INFOBLOX & RAPID7 NEXPOSE INTEGRATION - SESSION, LOGIN & LOGOUT TEMPLATES

Vadim

Hi there,

In this post I’m going to review session, login and logout templates. Do not copy/past templates from the post, they may not work. Download templates attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

Session template does not require a detailed description. All parameters are described in the NIOS administrator guide

 

Template	Comments
{ "name": "Rapid7 Session", "version": "2.0", "type": "REST_ENDPOINT", "comment": "no comments", "vendor_identifier": "Rapid7", "path": "/api/1.1/xml",	Version must be set to  “2.0”
"login_template": "Rapid7_Login", "logout_template": "Rapid7_Logout",	Login_template, Logout_template must contains exact template names (defined in a template itself, it is not a file name)
"logout_only_at_template_end": true, "step_execution_limit": 100, "inactivity_interval": 100000, "keepalive": true, "override_path": true, "rate_limit": 0, "rate_limit_requests": 10, "rate_limit_interval": 1000, "rate_limit_reset": 1000, "retry": 0, "retry_template": 0, "timeout": 10, "logout_any_condition": true, "logout_regexp": "asd.*", "logout_status_code": 34 }	“Step_execution_limit” defines maximum loop iteration. If you system has more than 100 sites or more 100 “real” assets per site increase this number up to a desired value (it is required only for delete operation).

 

Rapid7_Login template is used for authentication because Rapid7 Nexpose doesn’t support basic authentication.

Template	Comments
{ "vendor_identifier": "Rapid7", "version": "2.0", "name": "Rapid7_Login", "content_type": "text/xml", "quoting": "XMLA", "type": "REST_EVENT", "event_type": ["SESSION"],	“version” must be set to “2.0” “event_type” should be set to [“Session”] XMLA quoting is used by default.
"steps": [ { "name": "login: remove basic auth headers", "body": "${XC:ASSIGN:{H:Authorization}:{S:}}", "operation": "NOP" },	Rapid7 Nexpose does not allow to login if basic authorisation headers contains correct credentials, so set the header variable H:Authorization to empty value
{ "name": "login: request", "parse": "XMLA", "operation": "POST", "no_connection_debug": false, "body_list": [ "", "" ] },	Authenticate on Rapid7 Nexpose using LoginRequest method
{ "name": "login: errorcheck", "operation": "CONDITION", "condition": { "statements": [ { "op": "!=", "right": "${P:A:PARSE[[name]]}", "left": "LoginResponse" }, { "op": "!=", "right": "1", "left": "${P:A:PARSE{{success}}}" } ], "condition_type": "AND", "else_eval": "${XC:COPY:{S:SESSID}:{P:PARSE{{session-id}}}}", "error": true } } ] }	Check that the authentication was successful and copy the session id to S: SESSID variable. S: SESSID should be used in all API requests send to Rapid7 Nexpose.

Rapid7_Logout template is used to terminate a session

Template	Comments
{ "vendor_identifier": "Rapid7", "version": "2.0", "name": "Rapid7_Logout", "content_type": "text/xml", "quoting": "XMLA", "type": "REST_EVENT", "event_type": ["SESSION"],	“version” must be set to “2.0” “event_type” should be set to [“Session”] XMLA quoting will be used by default.
"steps": [ { "name": "logout: request", "parse": "XMLA", "operation": "POST", "no_connection_debug": false, "body_list": [ "", "" ] }, { "operation": "CONDITION", "name": "logout: errorcheck", "condition": { "statements": [ { "op": "!=", "right": "${P:A:PARSE[[name]]}", "left": "LogoutResponse" }, { "op": "!=", "right": "1", "left": "${P:A:PARSE{{success}}}" } ], "condition_type": "AND", "error": true } } ] }	Send a LogoutRequest. S: SESSID is used to identify a session. Response is analysed for errors.

 

 

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov