InsightAppSec API Examples

InsightAppSec API
1

For those who are eager for a deeper dive into the InsightAppSec API, we’ve got a brand new InsightAppSec API Examples project that we wanted to share. The project is a public repo that’s full of lots of good stuff for everyone regarding usage of the InsightAppSec API, including:

  • Getting started with the API - a complete beginner’s guide
  • Simple endpoint examples - walkthroughs for calling API endpoints in Python and PowerShell
  • Automation with the API - for those wanting some more advanced API solutions

The API examples step through various aspects of making an API call from start to finish. This includes more basic things like constructing the API URL:

region = "us"
api_url = f"https://{region}.api.insight.rapid7.com/ias/v1/"

As well as walkthroughs for specific endpoints. Here’s a little excerpt from our Search endpoint walkthrough that shows building an example body with a query:

body = {
         "type": "VULNERABILITY",
         "Query": "vulnerability.scans.id='00000000-0000-0000-0000-000000000000'"
       }

If you ever want to look over all the API endpoints, the InsightAppSec API documentation is always available at https://help.rapid7.com/insightappsec/en-us/api/v1/docs.html.

The automation solutions in the project are designed to be flexible and usable right out of the box. If you want to automate the generation of reports for your applications, the InsightAppSec Reporting solution makes it pretty simple. Configure the apps and scan configs you want reports for, and you’re good to go.

report_config:
  - app: Application 1
    scan_config: Scan Config 1
  - app: Application 2
    scan_config: Scan Config 2

Beyond providing functionality that works from the get-go, these automation solutions are also intended to serve as examples for how you can best leverage the API. There’s plenty more you can do with it, so look to these for inspiration or modify them to better suit your environment.

We’d love for folks to explore the project and let us know any thoughts or feedback on it. We also encourage everyone to freely share their own InsightAppSec API tips, tricks, and other examples in this thread so we can continue to learn from one another.

3 Likes