======== Setup On systems with yum (rpm-based linux): sudo yum install ruby rubygems rubygem-oauth2 rubygem-rest-client rubygem-json On other operating systems, first install ruby, then run the following command to install all optional gems needed by the CloudPasssage API clients: sudo gem install oauth2 rest-client json public_suffix ip On all operating systems: Copy sca-report-to-csv.rb and wlslib.rb to somewhere in your path; for these instructions, we assume you copy it to /usr/local/bin/ . Then: chmod 755 /usr/local/bin/sca-report-to-csv.rb To use the script, you need an API key ID and API key secret. These can be found in the Halo portal under Settings, Site Administration, "API Keys" tab. If you have no keys listed, press "Add new key". Fill in a name (such as "Read-only key for monitoring", and select "Read Only" as this key does not need write privileges. The value in the "ID" column will be used as "api_client_id". Press the "Show" link to its right to get the "Secret Key" (which is used as "api_client_secret"). Create a file called /etc/halo-api-keys and place the ID and secret on their own line separated by a vertical pipe: myid|mysecret This file should have very tight restrictions; only the account under which the script will be run should be able to read and write this file, so we recommend mode 600 for it and owned by that account. If you are using a grid other then api.cloudpassage.com you can add another vertical pipe and the hostname:port at the end of the line: myid|mysecret|gridhostname:9999 If you work with multiple Portal accounts, get a key ID and key secret from each one and place each pair (or triplet) on its own line. If you route https traffic through a proxy, set the https_proxy variable before running the script and all https requests will use it. Note that you must set https_proxy ; http_proxy will not be used. Example: export https_proxy="http://192.168.1.1:3128/" ======== Using the script To retrieve the failed checks from a particular server, you'll need to specify either it's hostname or one of its IP addresses on the command line. Make sure you pick a unique hostname or IP address, as the script selects the first server it finds with the requested hostname or IP. For this reason, do not use the "Connecting IP address" of a server if it shares that IP address with other hosts because you use NAT or a proxy, and do not use the hostname if multiple hosts share the same hostname. To select by hostname: sca-report-to-csv.rb -i myid -n 'WebServer17' >WebServer17.csv To select by IP address: sca-report-to-csv.rb -i myid -a '10.11.12.13' >10.11.12.13.csv The resulting csv file can now be imported into a spreadsheet or other application. If you wish to export svm results instead, add "--svm" to the command line, with options "--suppressed" or "--no-suppressed" to display or not display suppressed svm results: sca-report-to-csv.rb -i myid --svm -a '10.11.12.13' >10.11.12.13.svm.csv To see the available command line parameters, run the script with the "-h" option: sca-report-to-csv.rb -h Export a SCA report in comma separated format for later spreadsheet import. Each line holds one check. Usage: sca-report-to-csv.rb [options] -i, --api_client_id keyid API Key ID (can be read only or full access) -a ipaddr IP address (interface or connecting IP address) -n hostname Hostname --bad Show checks with a bad status --no-bad Do not show checks with a bad status --good Show checks with a good status --no-good Do not show checks with a good status --indeterminate Show checks with a indeterminate status --no-indeterminate Do not show checks with a indeterminate status --suppressed Show checks with a suppressed status --no-suppressed Do not show checks with a suppressed status --svm Work with SVM results instead -h, --help Show help text