I created a scan template to check against a specific CVE but whenever I try to start a scan with this template, the scan fails on the engine with an error code of null. Is there something else that I need to enable to scan for individual CVEs?
Posted by Josh Rice about 22 hours ago
Hi! I am trying to create a remediation project to ensure the scan credentials are successfully distributed. I want to follow the progress that's why I use remediation project instead the goals and sla feature. When I put the asset filter asset.credentialSuccessStatus IS NULL AND, the vulnerability filter is mandatory and no matter what filter I use the number of assets matching the condition decreases so I will get a lower number of assets meeting the criteria. Is it possible to skip the vulnerability filter or what query should I use to skip this? Thank you!
Posted by Adrian Borlea a day ago
I see this pie chart on the vulnerabilities page, but I cannot find anywhere that they are broken out in detail. It says I have 2 that are novice level, but what 2 are they? There is no option to filter on anything that is mentioned in the pie chart. Has anyone figured out a way to tell what vulnerabilities break down to what Skill Level?
Posted by Kerry LeBlanc a day ago
Is anyone else getting errors that come up like the one i have attached. I found why its happening, but its not ideal for me to change permissions for the user. It seems this user is added two several sites and asset groups. He is trying to scan particular asset which is in both sites. One site is my master site only for admins. The other for general users. He gets this error attached when trying to scan a asset but doesn't have permission to my master site. If i give him access to both hes good. But my master site is only for admins. Any thoughts?
Posted by Vanessa villalpando a day ago
Has anyone seen this error in their logs? We are finding that these machines are not checking into the console. [WinError 10053] An established connection was aborted by the software in your host machine 2019-05-14 22:55:54,541 [INFO] [agent.agent_socket.AGS.51966864.cmsgpack://endpoint.ingress.rapid7.com:443]: Resolver found 3 resolved entries for endpoint.ingress.rapid7.com 2019-05-14 22:55:54,542 [INFO] [agent.agent_socket]: Setting resolver entry retention to 300s before next refresh for server 'endpoint.ingress.rapid7.com' 2019-05-14 22:55:54,543 [INFO] [agent.agent_socket.AGS.51966864.cmsgpack://endpoint.ingress.rapid7.com:443]: Setting non-TLS timeout to 10s 2019-05-14 22:55:54,546 [INFO] [agent.agent_socket.AGS.51966864.10.87.xx.xx:51058<->cmsgpack://188.8.131.52:443]: Initial connection established. 2019-05-14 22:55:54,548 [WARNING] [agent.agent_socket.AGS.51966864.10.87.xx.xx:51058<->cmsgpack://184.108.40.206:443]: SocketTracker-endpoint.ingress.rapid7.com:443 attempt 1 - Failed: [WinError 10053] An established connection was aborted by the software in your host machine 2019-05-14 22:55:54,549 [WARNING] [agent.agent_socket.SMT.51968488.endpoint.ingress.rapid7.com:443]: Non-responsive - jailing for 54s
Posted by Joseph Gothelf 2 days ago
I am receiving an error when I log into my InsightVM console. The error says the following. An error occurred while retrieving or submitting data. I am not getting my agents populated in the console, I don't know if this error has anything to do with it. What should I look at to resolve this as we are very very new to the Insight platform. Thank you, Tony
Posted by Tony DeMarco 3 days ago
Hello, I'm running Metasploit on windows server 2008, when i try to open the web UI it gets stuck I've checked the services and noticed "metasploitPostgreSQL" isn't running when i try to start it, it stops automatically. could this be why my metasploit isn't working? Kindly assist. Thanks
Posted by Wale Jose 3 days ago
Created an SLA to track remediation of critical vulnerabilities within ## of days of discovery. My question is does the day of discovery mean the day the vulnerability was first detected within our environment or the first time the vulnerability was seen since the day I created the SLA? Thanks
Posted by David Miller 9 days ago
I show a vulnerability for Admin account for telnet is utilizing password of Admin: Password of "password" we tried to telnet into these devices using admin password to no avail. where does repaid 7 pull this information or is this a false positive?
Posted by Randy Templeton 9 days ago
Is there a policy check for Network Level Authentication? I can't seem to find it in the CIS or DISA Stig checks. Curious due to the May 2019 RCE vulnerability disclosure. I'm referring to this to be exact: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.
Posted by Mike Conroy 10 days ago
Hello All, Good day I saw (potential) vulnerability when scanning one of Ubuntu 16.04 system with Nexpose. However, upon inspecting the /usr/bin/at, I saw that it is an executable file/binary rather than a shell script. Moreover, it's ownership is daemon:daemon not root. Is the file still vulnerable with "SUID Bit Set Upon Script File" ? SUID Bit Set Upon Script File CVSS (AV:L/AC:M/Au:N/C/I/A) CVSS Score 4.4 Under many UNIX-like operating systems, setting the SUID bit on an interpreted script file can lead to an exploitable race condition that yields elevated privileges. Vulnerable Script: /usr/bin/at Remediation BEGIN # Remove the suid bit from the script Configuration remediation steps The SUID bit should be removed from the script.
Posted by Compete2Cooperate 12 days ago
Hey all, I am getting a number of results that are failing, but should be passing. For example (this is for Windows 10): the proof says: At least one specified Password Policy entry must match the given criteria. At least one evaluation must pass This one is a pass max_passwd_age = 5184000 min_passwd_age = 86400 min_passwd_len = 14 password_hist_len = 24 password_complexity = true reversible_encryption = false This is a fail. max_passwd_age = 3710851 min_passwd_age = 0 min_passwd_len = 0 password_hist_len = 0 password_complexity = false reversible_encryption = false So basically, there are 2 results that InsightVM see. One is a pass (24 password history length) and one is a fail (0 password history length). But in the report, it always fails the compliance rule. This is just one example of many. Some fail with 2 results, some pass. I have a ticket with Rapid7 but they haven't responded for a while. Just wondering if anyone else is having / has had this problem. Thanks
Posted by Russell 15 days ago