So you’re using the Query Builder as your example here which has a different syntax than what the console uses. You’re using the console API which is probably where the confusion lies.
What you have built into your API call is pulled directly from the Filtered Asset Search on the console so the field you’re most likely looking for is
If you save that search then do a GET request for that asset group you can get the exact specifics on the JSON you need to put into your request. For example mine looks like this:
So that would get you what you want if you want to continue grabbing the info through the Console API. Alternatively you could just switch to the InsightVM Cloud Integrations API and more or less copy and paste your current search from Query builder.
When it comes to the Searches in the v3 API, there is a section called “Search Criteria” in the Reponses part of the documentation which will show you exactly what fields you can search on, and what operators can be used on them.
If you use the v4 cloud API, then you just need to use an API key for authorization. Then, use the POST action Search Assets. There, you would use the queries for the query builder in the search criteria.
do i have to wait a couple hrs beefore its replicated to the cloud? i mean its already generated from the cloud but im getting unauthorized
i just created a new key 10 minutes ago and i cant authorize
You don’t need to base64 encode the api key, if you’re getting a 401 then it could be the user account that created the API key did not have the proper permissions if the account was not an admin.
So i got connected to the insight vm, however, my filter isnt working quite right. I am getting 49,642 assets back, when i should be getting back 24878
Your request body in the variable ‘payload’ is not correct.
The request body Schema according to the documentation is an ‘asset’ part and a ‘vulnerability’ part. The 3 asset search filters you have go in the ‘asset’ part as one string, and the final filter for vuln.category NOT IN [‘microsoft patch’] goes in the ‘vulnerability’ part