cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5798
Views
3
Helpful
0
Comments
AdvocateRick
Cisco Employee
Cisco Employee
AdvocateRick_0-1684428352807.jpeg
 
A postman collection has been developed in Kenna Security’s All_Samples repository. This collection will assist you with using Kenna Security’s APIs in the Postman app. Postman is a powerful tool that lets you explore APIs. The new Kenna Security API Postman Collection gives you a jump start on your explorations by providing templates for many of the Kenna Security APIs. This will allow you to easily explore the Kenna Security APIs before writing your application.

 

Getting Started

First, download the Postman app. Once downloaded and installed, you should see a screen similar to this:

AdvocateRick_1-1684428352816.png

Click on the Import  button highlighted, then click on Link and you will see the Enter a URL.  Paste in this value: https://raw.githubusercontent.com/KennaSecurity/All_Samples/master/postman/Kenna_API_postman_collection.json

Select the Continue button.

AdvocateRick_2-1684428352823.pngPostman finds the collection.
AdvocateRick_3-1684428352827.pngClick the Import button and voilà, the Kenna Security Postman collection is imported. Click on Kenna Security API, and you see the categories of APIs shown below.  Note that this collection will not be synced with any changes in GitHub.
AdvocateRick_4-1684428352830.pngThe categories mirror the sections in the Kenna Security API documentation.

 

Importing without GitHub

This blog demonstrates how to get started by importing from GitHub. You could go to Kenna Security’s All Samples repository, clone it, and import. postman/Kenna_API_postman_collection.json.  This would allow you to modify your collection.

 

Setting up Authorization

Before using the Kenna Security API collection, authorization and the base URL needs to be configured.

As you might already know, authorization is in the form of an API key. If you have not created your API key, check-out this help article. With Kenna Security API highlighted, click on Authorization.

AdvocateRick_5-1684428352833.png

  1. Set Type to API Key.
  2. Set Key to X-Risk-Token.
  3. Set Value to your API Key. Note: Using {{KENNA_API_KEY}} is using a Postman environment variable.
  4. Set Add  to Header.

Don’t forget to click Save.

All API invokes use a base URL.  Depending on your organization, your base URL could be different from the default.  Let’s check it out:

AdvocateRick_6-1684428352836.pngClick Variables.  You should see something similar to the above image.  If api.kennasecurity.com is not correct, please change CURRENT VALUE to the correct base URL. There are some suggestions here, but if you have a private deployment, please contact your IT department.

 

Using Postman

We have everything set-up, so let’s start using Postman.

List Vulnerabilities

Listing vulnerabilities is straight-forward and is a good test to see if everything is configured correctly. Click on the arrow to the left of vulnerabilities. Then click on List Vulnerabilities and click on Send. You should see something similar to the image below.

AdvocateRick_7-1684428352843.png

 

Search Assets

Next, let’s try to search assets with some parameters. In the example below, we’re searching assets for risk meter scores with a minimum score of 900 and with a priority greater than eight.

AdvocateRick_8-1684428352851.png

Exporting Vulnerabilities

Finally, let’s look at exporting vulnerabilities. I covered exporting assets in a blog. Exporting vulnerabilities is similar in that an export request is made, the status is checked, and retrieves the compressed file. To request a vulnerability export, click the arrow left of Data Export, then Request Data Export- Vulnerability, and click the Send button. You should see something like this:

AdvocateRick_9-1684428352854.pngCopy the value of search_id into your clipboard. You’ll need it for the next two API invokes.

To check data export status, click on Check Data Export Status. Take the value of the search_id and apply it to VALUE for search_id.  Click the Send button.  When the response is Export ready for download, go to the next step.

AdvocateRick_10-1684428352857.pngNow, click on Retrieve Data Export.  Just like above, put the value of search_id in for the VALUE.  Click Send.  You should see a response similar to this:
AdvocateRick_11-1684428352863.pngWhoa!  What is that funky response?  It is compressed data, and you need to save it to a file.  To save the response to a file, use the Save Response pull down, and click on Save to a file.  This will save a .gz file.  Use your favorite uncompress tool to uncompress the data. Once uncompressed, view the data in your favorite JSON browser.

 

Conclusion

Now that you have seen what you can do with the Kenna Security (now Cisco) API and the Postman app, have fun exploring more. 

Rick Ehrhart - Jun 24 2021

API Evangelist

References

This blog was originally written for Kenna Security, which has been acquired by Cisco Systems.
Learn more about Cisco Vulnerability Management.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: