This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
‎2021-09-06 04:35 PM
In response to Kola_CP

Sure, it's possible, but you're getting into scripting territory.

mgmt_cli -r true login > sid.txt;
mgmt_cli -s sid.txt --format json show-groups | jq -r '.objects[] | .name' | while read X; do
    echo $X
    mgmt_cli -s sid.txt show-group name "$X" --format json | jq '.members[] | [.name, ."ipv4-address",.subnet4,."mask-length4"] |@csv' -r
    echo
done

Just to explain what's going on here:

  • We're logging into the API once and saving the session in sid.txt, which we reuse in other commands.
  • We're querying the API to get all the groups, then showing each one with some specific information (object name, ipv4-address for host objects, network and mask for network objects)

Limitations of the above:

  • If IPv6 is in use, you will have to adjust the jq command accordingly to output the specific fields you want.
  • For large numbers of groups or objects in a group, you will have to make multiple calls using limit/offset calls.
  • This does not handle nested groups (groups inside of groups), which will require additional scripting.

 

View solution in original post

(2)
Who rated this post