Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-19-2022 05:40 AM
in present case getting message log "0".
initially used JSON.parse but its giving Objectobject error so then used stringify. Json response is attached. in JSON response id and all other required data is under DATA .
try {
var r = new sn_ws.RESTMessageV2('Rapid7 Vulnerabilities', 'Default GET');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//r.setAuthenticationProfile(authentication type, profile name);
//set a MID server name if one wants to run the message on MID
//r.setMIDServer('MY_MID_SERVER');
//if the message is configured to communicate through ECC queue, either
//by setting a MID server or calling executeAsync, one needs to set skip_sensor
//to true. Otherwise, one may get an intermittent error that the response body is null
//r.setEccParameter('skip_sensor', true);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
// gs.log("parsing data" + responseBody);
var vuls = JSON.stringify(responseBody);
//gs.log("vulnerabilities are " + vuls);
for (i = 0; i < vuls.length; i++) {
//gs.log("vul id iss " + vuls.data.plannedEvents[i].id);
gs.log("Vulnerability id's are " +vuls.data[0].items[0].id);
}
} catch (ex) {
var message = ex.message;
}Solved! Go to Solution.
Labels:
- Labels:
-
Integrations
-
Scripting and Coding
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2022 10:32 PM
Hi all, please find below scheduled job script to parse data from json file to update table in servicenow. This code works fine in my instance.
try {
var r = new sn_ws.RESTMessageV2('Rapid7 Vulnerabilities', 'Default GET');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//r.setAuthenticationProfile(authentication type, profile name);
//set a MID server name if one wants to run the message on MID
//r.setMIDServer('MY_MID_SERVER');
//if the message is configured to communicate through ECC queue, either
//by setting a MID server or calling executeAsync, one needs to set skip_sensor
//to true. Otherwise, one may get an intermittent error that the response body is null
//r.setEccParameter('skip_sensor', true);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
var vuls = JSON.parse(responseBody);
var mainvuls = vuls.data;
for (i = 0; i < mainvuls.length; i++) {
gs.log(mainvuls.length +
"\n" + "Vulnerability Id is " + " "+ mainvuls[i].id +
"\n"+ "Vulnerability Severity is " + " "+ mainvuls[i].severity +
"\n" + "Vulnerability Status is " + " "+mainvuls[i].status +
"\n" + "Vulnerability Score is " + " " +mainvuls[i].vulnerability_score +
"\n" + "Vulnerability root cause URL is " + " " +mainvuls[i].root_cause.url +
"\n" + "Vulnerability variance id is " + " " +mainvuls[i].variances[0].id +
"\n" + "Vulnerability Attack id is " + " " +mainvuls[i].variances[0].attack.id,
"Rapid7");
var gr = new GlideRecord('u_vulnerability11');
// in this table all vulnerabilities are created/updated from Rapid7 InsightAppSec app.
gr.addQuery('u_uuid', mainvuls[i].id);
gr.query();
if(gr.next())
{
gr.u_severity = mainvuls[i].severity;
gr.u_vulnerabilityscore = mainvuls[i].vulnerability_score;
gr.u_rootcause_url = mainvuls[i].root_cause.url;
gr.u_vulnerability_status = mainvuls[i].status;
gr.u_variance_id = mainvuls[i].variances[0].attack.id;
gr.u_attacktype = mainvuls[i].variances[0].attack.id;
gr.u_newly_discovered = mainvuls[i].newly_discovered;
gr.update();
//gs.log("Vulnerability Id " + " "+ mainvuls[i].id +" " + "updated");
// gs.log('A record with the same Vulnerability Id already exists.');
}
else
{
gr.initialize();
gr.u_uuid = mainvuls[i].id;
gr.u_severity = mainvuls[i].severity;
gr.u_vulnerabilityscore = mainvuls[i].vulnerability_score;
gr.u_rootcause_url = mainvuls[i].root_cause.url;
gr.u_vulnerability_status = mainvuls[i].status;
gr.u_variance_id = mainvuls[i].variances[0].attack.id;
gr.u_attacktype = mainvuls[i].variances[0].attack.id;
gr.u_newly_discovered = mainvuls[i].newly_discovered;
gr.insert();
}
}
} catch (ex) {
gs.log("EROR", "Rapid7");
var message = ex.message;
}extremely helpful for those who want to create incident from Rapid7 InsightAppSec application.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-19-2022 06:58 AM
If you search the logs for 'Vulnerability' does it come up?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-21-2022 11:17 PM
Thanks Cris,
In system logs , applied the filter created on last 15 min. no mention of vulnerability in any log message. above error messages is not consistent whenever i run scheduled script. check below script as per your suggestion.
