Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
sharper1
Visitor.
2952 views

Ingesting WebInspect data into Splunk

Hello,

I'm attempting to pull WebInspect vulnerability scan data into Splunk using the API.  Is there a way to pull all vulnerabilty scan results in one call and subsequently poll the API for new scan results using a checkpoint value?

 

Thanks in advance!

Tags (1)
0 Likes
3 Replies
alexm Frequent Contributor.
Frequent Contributor.

Re: Ingesting WebInspect data into Splunk

Hello,

Unfortunately the API doesn't support that, but they way to do something similar is to get the application interacting with the API to query all the Scans and take a note of their IDs so that previusly found Scan IDs to be ignored on next queries.

 

0 Likes
sharper1
Visitor.

Re: Ingesting WebInspect data into Splunk

Thank you for the reply.  Would you know what the query would be to grab all scans?

Thanks again!

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Ingesting WebInspect data into Splunk

You should review the API docs at http://localhost:8083/webinspect/api

There is this endpoint to query a list of scans with Filters:  http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetScans

This offers some samples such as:

#get all scans

curl http://localhost:8083/webinspect/scanner/scans

#get scans with "test" in the name

curl http://localhost:8083/webinspect/scanner/scans?Name=test

#get scans that are "Complete"

curl http://localhost:8083/webinspect/scanner/scans?Status=Complete

#get scans that are "Complete" that started after January 14, 2015 at 3pm

curl http://localhost:8083/webinspect/scanner/scans?Status=Complete&StartsAfter=2015-01-14T15:00:00

 

Besides that information, the scan data in WebInspect is actually housed inside of the scan storage and likely not directly accessible from the API.  If you are using SQL Express, each scan would be a SDF/MDF file.

We have had a similar integration created for the ArcSight SIEM, ESM or Logger.  It involved using the WebInspect Full Export to XML.  The WebInspect scans first had to be Exported to XML format, and then a chron job was set to sweep a directory for any new XML files and then they would import them into ESM SIEM via some custom Flex Connector.  Rather than using the API for this, I think you may want to use the WebIsnpect API to identify the available ScanID's and then use the CLI option {-eb} for Exporting to XML with WI.EXE.

 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.