Using the Scan Reference Number (e.g., scan/1536113186.83920) from a raw output scan, is there an API way to generate a report that includes first_detected, last_detected, status (New, Active, Re-Open, Fixed) for the asset group that was scanned that produced the below scan reference number? (See Example Data)
Step 1 shows how I use the API to list all the scans.
Step 1 - Obtain all the Scans
curl -u "$USERNAME:$PASSWORD" -H "X-Requested-With: Curl Sample" "https://URL/api/2.0/fo/scan/?action=list&show_ags=1
This will produces all the scans in scope. Then I parse out everything on my radar.
# Example Data
##########################################################################
# <SCAN>
# <REF>scan/1536113186.83920</REF>
# <TYPE>Scheduled</TYPE>
# <TITLE><![CDATA[JAMAICAN_VACATION]]></TITLE>
# <USER_LOGIN>crazyman</USER_LOGIN>
# <LAUNCH_DATETIME>2018-09-05T02:06:24Z</LAUNCH_DATETIME>
# <DURATION>Pending</DURATION>
# <PROCESSING_PRIORITY>6 - Standard</PROCESSING_PRIORITY>
# <PROCESSED>0</PROCESSED>
# <STATUS>
# <STATE>Completed</STATE>
# </STATUS>
# <TARGET><![CDATA[10.10.150.0-10.10.250.255]]></TARGET>
# <ASSET_GROUP_TITLE_LIST>
# <ASSET_GROUP_TITLE><![CDATA[RUNAWAY_BAY]]></ASSET_GROUP_TITLE>
# </ASSET_GROUP_TITLE_LIST>
# </SCAN>
##########################################################################
Step 2 - How to get the first_detected, last_detected, and status (New, Active, Re-Open, Fixed) attributes
The goal would be to take the (scan/1536113186.83920) and use the API to generate a report that would include both the raw output scan and the following attributes: first_detected, last_detected, and status (New, Active, Re-Open, Fixed).
I can use the below API call to generate a some of the columns of interest. But, the problem is that now I would need to parse and combine the data from Step 1 and 2. I am certain there is a better API way of doing this.
# My almost successful attempt using the asset group
curl -u "username:password" -H "X-Requested-With: curl" "https://URL/api/2.0/fo/asset/host/vm/detection/?action=list&ag_titles=RUN_AWAY_BAY&truncation_limit=0&show_reopened_info=1&status=New,Active,Re-Opened,Fixed&vm_scan_since=2018-08-01" -o RUN_AWAY_BAY.xml
Any help would be appreciated,
Johnny
Ok now you have a report template and you tested great.
Next thing is to Kick off the report.
curl.exe --silent --tlsv1.2 --insecure --compressed --header "X-Requested-With: scanhost" --user "REDACTED:REDACTED" --cookie ".\scanhost.cookies" -X "POST" --data "report_type=Scan&action=launch&output_format=pdf&template_id=1785482&report_title=SAMPLE&report_refs=scan/1538132761.08208" "https://qualysapi.qualys.com:443/api/2.0/fo/report/
Now the template_id is for the report template you created earlier.
report_refs would be the scan reference that the report will be built on.
Now my output is set to PDF but you can change that to CSV.
Now the way my code is working is that when I kick off the report I am storing the ID Number returned. This ID is used to FETCH the report and in my case the output is to the PDF. You would need to change the report generation to say CSV.
If you don't STORE the ID from the report being kicked off then you would need to download the list of reports and parse that for an ID; I just choose not to that because most of my reports finish in < 30 seconds.
Download the Report.
curl.exe --silent --tlsv1.2 --insecure --compressed --header "X-Requested-With: scanhost" --cookie ".\scanhost.cookies" --data "action=fetch&id=18424188" "https://qualysapi.qualys.com:443/api/2.0/fo/report/" --output self_scan_33008208_18424188.PDF
Now I think if the report is NOT done you get an error but I would need to write something and check.
Let me know if I can help, DAvid