This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Endpoint 4.x Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness Endpoint 4.x experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness Endpoint REST API scan machine produces error messages

Article Number

000037003

Applies To

RSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.0.0
Platform: Windows

Issue

The REST API is failing to send a scan, either for a REST integration, or using the swagger interface built natively into the REST API. This is based on the POST scan option in the UI. The path is:
 
https://<ip_address>:9443/api/v2/swagger-ui/#!/machines/MachineScan_0
 

A successful send message will return Response Code 200


Image descriptionImage description

Cause

The cause is due to a few possibilities:
  1. The first is that some options are mutually exclusive. When using the scan options, FilterSigned and FilterTrustedRoot are mutually exclusive. So if one is selected as true, the other must be false.
  2. It's possible the GUID value was entered wrong, which will miss the correct agent assignment for the scan
  3. ScanCategory is a decimal number that is listed under the ScanCategory section in the Swagger UI and must be given correct values to determine the level of scan.
  4. The remaining issues would be attributed typically to an issue with permissions in the REST API, either incorrect permissions for the REST user or a SQL connection issue for the REST API.

Resolution

Check off each issue one at a time:
  1. Make sure the FilterSigned and FilterTrustedRoot are both not set to True, these two are mutually exclusive options.
  2. The GUID uses the same value as the AgentID in the UI. It's typically easiest to copy/paste directly from the UI when entering a value here.
  3. Using different combinations of scan categories is as simple as adding their values together. It is written specifically for this purpose, and when entered correctly, will initiate a scan with whatever options were chosen from the scan list.
  4. If the above has been tried and still it is giving an error message, check the ApiServer-Error.log file. Typically, it should indicate a SQL connection error or otherwise permissions error. In this case, it's likely the REST user has no permissions to initiate a scan in the database.

NOTE: Avoid using the default REST admin user for this task. It is meant for administration, create a user that has scanning level permissions in the ECAT_Permissions under User Mapping inside MSSQL for the REST user.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:17 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.