Update Asset?

[sgealbhain]

Hey - Good module.

Is there a way update an existing asset with additional hostnames?

[My-Random-Thoughts]

Hi, thanks.

I can't remember a setting within the console that allows this. What is it you are trying to achieve?
I know that if Nexpose/InsightVM will try to merge devices if one or more of them match (this has to be enabled though)

[sgealbhain]

Basically I have a bunch of IP Address Object in Nexpose. My task to to pull hostname information from another database and associate them with an IP Address. Some of the IP Addresses may have multiple hostnames and not necessarily a primary hostname.

[My-Random-Thoughts]

Ah OK, you want some sort of CMDB or such. Nexpose can't help you there, sorry.
Nexpose will scan assets by IP address. If it can use the assets hostname it will do, but it can use DNS for them too.

Since I don't know your environment or why you would want computers with more than one name, I can't really help.

[sgealbhain]

No its not a CMDB. Lets say I've already created an asset by IP Address. Lets say that asset has no primary hostname. 2 weeks later I realise that the IP Address relates to 2 FQDNs. How do I go about adding those to the asset as additional hostnames? It seems this endpoint will do it? https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createAsset

"Creates or updates an asset with the specified details."

[My-Random-Thoughts]

That particular endpoint is covered with New-NexposeAsset.ps1. This will only allow you to add a new asset to a site.

I don't currently have an Update-... function, but I can create one sometime next week (I am on holiday currently)
If you want to try it out before hand, a quick and dirty method would be to set line 46 of New-NexposeAsset.ps1 to be [object]$checkExisting = $null.

[My-Random-Thoughts]

Sorry for the delay on this, it's a lot bigger than I thought it was initially.

[My-Random-Thoughts]

Wow, I can't believe it's coming up to 2 years. Really sorry.
I have been looking at this for the last couple of days and the first time I had a go, it killed my Rapid7 install (not a big hassle).

The current attempts are changing the hostnames of the assets as required, but the new data is only showing up on subsequent API calls, nothing in the GUI to indicate a new name or additional names.

I'll keep playing, but the last API ticket I put in to R7 took 4 years for them the fix! I still have outstanding ones from before that too.

[My-Random-Thoughts]

Give this a go - it's not fully polished as I usually do, but it should work. I would suggest you test it on a dev instance if you can - should be fine though.

Function Update-NexposeSiteAssetHostName {
    [CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = 'byNew')]
    Param (
        [Parameter(Mandatory = $true)]
        [int]$SiteId,

        [Parameter(Mandatory = $true)]
        [int]$AssetId,

        [Parameter(Mandatory = $true, ParameterSetName = 'byNew')]
        [string]$NewHostName,

        [Parameter(Mandatory = $true, ParameterSetName = 'byAdd')]
        [string]$AddHostName
    )

    Begin {
        $asset = (Get-NexposeAsset -Id $AssetId)
        If (-not $asset.id) { Throw "Invalid Asset Id" }

        $site = (Get-NexposeSite -Id $SiteId)
        If (-not $site.id) { Throw "Invalid Site Id" }

        $apiQuery = @{}
        $apiQuery.id = $AssetId
        $apiQuery.ip = $asset.ip
        $apiQuery.date = (Get-Date)
    }

    Process {
        If ($PSCmdlet.ParameterSetName -eq 'byNew') {
            If ($asset.hostName -ne $NewHostName) {
                $apiQuery.hostName = @{ name = $NewHostName }
                If ($asset.hostNames.psobject.BaseObject.name -notcontains $AddHostName) {
                    $apiQuery.hostNames  = $asset.hostNames
                    $apiQuery.hostNames += @{ name = $NewHostName }
                }
            }
            Else {
                Write-Warning -Message 'That hostname has already set for this asset.'
                Return $null
            }
        }
        ElseIf ($PSCmdlet.ParameterSetName -eq 'byAdd') {
            If ($asset.hostNames.psobject.BaseObject.name -notcontains $AddHostName) {
                $apiQuery.hostNames  = $asset.hostNames
                $apiQuery.hostNames += @{ name = $AddHostName }
            }
            Else {
                Write-Warning -Message 'That hostname has already been added for this asset.'
                Return $null
            }
        }
        Else {
            Throw 'Invalid Parameter Set'
        }

        If ($PSCmdlet.ShouldProcess(($asset.hostName))) {
            Write-Output (Invoke-NexposeQuery -UrlFunction "sites/$($SiteId)/assets" -ApiQuery $apiQuery -RestMethod Post -Verbose)
        }
    }

    End {
    }
}

Usage is fairly simple:

Update-NexposeSiteAssetHostName -SiteId 1 -AssetId 14 -NewHostName 'NewAssetName'
Update-NexposeSiteAssetHostName -SiteId 1 -AssetId 14 -AddHostName 'AdditionalAssetName'

[My-Random-Thoughts]

I am finding that after changing an asset my renaming or adding names, when that asset is re-scanned those changes are reverted.