🌙
 

Subscribe to the Taegis™ VDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Importing Assets without Auto Discovery

This article describes the steps necessary to use the API to statically import a large list of assets that cannot be auto-discovered on import.

The first step is to make sure you have the sufficient API credentials: you should start by creating a new API Client ID and then use it through the built-in Swagger UI to fetch back the authentication token to use in your scripted request.

The <TOKEN_BEARER> can be seen when using the created Client ID to authorize towards your instance's API at https://<YOUR_INSTANCE>.vdr.secureworks.com/api/v2/spec#/ (using the Authorize button) and then executing any GET call from the Swagger UI interface (using the Try it out option, followed by the Execute button):

Swagger UI

Swagger UI

The TEAM in which the assets need to be added can be fetched from the URL when navigating the interface in the same team.

Important

This request needs to be tested with only one URL prior to running it on a large number of URLs.

Use the following bash snippet to work from a CSV list of assets to import them using the Secureworks® Taegis™ VDR’s API.

for i in `cat asset_list.txt | sed 's/,;//g' | tr '\r' ' '`; do curl -X POST "https://<INSTANCE>.vdr.secureworks.com/api/v2/websites" -H "accept: application/json" -H "authorization: Bearer <TOKEN_BEARER>" -H "Content-Type: application/json" -d "{\"teamId\": \"<TEAM>\", \"url\": \"$i\", \"kind\": \"website\"}";done;

This part of the command removes trailing characters so that your file only has one domain per line:

sed 's/,;//g'

This part of the command removes the potential trailing Windows CR character:

tr '\r' ' '

The API will return different responses depending if the call works or not.

{"apiVersion":"2.0","detail":"The data provided within the request are not in a valid JSON format.","instance":null,"provided_data":" {\"teamId\": \"XXX\", \"url\": \"XXXXXX\", \"kind\": \"website\"}","request_json":null,"status":400,"title":"Invalid input data provided","type":null}

{"apiVersion":"2.0","detail":"The data provided within the request do not follow the awaited format. The format must represent a valid 'website' object. More details about the problem : {'kind': ['Missing data for required field.']}","instance":null,"request_json":{"teamId":"XXX","url":"https://test.com"},"status":400,"title":"Invalid input data provided","type":null}

{"creationDate":"2019-02-06T15:41:14+00:00","edgeServiceId":"0","id":"33411","isActive":false,"isDiscovered":false,"kind":"website","tags":[],"url":"http://domain.test"}