Hello!
I was wondering if it is possible to export the agents data we get from the platform when we go in Data Collection>Agents>export csv, but to do it from the console. The platform csv contains the fields Agent ID Hostname Status Public IP Address IP Address (Primary) MAC Address (Primary) Agent Version Operating System Connection Path Last Seen Asset Type City Region Country Code Continent.
Some of those fields are in the console schema, but not all of them.
Does anyone know if it’s possible to export that in sql query from the console?
or is it possible to schedule a weekly report from the export we get from the platform?
Maybe not all, but some of them you could get them using the SQL querys, I attach you the asset schema in order to check the avaliable fields.
Furthermore here is a query to get Agent-Versions, maybe you can adapt it to get additional fields.
SELECT
da.sites AS "Site_Name",
da.ip_address AS "IP_Address",
da.mac_address AS "MAC_Address",
da.host_name AS "DNS_Hostname",
ds.vendor AS "Vendor",
ds.name AS "Software_Name",
ds.family AS "Software_Family",
ds.version AS "Software_Version",
ds.software_class AS "Software_Class"
FROM
dim_asset_software das
JOIN dim_software ds ON das.software_id = ds.software_id
JOIN dim_asset da ON da.asset_id = das.asset_id
WHERE
ds.name = 'Rapid7 Insight Agent'
ORDER BY
ds.name ASC
Hi, yes, thanks, those were the fields i knew i had (although i still dont have the data warehouse).
In parallel i raised a ticket asking where i could get the agent info in the console and this is what i got:
"The assets with agents installed are automatically placed into the Insight Agent site on the local console. However this will only show asset details.
The agents can also be queried on the platform using asset.lastAgentConnectionTime (The date and time of the last connection made by the agent) or asset.agentKey (The Agent ID).
The details about the agents themselves are only stored in the Data Collection Management page, as they are used in multiple products (IVM and IDR) therefore are not unique to the local IVM console." (thought of sharing in case you got curious)
