Hello! I am a very new user to InsightVM (was tasked to jump in at begining of summer) so I am learning (stumbling) as I go.
Scenerio, we have monthly scans of certain applications (the infrastructure assets that make up the app). Lets say now I have 10 apps they want to scan all the assets in each one monthly. Each application I created a test site and a production site. The assets were gathered and added though different manual processes.
So lets say I have 20 sites that have to verify the assets have not changed each month before the next scan is run.
I am still looking for a good way to do this.
I am not yet familiar with running any queries or access to running API.
Does anyone have a similar siutation how are they staying current. My current thought is copy paste each asset list to email to send to owners but this make me want to cry.
Thank you
Sari
1 Like
@jennifer_linker_felman Easy mode would be to just make a custom SQL report and set it up to run on a schedule to email to each owner. If all the owners are okay with seeing each others targets, then you could do it all in one shot. Or build each owner a report for their site or sites.
Build a report using the sql below you can add one or more sites just add them in the in().
Then in the report distribution then just add the owners email and schedule
NOTE: Nexpose groups the targets to a network ranges. And converts CIDR to network ranges. If you are currently doing a cut and paste from the site targets this. should be the same.
Example 1: One Target Per Line
select name, target from dim_site_target
join dim_site using (site_id)
where included = true and name in('site1','site2')
Example 2: All targets on one line
select name, csv(target) as targets from dim_site_target
join dim_site using (site_id)
where included = true and name in('site1','site2')
group by name
3 Likes
Thanks @troy_newcomb Ill have a look, I have a lot of catchup and learning to do with this tool in general (just was dropped in my lap around july) also might need to brush up on some SQL 
1 Like
If you happen to be looking for some SQL resources, you can check here and here to see what our data model looks like. It makes it easier to figure out what tables you’re working with and what info you have available to pull.
We’ve also got a list of example SQL queries that can serve as a good starting point. Just scroll down on the left-hand menu and you’ll see a list of them there. 
@jennifer_linker_felman if your assets are part of Active Directory, you can create discovery connections and link OU with the sites. That’s how your assets will be automatically added to the sites without manual efforts.
The only draw back is once your assets is decommissioned you will need to remove it from the site manually. In a way it’s good thing - at least you will be aware that which all assets are getting decommissioned.
Reference : Discovering Assets managed by Active Directory | InsightVM Documentation (rapid7.com)
Let me know if this helps…
Thanks all . Its been a good and bad thing to be tossed into the deep end with no life vest in this tool.
1 Like
Thanks Troy I was finally able to test this out and worked well.
Now just have to figure out if I can have the csv renamed, and or the email subject I send customized, more searching here I go
Still looking for a way to change
-the email subject
-the file name
If anyone knows if this is possible love to know how/what i am missing
thanks!
jennifer
@jennifer_linker_felman that would require some external automation as far as I know.
Two thoughts on how to make that happen:
1 Build a script to run the reporting and do the email. (build repot, run the report, wait til finished, download, email)
2 Set the report config to save to disk on your console then make a script to pick it up and email it out.