Bulk Export API

Introduction

Using Bulk Export API, you can bulk export your asset and vulnerability data using a GraphQL API. The data is returned in Parquet format and can be downloaded for use in your business intelligence tools.

To bulk export API data to Parquet files, complete the following:

Choose the endpoint for your region.
Initiate the generation of export files.
Query the ID returned.
Download the parquet files.

Authorization

⚠️

Permissions

You require Platform Administrator permissions to carry out API Bulk Export.

Authorization is performed by passing your API user key via a single HTTP header: X-Api-Key. The user key must be passed to all requests. This can be generated from the Insight Platform key management page. For information on generating and managing API keys, see Managing Platform API Keys .

Endpoints

Region	URI
United States - 1	https://us.api.insight.rapid7.com/export/graphql
United States - 2	https://us2.api.insight.rapid7.com/export/graphql
United States - 3	https://us3.api.insight.rapid7.com/export/graphql
Europe	https://eu.api.insight.rapid7.com/export/graphql
Canada	https://ca.api.insight.rapid7.com/export/graphql
Australia	https://au.api.insight.rapid7.com/export/graphql
Japan	https://ap.api.insight.rapid7.com/export/graphql

Initiating the export

Complete these steps to create and retrieve the export files in Parquet.

Step 1: Mutation to initiate export

The mutations initiate the generation of the export files for Policy and Vulnerability data, respectively:

Vulnerability:


mutation CreateVulnerabilityExport { 
    createVulnerabilityExport(input:{}) {
        id
    }
}

Step 2: Export query

To retrieve the URLs to download the Parquet files, you must query the ID returned when initiating the export. The results will return a URL where you can download the Parquet files.

⚠️

Export considerations

The data is refreshed by the system once a day. You can make multiple export requests, however overuse of this method may result in throttling.


query GetExport {
    export(id: "YzY1ODk5YzQtNjkwNi00MDRjLTk3NDQtNjRhOGNkNWFkNDIx"){
        id
        status
        dataset
        timestamp
        result {
             prefix
             urls
       }
    }
}

Parquet files

These schemas provide an overview of the fields returned in the files at the URLs provided:

Vulnerability Export

asset

Field	Type	Definition	Example
orgId	String	Organization ID	`a08de390-bb6a-4297-b1df-9ee58c7beb7a`
assetId	String	Asset ID	`2b2b6a57-9136-4874-8af1-3f9f0a6de60a-default-asset-1`
agentId	String	Agent ID	`586d68c92af55c27b7bfecf7f6df0cb4`
awsInstanceId	String	The Amazon Web Services instance ID of the asset, if applicable	`i-0e1cc483957bc29d8`
azureResourceId	String	The Azure resource identifier of the asset, if applicable
gcpObjectId	String	The Google Cloud Platform identifier of the asset, if applicable
mac	String	The primary MAC address of the asset	`0050568A103C`
ip	String	The primary IP address of the asset	`0.0.0.0`
hostName	String	The primary hostname of the asset	`testhost.us`
osArchitecture	String	Architecture of the OS on the asset	`x86_64`
osFamily	String	Family of the OS on the asset	`Windows`
osProduct	String	Product of the OS on the asset	`Windows Server 2016 Standard Edition`
osVendor	String	Vendor of the OS on the asset	`Microsoft`
osVersion	String	The OS version on the asset	`1607`
osType	String	Type of OS on the asset	`Server`
sites	List	Array of sites the asset belongs to	`[site1, site2]`