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
// gs.log("parsing data" + responseBody);
var vuls = JSON.parse(responseBody);
//gs.log("vulnerabilities are " + vuls);
for (i = 0; i < vuls.length; i++) {
//gs.log("vul id is is " + vuls.data.plannedEvents[i].id);
//gs.log("Vul id is " +vuls[0].data[0].id);
//gs.log("Vulnerability id's are " + JSON.stringify(vuls.data[0].id));
gs.log("Vulnerability id's are " + JSON.stringify(vuls.data[0].items[0].id));
gs.log("Vulnerability severity's are " + JSON.stringify(vuls.data[0].items[0].severity));
// gs.log("Vulnerability id's are " +vuls[0].data[0].id);
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-24-2022 05:21 AM
Hmm, so it would seem that perhaps the 'catch' block is being executed.
If you do a gs.info(message); in the 'catch' block of your code, what does it say?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-24-2022 07:21 AM
Hello Ganesh,
If you issue still exist then please check with below code:
try {
var r = new sn_ws.RESTMessageV2('Rapid7 Vulnerabilities', 'Default GET');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//r.setAuthenticationProfile(authentication type, profile name);
//set a MID server name if one wants to run the message on MID
//r.setMIDServer('MY_MID_SERVER');
//if the message is configured to communicate through ECC queue, either
//by setting a MID server or calling executeAsync, one needs to set skip_sensor
//to true. Otherwise, one may get an intermittent error that the response body is null
//r.setEccParameter('skip_sensor', true);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
// gs.log("parsing data" + responseBody);
var vuls = JSON.stringify(responseBody);
//gs.log("vulnerabilities are " + vuls);
var vulnerabilities = vuls["data"]; // I have added this line and modified below code
for (i = 0; i < vulnerabilities.length; i++) {
//gs.log("vul id iss " + vulnerabilities.data.plannedEvents[i].id);
gs.log("Vulnerability id's are " +vulnerabilities[i]["id"]);
}
} catch (ex) {
var message = ex.message;
}Please mark this as helpful/correct, if it answer your question.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2022 10:32 PM
Hi all, please find below scheduled job script to parse data from json file to update table in servicenow. This code works fine in my instance.
try {
var r = new sn_ws.RESTMessageV2('Rapid7 Vulnerabilities', 'Default GET');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//r.setAuthenticationProfile(authentication type, profile name);
//set a MID server name if one wants to run the message on MID
//r.setMIDServer('MY_MID_SERVER');
//if the message is configured to communicate through ECC queue, either
//by setting a MID server or calling executeAsync, one needs to set skip_sensor
//to true. Otherwise, one may get an intermittent error that the response body is null
//r.setEccParameter('skip_sensor', true);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
var vuls = JSON.parse(responseBody);
var mainvuls = vuls.data;
for (i = 0; i < mainvuls.length; i++) {
gs.log(mainvuls.length +
"\n" + "Vulnerability Id is " + " "+ mainvuls[i].id +
"\n"+ "Vulnerability Severity is " + " "+ mainvuls[i].severity +
"\n" + "Vulnerability Status is " + " "+mainvuls[i].status +
"\n" + "Vulnerability Score is " + " " +mainvuls[i].vulnerability_score +
"\n" + "Vulnerability root cause URL is " + " " +mainvuls[i].root_cause.url +
"\n" + "Vulnerability variance id is " + " " +mainvuls[i].variances[0].id +
"\n" + "Vulnerability Attack id is " + " " +mainvuls[i].variances[0].attack.id,
"Rapid7");
var gr = new GlideRecord('u_vulnerability11');
// in this table all vulnerabilities are created/updated from Rapid7 InsightAppSec app.
gr.addQuery('u_uuid', mainvuls[i].id);
gr.query();
if(gr.next())
{
gr.u_severity = mainvuls[i].severity;
gr.u_vulnerabilityscore = mainvuls[i].vulnerability_score;
gr.u_rootcause_url = mainvuls[i].root_cause.url;
gr.u_vulnerability_status = mainvuls[i].status;
gr.u_variance_id = mainvuls[i].variances[0].attack.id;
gr.u_attacktype = mainvuls[i].variances[0].attack.id;
gr.u_newly_discovered = mainvuls[i].newly_discovered;
gr.update();
//gs.log("Vulnerability Id " + " "+ mainvuls[i].id +" " + "updated");
// gs.log('A record with the same Vulnerability Id already exists.');
}
else
{
gr.initialize();
gr.u_uuid = mainvuls[i].id;
gr.u_severity = mainvuls[i].severity;
gr.u_vulnerabilityscore = mainvuls[i].vulnerability_score;
gr.u_rootcause_url = mainvuls[i].root_cause.url;
gr.u_vulnerability_status = mainvuls[i].status;
gr.u_variance_id = mainvuls[i].variances[0].attack.id;
gr.u_attacktype = mainvuls[i].variances[0].attack.id;
gr.u_newly_discovered = mainvuls[i].newly_discovered;
gr.insert();
}
}
} catch (ex) {
gs.log("EROR", "Rapid7");
var message = ex.message;
}extremely helpful for those who want to create incident from Rapid7 InsightAppSec application.
