Is there a way to list sites and/or assets which are using/used speicifc scan templated?

vm1 · May 4, 2023, 5:02am

I’ve specific scan template. I need to know which site is configured to use it and which are all the assets are scanned by this template. How do I find this this information. I’m checking through console, but I cannot filter it.

brandon_mcclure · May 4, 2023, 1:47pm

If you can use the RESTful API, you can probably pull this using
https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getScanTemplate

Without trying I’m guessing https://help.rapid7.com/api/3/scan_templates/{id}/sites

john_hartman · May 4, 2023, 8:49pm

other way around actually:
/api/3/sites/:id/scan_template
^ That would give you the default scan template for each site but that doesn’t guarantee that it’s the scan template being used for every scan.

To see the scan template used for scheduled scanning you would need to check here:
/api/3/sites/:id/scan_schedules
^ That would list out the scan template id (which is usually a textual representation of the actual template name.

With a little bit of scripting you could do a GET call to grab the site_id of each site and feed it to a list then do all those other GET calls for each id to see what templates are being used.

vm1 · May 9, 2023, 8:54am

I’ve worked with Insight Platform. But interacting with VM Console is new to me. I’m finding issue connecting to console via API, authenticate. Below is my sample request attempted. And also I do not see port 3780 on the console.
Thanks in advance.

GET /api/3/scan_templates HTTP/2
Host: myconsole.com
User-Agent: curl/7.86.0
Accept: /
Authorization: mybase64encodeduser:pass
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

john_hartman · May 9, 2023, 12:56pm

By default, 3780 is the database port used by InsightVM. You can check this by going to Administration > Manage Web Server Settings > Web Server Port

If this is still set to 3780 then you need to specify that in the request:

vm1 · May 9, 2023, 4:00pm

would you mind giving a sample curl request for API to VM Console.

john_hartman · May 9, 2023, 7:53pm

curl --location 'https://<my console ip>:3780/api/3/sites/5/scan_template' \
--header 'Accept: application/json;charset=UTF-8' \
--header 'Authorization: Basic <base64 of username:pass>'

for me the 5 above is the site id of the site I’m trying to check.
I think you might just be missing the word Basic in front of your base64.