Take the First Steps in the Praetorian CLI
Once you have installed the Praetorian-CLI and run the praetorian configure
command per the documentation and Readme page, you can start testing how praetorian chariot
works.
When you open a command line and type praetorian chariot --help
, you'll see the usage, options, and commands:
praetorian chariot [OPTIONS] COMMAND [ARGS]...
Command group for interacting with the Chariot product
Options:
--help Show this message and exit.
Commands:
add Add a resource to Chariot
delete Delete a resource from Chariot
get Get resource details from Chariot
link Link an account or integration to Chariot
list Get a list of resources from Chariot
script Run a script command
purge Delete account and all related information
search Query the Chariot data store for arbitrary matches
test Run integration test suite
unlink Unlink an account or integration from Chariot
update Update a resource in Chariot
List Command
To get a good idea about how Chariot data is presented, try the praetorian chariot list
command. As with all Praetorian CLI commands, the --help
option can help provide guidance.
Go ahead and try the following commands in succession:
praetorian chariot list assets
praetorian chariot list risks
praetorian chariot list attributes
Each of these commands prints a list of structured strings that represent each data category (Assets, Risks, and Attributes).
Assets begin with the #asset prefix and are followed by additional fields delimited with the '#'.
Risks begin with the #risk prefix and are usually followed by the Asset DNS name on which that Risk was found, and the name of the Risk (eg. CVE-2024-9999). Again, the data is delimited with the '#'.
Attributes begin with #attribute as the prefix and are followed by a data separated by the '#'. For Asset Attributes, you will usually see descriptor and a value associated with that descriptor, also delimited by a '#'. In the UI you'll see the descriptor and value represented as Name and Value:
A special characteristic about Attributes is that they can be tied to a Risk or Asset. So, following the #attribute#descriptor#value portion of the string, you might see a nested Asset or Risk, depending on what that attribute is attached to. For example, you might see: #attribute#descriptor#value#asset#assetDNS#assetIP or #attribute#descriptor#value#risk#assetDNS#riskName.
To extend the case with Attributes and their links with Assets and Risks, you can use --risk
or -r
to list the attributes associated with a particular Risk. For example, you could use the following:
praetorian chariot list attributes -r #risk#<asset_name>#<risk_name>
At this point, it might be important to acknowledge that each Risk has an Asset DNS name, but not an Asset IP contained in the string. Since a Risk can be on one or many IPs associated with a DNS name, the higher order DNS (rather than the lower order IP address) is represented in order to encourage further exploration of the Risk and it's association with the Asset on which it was found.
You can also list all of the Attributes of a particular Asset by using --asset
or -a
, like so:
praetorian chariot list attributes -a #asset#<asset_name>
Get Command
Now that you have seen how Chariot presents some of it's data, lets take a piece of that data and discover a bit more. Copy a line from the Asset list that you'd like to learn more about. Use that line to build the following command:
praetorian chariot get asset #asset#yourAssetName
Your result should present the following information:
{
"username": "yourSignUpEmail@email.com",
"key": "#asset#yourAssetName#000.000.000.000",
"source": "discovered",
"dns": "yourAssetName",
"name": "000.000.000.000",
"status": "A",
"config": null,
"created": "2024-01-01T02:58:50Z",
"updated": "2024-01-01T02:01:30Z",
"ttl": 1722909555,
"history": null
}
Note that much more information is presented with the get
command. (Hint: If you want to see more information with the list command, use the -d
option)
You can use scripts to get even more utility out of these commands.
Another point of note, is that all searches are a "prefix search," which means they must match, character for character, starting at the beginning.
Search Command
Knowing what we know about how data lives in Chariot, we can use the search
command to be a little more targeted with our commands. Like the list
command, search
can be used to pull back bulk results given a specific search term. For instance the following will produce a list of Attributes:
praetorian chariot search --term '#attribute'
This will produce a list of Attributes that indicate a source
:
praetorian chariot search --term '#attribute#source'
Getting to know how the data is structured and how to create searches for that data is where the CLI can become very powerful.
Praetorian is continuously adding to the CLI. You can check the praetorian-cli GitHub page for the most recent updates. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!