Importing Assets Without Auto-Discovery

This article will guide you through the steps necessary to use the API to statically import a large list of assets that cannot be autodiscovered on import.

The first step is to make sure you have the sufficient API credentials: you should start by creating a new API Client ID and use it through the built-in Swagger UI to fetch back the authentication token to use in your scripted request.

The <TOKEN_BEARER> can be seen when using the created Client ID to authorize towards your instance's API at https://<YOUR_INSTANCE>.wardenscanner.com/api/v2/spec#/ (using the "Authorize" button) and then executing any GET call from the Swagger UI interface (using the "Try it out", followed by the "Execute" buttons):

try_it_out-1

 

The <TEAM> in which the assets need to be added can be fetched from from the URL when navigating the interface in the same team.

This request needs to be tested with only one URL prior to running it on a big number of URLs.

Here is the bash snippet that can be used to work from a CSV list of assets to import them using the Delve's API.

for i in `cat asset_list.txt | sed 's/,;//g' | tr '\r' ' '`; do curl -X POST "https://<INSTANCE>.wardenscanner.com/api/v2/websites" -H "accept: application/json" -H "authorization: Bearer <TOKEN_BEARER>" -H "Content-Type: application/json" -d "{\"teamId\": \"<TEAM>\", \"url\": \"$i\", \"kind\": \"website\"}";done;

 

This part of the command removes trailing characters so that your file only has one domain per line:

sed 's/,;//g'

 

This part of the command removes the potential trailing Windows CR character.

tr '\r' ' '

 

The API will return different responses depending if the call works or not.

If one of the fields has bad characters or invalid JSON data:

{"apiVersion":"2.0","detail":"The data provided within the request are not in a valid JSON format.","instance":null,"provided_data":" {\"teamId\": \"XXX\", \"url\": \"XXXXXX\", \"kind\": \"website\"}","request_json":null,"status":400,"title":"Invalid input data provided","type":null}

 

If a mandatory field is missing (here "kind" is missing):

{"apiVersion":"2.0","detail":"The data provided within the request do not follow the awaited format. The format must represent a valid 'website' object. More details about the problem : {'kind': ['Missing data for required field.']}","instance":null,"request_json":{"teamId":"XXX","url":"https://test.com"},"status":400,"title":"Invalid input data provided","type":null}

 

If it works the following message should be displayed for each added assets:

{"creationDate":"2019-02-06T15:41:14+00:00","edgeServiceId":"0","id":"33411","isActive":false,"isDiscovered":false,"kind":"website","tags":[],"url":"http://domain.test"}