This morning we published the release of the new SQL Query Export report. Simultaneously the Nexpose Gem has released version 0.6.0 to support this new report format in all the reporting API calls (you must update to this latest version to run the report). When the SQL Query Export is paired with adhoc-report generation, you are able to write simple yet powerful custom scripts using the API. Let's walk through an example.

Example

The following example uses the Ruby Gem to invoke the API with a query that returns the metadata for all unauthenticated assets:

require 'nexpose'
require 'csv'

include Nexpose

query = "
  SELECT da.ip_address, da.host_name, da.mac_address, dos.description AS operating_system 
  FROM dim_asset da 
     JOIN dim_operating_system dos USING (operating_system_id) 
  WHERE da.asset_id IN ( 
     SELECT DISTINCT asset_id 
     FROM dim_asset_operating_system 
     WHERE certainty < 1 
  ) 
  ORDER BY da.ip_address"

@nsc = Connection.new('localhost', 'nxadmin', 'nxadmin')
@nsc.login

report_config = Nexpose::AdhocReportConfig.new(nil, 'sql')
report_config.add_filter('version', '1.1.0')
report_config.add_filter('query', query)

report_output = report_config.generate(@nsc)
csv_output = CSV.parse(report_output.chomp, { :headers => :first_row })

puts csv_output

@nsc.logout

This example creates a query to find all the assets with an operating system that does not have a high level confidence (indicative of improper credential configuration). Note: This example is built in to the product within the inline help. After building the SQL query, an adhoc-report configuration is constructed with two new filters. The SQL Query Export report takes two new filter types (in addition to the existing scope filters). The new filters are "version" and "query". The version identifies the version of the Reporting Data Model being queried against. For now, only version "1.1.0" is supported. This option matches what is visible in the user interface for configuring this type of report. The second filter is a "query" filter. This value is the query that you want to run. Both "version" and "query" are required filters for this report type ("sql"). The query can itself inherently filter the data in the output using WHERE clauses, but the report will also honor any scope filters that are applied via "site", "scan", "device", "group", and vulnerability filter types. Remember, the larger the scope and report output, the longer the report will take to generate and download, so use your scoping filters wisely for large reports.

After the adhoc-report is run successfully, the output can be parsed using a CSV library and further process. The example above simply echos the output to standard out, but we are sure you can find more creative ways to use the output data.

Errors

If the SQL query you specify is invalid, an error message will be returned helping point out what the problem is in the syntax. For example, if we misspelled "DISTINCT", then the following would be returned by this script:

NexposeAPI: Action failed: The query filter supplied is invalid: (Nexpose::APIError)
ERROR: column "distint" does not exist
Column: 216
State: undefined_column

Next Steps

For more examples you can try, refer to the Nexpose Reporting side street. Show us how you plan to leverage this capability and don't hesitate to ask questions or start discussions.