Since the old community used to actually provide useful assistance and information and this new site is pretty much useless. Can anyone tell me where I can find information, examples, etc on Nexpose SQL Queries? Most of the searches for SQL Queries on this site say we don't provide any assistance with that (the old community used to). The Help KB has very few examples and no way to ask for assistance. Someone has to know where to get assistance or at the very least a cache of sql queries that I might be able to tweak to suit my needs.
Posted by Kevin Schramm 6 months ago
I am deploying a scan engine on Azure. I have followed the instructions here: https://kb.help.rapid7.com/docs/deploying-a-nexpose-scan-engine-in-microsoft-azure After the infrastructure is setup, following step 9, there is the instruction to: "Log in to the Nexpose console via the web browser" As a windows server person new to Linux, how exactly does one know what port to use? If I open an inbound rule to 80 and try to connect, it just refuses the connection like nothing is there. TIA!
Posted by James 7 months ago
Hi In our org there are a number of sources for vulnerability data - some produced by Rapid7 and some produced by other tools. Is there a way to import the vulnerability data produced by tools other than Rapid7/Nexpose into insightVM so that dashboards can be created for all vul's in one place ? e.g. is there a format for a csv file to allow it to be imported into InsightVM ? Thanks Stephen
Posted by Stephen Carolan 7 months ago
Hi everybody, i'm on a PC with Kali Linux OS. I've got metasploitable 2 installed on a VM (vmware). Everything works fine, but now I have to connect to the MS2 web application DVWA trough a local proxy (because i've to intercept traffic with Burpsuite). When i had Firefox ESR i had no problem even with proxy, but now i have Firefox Quantum (61.0.1 64 bits). When i change my network option to proxy 127.0.0.1:8080, i can't open my MS2 while i can easily reach MS2 without proxy. Is there a problem with Firefox quantum ? Can i solve this problem ? Thanks for your Help (I hope you've understood everything, because english is not my mother tongue) Francesco
Posted by francesco fortis 7 months ago
According to my PCI Host Details Report, I went from 100% PCI compliance to 55% compliance. All my assets have a PCI Compliance Status of Pass but the host report has started marking many Ciphers as failures like: Undefined CVE, TLS/SSL Server Supports The Use of Static Key Ciphers Undefined CVE, Diffie-Hellman group smaller than 2048 bits Undefined CVE, TLS/SSL Server Is Using Commonly Used Prime Numbers Just last week these were not failures and now they are, but just in the PCI Host Details report. When I look at the assets in InsightVM they all have a PCI Compliance Status of Pass. Am I missing something?
Posted by Scott Hoopes 7 months ago
No matter what I do, or browsers I try, the button for "download certificate" in insight ops to set up a Syslog trust for a firewall does not work. The button does not react, and I cannot download the cert. Where else can I get it, unencrypted logging is not an option.
Posted by Tyler Kerr 7 months ago
I just made a copy of a RHEL 7 CIS 2.2.0 Level 1 Server Policy and scanned a server. 115 rules passed. I then disabled the AIDE section (2 rules) and ran the scan again. 108 rules passed - so additional unrelated (ntp, chrony, etc.) checks now fail... I see similar results with the equivalent CentOS policy. Anyone else seeing this? Rob.
Posted by Rob Lawley 7 months ago
In AppSpider's REST API, GET /appspider/v1/result/{scanId}?json=true returns a rather complex JSON structure. Is there a more detailed swagger spec available to describe the response body other than "string"? I'm asking because I'd like to auto-generate code to consume the AppSpider REST API...not having a full spec for the response body on this request makes it a challenge to do so - I can make a few example calls and reverse engineer what I think I should expect to see, but...I'd rather y'all tell me :) Thanks! Jim
Posted by Jim Nelson 7 months ago
I'm wondering what the best way to use automated actions in Nexpose when also utilizing a DHCP discovery connection. For instance, I have one action that allows me to scan in site when new assets are discovered containing a certain string in the hostname. This is great in that it gets new assets scanned quickly. But how do I follow up with subsequent scans when the IP addresses change (leases change). If I use the automated action option 'known asset available' and 'last scan date' 'earlier than X days'... how does Nexpose actually define "asset". As an example, I had a computer with IP (changed for here) 10.11.12.13 scanned on July 7. And had the action set up such that if known asset with last scan date earlier than 7 days is available, to scan it in site. It didn't work. I checked and discovered that this system received a new IP address a short time later. It has not been scanned again with the new IP address. I'm having trouble applying the automated actions logic. I've looked on the help pages a bit but so far no luck. Looking for options and perhaps clarification on the above. Thanks!
Posted by Scott Lussier 7 months ago
Is there a way to set an exception to recursively accept vulnerabilities from previous versions than the latest exception version? Example being, if we have a legacy app that requires Java 7, would there be a way to put in exception that would remove all vulnerabilities to a specific version? I know I can create an exception for all vulnerabilities that contains "Java" but that seems ugly. Also would putting an exception in like this also put exceptions in for all new vulns that contain Java or just when the exception was put in?
Posted by Robert DeBellis 7 months ago