This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA NW - API for Reports

PedroQueiros
Beginner
Beginner

‎2017-12-21 06:52 AM

Hello all,

 

Is there any API we can use to build reports outside the RSA NW GUI?

 

The reporting tool is kind of limited in aspects of templates and visual goodies, so I was looking into a way to build the visual aspect outside RSA NW and then use an API to import the needed data into it.

 

Kind Regards,

Pedro Queirós

0 Likes
6 REPLIES 6

GuyBruneau
Frequent Contributor
Frequent Contributor

‎2017-12-21 09:56 AM

Hi Pedro,

 

Did you try this script? It queries Broker/Concentrator from API.

 

https://community.rsa.com/thread/193092

 

Guy

PedroQueiros
Beginner
Beginner
In response to GuyBruneau

‎2017-12-21 10:41 AM

Hi Guy,

 

No, I haven't, but it seems worth a shot. I'll look into it and give feedback.

 

Thank you for your help!

 

Kind Regards,

Pedro Queirós

0 Likes

PedroQueiros
Beginner
Beginner

‎2018-03-19 01:10 PM

So, I'm using the API to get the metadata and generate reports, thanks!

 

Now, I'm interested in getting data from the RespondDB, using the API - is this possible? If yes, how can I do that?

I want to add some info to the report, e.g., how many incidents there are, what's their status, etc.

 

Kind Regards,

Pedro Queirós

0 Likes

JoshRandall
Valued Contributor Valued Contributor
Valued Contributor
In response to PedroQueiros

‎2018-03-20 01:10 PM

Hi Pedro,

  The Respond / IncidentManagement engine does not have an API (…yet).

 

  A workaround, though, would be to query the MongoDB directly via CLI.  I recommend you look into a tool called Robomongo (if you're not familiar with it already), which will query and display MongoDBs in a GUI.  This tool can help you figure out the Collections available to query, the fields available within the Collections, and potentially help with the CLI query to pull the specific data that you want for your reports.

 

  A couple example queries you might be able to use:

 

this will query the Alert collection using 'name_of_alert'

# mongoexport --host 'ESA_Hostname_or_IP' --port 27017 --username deploy_admin --password 'your_deploy_admin_password' --authenticationDatabase admin --db respond-server --collection alert --query '{"alert.name":"name_of_alert"}' --out /tmp/respond_alerts.txt

this will query the Incident collection for everything that has an incident ID

# mongoexport --host 'ESA_Hostname_or_IP' --port 27017 --username deploy_admin --password 'your_deploy_admin_password' --authenticationDatabase admin --db respond-server --collection incident --query '{"_id": {$exists : true} }' --out /tmp/respond_incidents.txt

 

  Hope this helps.


Mr. Mongo
0 Likes

PedroQueiros
Beginner
Beginner
In response to JoshRandall

‎2018-03-21 06:51 AM

Hello Joshua,

 

Thank you for your feedback. I'm now using Studio 3T (formerly Robomongo) to query the databases and understand how we will extract the information.

 

Do you know if eventually there will be an API for this?

 

Kind Regards,

Pedro Queirós

0 Likes

JoshRandall
Valued Contributor Valued Contributor
Valued Contributor
In response to PedroQueiros

‎2018-03-21 12:55 PM

Unfortunately, I can't answer that question with any authority or certainty.  I can say that we are looking at various automation use cases for the Reporting Engine, but we do not have any specifics on how that automation *might* make it in the platform.


Mr. Mongo
© 2022 RSA Security LLC or its affiliates. All rights reserved.