Creating a scan using the API

this feature is not available to all tiers, please contact us if you would like to discuss adding this feature to your hexiosec asm account the api endpoints required to create and start a scan are highlighted in the api documentation, but this page details those steps creating a scan adding seeds to a scan starting a scan check a scan's state in the following steps, an example scan id, 00000001 0001 0001 0001 000000000001 and api token, xyz have been used, and will need to be replaced with the valid values create and start 1\ creating a scan api https //asm hexiosec com/api/ui#post /v1/scans information required name the name of the scan, as you would see in the app scan group id the id of the group to add the scan to type the type of the scan to create, either adhoc ad hoc scan continuous own own asset monitoring scan continuous vendor third party monitoring scan other settings are available, see api documentation example post https // asm hexiosec com/api/v1/scans accept application/json content type application/json x hexiosec api key xyz { "name" "api example scan", "scan group id" "00000001 0001 0001 0001 000000000001", "type" "adhoc", "dns namelist" true, "ignore ip nodes" false } the response from this request will include the scan id value, to be used in step 2 2\ adding seeds to a scan api https //asm hexiosec com/api/ui#post /v1/scans/ id /seeds when the scan has been created, you can add seeds this endpoint will need to be called for each seed to be added information required id the id of the scan created, from step 1 in request body, for the seed name the domain name, ip address or ip range type either domain ipv4 ipv6 iprange other settings are available, see api documentation example post https // asm hexiosec com/api/v1/scans/00000001 0001 0001 0001 000000000001/seeds accept application/json content type application/json x hexiosec api key xyz { "name" "example com", "type" "domain" } 3\ starting a scan api https //asm hexiosec com/api/ui#patch /v1/scans/ id once the scan has been created and seeds added, you use the update endpoint to start the scan running information required id the id of the scan created, from step 1 in request body, set the state enabled true other settings are available, see api documentation example patch https // asm hexiosec com/api/v1/scans/00000001 0001 0001 0001 000000000001 accept application/json content type application/json x hexiosec api key xyz { "enabled"\ true } check state 4\ check a scan's state api https //asm hexiosec com/api/ui#get /v1/scans/ id once a scan has completed you will receive an email notification (if enabled) you can also use the get 'scans' endpoint to periodically query the state of the scan information required id the id of the scan created, from step 1 expand iteration to ensure you get the state example get https //asm hexiosec com/api/v1/scans/00000001 0001 0001 0001 000000000001?expand=iteration acceptapplication/json x hexiosec api key xyz in the response, the iteration object contains the state of the latest iteration example response when in progress "iteration" { "state" "in progress" } example response when complete "iteration" { "state" "completed" }