asset_vulnerability

Field	Type	Definition	Example
orgId	String	Organization ID	`a08de390-bb6a-4297-b1df-9ee58c7beb7a`
assetId	String	Asset ID	`2b2b6a57-9136-4874-8af1-3f9f0a6de60a-default-asset-1`
vulnId	String	Vulnerability ID	`msft-cve-2023-29372`
port	Integer	The scanned port the vulnerability is present on, if applicable	`22`
protocol	String	The scanned protocol the vulnerability is present on, if applicable	`TCP`
nic	String	The scanned network interface, if applicable
proof	String	Proof describing how the asset is vulnerable to the vulnerability	`<p><p>Vulnerable OS: Microsoft Windows Server 2012 R2 Standard Edition<p></p></p><p>Based on the following 3 results:<ol><li><p>Microsoft patch KB5027282 is not installed.</p></li><li><p>Microsoft patch KB5027271 is not installed.</p></li><li><p><ul><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion<ul><li>UBR - contains unexpected value 20337</li></ul></li></ul></p></li></ol></p></p>`
firstFoundTimestamp	Timestamp	Timestamp of when the vulnerability was found on the asset	`2023-11-06T11:40:37.000Z`
title	String	The title of the vulnerability	`Microsoft CVE-2023-29372: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability`
description	String	The description of the vulnerability, containing a mix of HTML/XML content	`Microsoft CVE-2023-29372: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability`
cvssAccessComplexity	String	The CVSS V2 access complexity of the vulnerability	`M`
cvssAccessVector	String	The CVSS V2 access vector of the vulnerability	`N`
cvssAuthentication	String	The CVSS V2 authentication of the vulnerability	`N`
cvssAvailabilityImpact	String	The CVSS V2 availability impact of the vulnerability	`C`
cvssConfidentialityImpact	String	The CVSS V2 confidentiality impact of the vulnerability	`C`
cvssIntegrityImpact	String	The CVSS V2 integrity impact of the vulnerability	`C`
cvssScore	Double	The CVSS V2 score of the vulnerability	`8.8`
cvssV3AttackVector	String	The CVSS V3 attack vector (AV) of the vulnerability	`Network`
cvssV3AttackComplexity	String	The CVSS V3 attack complexity (AC) of the vulnerability	`Low`
cvssV3PrivilegesRequired	String	The CVSS V3 privileges required (PR) of the vulnerability	`None`
cvssV3UserInteraction	String	The CVSS V3 user interaction (UI) of the vulnerability	`Required`
cvssV3Scope	String	The CVSS V3 scope (S) of the vulnerability	`Unchanged`
cvssV3Confidentiality	String	The CVSS V3 confidentiality (C) of the vulnerability	`High`
cvssV3Integrity	String	The CVSS V3 integrity (I) of the vulnerability	`High`
cvssV3Availability	String	The CVSS V3 availability (A) of the vulnerability	`High`
cvssV3Score	Double	The CVSS V3 score of the vulnerability	`8.8`
cvssV3Severity	String	The CVSS V3 severity of the vulnerability	`High`
cvssV3SeverityRank	Integer	The CVSS V3 severity rank of the vulnerability	`4`
skillLevel	String	The skill level of the vulnerability	`unknown`
skillLevelRank	Integer	The skill level rank of the vulnerability	`4`
severity	String	The severity of the vulnerability	`Critical`
severityRank		The severity rank of the vulnerability	`3`
severityScore	Integer	The severity score of the vulnerability	`9`
hasExploits	Boolean	Whether there are exploits associated with the vulnerability	`false`
hasMalware	Boolean	Whether there is malware associated with the vulnerability	`false`
threatFeedExists	Boolean	Whether a threat feed exists for the vulnerability	`false`
pciCompliant	Boolean	Whether the vulnerability is PCI compliant	`false`
pciSeverity	Integer	The PCI severity of the vulnerability	`5`
riskScore	Double	The real risk score of the vulnerability. Used only when riskScoreV2_0 is not present	`348.70102`
riskScoreV2_0	Integer	The active risk score of the vulnerability	`589`
cves	List	An array of CVE IDs applicable to the vulnerability	`[CVE-2023-29372]`
dateAdded	Timestamp	Timestamp of when the vulnerability was added	`2023-06-13T00:00:00.000Z`
dateModified	Timestamp	Timestamp of when the vulnerability was modified	`2023-06-15T00:00:00.000Z`
datePublished		Timestamp of when the vulnerability was published	`2023-06-13T00:00:00.000Z`

Downloading the Parquet files

Each time URLs are generated to download the files, the URLs are valid for 15 minutes. The files can be downloaded as many times as needed within the 15 minute time frame.
These files are retained for 30 days only. Attempting to query the exports after 30 days will return an error message.