I would like to run single-asset scan via API (v3) RESTful, similar to manual scan from the console. OR Is it only possible to run a scan of a site with scope including the asset?
Hello 991842!
You can actually leverage the “Scan” action within the insightVM plugin to kick off a scan for a specified site ID. Because within insightVM, assets have to exist within a site, you’ll need a site ID; Luckily, there’s an optional “hosts” parameter which allows you to provide an array of IP addresses / hostnames to scan the site with.
Please note: that it is indeed optional and neglecting to enter anything within the hosts field will scan the entire site.
Now if you wanted to change settings for things that AREN’T in that particular plugin, you can always leverage the http-requests plugin along with the insightVM documentation here:
https://help.rapid7.com/insightvm/en-us/api/index.html#operation/startScan
Which will let you specify options such as templates, and engines as well!
Hope this helps!
2 Likes
Thank you @hyron_harrison. I really appreciate your help. I was able to leverage the http-requests and specify the query params as you suggested above.
1 Like