AnsweredAssumed Answered

How do I generate first_detected, last_detected, and status (New, Active, Re-Open, Fixed) using a scan reference number?

Question asked by Johnny Shaieb on Sep 25, 2018
Latest reply on Oct 1, 2018 by Jeff Leggett

Using the Scan Reference Number (e.g., scan/1536113186.83920) from a raw output scan, is there an API way to generate a report that includes first_detected, last_detected, status (New, Active, Re-Open, Fixed) for the asset group that was scanned that produced the below scan reference number?  (See Example Data)

 

Step 1 shows how I use the API to list all the scans.

 

Step 1 - Obtain all the Scans
curl -u "$USERNAME:$PASSWORD" -H "X-Requested-With: Curl Sample" "https://URL/api/2.0/fo/scan/?action=list&show_ags=1

 

This will produces all the scans in scope.  Then I parse out everything on my radar.

 

# Example Data
##########################################################################
#      <SCAN>
#        <REF>scan/1536113186.83920</REF>
#        <TYPE>Scheduled</TYPE>
#        <TITLE><![CDATA[JAMAICAN_VACATION]]></TITLE>
#        <USER_LOGIN>crazyman</USER_LOGIN>
#        <LAUNCH_DATETIME>2018-09-05T02:06:24Z</LAUNCH_DATETIME>
#        <DURATION>Pending</DURATION>
#        <PROCESSING_PRIORITY>6 - Standard</PROCESSING_PRIORITY>
#        <PROCESSED>0</PROCESSED>
#        <STATUS>
#          <STATE>Completed</STATE>
#        </STATUS>
#        <TARGET><![CDATA[10.10.150.0-10.10.250.255]]></TARGET>
#        <ASSET_GROUP_TITLE_LIST>
#          <ASSET_GROUP_TITLE><![CDATA[RUNAWAY_BAY]]></ASSET_GROUP_TITLE>
#        </ASSET_GROUP_TITLE_LIST>
#      </SCAN>
##########################################################################

 

Step 2 - How to get the first_detected, last_detected, and status (New, Active, Re-Open, Fixed) attributes

The goal would be to take the (scan/1536113186.83920) and use the API to generate a report that would include both the raw output scan and the following attributes: first_detected, last_detected, and status (New, Active, Re-Open, Fixed).

 

I can use the below API call to generate a some of the columns of interest.  But, the problem is that now I would need to parse and combine the data from Step 1 and 2.  I am certain there is a better API way of doing this.


# My almost successful attempt using the asset group

curl -u "username:password" -H "X-Requested-With: curl" "https://URL/api/2.0/fo/asset/host/vm/detection/?action=list&ag_titles=RUN_AWAY_BAY&truncation_limit=0&show_reopened_info=1&status=New,Active,Re-Opened,Fixed&vm_scan_since=2018-08-01" -o RUN_AWAY_BAY.xml

 

Any help would be appreciated,

 

Johnny

Outcomes