Client getting 404 adding engine via api

Looking for assistance when adding a scan engine with via the API:

PUT https://<CONSOLE_HOST>:3780/api/3/scan_engines/73
{
    "address": "<IP_ADDRESS>",
    "id": 73,
    "name": "new_pp_engne_to_console_1",
    "port": "0"
}

--------------------Response - Body ---------------------
{
    "status": 400,
    "message": "There are 2 errors with the input or parameters supplied. Correct all 2 errors and resubmit the request.",
    "messages": [
    "The property 'port' must be an integer value greater than or equal to 1 and less than or equal to 65535.",
    "The values in 'address' and 'port' are reserved by an existing scan engine."
    ],
    "links": [
    {
    "href": "https://<CONSOLE_HOST>:3780/api/3/scan_engines/73",
    "rel": "self"
    }
    ]
}

Additional notes:

  • Prefer to add engine via API to manage engine naming.
  • Reversed paired thus the value for the port 0 is applied. This is what is causing the failure.

:wave: To create a scan engine, you’ll want to use the POST endpoint on /api/3/scan_engines. For the port you can use 40814 since that is the port for console to engine communication and -1 for the ID since it will be created by the console.

One more important thing, the console MUST be able to connect to the engine for the request to be successful (same as with adding one via the UI).

Let me know if that gets you going!

3 Likes

Advising client of your advise. Will let you know results.

Hi Tyler,

Client is reversed paired. As such he is highlighting the following:

“I already mentioned in the meeting about the engine to console pairing that we’ve. Do let me know if you want to discuss it again.
We are moving from the console to engine pairing as part of our VPN less solution.”

Am I to tell him to enter 40814 even though he is entering 0?
And if so, why?

If they are using an engine to console pairing direction, I would refer to this post which outlines that process end to end: Orchestrating InsightVM Scan Engine Deployment

In the case of engine to console, the engine will automatically be added to the console when it attempts to connect. To automatically finish the pairing process, the engine can be provisioned with a shared secret that was retrieved from the console prior, or the engine can be approved on the console. There is no API endpoint to approve an engine in the engine to console pairing direction, so the only fully automated way is for the engine to be configured with the shared secret.

2 Likes

Thank you. The client feels this did not answer his question.
Below is his question again.

Engine to Console pairing

Scenario 1

----------------------------------- Here is the API request --------------------------------

PUT “URLAddress”

{

“address”: “IPAddress”,

“id”: 73,

“name”: “Trying to update the engine name”,

“port”: “40815”

}
----------- Response -----------------
The pairing changes to Console to engine and the connection is never established. Why does the pairing get changed?

Scenario 2 -

----------------------------------- Here is the API request --------------------------------

PUT “URLAddress”

{

“address”: “IPAddress”,

“id”: 73,

“name”: “Trying to update the engine name”,

“port”: “0” – The port is changed to “0” and nothing happens.

}
----------- Response -----------------

--------------------Response - Body --------------------- {

“status”: 400,

“message”: “There are 2 errors with the input or parameters supplied. Correct all 2 errors and resubmit the request.”,

“messages”: [

“The property ‘port’ must be an integer value greater than or equal to 1 and less than or equal to 65535.”, “The values in ‘address’ and ‘port’ are reserved by an existing scan engine.”

],

“links”: [

{

“href”: “URLAddress”,

“rel”: “self”

}

]

}

I would recommend escalating this as this endpoint does not appear to function as documented. I’m not sure that there is a way to facilitate the action that they are wishing to perform at this time.