Hi David @david_smith,
Would it be possible for you to send the preview docs my way as well? This sounds like exactly what I’m looking for.
Thanks very much.
You got it @cwilliams5
Hey David, I’m getting the following error when I try to run any queries. Any ideas?
{
“errors”: [
{
“message”: “Internal server error”,
“locations”: [],
“extensions”: {}
}
],
“data”: {
“organization”: null
}
}
I’d need to know the query you are running to comment further,
heres a simple one
query MyQuery {
organization(id: "ORG_ID_HERE") {
assets(first: 10000) {
edges {
node {
id
}
}
}
}
}
And ensure you are passing your ORG_ID instead
As well as your org API key as a header
and the accept version header kratos
and finally the application/json as the Content-Type
Are you using the correct region for your org?
David
Hey David,
I have been sure to include my Org ID as well as the X-Api-Key and Accept-Version: Kratos headers and I believe that these values are not the problem, as when I modify the values to be incorrect I get a different error (“Unable to validate”). Additionally, I am using the correct region (us). https://imgur.com/zsxHtNy
Interestingly, I am able to successfully run introspection queries such as:
{
__schema {
types {
name
}
}
}
*UPDATE:
I spelled kratos as “Kratos”, I did not realize this was case-sensitive. Thanks for your help
Ah nice one, glad you got it sorted!
@david_smith not sure if I missed it, but I believe the documentation isn’t out yet. Would you mind to sent me a copy also please?
Hey David, @david_smith
Is there a field that gives you the Last Seen time of an agent? Currently I can only find “Last Update” which only shows the last time the agent version was updated.
Thanks
Hi @cwilliams5 see this came up before over here [API] [CURL] get agent in Data Collection Management - #12 by david_smith
the key is timestamp
David
@david_smith I’d love a copy of the preview docs!
@jonathan_denton sent
Hi @david_smith I can´t find the docs, can you share it again?
Thanks!
@david_smith : I’m interested in the documentation as well, can you please share those? Thank you
Here is something I am working on in PowerShell, I think it should get you 99% of the way there:
Clear-Host
$response = ""
$AuthVer = "kratos"
$AuthKey = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
$orgId = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyy"
$query = @"
{
organization(id: "$orgId")
{
assets(first: 10000)
{
edges
{
cursor
node
{
agent
{
agentStatus
agentSemanticVersion
timestamp
}
host
{
hostNames
{
name
}
id
primaryAddress
{
ip
mac
}
isEphemeral
description
vendor
version
}
publicIpAddress
platform
}
}
}
}
}
"@
# Define the GraphQL endpoint URL
$graphqlEndpoint = "https://us.api.insight.rapid7.com/graphql"
# Create a JSON object with the query and any variables if needed
$requestBody = @{query = $query}
# Convert the request body to JSON
$jsonRequestBody = $requestBody | ConvertTo-Json
# Set the HTTP headers
$headers = @{
'Content-Type' = "application/json"
'X-Api-Key' = $AuthKey
'Accept-Version' = $AuthVer}
# Send the HTTP POST request
$response = Invoke-RestMethod -Uri $graphqlEndpoint -Method Post -Headers $headers -Body $jsonRequestBody
$count = 0
$AllDevices = @()
$R7Devices = @()
if ($response.errors -ne $null)
{
$response.errors.message
}
Else
{
#Loop though Rapid7 devices 10000 at a time till done
do
{
$count = $count + 1
if ($count -gt 1)
{
#Rewrite query but replace the third line
$lines = $query -split "`r`n"
$lines[3] = ("`t`t" + "assets(first: 10000, after: ""$LastCursor"")")
$query = $lines -join "`r`n"
#** Re-query to get more devices **
#-------------------------------------------------------------------
# Create a JSON object with the query and any variables if needed
$requestBody = @{query = $query}
# Convert the request body to JSON
$jsonRequestBody = $requestBody | ConvertTo-Json
# Send the HTTP POST request
$response = Invoke-RestMethod -Uri $graphqlEndpoint -Method Post -Headers $headers -Body $jsonRequestBody
#-------------------------------------------------------------------
}
$Cursor = $response.data.organization.assets.edges.cursor
$devices = $response.data.organization.assets.edges.node
#Get the last Cursor
$LastCursor = $Cursor[-1]
#All returned devices
$AllDevices = $AllDevices + $devices
}
while ($Cursor.Count -eq 10000)
#****************************************************************************************
#Create new Rapid7 object
$R7Devices = foreach ($device in $AllDevices)
{
#Format MacAddress
if ($device.host.primaryAddress.mac -ne $null)
{
$mac = $device.host.primaryAddress.mac -replace "-",":"
}
Else {$mac = ""}
#Format Timestamp
if ($device.agent.timestamp -ne $null)
{
#Get LastSeen Date
$dateTimeUtc = (Get-Date "1970-01-01 00:00:00").AddSeconds($device.agent.timestamp/1000)
#Convert to Eastern Standard Time
$convertDateTime = [TimeZoneInfo]::ConvertTimeFromUtc($dateTimeUtc, ([TimeZoneInfo]::FindSystemTimeZoneById("Eastern Standard Time")))
}
Else {$convertDateTime = ""}
[PSCustomObject]@{
id = $device.host.id
agentSemanticVersion = $device.agent.agentSemanticVersion
agentStatus = $device.agent.agentStatus
LastSeen = $convertDateTime
hostName = @($device.host.hostNames)[0].name
primaryAddress = $device.host.primaryAddress.ip
publicIpAddress = $device.publicIpAddress
mac = $mac
osversion = $device.host.description
vendor = $device.host.vendor
version = $device.host.version
isEphemeral = $device.host.isEphemeral
platform = $device.platform
}
}
#****************************************************************************************
}
#Remove blanks from the object
$filterR7Devices = ($R7Devices | Where-Object {$_.id -ne '' -and $_.id -ne $null})
#Writing results
$filePath = ((split-path -parent $MyInvocation.MyCommand.Definition) + "\")
$LogFile = ($filePath + "Rapid7_Export_" + (Get-Date -format yyyy-MM-dd_hh-mm-ss) + ".csv")
$filterR7Devices | export-csv -Path $logFile -NoTypeInformation
1 Like
@david_smith Can you send me these docs please David
Looks like the API was improved, and this query should return everything now.
$query = @"
{
organization(id: "$orgId")
{
assets(first: 10000)
{
edges
{
cursor
node
{
agent
{
agentStatus
agentSemanticVersion
collector
{
id
name
}
timestamp
}
host
{
hostNames
{
name
}
id
primaryAddress
{
ip
mac
}
isEphemeral
description
vendor
version
type
}
publicIpAddress
platform
location
{
city
continent
countryCode
countryName
region
}
}
}
}
}
}
"@
@david_smith Can you share the GraphQL api documentation with me as well? Might be super useful for us to explore capabilities that are not available in the normal API.
Can i have access to this as well, thanks
@david_smith I’d like to receive a copy of the GraphQL API documentation as well. Thanks.
Hi @dvd if you or any future visitors would like a copy of the GQL API docs please raise a support case