search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.37k stars 162 forks source link

GraphQL API does not support logs or automation #240

Closed cyberzer0 closed 5 months ago

cyberzer0 commented 1 year ago

If I am missing this please point me in the right direction.

As far as I can tell testing with the GraphQL library I cannot pull the logs I have imported into a given testcase and I also cannot modify(update the log data) or create/pull from the automation component of a given testcase.

Testing in GraphQL playgroudn does not provide an query that will pull that data, happy to be proven wrong of course.

thebleucheese commented 1 year ago

If I am missing this please point me in the right direction.

As far as I can tell testing with the GraphQL library I cannot pull the logs I have imported into a given testcase and I also cannot modify(update the log data) or create/pull from the automation component of a given testcase.

Testing in GraphQL playgroudn does not provide an query that will pull that data, happy to be proven wrong of course.

At the moment, you're correct. The backend work needed to expose these entities to the public API is being done as part of a much larger update to VECTR. We expect that work to be completed in Q4 which will allow us to efficiently expose the ability to view, edit, create this kind of data via the API.

cyberzer0 commented 8 months ago

So Q4 for 2023 has come and gone. Where is this at roughly?

thebleucheese commented 8 months ago

So Q4 for 2023 has come and gone. Where is this at roughly?

The foundational work described in the above post was completed and is testing in a release candidate phase. We're now actively adding to the API and some improvements like automation args will be included while adding logs is in progress. I don't have an ETA for the 9.x major release but, pretty soon.

cyberzer0 commented 6 months ago

hey there, I had a look at the doc for the 9.0 release and I dont see the query/mutation to pull the logs I have imported into a given testcase

thebleucheese commented 6 months ago

hey there, I had a look at the doc for the 9.0 release and I dont see the query/mutation to pull the logs I have imported into a given testcase

https://docs.vectr.io/graphql/schema/testcase.doc.html

attackLogProcedures property

unstructured logs (raw text logs not from attire/automation) aren’t included in 9.0 but will be in a future VECTR version. We haven’t had any direct requests for access to those via API yet so it hasn’t been prioritized.