Environment


Aqua Enterprise version => 4.2


Summary


This article explains how to trigger the CIS Benchmarks scan against a particular host/node using the API. This is useful when such a scan is needed to be scripted and/or automated.
In order to be authorized to perform any API calls against the Aqua CSP API server you must use either the simple authentication method (not recommended ) or requesting a valid token [1].


Solution


  1. Obtain the host/node name that we would like to scan from the Aqua CSP GUI from the Infrastructure page.


  2. Obtain the host/node ID via GET /api/v2/infrastructure/node/name-of-the-node

    curl -s -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http(s)://aqua-server-IP(FQDN):port/api/v2/infrastructure/node/Default.aqua-sandbox | json_pp

    {

       "cluster_id" : 0,

       "name" : "Default.aqua-sandbox",

       "is_enforced" : true,

       "data" : {},

       "id" : 1,

       "type" : "node",

       "permission" : "Write",

       "node_id" : "7cdd3b16-4ed0-4af7-9e6a-38b1de9a39eb",

       "security_issues" : {

          "last_vuln_scan" : 0,

          "neg_vulns" : 0,

          "malware" : 0,

          "low_vulns" : 0,

          "crit_vulns" : 0,

          "med_vulns" : 0,

          "high_vulns" : 0

       },

       "cluster_vulnerabilities" : {},

       "is_gateway_exists" : false,

       "created_date" : "0001-01-01T00:00:00Z"

    }

  3. Trigger the CIS Benchmark scan against the host/node via PUT /api/v1/hosts/host-node-ID/cis

    curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http(s)://aqua-server-IP(FQDN):port/api/v1/hosts/7cdd3b16-4ed0-4af7-9e6a-38b1de9a39eb/cis
     
  4. Check the scan time in the Aqua CSP GUI from the CIS Benchmarks page.


Related Information


[1] https://docs.aquasec.com/reference#rest-api