I think it should get you 99% of the way there:
Clear-Host
$response = ""
$AuthVer = "kratos"
$AuthKey = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
$orgId = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyy"
$query = @"
{
organization(id: "$orgId")
{
assets(first: 10000)
{
edges
{
cursor
node
{
agent
{
agentStatus
agentSemanticVersion
timestamp
}
host
{
hostNames
{
name
}
id
primaryAddress
{
ip
mac
}
isEphemeral
description
vendor
version
}
publicIpAddress
platform
}
}
}
}
}
"@
# Define the GraphQL endpoint URL
$graphqlEndpoint = "https://us.api.insight.rapid7.com/graphql"
# Create a JSON object with the query and any variables if needed
$requestBody = @{query = $query}
# Convert the request body to JSON
$jsonRequestBody = $requestBody | ConvertTo-Json
# Set the HTTP headers
$headers = @{
'Content-Type' = "application/json"
'X-Api-Key' = $AuthKey
'Accept-Version' = $AuthVer}
# Send the HTTP POST request
$response = Invoke-RestMethod -Uri $graphqlEndpoint -Method Post -Headers $headers -Body $jsonRequestBody
$count = 0
$AllDevices = @()
$R7Devices = @()
if ($response.errors -ne $null)
{
$response.errors.message
}
Else
{
#Loop though Rapid7 devices 10000 at a time till done
do
{
$count = $count + 1
if ($count -gt 1)
{
#Rewrite query but replace the third line
$lines = $query -split "`r`n"
$lines[3] = ("`t`t" + "assets(first: 10000, after: ""$LastCursor"")")
$query = $lines -join "`r`n"
#** Re-query to get more devices **
#-------------------------------------------------------------------
# Create a JSON object with the query and any variables if needed
$requestBody = @{query = $query}
# Convert the request body to JSON
$jsonRequestBody = $requestBody | ConvertTo-Json
# Send the HTTP POST request
$response = Invoke-RestMethod -Uri $graphqlEndpoint -Method Post -Headers $headers -Body $jsonRequestBody
#-------------------------------------------------------------------
}
$Cursor = $response.data.organization.assets.edges.cursor
$devices = $response.data.organization.assets.edges.node
#Get the last Cursor
$LastCursor = $Cursor[-1]
#All returned devices
$AllDevices = $AllDevices + $devices
}
while ($Cursor.Count -eq 10000)
#****************************************************************************************
#Create new Rapid7 object
$R7Devices = foreach ($device in $AllDevices)
{
#Format MacAddress
if ($device.host.primaryAddress.mac -ne $null)
{
$mac = $device.host.primaryAddress.mac -replace "-",":"
}
Else {$mac = ""}
#Format Timestamp
if ($device.agent.timestamp -ne $null)
{
#Get LastSeen Date
$dateTimeUtc = (Get-Date "1970-01-01 00:00:00").AddSeconds($device.agent.timestamp/1000)
#Convert to Eastern Standard Time
$convertDateTime = [TimeZoneInfo]::ConvertTimeFromUtc($dateTimeUtc, ([TimeZoneInfo]::FindSystemTimeZoneById("Eastern Standard Time")))
}
Else {$convertDateTime = ""}
[PSCustomObject]@{
id = $device.host.id
agentSemanticVersion = $device.agent.agentSemanticVersion
agentStatus = $device.agent.agentStatus
LastSeen = $convertDateTime
hostName = @($device.host.hostNames)[0].name
primaryAddress = $device.host.primaryAddress.ip
publicIpAddress = $device.publicIpAddress
mac = $mac
osversion = $device.host.description
vendor = $device.host.vendor
version = $device.host.version
isEphemeral = $device.host.isEphemeral
platform = $device.platform
}
}
#****************************************************************************************
}
#Remove blanks from the object
$filterR7Devices = ($R7Devices | Where-Object {$_.id -ne '' -and $_.id -ne $null})
#Writing results
$filePath = ((split-path -parent $MyInvocation.MyCommand.Definition) + "\")
$LogFile = ($filePath + "Rapid7_Export_" + (Get-Date -format yyyy-MM-dd_hh-mm-ss) + ".csv")
$filterR7Devices | export-csv -Path $logFile -NoTypeInformation
1 Like
Looks like the API was improved, and this query should return everything now.
$query = @"
{
organization(id: "$orgId")
{
assets(first: 10000)
{
edges
{
cursor
node
{
agent
{
agentStatus
agentSemanticVersion
collector
{
id
name
}
timestamp
}
host
{
hostNames
{
name
}
id
primaryAddress
{
ip
mac
}
isEphemeral
description
vendor
version
type
}
publicIpAddress
platform
location
{
city
continent
countryCode
countryName
region
}
}
}
}
}
}
"@
@david_smith Can you share the GraphQL api documentation with me as well? Might be super useful for us to explore capabilities that are not available in the normal API.
Hi @dvd if you or any future visitors would like a copy of the GQL API docs please raise a support case