So this next post provides a Powershell script to extract data from the Runecast API, I use this to extract data on a scheduled basis for use within other dashboards / tools.
So your next question might be… but why would you want to do that?? the GUI already provides the data!!! Well in large organisations the last thing you want to do is to be handing out access to management tools to everyone… even if it’s just read only.
What I have found is it just creates confusion when managers / non technical people see RED and CRITICAL plastered everywhere without some technical knowledge and background… and sigh it just ends up creating more work for me! So what I like to do is become Mr Digital Picasso in the organisation and massage the data into “manager friendly” reports / RAG dashboards.
OK first you must install the ImportExcel Module otherwise it wont generate the report!–> https://github.com/dfinke/ImportExcel
Generating the API key is straight forward… in the Runecast GUI follow the 1,2,3 steps below!
One you have the Key you can just run the script by running the command below and filling in your own values
I have started using GITHUB to store the code for versioning, check it here
.\RunecastExtractor.ps1 -Runecast runecast.vMan.ch -Token '7546e68b-96bc-406e-8d57-280e1de75670' -FileName 'RunecastExtract.xlsx' -OutputLocation D:\RunecastExtractor\
<#
#Powershell Runecast API query script
#v1.0 vMan.ch, 13.06.2018 - Initial Version
A lazy vMans module to hit the Runecast API and extract data.
Script requires Powershell v3 and above.
Make sure to install the Required Module --> https://github.com/dfinke/ImportExcel
Usage
.\RunecastExtractor.ps1 -Runecast runecast.vMan.ch -Token '7546e68b-96bc-406e-8d57-280e1de75670' -FileName 'RunecastExtract.xlsx' -OutputLocation D:\RunecastExtractor\
#>
param
(
[String]$Runecast,
[String]$Token,
[String]$FileName,
[String]$OutputLocation
)
#Take all certs.
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
#Stuff for Invoke-RestMethod
$ContentType = "application/json"
$header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$header.Add("Accept", 'application/json')
$header.Add("Authorization", $Token)
$header.Add("User-Agent", 'vManRunecastExtractor/1.0')
#Get a list of every Issue
$IssueList = @()
$IssueUrl = 'https://'+$Runecast+'/rc2/api/v1/issues'
$issues = Invoke-RestMethod -Uri $IssueUrl -Method Get -Headers $header -ContentType $ContentType
ForEach ($issue in $issues.issues){
$IssueList += New-Object PSObject -Property @{
id = $issue.id
affects = $issue.affects
appliesTo = $issue.appliesTo
severity = $issue.severity
type = $issue.type
title = $issue.title
url = $issue.url
annotation = $issue.annotation
updatedDate = $issue.updatedDate
stigid = $issue.stigid
vulnid = $issue.vulnid
checkDescription = $issue.checkDescription
fixDescription = $issue.fixDescription
stigSection = $issue.stigSection
}
}
#Get a list of VC's
$VCList = @()
$VCUrl = 'https://'+$Runecast+'/rc2/api/v1/vcenters'
$VCs = Invoke-RestMethod -Uri $VCUrl -Method Get -Headers $header -ContentType $ContentType
ForEach ($VC in $VCs.vcenters){
$VCList += New-Object PSObject -Property @{
vcUid = $VC.uid
address = $VC.address
}
}
#Get a list of results
$ResultsList = @()
$ResultsUrl = 'https://'+$Runecast+'/rc2/api/v1/results'
$results = Invoke-RestMethod -Uri $ResultsUrl -Method Get -Headers $header -ContentType $ContentType
ForEach ($Result in $Results.Results.issues){
$id = $Result.id
$status = $Result.Status
ForEach ($affectedObject in $Result.affectedObjects){
$ResultsList += New-Object PSObject -Property @{
id = $id
Name = $affectedObject.Name
vcUid = $affectedObject.vcUid
moid = $affectedObject.moid
}
}
}
#Export it all to Excel baby!!
$File = $OutputLocation + $FileName
$IssueList | Select id,affects,appliesTo,severity,type,title,url,annotation,updatedDate,stigid,vulnid,checkDescription,fixDescription,stigSection | export-excel $File -WorkSheetname Issues
$VCList | Select vcUid,address | export-excel $File -WorkSheetname vCenters
$ResultsList | Select id,Name,vcUid,moid | export-excel $File -WorkSheetname Results
What you get out is an Excel spreadsheet with all possible issues listed in Runecast, a list of vCenters and all the Results from the scan.
Example Report output: RunecastExtract which I use to create a simple dashboard in Tableau… as this is my lab and I can’t use real data you will just have to use your imagination for all the possibilities!
Hope you found this helpful!
vMAN
Hello everyone!
We would like to let you know about industry first, full support for NSX-V in the latest Runecast Analyzer 1.8.
What can you expect?
* Support for proactive issue detection in VMware NSX-V (version 6.2 – 6.4.1)
* NSX-V Best Practice analysis and reporting
* NSX-V VMware Security Hardening analysis and reporting
* NSX-V DISA-STIG analysis and reporting
* NSX-V proactive configuration issue analysis (with growing numbers of KBs)
* Automatic discovery of NSX Managers linked to vCenters
For more info, check our blog: http://bit.ly/Runecast_NSX
Hope you’ll enjoy this release as much as we enjoyed developing it ?
Best regards,
Michal Hrncirik, Head of Product Management