Table of Contents
API Key Based - Scan Log Export
Updated
by Rama Sadhu
Indusface WAS facilitates effortless transmission of scan logs to third-party applications like SIEM and 3rd party databases, allowing thorough analysis.
AppTrana WAS facilitates Scan Log configuration in two methods:
- AWS Access ARN Based: This method allows customers to securely access scan logs by integrating Indusface AWS3 with their AWS S3 using Amazon Resource Name (ARN). Click here to get configuration details.
- API Key Based: Alternatively, customers can opt for the API Key Based configuration. It offers simplicity and flexibility, eliminating the need for complex authentication like ARN.
API Key-Based Configuration
This method enables customers to retrieve scan logs by calling an API with key-based authentication, and the keys can be generated within the platform.
These keys serve as authentication credentials, enabling secure communication between Indusface WAS and the third-party platforms.
Follow these steps to create a set of API keys:
- Log in to your Indusface WAS account and go to Settings.
- Navigate to Scan Log Config.
- Click API Key Based.
- Click on Generate Key.
- A prompt will appear requesting a name for the API key. Provide a name and click Generate.
- A confirmation message will appear indicating the successful creation of the API key.
- Upon successful generation, two keys will be provided: an Access Key and a Secret Key. Ensure to securely copy and store these keys.
- For further information about the API, navigate to the "API Details" tab.
- Customers will need to input the API key details (such as Access Key and Secret Key[GC1] ) into their tool settings to access logs from the Indusface S3 bucket.
Use case 1: Get Specific Date Logs
Purpose: To fetch the scan logs for a specific date.
Method: GET
URL: http://was.indusface.com/client/v1/fetch-s3-logs
Params:
date | Add date in the params section and add date value |
Date format | Use the following date format to retrieve the logs: YYYY-MM-DD |
Header parameters
Header Parameter | Description |
accessKey | Use the Access Key value provided in the API Key Based table. |
secretKey | Use the Secret Key value provided in the API Key Based table. |
Possible Response 1: Logs fetched successfully for the requested date
{
"status": "OK",
"result": {
"success": "Data fetched successfully.",
"data": [
{
"ScanlogId": "12832867",
"ServicType": "AA",
"ServiceId": 78346,
"URL": "https://reports.example.com/as/aa/fail",
"ApplicationName": "",
"SealStatus": "PASS",
"TotalFoundVulnerabilities": 1,
"ScanStatus": "Scan Success Time Over",
"ScanDate": "2024-08-02",
"groups": [],
"Vulnerabilities": [
{
"UniqueAlertId": 3332161,
"Title": "Insecure Content Security Policy (CSP)/X-Frame-Options",
"Severity": "Medium",
"CVSS_Score": "6.1",
"OpenStatus": "NEW",
"FoundOn": "https://reports.example.com/",
"FoundDate": "2024-08-02"
},
{
"UniqueAlertId": 3332131,
"Title": "Possible Sensitive Directories/Files Detected",
"Severity": "Medium",
"CVSS_Score": "5.3",
"OpenStatus": "OPEN",
"FoundOn": "https://reports.example.com/web.config",
"FoundDate": "2024-08-02"
}
]
}
]
}
}
Possible Response 2: Scan Error
{
"status": "OK",
"result": {
"success": "Data fetched successfully.",
"data": [
{
"ScanlogId": "12833389",
"ServicType": "AA",
"ServiceId": 77170,
"URL": "http://reports.example.info",
"ApplicationName": "Asset 001",
"SealStatus": "FAIL",
"TotalFoundVulnerabilities": 0,
"ScanStatus": "Scan Error",
"ScanDate": "2024-08-20",
"groups": [
"AAR"
],
"Vulnerabilities": []
}
]
}
}Possible Response 3: No logs found for the requested date
{
"status": "OK",
"result": {
"error": "No data logs found.",
"data": []
}
}Use Case 2: Get Specific Date Range Logs
Purpose: To fetch the scan logs for a specific date.
