Importing Assets without Auto Discovery
This article describes the steps necessary to use the API to statically import a large list of assets that cannot be auto-discovered on import.
The first step is to make sure you have the sufficient API credentials: you should start by creating a new API Client ID and then use it through the built-in Swagger UI to fetch back the authentication token to use in your scripted request.
The <TOKEN_BEARER>
can be seen when using the created Client ID to authorize towards your instance's API at https://<YOUR_INSTANCE>
.vdr.secureworks.com/api/v2/spec#/ (using the Authorize button) and then executing any GET call from the Swagger UI interface (using the Try it out option, followed by the Execute button):
Swagger UI
The TEAM in which the assets need to be added can be fetched from the URL when navigating the interface in the same team.
Important
This request needs to be tested with only one URL prior to running it on a large number of URLs.
Use the following bash snippet to work from a CSV list of assets to import them using the Secureworks® Taegis™ VDR’s API.
for i in `cat asset_list.txt | sed 's/,;//g' | tr '\r' ' '`; do curl -X POST "https://<INSTANCE>.vdr.secureworks.com/api/v2/websites" -H "accept: application/json" -H "authorization: Bearer <TOKEN_BEARER>" -H "Content-Type: application/json" -d "{\"teamId\": \"<TEAM>\", \"url\": \"$i\", \"kind\": \"website\"}";done;
This part of the command removes trailing characters so that your file only has one domain per line:
sed 's/,;//g'
This part of the command removes the potential trailing Windows CR character:
tr '\r' ' '
The API will return different responses depending if the call works or not.
- If one of the fields has bad characters or invalid JSON data:
{"apiVersion":"2.0","detail":"The data provided within the request are not in a valid JSON format.","instance":null,"provided_data":" {\"teamId\": \"XXX\", \"url\": \"XXXXXX\", \"kind\": \"website\"}","request_json":null,"status":400,"title":"Invalid input data provided","type":null}
- If a mandatory field is missing (here "kind" is missing):
{"apiVersion":"2.0","detail":"The data provided within the request do not follow the awaited format. The format must represent a valid 'website' object. More details about the problem : {'kind': ['Missing data for required field.']}","instance":null,"request_json":{"teamId":"XXX","url":"https://test.com"},"status":400,"title":"Invalid input data provided","type":null}
- If the call works, the following message displays for each added assets:
{"creationDate":"2019-02-06T15:41:14+00:00","edgeServiceId":"0","id":"33411","isActive":false,"isDiscovered":false,"kind":"website","tags":[],"url":"http://domain.test"}