InsightVM API

info_cd28 · August 10, 2021, 1:28pm

Hello,

I am a system and network admin and I need to use the InsightVM API to fetch the assets scanned some time ago and delete them through my script.

My problem is that I never use an API so I don’t know how to use it

Do you have sample scripts that detail how to use the insightVM API?

brandon_mcclure · August 10, 2021, 3:38pm

https://help.rapid7.com/insightvm/en-us/api/index.html

{
    "match":  "all",
    "filters":  [
                    {
                        "field":  "last-scan-date",
                        "operator":  "is-earlier-than",
                        "value":  90
                    }
                ]
}

Tyler_Fleming · August 10, 2021, 4:46pm

import requests
import json
import urllib3 # Only to disable annoying SSL error
import os

#################################################################################
# Global Variables
#################################################################################

R7_BASE64= os.getenv('r7base64')
uri = 'https://<R7URL>/api/3/' # Base Rapid7 API Url
urllib3.disable_warnings() # Disables the certificate warnings

# Default header options, need to look into using API key versus Base64 of creds
s = requests.Session()
s.headers.update({
    'Accept': 'application/json',
    'Accept-Encoding': 'deflate,gzip',
    'Accept-Language': 'en-US',
    'Authorization': f'Basic {R7_BASE64}',
    'Content-Type': 'application/json', # required for POST requests
})

##################################################################################
# Functions
##################################################################################

# Simply searches Rapid7 with provided information and returns the AssetID
def AssetIDbyField(field, value):
    # This function will take the given value and use the given field to search.
    # Search Criteria Link: https://help.rapid7.com/insightvm/en-us/api/index.html#section/Responses/SearchCriteria
    searchFilter = {
        "match":"any",
        "filters": [{
            "field":f"{field}",
            "operator": "is",
            "value":f'{value}'
        }]
    }
    r = s.post(f'{uri}/assets/search', json=searchFilter, verify=False)
    data = r.json()
    assetID = data['resources'][0]['id']
    return assetID

All you then have to do is make sure you have the username:password encoded to base64 as the environment variable.

os.getenv(‘r7base64’)

ss153152 · January 5, 2023, 2:31am

how do you end the connection? Shouldnt it be a while loop?