Hello, I have a dynamic discovery AD connection linked to a site. This site gets populated with assets determined from the base query for that AD connection. But later I tried to refine(or reduce) the list of assets by adding a search query to this AD connection. But the assets that are no longer part of this new search but previously added to the site, were not removed from the site. Will the assets get removed from the site when those assets are removed from the AD? Or when the base or search query criterion changes? Thanks.
Posted by praneeth pantham 12 days ago
Greetings, I would like to evaluate the trial version of "Nexpose", unfortunately the activation of the license key is blocked by our proxy. Is it possible to receive a license file for a trial version of Nexpose? Sincerely yours, Gilles
Posted by Gilles Bellot 13 days ago
Is there a way to create a SQL script to have vulnerability exception reason added? It seems like they have only added reason ID, but no reason. On the data warehouse schema, it says reason can be added but I am unsure how. Can anyone help me on this? Thank you.
Posted by Gavin Wong 13 days ago
Morning All, I've setup a connection to pull logs into a server directory from an email gateway product. The logs are created with several a second. What would be the best method offered by IDR collector for pulling in the logs and then deleting them? Thanks Simon
Posted by Simon Lansley 13 days ago
I would like to write a query that reports: 1. If a vulnerability is open or closed on each asset 2. When a vulnerability was discovered in our environment on each asset 3. And if the vulnerability was remediated within 30 days of discovery - ex: critical vulns must be remediated within 30 days of discovery I wrote a query that reports the asset, the vulnerability title, severity, age and date it was discovered but cannot figure out how to tell when vulnerabilities have been closed or if they were closed within 30 days of discovery. I am not an SQL expert so any help would be appreciated. Below is what I've come up with so far. SELECT dim_asset.host_name AS "Asset", dim_vulnerability.title AS "Title", dim_vulnerability.severity AS "Severity", TRUNC(fact_asset_vulnerability_age.age_in_days,0) AS "Age", fact_asset_vulnerability_age.first_discovered AS "Discovered Date" FROM fact_asset_vulnerability_age INNER JOIN dim_asset ON fact_asset_vulnerability_age.asset_id = dim_asset.asset_id INNER JOIN dim_vulnerability ON fact_asset_vulnerability_age.vulnerability_id = dim_vulnerability.vulnerability_id WHERE dim_vulnerability.severity IN ('Critical', 'Severe') Thanks!
Posted by Ashley Walsh 14 days ago
What logs can be looked at if we want to troubleshoot the accuracy of "Installed Software" inventory results? I have 2 new server whos installed software doesn't show SQL2016 installed. I need to run a SCAP scan but cant because of this. I've tried removing asset, adding all ports SQL uses, I've had no issues with other assets in the same subnet. Any ideas?
Posted by Juan 17 days ago
On the Top 25 remediations by risk report. We run the scan every month and report is generated. Now i only want a few assets in that report and for the last 3 months. Is there a way to create a custom top 25 report with required assets to be scanned and duration to be set i.e, for last 2 - 3 months?
Posted by kiran kumar 18 days ago
Hi, I would like to know how would I go about changing the number format to number of days? for example, when i get the SQL script, it gives me the output of 34.6777 I want it to be able to show 35 days or 34 days. I know you can do that on drag and drop list, but on SQL, I am unsure. Can anyone help? It would be very helpful.
Posted by Gavin Wong 19 days ago
Hi I am looking to change the location of where the scan data is stored for Insight Vulnerability Management? Or would anyone have any tips on how to ensure the disk space is reduced as it fills up very quick. Kind regards Aaron Murphy
Posted by Aaron Murphy 19 days ago
Hi, We are using Nexpose 6.5.86 version. We are running scans every biweekly and reports in pdf format are configured to be sent to respective teams emails. Now can we modify these report format to xml & pdf also so the xml can be used for other project?? We have reports run in both win & unix environment and rolled out to teams.So if we modify the reports or scan template to fetch out both pdf & xml format. Will it affect the data or the results in the report or is it safe to do??
Posted by kiran kumar 20 days ago
In looking for ways to create a suitable csv for ingestion into a ticketing system, I've encountered a challenge in the SQL statement I'm trying to use. Disclaimer: I'm not a DBA, so this may be incredibly easy. Using the following simple query to build off of: ``` SELECT dv.title, da.ip_address, da.host_name, dp.name, CASE WHEN favi.port = -1 THEN NULL ELSE favi.port END, dsvc.name FROM fact_asset_vulnerability_instance favi JOIN dim_vulnerability dv USING (vulnerability_id) JOIN dim_asset da USING (asset_id) JOIN dim_protocol dp USING (protocol_id) JOIN dim_service dsvc USING (service_id) WHERE dv.nexpose_id = 'tlsv1_0-enabled' ``` Which yields an output such as: | title | ip_address | host_name | name | port| name | | ------ | ----------------- | ------------------ | --------- | ------ | --------- | | TLS Server Supports TLS version 1.0 | 10.0.0.1 | TCP | 743 | HTTPS | | TLS Server Supports TLS version 1.0 | 10.0.0.2 | TCP | 744 | HTTP | | TLS Server Supports TLS version 1.0 | 10.0.0.3 | TCP | 745 | HTTP | | TLS Server Supports TLS version 1.0 | 10.0.0.4 | TCP | 743 | HTTPS | I'm looking to combine all the affected ip's/hosts/protocol/port/name into a single field, such as: | title | affects | | ------ | ------------------------------------------------------------------------------------- | | TLS Server Supports TLS version 1.0 | 10.0.0.1 TCP 743 HTTPS, 10.0.0.2 TCP 744 HTTP, 10.0.0.3 TCP 745 HTTP, 10.0.0.4 TCP 743 HTTPS | Any help would be appreciated.
Posted by Chris Maier 24 days ago