Using API or SQL to get info from remediation projects

Hello,

This might’ve been addressed in another topic, but I couldn’t find it.

Is there a way to export information from the existing remediation projects (via API or SQL query)? I know I can go into the GUI and export via CSV, but we’d rather do it programmatically to build scripts that interact with our patching system.

A good starting point would be to export all solutions titles from a given remediation project.

Thanks!

4 Likes

Hi @pedro_queiros, there is not a programatic way for retrieving remediation projects information today. I’ll pass this post along internally though. :slightly_smiling_face:

2 Likes

Hi,

This would be extremely useful. Also notice that api endpoints already exist as the dashboard itself refers to ‘/ea/ra/api/2/project/[id]/remediation/[id]/solution’ to retrieve the data, and the only issue in getting there by code is the authentication.

Did this get into the features queue?

Thanks

3 Likes

Any updates on this?

It’s been 2 years now, I’m guessing no progress so far.

Unfortunately the latest API available for InsightVM is still API (v3) InsightVM API (v3)

This does not include remediation projects of course. However we are still in the process of moving to a cloud native architecture for IVM which I believe will come with a new API that includes the cloud components.

I’d also be interested in retrieving remediation project info programmatically. Given how central the remediation project concept is to InsightVM overall, and how extensive the API is in other areas, I was surprised that this isn’t already possible.

An immediate use case: we have a weekly senior management meeting where vulnerability/remediation numbers are presented and discussed. It would be useful to automatically pull numbers and send them to the presenting manager overnight so that the data is in their inbox the morning of the meeting ready to drop into their slide deck, rather than several people pulling numbers by hand once a week.

What’s really unfair is that we are paying a good amount of money to R7 and a we can’t do such a simple task (like retrieving our local remediation projects via API).

I think we are going to build a web crawler in the meantime, still, 2 years and no response, feels like this is actually not being worked on at all.

1 Like

Summary

Request

GET /ea/ra/api/2/project/_summary 
Host: eu.exposure-analytics.insight.rapid7.com

Response body

{"meUuid":"--user--1","numProjects":xxx,"numOpenProjects":xxx,"numClosedProjects":0,"numExpiredProjects":xxx,"numOwnedMeProjects":xxx,"numAssignedMeProjects":0}

Remediation Projects

Request

GET /ea/ra/api/3/project HTTP/1.1
Host: eu.exposure-analytics.insight.rapid7.com

Response

"content":[{"projectUuid":"xxx","title":"xxx","completedRemediations":xxx,"totalRemediations":xxx,"originalRemediations":xxx,"removedRemediations":xxx,"addedRemediations":0,"totalRisk":xxx,"remainingRisk":xxx,"acceptedRisk":xxx,"dueOnTime":x,"numAssets":xxx,"completedAssets":xxx,"incTotalAssets":xxxx,"incCompletedAssets":1,"ownerUuid":"--user--1","ownerName":"xxx","assignees":[{"active":true,"email":xxx,"userFullName":"xxx","userName":"xxx","userUuid":"xxx"}],"status":"EXPIRED","createdOn":xxx,"createCompletedTime":xxx,"createProgress":xxx,"type":"STATIC","projectVisibility":{"showAssetIp":true,"showAssetOs":true,"showAssetName":true},"progress":xxx,"emptyRemediatedAssets":0,"ticketingActive":false,"serverActive":false,"projectScope":{"assetCount":xxx,"queries":["vulnerability.cveIds IN ['CVE-2016-6195']||... 0545']||vulnerability.cveIds IN ['CVE-2021-44228']"],"queryId":null},"incrementalProgress":xxx,"remainingTime":xxx},

Remediaton Details
Request (PROJECTUUID from previous request)

GET /ea/ra/api/2/project/[PROJECTUUID]/remediation HTTP/1.1
Host: eu.exposure-analytics.insight.rapid7.com

Response body Snippet

"content":[{"remediationUuid":"xxxx","projectUuid":"xxx","solutionUuid":"apache-httpd-upgrade-latest","numAssets":xxx,"completedAssets":xxx,"unresolvedVulns":xxx,"assigneeName":xxx,"assigneeUuid":xxx,"riskReduction":xxx,"status":"OPEN","statusComment":xxx,"actions":null,"tickets":[],"summary":"Upgrade to the latest version of Apache HTTPD"},{
1 Like

Thank you!!! What would be the authentication method? I’ve tried InsightVM method and it didn’t work, also tried with X-Api-Key and didn’t work either.

Also, is there an endpoint to retrieve the list of the assets and vulnerabilities involved for each solution within a remediation project? If not, can we at least get the list of the assets and vulnerabilities related to the whole remediation project?

Any updates @Scor?

unfortunately, you need IPIMS_SESSION and IPIMS_PRODUCT_TOKEN to interact with *.exposure-analytics.insight.rapid7.com.

If you have MFA enabled, the SAML SSO dance is complicated, but not impossible to script (e.g., authenticator · PyPI)

2 Likes

I’m probably not going to attempt to use this workaround, but I wanted to say thank you @SCO for providing specific detail.

I realize I do not know how to send a PM here, but I can share some input on this
@dreadpir8robots

1 Like

Thanks @SCO. I’ll likely wait for the product to deliver this capability as part of the API - it was @ddaniel.navas who asked how you managed to achieve this - but I definitely appreciate you taking the time and trouble to share what you know.

1 Like

I did confuse you for the OP. @ddaniel.navas drop a mail address and I’ll send you a working POC for SAML SSo.
@dreadpir8robots what is your source for the upcoming API release, and do you have more info on its scope ?

1 Like

Ah, sorry if I misled you. I don’t know anything - but API for remediation projects is something which people ask for periodically here in the forums, so it might be built one day.

Hello guys, we are opening a ticket with you, we would like to get this addressed ASAP, if we can’t get this solved soon, we will start looking at other solutions.

SCO, congratulations for being the only google hit for IPIMS_PRODUCT_TOKEN

@SCO I’ve been playing around with the endpoints you brought up, using the token we get after the SSO dance. It works great, and I wrote a quick authentication module for our internal python library. In-fact some of the endpoints seems better than the native endpoints from the official documentation.

We’re now using it for a custom-built ticketing connector to mirror remediation projects with great results.

Any reason why this isn’t just officially supported and documented? Considering how well it already works, and how many useful calls there is (I’ve scraped a bunch of endpoints from postman), it seems like a no-brainer to just get it added officially?