InsightVM Scan 1 endpoint

hchoi · July 31, 2024, 8:05pm

Hello everyone,

We are trying to build a workflow to scan 1 asset from InsightVM via Slack.

The documentation suggests creating 1 new site that contains ALL endpoints, which is not the route we want to take.

The “Scan” plugin requires ‘SiteID’ and the ‘hostname/IP’. So I have tried to extract the ‘SiteID’ value from the ‘Asset Search’ plugin, but the output did not have any information as to which site the endpoint belongs to…
Listing the sites also does not list the assets, only displays the number of assets each site has.

How could we extract the siteID of an asset from InsightVM?

brandon_mcclure · August 1, 2024, 11:20am

Assets can also be in multiple sites, and then it would be listed as global

hchoi · August 1, 2024, 4:22pm

Hello,

Good info? But does not really answer the question.

brandon_mcclure · August 1, 2024, 4:37pm

Sorry, but that was also my issue. I wasn’t able to pull the site, or at least an array of sites.
The single site with all assets was the answer I also got

hchoi · August 1, 2024, 4:45pm

Were you able to list all the asset names from a site?

brandon_mcclure · August 1, 2024, 4:50pm

/api/3/sites/{id}/assets then loop though and pull the asset id to see the name /api/3/assets/{id}

hchoi · August 1, 2024, 4:57pm

I can retrieve Asset ID using the ‘Asset Search’ Plugin, but what I want to find is the ‘SiteID’ value for the endpoint, because the ‘Scan’ plugin requires the ‘SiteID’ for the endpoint we want to scan.

brandon_mcclure · August 1, 2024, 5:01pm

do a HTML Request to /api/3/sites/{id}/assets
loop through the results and inside your loop call the get asset
Put the output of the look as an array of hostnames.

I don’t see the options in the plugin, so you have to use the REST API

0_is_an_acceptable_vulnerability_count · August 2, 2024, 6:37am

How could we extract the siteID of an asset from InsightVM?

Poll /api/3/sites to retrieve all sites - the array “resources” that is returned contains the id number for each site. If you want to associate a specific asset to a site, more API calls are needed. I will refer to the ID for a single site, from this call, as site_id here.

Then get the assets in each site with /api/3/sites/site_id/assets (note that this is a paged API call, and requires handling page, size, sort for any reasonable implementation). Again inside the “resources” result is an array of items. I will refer to these as asset_items

For each item in asset_items, you can retrieve the hostName, ip, risk, etc. and the id of the asset. If you have already found the asset ID, and it shows up in here, you now know which site_id the item is in.

Put another way, with invalid code;

GET /api/3/sites | Foreach resources as site {
GET /api/3/sites/{site.id}/assets | Foreach resources as asset {
If {asset.id} == {knownAssetId} {
return “Found {asset.id} in site {site.id}”
}
}
}