Can I download the CSV report from InsightVM Console using API?

mmiyoshi · November 2, 2021, 11:20am

dim_asset and so on.
I don’t understand even if I read “INSIGHTVM API (V3)”.
Reference is “Report” page ?
But “Report Download” is only “history”.

Downloading is only “JSON” format ?

Thanks

steve_passino · November 2, 2021, 12:16pm

Yes - you can use the API to download a report from the console. You need the report id number you wish to download, which you can obtain a few different ways. The /api/3/reports api endpoint provides that number in the id field, for example, I have a report called agent uuid on a console and looking at the api/3/reports endpoint, I see the following :

"format" : "sql-query",
"frequency" : {
  "type" : "none"
},
"id" : **53**,
"language" : "en-US",
"links" : [ {
  "href" : "https://insightvm-con:3780/api/3/reports/53",
  "rel" : "self"
}, {
"name" : "**agent uuid**",

The report ID is 53 for this particular report. You can then pull the latest run of that report using the following endpoint : /api/3/reports/#{repid}/history/latest/output" - where #{repid}=53
The report is downloaded in whatever format it was created, in this example it would download as csv.

A more obscure way of obtaining the report id is to go to the report section of the console - right click on the report you are interested in and go to history. Hover over the date of the report you wish to download and in the lower left you see a hyperlink. In this screenshot - note 00000035 - that is the report id number in hex (convert 00000035 to decimal = 53).

mmiyoshi · November 4, 2021, 6:13am

Steve-san

Hello

Thank you very much.
I see “histroy” part.
I’ll try it.

Thanks

steve_passino · November 4, 2021, 3:28pm

Your welcome…one thing to point out - if you want to get the last report that was run for a particular report_id - use GET against the following endpoint : /api/3/reports/<report_id>/history/latest/output
That will return the latest run of the specified report id.

mmiyoshi · November 5, 2021, 3:56am

steve-san

Hello

Try it.
But not work well.
“curl: (56) Received HTTP code 503 from proxy after CONNECT”
I think Authenticate Failed.

Is it the correct API coding?

via Proxy

Two Factor Authentication Token

Global Administrator role

username & password using SHA256 Endocing

API cmd

curl -i -x {xxx.xxx.xxx.xxx:8080}
-H “Authorization: Basic {username}:{password}”
-H “Token:{AAAA BBBB CCCC DDDD}”
-X GET https://{yyy.yyy.yyy.yyy}/api/3/reports/{3}/history/latest/report.csv

GUI Report source code

#1 for wget etc
#2 reportID
#3 target alias name

GUI Report history

report
#4 target alias name
#5 for wget etc

Refer: “wget” was timeout. Perhaps, “Two Factor Authentication Token” is influencing
wget -e HTTP_PROXY={xxx.xxx.xxx.xxx:8080}
–http-user={username}
–http-passwd={password}
‘https://{yyy.yyy.yyy.yyy}/reports/{00000008}/{00000003}/report.csv’

Thanks

steve_passino · November 5, 2021, 1:06pm

Thank your for the detail… I noticed a couple of items.

The api uses basic auth
The endpoint you have in the example is not correct.

I don’t have a proxy to test with, but I do have a test console so I set up a report and see that the report id is 700 for the report I wish to download.

To use curl to download the above example, I use the following command

curl --remote-name -s -u steve -s -S -k --insecure --request GET --url https://insightvm-con:3780/api/3/reports/700/history/latest/output --header ‘cache-control: no-cache’ --header ‘content-type: application/json’
Enter host password for user ‘steve’:

steve@docker:~$

Note that the filename is not specified in the endpoint link - and with the above example, it placed the report into a file called output in the same directory:

steve@docker:~$ ls -l output
-rw-rw---- 1 steve steve 41482 Nov 5 09:00 output

If you remove the --remote-name switch from the curl command - the contents of the report file would appear as standard output and scroll down the terminal window…
Hope this helps.