dim_asset and so on.
I don’t understand even if I read “INSIGHTVM API (V3)”.
Reference is “Report” page ?
But “Report Download” is only “history”.
Downloading is only “JSON” format ?
Thanks
dim_asset and so on.
I don’t understand even if I read “INSIGHTVM API (V3)”.
Reference is “Report” page ?
But “Report Download” is only “history”.
Downloading is only “JSON” format ?
Thanks
Yes - you can use the API to download a report from the console. You need the report id number you wish to download, which you can obtain a few different ways. The /api/3/reports api endpoint provides that number in the id field, for example, I have a report called agent uuid on a console and looking at the api/3/reports endpoint, I see the following :
"format" : "sql-query", "frequency" : { "type" : "none" }, "id" : **53**, "language" : "en-US", "links" : [ { "href" : "https://insightvm-con:3780/api/3/reports/53", "rel" : "self" }, { "name" : "**agent uuid**",
The report ID is 53 for this particular report. You can then pull the latest run of that report using the following endpoint : /api/3/reports/#{repid}/history/latest/output" - where #{repid}=53
The report is downloaded in whatever format it was created, in this example it would download as csv.
A more obscure way of obtaining the report id is to go to the report section of the console - right click on the report you are interested in and go to history. Hover over the date of the report you wish to download and in the lower left you see a hyperlink. In this screenshot - note 00000035 - that is the report id number in hex (convert 00000035 to decimal = 53).
Steve-san
Hello
Thank you very much.
I see “histroy” part.
I’ll try it.
Thanks
Your welcome…one thing to point out - if you want to get the last report that was run for a particular report_id - use GET against the following endpoint : /api/3/reports/<report_id>/history/latest/output
That will return the latest run of the specified report id.
steve-san
Hello
Try it.
But not work well.
“curl: (56) Received HTTP code 503 from proxy after CONNECT”
I think Authenticate Failed.
Is it the correct API coding?
curl -i -x {xxx.xxx.xxx.xxx:8080}
-H “Authorization: Basic {username}:{password}”
-H “Token:{AAAA BBBB CCCC DDDD}”
-X GET https://{yyy.yyy.yyy.yyy}/api/3/reports/{3}/history/latest/report.csv
#1 for wget etc
#2 reportID
#3 target alias name
#4 target alias name
#5 for wget etc
Refer: “wget” was timeout. Perhaps, “Two Factor Authentication Token” is influencing
wget -e HTTP_PROXY={xxx.xxx.xxx.xxx:8080}
–http-user={username}
–http-passwd={password}
‘https://{yyy.yyy.yyy.yyy}/reports/{00000008}/{00000003}/report.csv’
Thanks
Thank your for the detail… I noticed a couple of items.
I don’t have a proxy to test with, but I do have a test console so I set up a report and see that the report id is 700 for the report I wish to download.
To use curl to download the above example, I use the following command
curl --remote-name -s -u steve -s -S -k --insecure --request GET --url https://insightvm-con:3780/api/3/reports/700/history/latest/output --header ‘cache-control: no-cache’ --header ‘content-type: application/json’
Enter host password for user ‘steve’:steve@docker:~$
Note that the filename is not specified in the endpoint link - and with the above example, it placed the report into a file called output in the same directory:
steve@docker:~$ ls -l output
-rw-rw---- 1 steve steve 41482 Nov 5 09:00 output
If you remove the --remote-name switch from the curl command - the contents of the report file would appear as standard output and scroll down the terminal window…
Hope this helps.