Contents
Importing assets
POST /xdr/api/v2.1/kuma/assets/import
Bulk creation or update of assets.
If the FQDN of an asset is specified, it acts as the unique ID of the asset within the tenant. If the asset name is not specified, either FQDN or the first IP address is used as the name. Assets imported from Kaspersky Security Center cannot be updated, therefore, FQDN conflicts may occur during the import process if a Kaspersky Security Center asset with a the same FQDN already exists in the tenant. Such conflicts prevent the processing of the conflicting asset, but do not prevent the processing of other assets specified in the request body. Allows you to populate custom fields by uuid from the assetsCustomFields settings.
Access: Main administrator, Tenant administrator, Tier 2 analyst, Tier 1 analyst
Request body
Format: JSON
type Request struct {
TenantID string `json:"tenantID"`
Assets []Asset `json:"assets"`
}
type Asset struct {
Name string `json:"name"`
FQDN string `json:"fqdn"`
IPAddresses []string `json:"ipAddresses"`
MACAddresses []string `json:"macAddresses"`
Owner string `json:"owner"`
OS *OS `json:"os"`
Software []Software `json:"software"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
CustomFields []CustomField `json:"customFields"`
}
type OS struct {
Name string `json:"name"`
Version uint64 `json:"version"`
}
type Software struct {
Name string `json:"name"`
Version string `json:"version"`
Vendor string `json:"vendor"`
}
type Vulnerability struct {
KasperskyID string `json:"kasperskyID"`
ProductName string `json:"productName"`
DescriptionURL string `json:"descriptionURL"`
RecommendedMajorPatch string `json:"recommendedMajorPatch"`
RecommendedMinorPatch string `json:"recommendedMinorPatch"`
SeverityStr string `json:"severityStr"`
Severity uint64 `json:"severity"`
CVE []string `json:"cve"`
ExploitExists bool `json:"exploitExists"`
MalwareExists bool `json:"malwareExists"`
}
type CustomFields struct {
ID string `json:"id"`
Value string `json:"value"`
}
|
Request mandatory fields
Name |
Data type |
Mandatory |
Description |
Value example |
tenantID |
string |
Yes |
Tenant ID |
00000000-0000-0000-0000-000000000000 |
assets |
[]Asset |
Yes |
Array of imported assets |
|
Asset mandatory fields
Name |
Data type |
Mandatory |
Description |
Value example |
fqdn |
string |
If the ipAddresses array is not specified |
Asset FQDN. It is recommended that you specify the FQDN and not just the host name. Priority indicator for asset identification. |
[my-asset-1.example.com] [my-asset-1] |
ipAddresses |
[]string |
If FQDN is not specified |
Array of IP addresses for the asset. IPv4 or IPv6. The first element of the array is used as a secondary indicator for asset identification. |
["192.168.1.1", "192.168.2.2"] ["2001:0db8:85a3:0000:0000:8a2e:0370:7334"] |
Response
HTTP code: 200
Format: JSON
|
Possible errors
HTTP code |
Description |
|
|
400 |
Tenant ID is not specified |
tenantID required |
- |
400 |
Attempt to import assets into the shared tenant |
import into shared tenant not allowed |
- |
400 |
Not a single asset was specified in the request body |
at least one asset required |
- |
400 |
None of the mandatory fields is specified |
one of fields required |
asset[<index>]: fqdn, ipAddresses |
400 |
Invalid FQDN |
invalid value |
asset[<index>].fqdn |
400 |
Invalid IP address |
invalid value |
asset[<index>].ipAddresses[<index>] |
400 |
IP address is repeated |
duplicated value |
asset[<index>].ipAddresses |
400 |
Invalid MAC address |
invalid value |
asset[<index>].macAddresses[<index>] |
400 |
MAC address is repeated |
duplicated value |
asset[<index>].macAddresses |
403 |
The user does not have the required role in the specified tenant |
access denied |
- |
404 |
The specified tenant was not found |
tenant not found |
- |
406 |
The specified tenant was disabled |
tenant disabled |
- |
500 |
Any other internal error |
variable |
variable |