Method: GET
URL: http://was.indusface.com/client/v1/fetch-s3-logs
Params:
fromDate | Enter the from date (Starting date) for S3 logs. |
toDate | Enter the to date (End date) for S3 logs. |
Header parameters:
Header Parameter | Description |
accessKey | Use the Access Key value provided in the API Key Based table. |
secretKey | Use the Secret Key value provided in the API Key Based table. |
Possible Response 1: Logs fetched successfully
{
"status": "OK",
"result": {
"success": "Data fetched successfully.",
"data": [
{
"ScanlogId": "12832867",
"ServicType": "AA",
"ServiceId": 78346,
"URL": "https://reports.example.com/as/aa/fail",
"ApplicationName": "",
"SealStatus": "PASS",
"TotalFoundVulnerabilities": 31,
"ScanStatus": "Scan Success Time Over",
"ScanDate": "2024-08-02",
"groups": [],
"Vulnerabilities": [
{
"UniqueAlertId": 3332161,
"Title": "Insecure Content Security Policy (CSP)/X-Frame-Options",
"Severity": "Medium",
"CVSS_Score": "6.1",
"OpenStatus": "NEW",
"FoundOn": "https://reports.example.com/",
"FoundDate": "2024-08-02"
},
{
"ScanlogId": "12832920",
"ServicType": "AA",
"ServiceId": 78346,
"URL": "https://reports.example.com/as/aa/fail",
"ApplicationName": "",
"SealStatus": "PASS",
"TotalFoundVulnerabilities": 30,
"ScanStatus": "Scan Success Time Over",
"ScanDate": "2024-08-05",
"groups": [],
"Vulnerabilities": [
{
"UniqueAlertId": 3332161,
"Title": "Insecure Content Security Policy (CSP)/X-Frame-Options",
"Severity": "Medium",
"CVSS_Score": "6.1",
"OpenStatus": "OPEN",
"FoundOn": "https://reports.example.com/",
"FoundDate": "2024-08-05"
}
]
}
]
}
}Scan Attributes
Attribute | Description |
ScanlogId | Every time a customer initiates a scan, an ID is generated for each new scan. |
ServiceType | The type of scan service customer chooses. Example: AA- Application Audit, MM- Malware Monitoring, VA- Vulnerability Assessment. |
ServiceId | For every customer, a unique Id is generated for the type of scan service they choose. |
URL | The application URL is displayed here. |
ApplicationName | Name of the application for which scan has been performed. |
SealStatus | Pass- If an application successfully completes all three types of security scans such as AA, VA, MM. Fail- If an application fails in any security scan and immediate action is required to patch high or critical vulnerability. |
TotalFoundVulnerabilities | The total count of vulnerabilities found during the scan. |
ScanStatus | Scan Success- Scan successfully completed within the scan time. Scan Error- When site is unable to access by the scanner or data is unavailable Partial Scan- For the given scan time website overall scan is not completed but partially done. Scan Success Time Over- Scan successfully completed but scan time over. |
ScanDate | Date of the scan performed. |
groups | A group consists of different websites that have the same properties and characteristics. If the website is assigned to any group, the same group name is displayed here. |
Vulnerabilities Attributes
Attribute | Description |
UniqueAlertId | For every vulnerability found during the scan, an Id is being generated. |
Title | Every vulnerability has a title |
Severity | Vulnerability severity is given here, that is critical, high, and medium. |
CVSS_Score | CVSS_Score is numerical representation of severity of vulnerability. |
OpenStatus | New- When a vulnerability is found for the first time. Opened- When a vulnerability is found, and patch is not done. Closed- When a vulnerability is patched. Re-Opened- When a patched vulnerability is opened again. |
FoundOn | Application site where the vulnerability is found. |
FoundDate | The date when the vulnerability is found. |
