On https://insight.rapid7.com/ I'd like to know how to delete dead/old/re imaged hosts out of the insight platform, basically I'd like to do some data janitoring. Is this possible? Will this be a feature in the near future?
Posted by Matt Wyen 8 months ago
HI new to Nexpose, have a dashboard item that tells me how many obsolete operating systems there are. Which is great. However to know that they are obsolete Nexpose must have a date internally that they ceased to be supported. I would like to add this to the output. I assume a custom report is needed. Have never written any. Can anyone point out how this would be done? Thanks
Posted by Phil Maud 8 months ago
I have a report that pulls assets by tag owner, this is manual process where the option is to add tag, site, asset group etc..When i pull john does tag the report comes up in csv, but also pulls jane does tag as well because they have the same asset, but jane does tag was not check boxed??? How to get it to only pull who i tell it to pull?
Posted by Vanessa villalpando 8 months ago
The logs of our apps are generated within Docker containers, and the eas I'm sending my logs to IngishtOps using UDP, since using the syslog driver is the simplest way to set this up. Logs get to InsightOps alright, but no pattern is recognized. I get lines like: <30>Feb 5 09:21:17 project_web_nginx_1_5f3a57bfd0d0: 172.19.0.2 - - [05/Feb/2019:09:21:17 +0000] "GET /asesorias-auditorias/ HTTP/1.1" 200 18358 "https://staging.project.es/asesorias/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0" "126.96.36.199" But no data is recognized (tags do not work, searched by any of the "fields" get zero results, etc). Is there a way to set InsightOps so it recognizes these lines coming from nginx even if sent via syslog? I rather not having to set up separate data containers to store the logs for all the containers. Thanks, regards.
Posted by Ivan 8 months ago
At the moment I am recently unable to perform an update to the 30 January 2019 update and I get the following error: "There were 3 errors while updating: Update ID 661050093 is missing package or dependency. Update ID 661712932 is missing package or dependency. Update ID 914204429 is missing package or dependency." I cannot seem to find any references to these ID codes anywhere. Does anyone have an idea what these mean and what dependencies I am missing? Currently, I am running a licensed version of Nexpose on the Ubuntu VM provided by Rapid7. Thanks in advance
Posted by Adam McKelvey 8 months ago
I am looking to deploy 2 x InsightIDR collectors for resilience purposes. I’m led to believe that InsightIDR agents can be configured to connect to more than one collector and they start using the first collector respond, and that if that collector become unresponsive then the agent/s start send to an alternate. Is this correct and recommended setup? Also, does this mean that depending on agents location in the network in relation to the collectors, some agents will be sending to one collector and other Agents will be sending to the other collector?
Posted by Gavin Hook 8 months ago
I made a executable program. Code =========================== while True: t = raw_input("TEST >> ") =========================== I built this with pyinstaller. But Command "execute -f myprogram.exe -i -H" doesn't execute my program.. I think that all of input function.. Unless existed input function, program was run well.. help plz..
Posted by Kyeong Min Kim 8 months ago
Hello, During a Nexpose scan with cipher/TLS checks enabled I am to pull a lot of information on services using encryption. If Nexpose sees RDP for example it will pull what version of TLS/SSL is enabled and cipher suites. For SSH however it looks to only pull the version of openSSH installed and no information on the ciphers. Is there anyone to pull this info from Nexpose?
Posted by Robert DeBellis 8 months ago
This vulnerability showed up on a credentialed scan of a RHEL7.6 machine. All of the documentation shows that this applies to RHEL6 using the LILO bootloader but there are no guidelines showing for RHEL7+ using GRUB2 & systemd, which has replaced init.d. Is this a false positive or is there a fix for this issue in RHEL7.6?
Posted by James Kern 8 months ago
I have two Discovery scans set up using the same Scan Template. SCAN A scans 172.16.0.0/12, while SCAN B scans for specified known subnets in the 172.16.0.0/12 range which have been identified by previous scans*. SCAN B identifies subnets totalling about 20k IPs, against the 1m or so specified by 172.16.0.0/12 SCAN A returns significantly fewer assets than SCAN B, even though the IP range is much larger and covers the same assets. This is not time-dependent - I have run the scans concurrently and see the same results. SCAN A returns ~1900 assets while SCAN B returns ~2600 (also in a much faster time due to the more limited asset scope). 25% is a significant difference. I have seen the same issue with one scan looking at 10.0.0.0/8 vs another scan looking at specific known subnets in the 10.0.0.0/8 range. The broader scan returned fewer significantly fewer assets than the more tightly defined scan. Is this a known issue with scanning large subnets? Is there a recommended Template or method I should be using when doing so? I have tried a customised template and one of the out-of-the-box discovery template, same results. * I'm using this approach as recommended by R7 - do a broad, light discovery scan initially and peridoically thereafter, then do tighter, more regular scans for assets in known subnets
Posted by Tim Lovegrove 8 months ago
I am trying to install the ir_agent on a Raspberry Pi. I followed the install instructions at https://insightagent.help.rapid7.com/docs/install It fails trying to extract the image. Unable to find and extract image [ERROR] Are the agent supported on, Linux raspberrypi 4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux? Here is the complete install information. root@raspberrypi:/home/pi/Downloads/agents-linux# sudo ./agent_installer.sh install_start Checking for dependencies [INFO] Checking installer dependencies [INFO] Building directory: /opt/rapid7/ir_agent/components/bootstrap/common [INFO] Building directory: /opt/rapid7/ir_agent/components/bootstrap/common/ssl [INFO] Building directory: /opt/rapid7/ir_agent/components/insight_agent/common [INFO] Building directory: /opt/rapid7/ir_agent/components/insight_agent/188.8.131.52 [INFO] Extracting agent files to --> /opt/rapid7/ir_agent/components/insight_agent/184.108.40.206 [INFO] Attempting to load armv7l archive from catalog [INFO] Attempting to load armv7l archive from catalog [INFO] Unable to find and extract image [ERROR] Checking agent base installation for removal [INFO] Base installation directory exists: /opt/rapid7 Pre-existing installation found - will not remove
Posted by Doug Dellinger 8 months ago
Seeing several machines flagging the below set of vulnerabilities. They already have the IE Cumulative Update listed in the remediation section applied. I think this is a detection issue. Issues: Microsoft CVE-2018-0891: Scripting Engine Information Disclosure Vulnerability Microsoft CVE-2018-0927: Microsoft Browser Information Disclosure Vulnerability Microsoft CVE-2018-0929: Internet Explorer Information Disclosure Vulnerability Microsoft CVE-2018-0932: Microsoft Browser Information Disclosure Vulnerability Microsoft CVE-2018-0935: Scripting Engine Memory Corruption Vulnerability Microsoft CVE-2018-0942: Internet Explorer Elevation of Privilege Vulnerability Proof: Vulnerable software installed: Microsoft Internet Explorer 11.0.9600.19236 Vulnerable OS: Microsoft Windows Server 2012 R2 Datacenter Edition Based on the following 3 results: 1.Microsoft patch KB4089187 is not installed. 2.Microsoft patch KB4088876 is not installed. 3. ◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion◦UBR - value does not exist Remediation: 2019-01 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 for x64-based systems (KB4480965)
Posted by Mark Payne 8 months ago
I have deployed my agent to many endpoints, no problems. I am currently running InsightIDR and they are reporting in properly. My question is this: soon I will be deploying InsightVM. I was told that the agent is the same and performs double duty. So, will these deployed agents automatically report back to the VM console? Will need to redeploy an agent to them? How will the existing agents know to start sending info to the VM console once it is up and running? Thanks
Posted by Kerry LeBlanc 8 months ago