Not able to generate and download the report using API in curl

onkar_jog · January 27, 2021, 11:07pm

I have created a report using API in the below curl command:

curl -k -vvv --location POST “/api/3/reports/" -H “Content-Type: application/json” --user ":***” -d “{“severity”:“all”, “scope”:{“assets”:[23]}, “name”:“test-scan-report-5”, “template”:“basic-vulnerability-check-results”, “format”:“csv-export”}”

Output:

{
“links” : [ {
“href” : “/api/3/reports",
“rel” : “self”
}, {
“href” : "/api/3/reports/13570”,
“rel” : “Report”
} ],
“id” : 13570

Next step is to generate this report. I am using the below API/curl command for this:

curl -k -vvv --location POST “/api/3/reports/13570/generate" -H “Content-Type: application/json” --user ":***”

Output:

“status” : 405,
“message” : “The requested operation is not supported on this resource. Perform an OPTIONS request on *** to see available operations.”

Used the below command to check available options:

curl -k -vvv -X OPTIONS --request-target '’ --location "/api/3/reports/13570/generate" -H “Content-Type: application/json” --user ":**"

And looks like POST is allowed:

< HTTP/1.1 200 OK
< Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS

Any idea why it is not working?

Next step is to get report history instance ID and download the report. But I am also not able to get the history instance ID of this report. The below command returns nothing:

curl -k -vvv --location GET “/api/3/reports/13570/history" -H “Content-Type: application/json” --user ":***”

Output:

{
“resources” : [ ],
“links” : [ {
“href” : “***/api/3/reports/13570/history”,
“rel” : “self”
} ]
}

Appreciate any help!

zyoutz · January 27, 2021, 11:29pm

@onkar_jog Not sure if it was a copy/paste issue, but did you make sure the -X option was used when running the report generation to define the POST method?

I just used a lab environment and was able to run the following curl requests to create and generate the report with the same payload you provided:

> curl -k -XPOST https://<IP OR HOST>:3780/api/3/reports -H "Content-Type: application/json" --user "<USERNAME>:<PASSWORD>" -d '{"severity":"all", "scope":{"assets":[23]}, "name":"test-scan-report-5", "template":"basic-vulnerability-check-results", "format":"csv-export"}' 

# Using recently created report ID
> curl -k -XPOST https://<IP OR HOST>:3780/api/3/reports/566919/generate -H "Content-Type: application/json" --user "<USERNAME>:<PASSWORD>"

We also have an example Python script for bulk extracting data from the console that might be handy for you. Would likely need modified for your needs but could be a good starting point:

onkar_jog · January 28, 2021, 6:00pm

@zyoutz Yes, -X did the trick. Funny that it does not require the -X when creating or downloading the report, but requires it when generating it.

Yes, I did look at the python script.

Thank you so much for your help!