ss153152
January 11, 2023, 6:30pm
1
Here is part of my code, it brings back over 40,000 assets, but should only bring back 2
def _internal_Servers_running_f5():
internal_Servers_running_f5 = {
"asset": "asset.groups NOT IN ['ext pub dmzs', 'ext pub facing']",
"vulnerability" : "vulnerability.cveIds IN ['cve-2020-5902']"}
headers = _headers()
url1 = f"https://us.api.insight.rapid7.com/vm/v4/integration/assets?&size=50"
resp = requests.post(url=url1, headers=headers, json=internal_Servers_running_f5, verify=False).json()
has_next_cursor = True
nextKey = ""
totalpage = resp["metadata"]
totalpage = str(totalpage)
count = 0
results = []
while has_next_cursor:
with requests.Session() as session:
url2 = f"https://us.api.insight.rapid7.com/vm/v4/integration/assets?&size=50&cursor={nextKey}"
s = requests.Session()
backoff_factor=0.3
retries = Retry(total=10, backoff_factor=backoff_factor, status_forcelist=[ 502, 503, 504 ])
s.mount(url2, HTTPAdapter(max_retries=retries))
s = s.post(url=url2, headers=headers, json=internal_Servers_running_f5, verify=False)
#Print status code
print(s.status_code)
could someone tell me why the api doesnt bring back the same data?
For some reason, the search terms youre specifying arent being applied so its just returning ALL assets.
The specific keys used in the query builder might not be using the same name in the API when trying to write the same query.
ss153152
January 11, 2023, 7:36pm
4
Thanks… so the same data cant be returned from the api…? This is disappointing
ss153152
January 11, 2023, 7:47pm
5
How do i know which keys are supported…?
You can return most of the same fields but Asset Groups for example is not one of them. To see the available fields, check the v4 API docs here: InsightVM Cloud Integrations API
For the POST asset Search or Search Vulnerabilities you can expand out the example response which shows all of the available fields.
To get around the option of not being able to key in on Asset Groups you can use Tags instead.
So you’re body should look more like this:
{
"asset": "tags NOT IN ['ext pub dmzs', 'ext pub facing']",
"vulnerability": "cves IN ['CVE-2020-5902']"
}
assuming of course that you create corresponding tags to the existing asset groups
1 Like
ss153152
January 11, 2023, 9:06pm
7
sorry, let me double check on the tags…
ss153152
January 11, 2023, 9:32pm
8
I dont think its picking up the CVE ID check, its returning all assets from my internel servers tag…
def _internal_Servers_running_f5():
internal_Servers_running_f5 = {
"asset": "tags IN ['internal servers']",
"vulnerability": "cves IN ['CVE-2020-5902']"}
headers = _headers()
url1 = f"https://us.api.insight.rapid7.com/vm/v4/integration/assets?&size=50"
resp = requests.post(url=url1, headers=headers, json=internal_Servers_running_f5, verify=False).json()
print(resp)
has_next_cursor = True
nextKey = ""
totalpage = resp["metadata"]
totalpage = str(totalpage)
count = 0
results = []
I see, I’m testing against my own lab as well and it doesn’t look like the field is working for me either. That is certainly the right field to query against with that value being accurate. You can see by testing it against the POST Search Vulnerabilities.
Let me reach out to the Dev team to understand why that parameter is being ignored.
1 Like
ss153152
January 11, 2023, 10:04pm
10
sorry, still checking, appreciate anything you can look at!
it is bringing back assets, but it is not matching up and bringing more back then insightvm
ss153152
January 12, 2023, 9:13pm
12
Now it seems i am getting 504 messages on commands that used to work and i cant bring back any data successfully, is there an issue with the api?
ss153152
January 17, 2023, 9:22pm
14
I cant seem to run this query…
def _3rd_party_patching_desktops():
desktop_third_party_patching_filer = {
"asset": "os_vendor CONTAINS 'microsoft' && asset.agentKey IS NOT NULL",
"vulnerability" : "vulnerability.categories NOT IN ['microsoft patch']"}
is there an alternate method for vulnerability categories?
