[Solved] - Rest api - exporting result

Hi

 

I’m not used to work with invoke-rest method and api, but now I get stuck on trying to export some fields of the data returned.

I’m able to retrieve the list of my computers having vulnerabilities and gets arouns 2500 records.

data returned contains 3 objects :

Version : “v1.2.0”

Metadata :{ “links”: { “self”: https://api.eu.amp.cisco.com/v1/events?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=1, “next”: https://api.eu.amp.cisco.com/v1/events?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=1&offset=1 }, “results”: { “total”: 350, “current_item_count”: 1, “index”: 0, “items_per_page”: 1 }}

data : {id : 15538481037811
timestamp : 1553848103
timestamp_nanoseconds : 0
date : 2019-03-29T08:28:23+00:00
event_type : Vulnerable Application Detected
event_type_id : 1107296279
connector_guid : b9fb77b6-e781-40f5-b430-516ecbfe5936
group_guids : {321a0154-b920-484c-b306-d10220f05418, 9e7c6c2e-eba9-4c72-92cf-1ce1699a13c0}
severity : Low
start_timestamp : 1553847273
start_date : 2019-03-29T08:14:33+00:00
computer : @{connector_guid=bjhhe6-e781-40f5-b430-516ecbfe5936; hostname=xxxxxxx.xxxx.net; external_ip=155.155.155.155; active=True; network_addresses=System.Object[]; links=}
file : @{disposition=Clean; file_name=AcroRd32.exe; identity=; parent=}
vulnerabilities : {@{name=Adobe Acrobat Reader; version=11.0.9; cve=CVE-2014-9160; score=10.0; url=http://tools.cisco.com/security/center/viewAlert.x?alertId=39830}, @{cve=CVE-2015-3046; score=10.0; url=http://tools.cisco.com/security/center/viewAlert.x?alertId=39062}, @{cve=CVE-2015-3048;
score=10.0; url=http://tools.cisco.com/security/center/viewAlert.x?alertId=38806}, @{cve=CVE-2015-3049; score=10.0; url=http://tools.cisco.com/security/center/viewAlert.x?alertId=38806}…}}

 

What I would like to achive is to export (to txt file or csv) only those fields for all my computers:

-date

-computer.hostname

-vulnerabilities.name

-vulnerabilities.version

I tried many things but none give me the attended result. Vulnerabilities object causes me trouble.

here is what I got so far :

“date”,“vulnerability_name”,“name”,“version”
“2019-03-29T07:15:36+00:00”,“System.Object[]”,“xxxxx.domain.net”,“System.Object[]”
“2019-03-29T07:06:56+00:00”,“System.Object[]”,“yyyy.domain.net”,“System.Object[]”

I hope it is clear, if not feel free to ask :slight_smile:

Any help would be appreciated.

Thans a lot

 

 

Hi,

I believe you should create a custom object to get the result you wish. First collect everything in a variable and then loop trough it and create a custom object.

Might be better ways to do it, if so hope someone else comments :wink:

So as an example:

$restApiResult = invoke-restapi …

and if your result is as shown above with a list of computers I would loop trough it and create a new object.

Foreach ($c in $restApiResult) {

[CustomObject]@{Date = $c.Date

Vulnerability_Name = $c.vulnerability.name

Name = $c.computer.hostname

Version = $c.vulnerabilities.version

}

}

 

Most REST APIs return json or xml - it looks like yours returns json. You don’t even need to create a pscustom object, Invoke-RestMethod does this for you. Try substituting Invoke-WebRequest for Invoke-RestMethod, and see the difference between having to parse and convert json yourself and having IRM do it for you.

[pre]
$query = Invoke-RestMethod -Url $url … etc…

return $query
[/pre]

This will return a PSCustom Object for you that you can query like a hashtable.

If you would for whatever reason, like to still receive raw json, simply store it in a variable and pipe it to ConvertFrom-Json and it’ll do the same thing in effect.

Hi

Sorry for the late reply.

Thx to both of you. I manage to get my values using custom objects.

foreach($connector in $Global:events) {

If ($connector.computer.hostname-ne$null) {

$myobj=New-Object-TypeName PSObject

Add-Member-InputObject $myobj-MemberType ‘NoteProperty’-Name ‘Application’-Value $connector.vulnerabilities[0].name

Add-Member-InputObject $myobj-MemberType ‘NoteProperty’-Name ‘Version’-Value $connector.vulnerabilities[0].version

Add-Member-InputObject $myobj-MemberType ‘NoteProperty’-Name ‘Hostname’-Value $connector.computer.hostname

Add-Member-InputObject $myobj-MemberType ‘NoteProperty’-Name ‘Date’-Value $connector.date

$liste+=$myobj

}

}