Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
INFOBLOX & RAPID7 NEXPOSE INTEGRATION - SESSION, LOGIN & LOGOUT TEMPLATES
Adviser
Posts: 154
Registered: ‎09-09-2015
Adviser
Posts: 154

Hi there,

In this post I’m going to review session, login and logout templates. Do not copy/past templates from the post, they may not work. Download templates attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.


Session template does not require a detailed description. All parameters are described in the NIOS administrator guide

 

Template Comments
{
 "name": "Rapid7 Session",
 "version": "2.0",
 "type": "REST_ENDPOINT",
 "comment": "no comments",
 "vendor_identifier": "Rapid7",
 "path": "/api/1.1/xml",

Version must be set to  “2.0”

 "login_template": "Rapid7_Login",
 "logout_template": "Rapid7_Logout",

Login_template, Logout_template must contains exact template names (defined in a template itself, it is not a file name)

 "logout_only_at_template_end": true,

 "step_execution_limit": 100,
 "inactivity_interval": 100000,

 "keepalive": true,
 "override_path": true,

 "rate_limit": 0,
 "rate_limit_requests": 10,
 "rate_limit_interval": 1000,
 "rate_limit_reset": 1000,
 "retry": 0,
 "retry_template": 0,
 "timeout": 10,

 "logout_any_condition": true,
 "logout_regexp": "asd.*",
 "logout_status_code": 34
}

“Step_execution_limit” defines maximum loop iteration. If you system has more than 100 sites or more 100 “real” assets per site increase this number up to a desired value (it is required only for delete operation).

 

Rapid7_Login template is used for authentication because Rapid7 Nexpose doesn’t support basic authentication.

Template Comments
{
   "vendor_identifier": "Rapid7",
   "version": "2.0",
   "name": "Rapid7_Login",
   "content_type": "text/xml",
   "quoting": "XMLA",
   "type": "REST_EVENT",
   "event_type": ["SESSION"],

“version” must be set to “2.0”


“event_type” should be set to [“Session”]


XMLA quoting is used by default.

   "steps": [
      {
         "name": "login: remove basic auth headers",
         "body": "${XC:ASSIGN:{H:Authorization}:{S:}}",
         "operation": "NOP"
      },

Rapid7 Nexpose does not allow to login if basic authorisation headers contains correct credentials, so set the header variable H:Authorization to empty value

      {
         "name": "login: request",
         "parse": "XMLA",
         "operation": "POST",
         "no_connection_debug": false,
         "body_list": [
            "",
            ""
         ]
      },

Authenticate on Rapid7 Nexpose using LoginRequest method

      {
         "name": "login: errorcheck",
         "operation": "CONDITION",
         "condition": {
            "statements": [
               {
                  "op": "!=",
                  "right": "${P:A:PARSE[[name]]}",
                  "left": "LoginResponse"
               },
               {
                  "op": "!=",
                  "right": "1",
                  "left": "${P:A:PARSE{{success}}}"
               }
            ],
            "condition_type": "AND",
            "else_eval": "${XC:COPY:{S:SESSID}:{P:PARSE{{session-id}}}}",
            "error": true
         }
      }
   ]
}

Check that the authentication was successful and copy the session id to S: SESSID variable.


S: SESSID should be used in all API requests send to Rapid7 Nexpose.



Rapid7_Logout template is used to terminate a session

Template Comments
{
   "vendor_identifier": "Rapid7",
   "version": "2.0",
   "name": "Rapid7_Logout",
   "content_type": "text/xml",
   "quoting": "XMLA",
   "type": "REST_EVENT",
   "event_type": ["SESSION"],

“version” must be set to “2.0”


“event_type” should be set to [“Session”]


XMLA quoting will be used by default.

   "steps": [
      {
         "name": "logout: request",
         "parse": "XMLA",
         "operation": "POST",
         "no_connection_debug": false,
         "body_list": [
            "",
            ""
         ]
      },
      {
         "operation": "CONDITION",
         "name": "logout: errorcheck",
         "condition": {
            "statements": [
               {
                  "op": "!=",
                  "right": "${P:A:PARSE[[name]]}",
                  "left": "LogoutResponse"
               },
               {
                  "op": "!=",
                  "right": "1",
                  "left": "${P:A:PARSE{{success}}}"
               }

            ],
            "condition_type": "AND",
            "error": true
         }
      }
   ]
}

Send a LogoutRequest.


S: SESSID is used to identify a session. Response is analysed for errors.

 

 

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov

Showing results for 
Search instead for 
Do you mean