Creating an SCP alert using the CLI

Hi :slight_smile:

Issue: Can not create SCP alert using the CLI. (Can create it using the WUI, though)

Extra info: Email Alerts can be created using both WUI and CLI, but SCP alerts can be created only via WUI.

CLI Error:

Response Error 400. Error in SCP credential

gvmd.log, Loglevel 127 error:

event alert:MESSAGE:2020-10-23 11h22.51 UTC:26463: Alert could not be created by admin

WUI Alert properties:

Name: test2_scp
Comment: Blah
Event: Task run status changed to Done
Condition: Severity at least 9.0
Report Content: Compose
Delta Report: None
Method: SCP
Credential: my_sample_cred   <----- this is the same credential which I use for local ssh scans (pubkey)
Host: localhost
Known Hosts: localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNo...... [TRUNCATED FOR PRIVACY]
Path: /tmp/report.csv
Report: CSV Results
Active: Yes

CLI Command:

gvm-cli -c /etc/gvm/gvm-cli.conf socket --xml "<create_alert><name>test2_scp</name><comment>Blah</comment><condition>Severity at least<data><name>severity</name>9</data></condition><event>Task run status changed<data><name>status</name>Done</data></event><method>SCP<data><name>scp_known_hosts</name>localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNo....[TRUNCATED FOR PRIVACY]</data><data><name>delta_report_id</name></data><data><name>scp_credential</name><credential id=\"THE ID OF my_sample_cred\"><name>my_sample_cred</name><login>SCP_USERNAME</login></credential>CRED_ID_REPEATED_HERE</data><data><name>scp_host</name>localhost</data><data><name>delta_type</name>None</data><data><name>scp_path</name>/tmp/report.csv</data><data><name>scp_report_format</name>c1645568-627a-11e3-a660-406186ea4fc5</data></method><active>1</active></create_alert>"

Notes:
All other components seem to be working fine. I was able to create the Email-Alert, using the CLI, but when I try to create the SCP alert, it complains about the SCP Credentials.
The Credential id is correct, double-checked using the <get_credentials/> command in the CLI.

The CLI Config file looks like:

[main]
timeout = 300

[gmp]
username=admin
password=ADMIN_PASSWORD

[unixsocket]
socketpath=/PATH/TO/gvmd.sock

Any suggestion on this? :face_with_monocle:

Solved.
A hint for anyone with issues regarding the gvm-cli:

Set the loglevel to 128 for every logs (file: gvmd_log.conf), then perform what ever you want through the WUI. This way a complete log of the CLI command will be printed out in the log files, you can use that command to perform the same task using the CLI.

1 Like