How to send file to KATA via API [KATA/KEDRE]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article provides additional details to the Online Help article.

Modern web servers use gzip compression for transferred web pages. Such compressed web pages should not be sent to KATA API as these files will create unnecessary load on Sandbox.

Content-Type - Optional parameter
objectType - must always be a file (other types are not supported)
content - object to send

scanId - ID of the object sent to KATA (must be unique)
sensorId - ID of the system sending file. Could be random UID, authorized in KATA Web UI (External Systems tab)

Examples:

# curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -F scanId=9000001 -F objectType=file -F content=@/tmp/test.pdf -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans    # curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -F scanId=9000002 -F objectType=file -F content=@/tmp/test.docx -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans

How to generate key and certificate:

openssl genrsa -out server.key 2048 openssl rsa -in server.key -out server.key openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost' openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt cat server.crt server.key > cert.pem

Or use the one-liner:

openssl req -x509 -newkey rsa:2048 -keyout ./server.key -out ./cert.pem -days 365 -nodes -subj "/C=RU/ST=MSK/L=Moscow/O=Company Name/OU=Org/CN=www.example.com"

To retrieve scan results:

# curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -X GET "https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans/state?&state=detect,not detected,error,timeout" -H "accept: application/json"   {   "scans": [     {       "scanId": "9000001",       "state": "detect"     },     {       "scanId": "9000002",       "state": "detect"     }   ] }

 

To view all scan results from KATA CN 3.7.2

# sudo -u postgres psql antiapt -c "select count (*) from all_alerts where meta_type='EXTERNAL' and object_type='FILE';"

To view all scan results from KATA CN 4.0/4.1/5.0

# sudo -i # docker exec -it `docker ps | grep kedr_database_server | awk '{print $1}'` psql -U kluser antiapt -c "select count (*) from all_alerts where meta_type='EXTERNAL' and object_type='FILE';"

How to use pfx for curl authentication

This has more to do with curl than with the product. If curl is based on an SSL library that supports pfx, the integration will work correctly. MacOS example (curl is based on Secure Transport).

# curl -k --noproxy '*' --cert-type P12 --cert ./<certificate>.pfx:<password>  -F scanId="<ID>" -F objectType=file -F content=@/tmp/test -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans

 

How to retrieve detects from detects API

Typical curl request:

curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -X GET "https://127.0.0.1:443/kata/scanner/v1/sensors/11111-111-11111/detects"