So this next post provides a Powershell script to extract data from the Runecast API, I use this to extract data on a scheduled basis for use within other dashboards / tools.

So your next question might be… but why would you want to do that?? the GUI already provides the data!!! Well in large organisations the last thing you want to do is to be handing out access to management tools to everyone… even if it’s just read only.

What I have found is it just creates confusion when managers / non technical people see RED and CRITICAL plastered everywhere without some technical knowledge and background… and sigh it just ends up creating more work for me! So what I like to do is become Mr Digital Picasso in the organisation and massage the data into “manager friendly” reports / RAG dashboards.

OK first you must install the ImportExcel Module otherwise it wont generate the report!–>

Generating the API key is straight forward… in the Runecast GUI follow the 1,2,3 steps below!

One you have the Key you can just run the script by running the command below and filling in your own values

I have started using GITHUB to store the code for versioning, check it here

.\RunecastExtractor.ps1 -Runecast -Token '7546e68b-96bc-406e-8d57-280e1de75670' -FileName 'RunecastExtract.xlsx' -OutputLocation D:\RunecastExtractor\
#Powershell Runecast API query script
#v1.0, 13.06.2018 - Initial Version

    A lazy vMans module to hit the Runecast API and extract data.

    Script requires Powershell v3 and above.

    Make sure to install the Required Module -->

    .\RunecastExtractor.ps1 -Runecast -Token '7546e68b-96bc-406e-8d57-280e1de75670' -FileName 'RunecastExtract.xlsx' -OutputLocation D:\RunecastExtractor\



#Take all certs.
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

#Stuff for Invoke-RestMethod
$ContentType = "application/json"
$header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$header.Add("Accept", 'application/json')
$header.Add("Authorization", $Token)
$header.Add("User-Agent", 'vManRunecastExtractor/1.0')

#Get a list of every Issue

    $IssueList = @()

    $IssueUrl = 'https://'+$Runecast+'/rc2/api/v1/issues'

    $issues = Invoke-RestMethod -Uri $IssueUrl -Method Get -Headers $header -ContentType $ContentType

    ForEach ($issue in $issues.issues){

        $IssueList += New-Object PSObject -Property @{

                    id = $
                    affects = $issue.affects
                    appliesTo = $issue.appliesTo
                    severity = $issue.severity
                    type = $issue.type
                    title = $issue.title
                    url = $issue.url
                    annotation = $issue.annotation 
                    updatedDate = $issue.updatedDate
                    stigid = $issue.stigid
                    vulnid = $issue.vulnid
                    checkDescription = $issue.checkDescription
                    fixDescription = $issue.fixDescription
                    stigSection = $issue.stigSection


#Get a list of VC's

    $VCList = @()

    $VCUrl = 'https://'+$Runecast+'/rc2/api/v1/vcenters'

    $VCs = Invoke-RestMethod -Uri $VCUrl -Method Get -Headers $header -ContentType $ContentType

    ForEach ($VC in $VCs.vcenters){

        $VCList += New-Object PSObject -Property @{

                    vcUid = $VC.uid
                    address = $VC.address


#Get a list of results

    $ResultsList = @()

    $ResultsUrl = 'https://'+$Runecast+'/rc2/api/v1/results'

    $results = Invoke-RestMethod -Uri $ResultsUrl -Method Get -Headers $header -ContentType $ContentType

    ForEach ($Result in $Results.Results.issues){

        $id = $
        $status = $Result.Status

        ForEach ($affectedObject in $Result.affectedObjects){

            $ResultsList += New-Object PSObject -Property @{

                    id = $id
                    Name = $affectedObject.Name
                    vcUid = $affectedObject.vcUid
                    moid = $affectedObject.moid


#Export it all to Excel baby!!

$File = $OutputLocation + $FileName

$IssueList | Select id,affects,appliesTo,severity,type,title,url,annotation,updatedDate,stigid,vulnid,checkDescription,fixDescription,stigSection | export-excel $File -WorkSheetname Issues

$VCList | Select vcUid,address | export-excel $File -WorkSheetname vCenters

$ResultsList | Select id,Name,vcUid,moid | export-excel $File -WorkSheetname Results

What you get out is an Excel spreadsheet with all possible issues listed in Runecast, a list of vCenters and all the Results from the scan.

Example Report output: RunecastExtract which I use to create a simple dashboard in Tableau… as this is my lab and I can’t use real data you will just have to use your imagination for all the possibilities!

Hope you found this helpful!