Ctrl K

Searches for an element - in this case "incident" - in the verinice.veo open source ISMS tool.

Published Mar 16, 2025

Searches for an element - in this case of type "incident" - in the verinice.veo open source ISMS tool. The full JSON content of the element is returned. The example shows how to search by the field "abbreviation". Other search criteria can be used. The default parameter values are set for the "sandbox" environment. These can be changed to access the productive verinice.cloud or your local on-premise installation.

Script verinice.veo

Submitted by alexander koderman64 Bun

Created 451 days ago

All edits

Permalink

//native
//you can add proxy support using //proxy http(s)://host:port

// native scripts are bun scripts that are executed on native workers and can be parallelized
// only fetch is allowed, but imports will work as long as they also use only fetch and the standard lib

//import * as wmill from "windmill-client"

interface TokenParams {
  host: string;
  username: string;
  password: string;
  clientId: string;
  realm: string;
}

interface TokenResponse {
  access_token?: string;
  [key: string]: any;
}

async function getAccessToken({ host, username, password, clientId, realm }: TokenParams): Promise<string> {
  const url = `https://${host}/auth/realms/${realm}/protocol/openid-connect/token`;

  const params = new URLSearchParams({
    grant_type: 'password',
    username,
    password,
    client_id: clientId,
  });

  const response = await fetch(url, {
    method: 'POST',
    headers: {
      'Accept': 'application/json',
      'Content-Type': 'application/x-www-form-urlencoded',
      'cache-control': 'no-cache',
    },
    body: params,
  });

  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }

  const data: TokenResponse = await response.json();
  const token = data.access_token;
  if (!token) {
    throw new Error('Could not get access token');
  }
  return token;
}

export async function main(domain_id: string = "c4503929-0737-4875-8b46-dfbea2512b3f",
  user: string = "sandboxuser",
  pass: string,
  oidc_client: string = "veo-sandbox",
  unit_id: string = "3d47b7d7-29f9-42fb-9414-0010b5e4ae23",
  abbreviation: string,
  subtype: string = "INC_SecurityIncident",
  realm: string = "verinice-sandbox",
  api_host: string = "api.sandbox.verinice.com"
) {

  const token = await getAccessToken({
    host: "auth.verinice.com",
    username: user,
    password: pass,
    clientId: oidc_client,
    realm: realm
  });

  const res = await fetch(`https://${api_host}/veo/domains/${domain_id}/incidents?size=200&unit=${unit_id}&subType=${subtype}&abbreviation=${abbreviation}`, {
    headers: {
      "Content-Type": "application/json",
      "Authorization": "Bearer " + token
    },
  });
  return res.json();
}


`1`	`//native`
`2`	`//you can add proxy support using //proxy http(s)://host:port`
`3`
`4`	`// native scripts are bun scripts that are executed on native workers and can be parallelized`
`5`	`// only fetch is allowed, but imports will work as long as they also use only fetch and the standard lib`
`6`
`7`	`//import * as wmill from "windmill-client"`
`8`
`9`	`interface TokenParams {`
`10`	`host: string;`
`11`	`username: string;`
`12`	`password: string;`
`13`	`clientId: string;`
`14`	`realm: string;`
`15`	`}`
`16`
`17`	`interface TokenResponse {`
`18`	`access_token?: string;`
`19`	`[key: string]: any;`
`20`	`}`
`21`
`22`	`async function getAccessToken({ host, username, password, clientId, realm }: TokenParams): Promise<string> {`
`23`	const url = `https://${host}/auth/realms/${realm}/protocol/openid-connect/token`;
`24`
`25`	`const params = new URLSearchParams({`
`26`	`grant_type: 'password',`
`27`	`username,`
`28`	`password,`
`29`	`client_id: clientId,`
`30`	`});`
`31`
`32`	`const response = await fetch(url, {`
`33`	`method: 'POST',`
`34`	`headers: {`
`35`	`'Accept': 'application/json',`
`36`	`'Content-Type': 'application/x-www-form-urlencoded',`
`37`	`'cache-control': 'no-cache',`
`38`	`},`
`39`	`body: params,`
`40`	`});`
`41`
`42`	`if (!response.ok) {`
`43`	throw new Error(`HTTP error! status: ${response.status}`);
`44`	`}`
`45`
`46`	`const data: TokenResponse = await response.json();`
`47`	`const token = data.access_token;`
`48`	`if (!token) {`
`49`	`throw new Error('Could not get access token');`
`50`	`}`
`51`	`return token;`
`52`	`}`
`53`
`54`	`export async function main(domain_id: string = "c4503929-0737-4875-8b46-dfbea2512b3f",`
`55`	`user: string = "sandboxuser",`
`56`	`pass: string,`
`57`	`oidc_client: string = "veo-sandbox",`
`58`	`unit_id: string = "3d47b7d7-29f9-42fb-9414-0010b5e4ae23",`
`59`	`abbreviation: string,`
`60`	`subtype: string = "INC_SecurityIncident",`
`61`	`realm: string = "verinice-sandbox",`
`62`	`api_host: string = "api.sandbox.verinice.com"`
`63`	`) {`
`64`
`65`	`const token = await getAccessToken({`
`66`	`host: "auth.verinice.com",`
`67`	`username: user,`
`68`	`password: pass,`
`69`	`clientId: oidc_client,`
`70`	`realm: realm`
`71`	`});`
`72`
`73`	const res = await fetch(`https://${api_host}/veo/domains/${domain_id}/incidents?size=200&unit=${unit_id}&subType=${subtype}&abbreviation=${abbreviation}`, {
`74`	`headers: {`
`75`	`"Content-Type": "application/json",`
`76`	`"Authorization": "Bearer " + token`
`77`	`},`
`78`	`});`
`79`	`return res.json();`
`80`	`}`
`81`