Rapid7Nexpose icon indicating copy to clipboard operation
Rapid7Nexpose copied to clipboard

Published 20 hours ago verified publisher icon My-Random-Thoughts

Update Asset?

Open sgealbhain opened this issue 3 years ago • 9 comments

Hey - Good module.

Is there a way update an existing asset with additional hostnames?

sgealbhain avatar Aug 29 '22 14:08 sgealbhain

Hi, thanks.

I can't remember a setting within the console that allows this. What is it you are trying to achieve? I know that if Nexpose/InsightVM will try to merge devices if one or more of them match (this has to be enabled though)

My-Random-Thoughts avatar Aug 29 '22 16:08 My-Random-Thoughts

Basically I have a bunch of IP Address Object in Nexpose. My task to to pull hostname information from another database and associate them with an IP Address. Some of the IP Addresses may have multiple hostnames and not necessarily a primary hostname.

sgealbhain avatar Aug 29 '22 18:08 sgealbhain

Ah OK, you want some sort of CMDB or such. Nexpose can't help you there, sorry. Nexpose will scan assets by IP address. If it can use the assets hostname it will do, but it can use DNS for them too.

Since I don't know your environment or why you would want computers with more than one name, I can't really help.

My-Random-Thoughts avatar Aug 29 '22 22:08 My-Random-Thoughts

No its not a CMDB. Lets say I've already created an asset by IP Address. Lets say that asset has no primary hostname. 2 weeks later I realise that the IP Address relates to 2 FQDNs. How do I go about adding those to the asset as additional hostnames? It seems this endpoint will do it? https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createAsset

"Creates or updates an asset with the specified details."

sgealbhain avatar Sep 13 '22 07:09 sgealbhain

That particular endpoint is covered with New-NexposeAsset.ps1. This will only allow you to add a new asset to a site.

I don't currently have an Update-... function, but I can create one sometime next week (I am on holiday currently) If you want to try it out before hand, a quick and dirty method would be to set line 46 of New-NexposeAsset.ps1 to be [object]$checkExisting = $null.

My-Random-Thoughts avatar Sep 13 '22 08:09 My-Random-Thoughts

Sorry for the delay on this, it's a lot bigger than I thought it was initially.

My-Random-Thoughts avatar Nov 09 '22 08:11 My-Random-Thoughts

Wow, I can't believe it's coming up to 2 years. Really sorry. I have been looking at this for the last couple of days and the first time I had a go, it killed my Rapid7 install (not a big hassle).

The current attempts are changing the hostnames of the assets as required, but the new data is only showing up on subsequent API calls, nothing in the GUI to indicate a new name or additional names.

I'll keep playing, but the last API ticket I put in to R7 took 4 years for them the fix! I still have outstanding ones from before that too.

My-Random-Thoughts avatar Apr 13 '24 10:04 My-Random-Thoughts

Give this a go - it's not fully polished as I usually do, but it should work. I would suggest you test it on a dev instance if you can - should be fine though.

Function Update-NexposeSiteAssetHostName {
    [CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = 'byNew')]
    Param (
        [Parameter(Mandatory = $true)]
        [int]$SiteId,

        [Parameter(Mandatory = $true)]
        [int]$AssetId,

        [Parameter(Mandatory = $true, ParameterSetName = 'byNew')]
        [string]$NewHostName,

        [Parameter(Mandatory = $true, ParameterSetName = 'byAdd')]
        [string]$AddHostName
    )

    Begin {
        $asset = (Get-NexposeAsset -Id $AssetId)
        If (-not $asset.id) { Throw "Invalid Asset Id" }

        $site = (Get-NexposeSite -Id $SiteId)
        If (-not $site.id) { Throw "Invalid Site Id" }

        $apiQuery = @{}
        $apiQuery.id = $AssetId
        $apiQuery.ip = $asset.ip
        $apiQuery.date = (Get-Date)
    }

    Process {
        If ($PSCmdlet.ParameterSetName -eq 'byNew') {
            If ($asset.hostName -ne $NewHostName) {
                $apiQuery.hostName = @{ name = $NewHostName }
                If ($asset.hostNames.psobject.BaseObject.name -notcontains $AddHostName) {
                    $apiQuery.hostNames  = $asset.hostNames
                    $apiQuery.hostNames += @{ name = $NewHostName }
                }
            }
            Else {
                Write-Warning -Message 'That hostname has already set for this asset.'
                Return $null
            }
        }
        ElseIf ($PSCmdlet.ParameterSetName -eq 'byAdd') {
            If ($asset.hostNames.psobject.BaseObject.name -notcontains $AddHostName) {
                $apiQuery.hostNames  = $asset.hostNames
                $apiQuery.hostNames += @{ name = $AddHostName }
            }
            Else {
                Write-Warning -Message 'That hostname has already been added for this asset.'
                Return $null
            }
        }
        Else {
            Throw 'Invalid Parameter Set'
        }

        If ($PSCmdlet.ShouldProcess(($asset.hostName))) {
            Write-Output (Invoke-NexposeQuery -UrlFunction "sites/$($SiteId)/assets" -ApiQuery $apiQuery -RestMethod Post -Verbose)
        }
    }

    End {
    }
}

Usage is fairly simple:

Update-NexposeSiteAssetHostName -SiteId 1 -AssetId 14 -NewHostName 'NewAssetName'
Update-NexposeSiteAssetHostName -SiteId 1 -AssetId 14 -AddHostName 'AdditionalAssetName'

My-Random-Thoughts avatar Apr 13 '24 14:04 My-Random-Thoughts

I am finding that after changing an asset my renaming or adding names, when that asset is re-scanned those changes are reverted.

My-Random-Thoughts avatar Apr 22 '24 20:04 My-Random-Thoughts