Initiate a rescan through POST API

InsightVM API
1

How do people usually kick off a rescan of a specific site and asset? I have tried the POST /api/3/sites/{id}/scans and get a 406 error. I opened up a support ticket and they said APIs are out of their scope for help (and then asked me if that helped- what a joke). I have the correct authentication set up, have the correct ‘Accept’ Headers, have tried no body (scan everything at a specific site) and have tried to specify a body following their documentation. When I GET /api/3/sites/{id}/scans i get all the right information. I think their POST api is broken. Anyone else run into this error, or start scans some way else? Ive seen this article 406 Not Acceptable Error during Post API Request - the issue isnt with my accept headers I think. Do I need to do something to enable that API from the admin console or need a specific license?

2

Yes, I can kick off a scan via POST, a couple of things to double check:

  1. you are using the ContentType of application/json
  2. your body contains all the correct info, e.g.
    {
    “engineID”:<Scan Engin ID>,
    “hosts”:["<Host IPs if you are scanning specific Hosts>"],
    “name”:"<The label of the scan to show up in the history>",
    “templateId”:"<The name of the Scan Template to use>"
    }
3 Likes
3

Hey @bill_heisler, a quick way to see what might be going on here is with a modified curl command to make sure the simplest amount of data works as intended. You could start with something like this:

curl -k -XPOST 'https://<CONSOLE HOST OR IP>:<CONSOLE PORT>/api/3/sites/<SITE ID>/scans' \
--header 'Content-Type: application/json' \
--user <CONSOLE USER>:<CONSOLE PASSWORD> \
--data-raw \
'{
  "engineId":3,
  "hosts":["hostname", "127.0.0.1"],
  "name":"Scanning site for list of hosts",
  "templateId":"full-audit-without-web-spider"
}'

You’ll want to make sure the console host/ip, port, username, password, and site ID in question are all updated for your environment. I just tested this on a lab console with the latest version and it results in a response similar to the following:

{
  "links" : [ {
    "href" : "https://<CONSOLE HOST OR IP>:<CONSOLE PORT>/api/3/sites/<SITE ID>/scans?overrideBlackout=false",
    "rel" : "self"
  }, {
    "href" : "https://<CONSOLE HOST OR IP>:<CONSOLE PORT>/api/3/scans/617",
    "rel" : "Scan"
  } ],
  "id" : 617
}

Since all of these fields are optional you can remove the json payload all together and it will run a scan against the entire site with the default engine, scan template, etc.

Hope this helps!